BYOTime

Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your personal data.

Last Updated: July 2025 • Effective Date: July 2025

1. Introduction

BYOTime ("we," "our," or "us") is committed to protecting the privacy and personal data of our users. This Privacy Policy explains how we collect, use, process, store, and protect your personal data in compliance with Malaysia's Personal Data Protection Act 2010 (Act 709) ("PDPA") and its 2024 amendments.

By using our time attendance system and related services (collectively, the "Services"), you agree to the collection and use of information in accordance with this Privacy Policy.

2. About Our Services

We provide comprehensive time attendance management software solutions designed to help Malaysian businesses manage their workforce effectively. Our Services include:

  • • Employee attendance tracking and records
  • • Selfie verification with background detection
  • • Geo-location based check-in/check-out
  • • Leave management and approval workflows
  • • Overtime calculations and reporting
  • • Task and project time tracking
  • • Payroll system integration
  • • Real-time attendance monitoring
  • • Compliance and reporting tools
3. Data Controller Information

Data Controller:

BYOTime

Address: Kuching, Sarawak, Malaysia

Email: byotime2u@gmail.com

4. Personal Data We Collect

4.1 Employee Data (Collected by Our Client Organizations)

Basic Information:

  • • Full name, employee ID, contact details
  • • Profile photos for attendance verification
  • • Work schedules and shift information
  • • Department and job title

Attendance Data:

  • • Check-in/check-out times and dates
  • • GPS location data for geo-verification
  • • Selfie photos for identity verification
  • • Attendance patterns and history
  • • Overtime and break records

Leave Management:

  • • Leave applications and approvals
  • • Leave balances and entitlements
  • • Medical certificates (when applicable)

4.2 Client Organization Data

  • • Company registration details
  • • Authorized user contact information
  • • Billing and payment information
  • • System usage and configuration data

4.3 Technical Data

  • • IP addresses and device information
  • • Mobile app usage data
  • • System logs and error reports
  • • Browser type and version
5. Legal Basis for Processing

We process personal data based on the following legal grounds under the PDPA:

  • Consent: Where you or your employer has provided explicit consent
  • Contract Performance: To fulfill our service agreement with client organizations
  • Legal Obligation: To comply with Malaysian employment laws and regulations
  • Legitimate Interest: For system security, fraud prevention, and service improvement
6. How We Use Personal Data

6.1 Primary Purposes

  • • Providing attendance tracking and management services
  • • Verifying employee identity through selfie and location data
  • • Processing leave requests and maintaining attendance records
  • • Generating attendance reports and analytics
  • • Integrating with payroll systems for accurate compensation
  • • Ensuring workplace compliance and policy enforcement

6.2 Secondary Purposes

  • • System maintenance and technical support
  • • Service improvement and feature development
  • • Fraud prevention and security monitoring
  • • Business analytics and reporting (in aggregated, anonymized form)
  • • Customer support and troubleshooting
7. Data Subject Rights

Under the PDPA, you have the following rights:

  • Right to be Informed: About how your personal data is processed
  • Right of Access: Request access to your personal data
  • Right to Correction: Request correction of inaccurate data
  • Right to Withdraw Consent: Withdraw consent for data processing
  • Right to Data Portability: Request transfer of your data
  • Right to Object: Object to certain processing activities
8. Data Security

We implement comprehensive security measures to protect your personal data:

Technical Safeguards

  • • End-to-end encryption for all data transmission
  • • Advanced encryption (AES-256) for data storage
  • • Multi-factor authentication for system access
  • • Regular security updates and penetration testing
  • • Secure cloud infrastructure with 99.9% uptime

Data Protection Measures

  • • Access controls based on job responsibilities
  • • Regular security audits and compliance reviews
  • • Employee training on data protection
  • • Incident response and breach notification procedures
9. Data Retention

We retain personal data only for as long as necessary:

  • Attendance Records: 7 years after employment termination (Malaysian employment law requirement)
  • System Logs: 2 years for security and troubleshooting purposes
  • Marketing Communications: Until consent is withdrawn
  • Account Data: Until account closure plus 90 days for final processing

Data is securely deleted or anonymized when no longer required for business or legal purposes.

10. Contact Information

For General Inquiries:

byotime2u@gmail.com
Kuching, Sarawak, Malaysia
11. Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our services, legal requirements, or industry best practices. We will notify users of material changes through:

  • • Email notifications to registered users
  • • Prominent notices on our website
  • • In-app notifications within our system

Continued use of our Services after changes constitutes acceptance of the updated Privacy Policy.

12. Governing Law

This Privacy Policy is governed by the laws of Malaysia, including the Personal Data Protection Act 2010 (Act 709) and its amendments. Any disputes arising from this policy will be subject to the jurisdiction of Malaysian courts.

This Privacy Policy demonstrates our commitment to protecting your personal data and complying with Malaysian data protection laws. If you have any questions or concerns, please don't hesitate to contact us.