← Back to SiteClockr

GDPR declaration

Last updated: June 2026

1. About this declaration

This GDPR declaration explains how SiteClockr (the service operated for organisation account holders) processes personal data in line with the EU General Data Protection Regulation (GDPR) and the UK GDPR where applicable.

It supplements our Privacy & cookies notice. For day-to-day cookie and employee-facing privacy information, see that page.

2. Roles under GDPR

3. Categories of personal data processed

CategoryExamplesTypical source
Identity & contact Name, username, email, phone (if provided) Employer / employee via the service
Working time records Clock-in/out times, site, role, optional GPS coordinates Employees using clock-in or admin entry
Organisation data Company name, address, logo, site configuration Organisation administrators
Technical & security IP address, browser type, login timestamps, audit logs Automatic when using the service
Billing (paid plans) Subscription status, payment references via Stripe Organisation account holder

4. Purposes and legal bases

PurposeLegal basis (GDPR Art. 6)
Providing time-tracking and related features under your organisation’s account Performance of contract (Art. 6(1)(b)) — between SiteClockr and the organisation; processing of employee data on the controller’s instructions (Art. 28)
Payroll, tax, and employment-law record-keeping by the employer Determined by the employer as controller — typically legal obligation or legitimate interests
Service security, fraud prevention, and incident response Legitimate interests (Art. 6(1)(f))
Subscription billing and account management Performance of contract (Art. 6(1)(b))

5. Data subject rights

Under GDPR, individuals may have the following rights, subject to conditions and exceptions in law:

Employees and site workers: contact your employer (the data controller) in the first instance. They can export, correct, or delete records through SiteClockr admin tools where your organisation allows it.

Organisation account holders: email privacy@siteclockr.ie. We will respond within one month, or inform you if an extension is required.

6. Security and confidentiality

SiteClockr implements appropriate technical and organisational measures, including:

In the event of a personal data breach likely to affect your organisation’s data, we will notify the controller without undue delay and assist with regulatory notification where required.

7. Sub-processors

SiteClockr uses the following categories of sub-processors to deliver the service:

Sub-processors are bound by written agreements requiring GDPR-compliant data protection. Material changes to sub-processors will be communicated to organisation account holders.

8. International transfers

Personal data is primarily processed within the European Economic Area (EEA). Where a sub-processor transfers data outside the EEA, appropriate safeguards apply (such as Standard Contractual Clauses or an adequacy decision).

9. Retention

Clock-in and organisation data are retained for as long as the organisation’s account is active and as needed for the controller’s legal, payroll, and employment obligations. Organisation admins may export or delete records within the service where those features are available. Server and security logs are kept for a limited period.

10. Supervisory authority

You have the right to lodge a complaint with a supervisory authority. In Ireland, this is the Data Protection Commission (dataprotection.ie). UK residents may contact the Information Commissioner’s Office (ICO).

11. Contact

Data protection enquiries and organisation account requests: privacy@siteclockr.ie

12. Changes

We may update this declaration from time to time. The “Last updated” date at the top of this page will reflect material changes. Continued use of the service after an update constitutes acceptance of the revised declaration where permitted by law.