Privacy policy

Last updated: 26.06.2026

This policy summarizes how the pontaj.eu application (web, Android and iOS) collects, uses and protects personal data. The data controller is the employer (company) using the platform; pontaj.eu acts as a service provider (processor) for managing time tracking, and the data controller undertakes to provide all information and obtain all consents required for the resulting relationships.

1. What data we collect

  • Identity data: first name, last name, badge, national ID (CNP), function/job.
  • Account data: username, email, password (stored encrypted).
  • Profile picture - only if you upload it, optional; it does not affect the functionality of the services.
  • Time-tracking data: arrival/departure times, breaks, leaves, company documents.
  • Minimal technical data: authentication token on the device.

The mobile application does NOT collect location (GPS), does NOT need microphone or camera rights (except when you choose to add/change your profile picture), does NOT need access to your contacts or calendar, does NOT need storage rights (except when you change your profile picture or upload/download HR files - permissions you control), does NOT need access to phone or messaging, does NOT need access to health apps.
pontaj.eu will request access to files or camera exclusively when you choose to upload such files (profile picture or HR documents: employment contract, internal regulations, payslips, etc.).

2. Purpose and legal basis

The data is processed to manage the employment relationship (working-time records, leaves, documents) - basis: performance of the employment contract and the employer's legal obligations, according to Regulation (EU) 2016/679 (GDPR), art. 9(2)(b), Law 53/2003 (Labor Code) and related working-time legislation.

3. How we protect data

  • All application traffic is encrypted (HTTPS/TLS).
  • The authentication token is stored in the device's secure area (Keychain/Keystore).
  • Uploaded photos are re-processed on the server to remove hidden content.
  • Data access is strictly isolated to the user's company.

4. Data sharing

We do not sell or share data with third parties for marketing purposes. The data is visible only to your employer (company administrators) and to the infrastructure provider hosting the service, who analyzes it strictly for IT purposes and only on request.

5. Data retention

The data is retained for the duration of the employment relationship and afterwards according to legal archiving obligations, after which it is deleted or anonymized. The obligation to retain the data - and to generate PDF reports - rests with the beneficiary (employer).

6. Your rights

You have the right to access, rectify, delete, restrict and port your data. For any request, including data deletion, write to contact@pontaj.eu (or in the app: Account → Request data deletion). Requests are resolved within a maximum of 30 days, as long as they do not contravene a legal obligation.

7. Contact

Email: contact@pontaj.eu
Phone: +40 724 782 743