TimeTac GmbH is committed to the privacy and security of its customers’ data.
We adhered to strict data standards even before the enforcement of the General Data Protection Regulation (GDPR). We then ensured our compliance with the GDPR by adhering to many requirements regarding data subject rights, technical and organisational measure, information notices and more.
As a Software as a Service provider, it is paramount in our eyes that we ensure the confidentiality, integrity and availability of customer data. This is as strong a belief for us as offering a quality product and service.
Our beliefs regarding data protection are ingrained in how we process customer data, the development practices we use and the continual reviewing and improvement of our products.
During one of these periodic reviews, we noticed a security vulnerability in our iCal feed feature, in which a user could theoretically manipulate parts of the iCal feed URL, providing access to iCal feeds of other TimeTac users. A targeted search of the iCal feeds of other users was not possible at any time.
This issue has already been rectified through a security update and has been deployed to all affected TimeTac customer accounts. We are unaware of any data breach in which these iCal feeds have been accessed by unauthorised persons.
These iCal feeds contain the name of a user and a list of absence categories. This allows the user to display these absences in an external calendar program.
You do not need to make any alterations to existing iCal feed integrations.
Should you nevertheless have any questions, or require assistance with this matter, please contact dataprotection@timetac.com.
