GDPR Compliance

Effective Date: June 9, 2026

Time Champ (operated by Snovasys Solutions Pvt. Ltd.) is committed to protecting the privacy and personal data of users in the European Economic Area (EEA), the United Kingdom, and Switzerland in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and the UK GDPR.

This page summarises our GDPR commitments. It is intended as a practical reference for our customers, their data subjects, and procurement teams. It is not a substitute for our Privacy Policy or our standard Data Processing Agreement.

1. Our Role Under GDPR

When you use Time Champ to monitor and manage your workforce, you (the customer) are the Data Controller of the personal data you upload or generate through the Software. Time Champ acts as a Data Processor on your behalf, processing personal data only in accordance with your documented instructions and our agreement with you.

For personal data we collect directly — for example, when you sign up for our website, request a demo, subscribe to newsletters, or visit our marketing pages — Time Champ acts as the Data Controller.

2. Lawful Basis for Processing

When acting as Data Controller, we process personal data on one or more of the following lawful bases under Article 6 of the GDPR:

Contract: to provide the Services you have signed up for and fulfil our obligations under our agreement with you.
Legitimate Interests: for business operations such as fraud prevention, security, service improvement, and direct B2B marketing where this does not override your rights.
Consent: where you have given explicit consent, such as for marketing emails to individuals or non-essential cookies.
Legal Obligation: where required to comply with applicable laws, court orders, or regulatory requests.

3. Data Subject Rights

If you are a data subject in the EEA, UK, or Switzerland, you have the following rights under the GDPR:

Right to be informed — about what we do with your personal data.
Right of access — to obtain confirmation of and a copy of the personal data we hold about you.
Right to rectification — to have inaccurate personal data corrected.
Right to erasure (the “right to be forgotten”) — to have your personal data deleted in certain circumstances.
Right to restrict processing — to limit how we use your personal data.
Right to data portability — to receive your personal data in a structured, machine-readable format and transmit it to another controller.
Right to object — to processing based on legitimate interests or for direct marketing.
Rights related to automated decision-making — including profiling that has legal or similarly significant effects.
Right to withdraw consent — at any time, where consent was the lawful basis for processing.
Right to lodge a complaint — with your local supervisory authority.

When Time Champ acts as a Processor on behalf of an employer, data subjects should direct their rights requests to the relevant employer (the Controller). Time Champ will assist Controllers in responding to such requests as required by Article 28 of the GDPR.

4. Data Processing Agreement (DPA)

If you are a customer in the EEA, UK, or Switzerland, or if you process personal data of individuals located in those regions, we offer a standard Data Processing Agreement (“DPA”) that incorporates the European Commission’s Standard Contractual Clauses (SCCs) where personal data is transferred outside the EEA. To request our DPA, please email support@timechamp.io.

5. Sub-Processors

To deliver the Services, we engage carefully selected sub-processors (such as cloud infrastructure providers, email service providers, and analytics services). All sub-processors are bound by contractual obligations that meet or exceed our GDPR commitments. We notify customers of changes to our sub-processor list as required by our DPA. A current list of sub-processors is available on request.

6. International Data Transfers

Some of our infrastructure and sub-processors are located outside the EEA. Where personal data is transferred outside the EEA, UK, or Switzerland, we rely on appropriate safeguards in accordance with Articles 44–49 of the GDPR, including:

European Commission Standard Contractual Clauses (2021)
UK International Data Transfer Addendum
Supplementary technical and organisational measures where required

7. Data Retention

Personal data is retained only for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. When Time Champ acts as a Processor, the retention period is determined by the Controller’s configuration and instructions. On termination of our agreement, customer data is securely deleted in accordance with the Refund & Cancellation Policy and any backup retention windows described in our DPA.

8. Security Measures

We implement appropriate technical and organisational measures designed to ensure a level of security appropriate to the risk, including encryption in transit and at rest, access controls, monitoring, vulnerability management, and regular security testing. For more details, see our Security page.

9. Data Breach Notification

In the event of a personal data breach affecting Customer Data, we will notify the affected Controller without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with Article 33 of the GDPR. Notifications will include the information required by Article 33(3) to the extent it is available to us.

10. Exercising Your Rights

To exercise any of your GDPR rights, or for any GDPR-related queries, please contact us:

Email: support@timechamp.io
Phone: 08062358922
Address: Vista Centre, 50 Salisbury Road, London, TW4 6JQ

If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO) at ico.org.uk. For other EEA countries, you can find your authority at edpb.europa.eu/about-edpb/about-edpb/members_en.