resources
Privacy Commitment & Data Stewardship
Your privacy is of paramount importance to us because you're entrusting us with sensitive data. It’s not a responsibility that we take lightly, so we use industry-leading vendors, technologies and practices to safeguard their data and protect their privacy. Our practices are in line with Privacy by Design principles. Our Privacy Policy contains detailed information but below is a plain language description of our approach to managing your data.
What We Do With Our Customers’ Data
- We are transparent about what we do and do not do with data.
- We collect our customers’ data for their personal use - whether that is to help them track time for tax reasons, for a work visa or for simply tracking progress on their lifetime travel bucket list.
- We give our customers the ability to delete some of their data, or all of their data, at any time.
- For any public use of data, such as for travel benchmarks or for marketing case studies, we only utilize unidentifiable and/or aggregated data.
- We provide our customers with the means to share their data if they wish.
- We work only with trusted service providers (those who have demonstrated high levels of security and privacy practices) to process our customers’ data.
What We Do Not Do With Our Customers’ Data
We do not sell our customers’ data.
How We Process and Store Customer Data
All vendors that Chrono uses to process and store our customers’ personal data have achieved SOC 2 Type II compliance accreditation.
Privacy Laws & Regulations
A number of jurisdictions have enacted laws that affect how companies handle personal information. These include the General Data Protection Regulation (GDPR) in Europe, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), as well as a number of other national and state laws. We wanted to share what measures Chrono has put into place to provide consumer data privacy and protection in keeping with the generally aligned goals of these regulations.
General Data Protection Regulation (GDPR)
The GDPR is a European law establishing protections for the personal data of EU residents. Under the GDPR, organizations that collect, maintain, use, or otherwise process EU residents’ personal data (regardless of the where that organization is located) must implement certain privacy and security safeguards for that data.
The GDPR does or will soon apply to Chrono, as it relates to our EU customers. As such, we wanted to share an overview of our GDPR compliance.
Data Processing Agreements
Under the GDPR, companies that determine the purposes and means of processing data are “data controllers” and those that process data on their behalf are “data processors.” Data processors must enter into agreements with those that they process data for, and those are called Data Processing Addendums.
Chrono would be considered a data controller of EU personal data and has Data Processing Addendums in place with all data processors it works with. Under these agreements, our data processing partners commit to the processing and safeguarding ofpersonal data in accordance with GDPR requirements.
International Data Transfers
EU data protection laws require that organizations use a recognized legal mechanism to transfer data from the EU to countries that do not have a similar data protection framework, such as the United States where Chrono is located.
Chrono’s data processors’ agreements contain Standard Contractual Clauses as the legal mechanism under which the transfer of EU personal data is conducted.
Data Access, Management, and Portability Tools
The GDPR gives individual data subjects in certain circumstances the rights to, among other things, access, delete, and make corrections to their personal data. Chrono is committed to facilitating data subject requests consistent with the GDPR.
Privacy Documentation
The GDPR promotes transparency, fairness, and accountability. Chrono maintains documentation about our privacy practices and decisions about how we handle individuals’ personal data. You can learn more about how Chrono collects, uses, and discloses personal data by visiting Chrono’s Privacy Policy.
Data Security
The GDPR requires organizations to use appropriate technical and organizational measures to protect the security, confidentiality, and integrity of personal data. Security continues to be a priority for Chrono, and we only utilize data processors for personal data that have achieved SOC 2 (Type II) audits for controls relevant to security, availability and confidentiality.
Exercising Your Rights Under the GDPR
If you would like to exercise your rights under the GDPR, please submit your request by completing our GDPR Data Subject Request Form or by contacting us at privacy@gochrono.io
US State Laws, including California, Virginia, Utah, and Connecticut
With California having led the way, Virginia and a number of other states have enacted their own privacy laws providing consumers and businesses with certain rights with respect to their personal information. Commonly, these law requires that businesses subject to the statutes grant consumers the ability to request access to and deletion of their data, and the ability to opt out of distribution of their personal information to third parties.
While Chrono is not yet subject to many of these laws, Chrono does comply with the principles of the laws nevertheless. Chrono does not sell its customers’ or users’ personal information and processes customers’ personal information only for the purposes set forth in the Terms of Use. Chrono also endeavors to support the ability to request access to and the deletion of their data.
Exercising Your Rights
For more information about how Chrono provides individual consumers with the ability to access and request deletion of their personal information under these laws, please refer to our Privacy Policy.
If you would like to exercise any of your legal rights with respect to your personal information, please submit your request by completing Chrono’s Global Privacy & Data Rights Request Form or by contacting us at privacy@gochrono.io . While Chrono is not yet legally obligated to do so, we will endeavor to honor your requests.
