Privacy policy

This policy summarizes how the pontaj.eu application (web, Android and iOS) collects, uses and protects personal data. The data controller is the employer (company) using the platform; pontaj.eu acts as a service provider (processor) for managing time tracking, and the data controller undertakes to provide all information and obtain all consents required for the resulting relationships.

1. What data we collect

• Identity data: first name, last name, badge, national ID (CNP), function/job.
• Account data: username, email, password (stored encrypted).
• Profile picture - only if you upload it, optional; it does not affect the functionality of the services.
• Time-tracking data: arrival/departure times, breaks, leaves, company documents.
• Minimal technical data: authentication token on the device.

The mobile application does NOT collect location (GPS), does NOT need microphone or camera rights (except for the situation detailed below, when you - without being obliged or constrained - choose to add/change your profile picture), does NOT need access to your contacts or calendar, does NOT need storage rights (except for the situation described above, where you decide to change your profile picture and only for that, or decide to download/upload HR files in the app and only for that - all of these being permissions you control and which do not affect the app's ability to function), does NOT need access to phone or messaging, does NOT need access to health apps.
pontaj.eu will request access to files or camera exclusively when you choose to upload such files, either to add or change your profile picture, or to save/upload documents in the app (e.g.: individual employment contract, internal regulations, payslips and other such HR documents).

2. Purpose and legal basis

The data is processed to manage the employment relationship (working-time records, leaves, documents) - basis: performance of the employment contract and the employer's legal obligations, according to Regulation (EU) 2016/679 (GDPR), art. 9(2)(b) - fulfillment of obligations in the field of labor law, Law 53/2003 (Labor Code) and related working-time legislation.

3. How we protect data

• All application traffic is encrypted (HTTPS/TLS).
• The authentication token is stored in the device's secure area (Keychain/Keystore).
• Uploaded photos are re-processed on the server to remove hidden content.
• Data access is strictly isolated to the user's company.

4. Data sharing

We do not sell or share data with third parties for marketing purposes. The data is visible only to your employer (company administrators) and to the infrastructure provider hosting the service. The infrastructure provider analyzes the data strictly for IT purposes and only on request, when a user reports a problem.

5. Data retention

The data is retained for the duration of the employment relationship and afterwards according to legal archiving and retention obligations, after which it is deleted or anonymized. Being a digital service, the data may be deleted after a while, and archiving and retention is done by the beneficiary (employer) on paper. In any case, the obligation to retain the data - and implicitly to generate PDF reports - rests with the beneficiary (employer).

6. Your rights

You have the right to access, rectify, delete, restrict and port your data. For any request, including data deletion, write to contact@pontaj.eu (or in the app: Account → Request data deletion). Requests are resolved within a maximum of 30 days. Requests will be resolved favorably as long as they do not contravene a legal obligation.

7. Contact

Email: contact@pontaj.eu
Phone: +40 724 782 743