Privacy Policy

The software – AtTrack is the property of UMBRELLA UK GROUP LLP and Umbrella Alliance, (hereinafter “we”, “us” or “our”)

This Privacy Policy describes how We collect, use, share, and otherwise processes personal data about visitors”) to our website/service and the real-time time tracking service that analyzes productivity (“Service”).

Please read the following carefully to understand our views and practices regarding your personal data and how we treat it. Your continued use of AtTrack shows your acceptance and consent to this Privacy Policy.

UMBRELLA UK GROUP LLP is committed to following the principles outlined in the EU’s General Data Protection Regulation (the “GDPR”) for all EU residents, the UK GDPR that regulates the use of data for citizens in the UK and the California Consumer Privacy Act (the “CCPA) for all California consumer that provide their personal data to us and other applicable privacy laws.

Table of Contents:

  • Information We Collect and Receive
  • How We Use Information
  • Data Retention
  • How We Share and Disclose Information
  • Security
  • Age Limitations
  • International Data Transfers
  • Data Protection Officer
  • Your Rights
  • California Privacy Rights
  • Cookies and web beacons
  • Changes to Privacy policy
  • Contact information
  • Your right to complain with a supervisory authority

1. Information We Collect and Receive

1.1. Information you provide

You may provide us with your personal data:

When you communicate with us via this website/service, including filling out forms on this website/service (submitting enquiries, questions, comments, feedback, or contact requests) and by contacting us by email or phone;

When you subscribe to our marketing communications, which includes information about our services and products, events, offers, news, promotions and surveys;

When you become our customer, including buying, downloading, taking a free trial, downloading a demo-version of our software and products.

To fill out forms on this website/service, most commonly we ask you to provide your Name, Email, and Phone number. When you contact us via this website/service, in emails, phone calls, or other means of communication, at your discretion and where possible you may also provide us with other personal data by putting it in the textbox of enquiry or attaching a file.

1.2. Information we collect about you

Like most website/services, this website/service uses cookies and web beacons.

You do not have to give us information in order to use our website/service. However, non-identifiable personal information about visitors to the website/service is automatically collected by cookies and web beacons. This includes technical information about your browser and operating system and actions you take on the website/service.

We use this information to understanding how visitors use our website/service, make your experience of our website/service better and assist in our marketing efforts.

If used alone, cookies and web beacons do not personally identify you.

1.3. Information we collect from AtTrack users.

1.3.1. AtTrack collects, generates and receives information in a variety of ways when you use the Service. Some of this information constitutes Personal Data.

Information you provide upon creating your account

1.3.2. As a User of AtTrack Services you provide us with information containing your Personal Data. Upon registration and creating your profile you provide us with the following information:

Full name

E-mail address


Payment information

Phone number

Social media account information (if you register by linking your social media account to your AtTrack account)

Photo (voluntary)

1.3.3. Please note that some options within the Service allow our Users to voluntarily disclose their Personal Data such as your photo, or any data that you enter into notes, as well as some special category data, e.g. data concerning health when using the absence calendar function. AtTrack does not oblige Users to submit such data since it is not essential for provision of the Service, and Users are able to use the Service without providing us with the aforementioned data.

Third-party integrations

1.3.4 You can choose to integrate third-party services in relation to certain aspects of AtTrack Service. A third-party service is software that integrates with the Service and you can enable or disable such integration for your AtTrack account.

1.3.5 Once enabled, the relevant third-party service provider may share certain information with us. For example, if you choose to use a third-party service (such as Facebook, Twitter, LinkedIn) to sign up for the Service, then the provider of such a service may send us your name, user ID, email address. Or if some other third-party application (e.g., project management service, Google or Outlook calendar) is enabled to permit data to be imported into Service, we may receive such information as you have elected to let the application make available to us. You should check the privacy settings of these third-party services to understand what data may be disclosed to us.

Information you provide by configuring your account

1.3.6 Upon configuring settings of your AtTrack account, including performance tracking preferences, you provide us with the following information, which in connection with other information may contain Personal Data:

Location, time zone, start and end time of your workday, work duration, start and stop time of work tracking, working days, tracking days, hourly rate, offline time input options, private time input options, application names to be collected, options to hide owners, absence calendar, information about colleagues, option to use calculation tool of project costs.

Information generated when using the Service

1.3.7 Some of the information processed by AtTrack is created by you using the Service, and this information may also contain Personal Data. AtTrack records the following information when you use the Service:

IP address where you logged in, browser type and browser software version, names of applications used, names of tasks to be worked on, website/services visited, AtTrack client version, path to the application, start and end time of use, time spent on breaks, screenshots of your computer screen. AtTrack may record the number of keystrokes or mouse movements, but we do not record what you type or where you click.

1.3.8 When you are just the end-user and not the Client of the Service, the above-mentioned information is provided to AtTrack by the Client (e.g. your employer).

1.4. Processing of data on behalf of clients by AtTrack as data processor

1.4.1. This section concerns AtTrack Clients that transfer Personal Data of end-users of the Service, such as personal data of Client’s employees, to AtTrack. In respect of such data, the Client sets the purpose and means of processing Personal Data, therefore the Client is the Data Controller.

1.4.2. AtTrack processes end-users’ Personal Data on behalf of the Client, and AtTrack only accesses the data for the purpose of rendering the Service, therefore AtTrack is the Data Processor.

1.4.3. If you as a Data Subject are the end-user of AtTrack Service and your profile was created by your employer, the privacy policy of the Client (e.g. your employer or other organization that created your account), on whose behalf we process the data, will apply. This means that any enquiry, request, objection or complaint that you as a Data Subject may have in connection with the processing of Personal Data that forms part of your AtTrack account should be addressed to and resolved by the Client as the Data Controller.

Details of processing

1.4.4. When the Client creates accounts for end-users in its group the Client transfers the Personal Data of such end-users to AtTrack. In that way, the Client instructs AtTrack to process Personal Data in order to provide Service to the Client pursuant to the agreement concluded between the Client and AtTrack.

1.4.5. For the avoidance of doubt, this Privacy Policy contains complete and final instructions of the Client to AtTrack in relation to the processing of Personal Data of end-users, and this Privacy Policy constitutes a binding data processing agreement.

1.4.6. AtTrack will always process all Personal Data on behalf of the Client following the Client’s instructions and in compliance with the applicable data protection laws and regulations including requirements of GDPR where applicable.

Type of personal data and categories of data subjects

1.4.7 Categories of data subjects whose Personal Data will be processed on behalf of the Client include the Client’s employees, representatives and other end-users that will be registered under the Client’s group account. The information about these individuals that may contain Personal Data is indicated in Paragraph 4.

1.4.8. Client represents that it has acquired all necessary consents and/or relies on another appropriate legal basis for the processing of Personal Data of end-users. Client confirms that end-users have been informed about the fact that their Personal Data is transferred to AtTrack as a Processor and other third parties used by AtTrack for the provision of Service.

Duration of the processing

1.4.9. AtTrack will process the aforementioned data for as long as AtTrack provides the Service to the Client and the Client has an active AtTrack account.

1.4.10. When an end-user’s account is deleted by the Client, AtTrack will process data of deleted accounts in the Client’s group for statistical and analytical interests of the Client. However, such data can be deleted at any time upon the Client’s request.

1.4.11. After terminating the contractual relationship between AtTrack and the Client, we may continue to store some Personal Data, but limited to the minimum amount required, as might be necessary for us to comply with legal obligations, to ensure reliable back-up systems, to resolve disputes between the Client and AtTrack, if any, to prevent fraud and abuse, to enforce AtTrack agreements, and/or to pursue legitimate interests of AtTrack or third parties.


1.4.12 The Client consents that AtTrack, for the purpose of providing Service to the Clients, uses sub-processors that provide AtTrack the services indicated in Paragraph 7. AtTrack ensures that it only uses sub-processors that comply with the same data protection obligations as set out in this Privacy Policy, in particular, provides sufficient guarantees and has implemented appropriate technical and organizational measures and otherwise comply with the requirements of GDPR where applicable. If such sub-processor fails to fulfill its data protection obligations, AtTrack shall remain liable to the Client.

Assistance to the controller

1.4.13 Taking into account the nature of the processing, AtTrack as a Data Processor will assist the Client with provision of technical or organizational measures, insofar as possible, for the fulfillment of the Client’s obligations as a Data Controller in relation to:

Any requests from the Client’s end-users in respect of access to or the rectification, erasure, restriction, portability, blocking or deletion of their Personal Data that AtTrack processes on behalf of the Client. In the event that a Data Subject sends such a request directly to AtTrack, AtTrack will promptly forward such request to the Client; and

The investigation of Personal Data breaches and the notification to the Supervisory Authority and Client’s end-users regarding such Personal Data breaches; and

Where appropriate, the preparation of data protection impact assessments and, where necessary, carrying out consultations with any Supervisory Authority.

Return and deletion of data

1.4.14 Unless otherwise required by applicable law, AtTrack has no obligation to store the Client’s data after termination of the agreement with the Client and deletion of the Client’s account and all accounts associated with it.

1.4.15 At the choice of the Client, AtTrack will delete or return all the Personal Data to the Client after the end of the provision of Service relating to processing and shall delete existing copies, unless applicable law requires AtTrack to store such Personal Data.

2.  How We Use Information

UMBRELLA UK GROUP LLP uses personal data according to the purposes it was collected for and use only personal data that is relevant and sufficient for such purposes. Most commonly we use collected personal data for the following purposes:

  • To analyze how users engage with our website/service in order to make your experience of our website/service better and assist in our marketing efforts;
  • To receive, respond to and follow up on your enquiries and requests, which you have submitted to us via this website/service, by email or phone;
  • To provide you with information about our services and products that you have already requested from us and about other services and products we offer;
  • To notify you about changes to our services and products;
  • To carry out our obligations arising from any contract concluded between you and us and the contracts we are about to enter into;
  • To send you marketing communications which you have subscribed to;
  • To set up retargeting/remarketing campaigns.

We may use personal data you provided for marketing purposes, namely, to send you emails about our services and products, events, offers, news, promotions and surveys. This communication is subscription based and requires your consent. While filling out forms on this website/service, you can indicate that you want to subscribe (opt in) to marketing communications by ticking the relevant checkbox on the form.

You have the right to object to the processing of your personal data for marketing purposes and unsubscribe (opt out) from marketing communications at any time by clicking the unsubscribe link in any of these emails or by contacting us at [email protected].

3.  Data Retention

We retain personal data no longer than it is necessary to fulfill the purpose for which personal data was collected and processed and as otherwise needed to comply with applicable legal requirements. We will delete your personal data when they are no longer required for the purposes for which they were originally collected, processed, and stored.

If you decide to stop using UMBRELLA UK GROUP LLP your personal data, you can ask us to delete your information. 

There may be legal requirements to store your data and we may need to suspend those deletion practices if we receive a valid legal process or request asking us to preserve that content, or if we receive reports of abuse or other Terms of Service Violations. We may also need to retain certain information in backup for a limited period of time, or as required by law.

4. How We Share and Disclose Information

Under no circumstances we sell, rent, or trade your personal information with any third parties.

We do not share your information without your consent, except for cases that are described below. We may share your personal data with selected third parties:

  • UMBRELLA UK GROUP LLP group of companies with the purpose to maintain and provide our services and products, and to maintain and improve this website/service.
  • Business partners, suppliers and sub-contractors for the performance of any agreement we enter into with you or we are about to enter into to provide the best service to you;
  • Analytics services and search engine providers that assist us in the improvement and optimization of our website/service and services;
  • Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others (subject to the relevant consent to receive marketing communications).

We may share personal data when it’s required by mandatory legal obligations and to comply with any subpoena, court order and ongoing or prospective legal proceedings, or other governmental requests. We may also share personal data to establish or protect our legal rights, property, or safety (e.g, for the purposes of fraud prevention and reducing credit risk).

We may also share anonymous statistics or other information that does not identify individuals personally.

We require all third parties to respect the security of personal data and to treat it in accordance with the legal requirements and in accordance with our instructions. In any way, third-parties are not authorized to use your personal data for their own purposes and are only permitted to process your personal data for specified purposes which it was initially collected for.

5. Security

UMBRELLA UK GROUP LLP takes the security of data very seriously. UMBRELLA UK GROUP LLP works hard to protect other information you provide from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the Other Information we collect, process and store. 

Given the nature of communications and information processing technology, UMBRELLA UK GROUP LLP cannot guarantee that information during transmission through the Internet or while stored on our systems or otherwise in our care will be absolutely safe from intrusion by others. When you click a link to a third-party site, you will be leaving our site and we don’t control or endorse what is on third-party sites.

6. Age Limitations

To the extent prohibited by applicable law, UMBRELLA UK GROUP LLP does not allow use of our Services and website/services by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us and we will take steps to delete such information.

7. International Data Transfers

UMBRELLA UK GROUP LLP is a part of an international UUMBRELLA UK GROUP LLP group of companies with offices in USA, Russia, Netherlands, Canada and development centers in Eastern Europe. In this regard, we may transfer personal data to jurisdictions outside of the individual’s home country and outside of European Economic Area (EEA) as necessary for the purposes the data collected and is processing. Collected personal data may also be processed by staff operating outside the EEA who work for us or for one of our subsidiaries and affiliated parties.

We take all steps necessary to provide suitable safeguards to protect the privacy and security of your personal data during the cross-border transfer and to ensure that your data is treated securely and in accordance with this Privacy Policy. With respect to such cross-border transfers to non-EEA jurisdictions, we implement standard contractual clauses approved by the European Commission and other approved mechanisms to protect such personal data.

8. Data Protection Officer

To communicate with our Data Protection Officer, please email [email protected].

9. Your rights

Individuals located in certain countries, including the European Economic Area and the United Kingdom, have certain statutory rights in relation to their personal data. Subject to any exemptions provided by law, you may have the right to request access to Information, as well as to seek to update, delete or correct this Information.

Once you have provided us with your personal data you have rights under the GDPR, the CCPA and applicable data protection laws in relation to your personal data, including the following:

  • Right to request access. You may request details of personal data which we hold about you and to check that we are lawfully processing it;
  • Right to request a correction. If you believe that any personal data we are holding on you is incorrect or incomplete, please contact us at [email protected] may need to verify the accuracy of the new data you provide to us.
  • Right to request erasure. You may ask us to delete or remove personal data where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Right to object to processing. At any time on grounds relating to your particular situation you have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party). You also have the right to object where we are processing your personal data for direct marketing purposes.
  • Right to request restriction of processing. You may ask us to suspend the processing of your personal data where one of the following applies: (a) if you want us to establish the data’s accuracy; (b) if the processing of personal data is unlawful but you do not want us to erase it; (c) if we no longer require your personal data but you need us to hold the data since you need it to establish, exercise or defend legal claims; (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Right to request the transfer of your personal data to you or to a third party. You may ask us to provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Right to withdraw consent at any time. If you have previously provided us with your consent to collect and process your personal data, you can change your mind and withdraw such consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. Note that if you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, please contact us at [email protected]. Note that before acting on any such request, we will need to verify your identity and you may previously provide us with personally identifiable information. To the extent UMBRELLA UK GROUP LLP does not have sufficient information about you or is unable to verify your identity, we may not be able to honor your request.

To the extent that UMBRELLA UK GROUP LLP processing of your Personal Data is subject to the General Data Protection Regulation (or applicable laws covering the processing of Personal Data in the United Kingdom), UMBRELLA UK GROUP LLP relies on its legitimate interests, described above, to process your data. UMBRELLA UK GROUP LLP may also process Other Information that constitutes your Personal Data for direct marketing purposes, and you have a right to object to UMBRELLA UK GROUP LLP use of your Personal Data for this purpose at any time.

10. Your California Privacy Rights

This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act or “CCPA.”

For more details about the personal information we have collected over the last 12 months, including the categories of sources, please see the Information We Collect And Receive section above. We collect this information for the business and commercial purposes described in the How We Use Information section above. We share this information with the categories of third parties described in the How We Share and Disclose Information section above. UMBRELLA UK GROUP LLP does not sell (as such term is defined in the CCPA) the personal information we collect (and will not sell it without providing a right to opt out). 

Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), to delete their personal information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.

California consumers may make a request pursuant to their rights under the CCPA by contacting us at [email protected]. We will verify your request using the information associated with your account, including email address. Government identification may be required. Consumers can also designate an authorized agent to exercise these rights on their behalf.

11.  Cookies and web beacons

Like most websites/services, this website/service/ uses cookies and web beacons.

When you use this website/service we may automatically collect the following data:

Internet Protocol (IP) address, browser type and version, geographic location, time zone and language settings, operating system type, platform and version;

Uniform Resource Locators (URL) clickstream to, through and from our website/service including date and time, the information you searched for, response times, errors, length of visits, interaction information (such as scrolling, clicks, and mouse-overs), forms filled out and submitted.

We use this information to understanding how visitors use our website/service, improve our website/service, present content in the most efficient and engaging manner and assist in our marketing efforts.

12. Changes to the Privacy Policy

UMBRELLA UK GROUP LLP may update this Privacy Policy from time to time by posting the updated version of on website/service and p. The effective date of our Privacy Policy is posted above.

If we make changes that significantly alter our Privacy Policy, we will post a notice on our website/services prior to the change taking effect or notify by email. We encourage you to check this Privacy Policy periodically to stay informed about our privacy practices.

13. Contact information

If you have questions or comments regarding this Privacy Policy and our privacy practices, or you have any requests to exercise your legal rights, please contact us at:

Email: [email protected]

Registered address: 


14. Your right to complain to a supervisory authority

If you are unhappy with the way in which your personal data has been processed, you may, in the first instance, contact [email protected]

If you remain dissatisfied, then you have the right to apply directly to your national data protection supervisory authority for a decision.

The supervisory authorities can be contacted at:

European Data Protection Supervisor:

Once the United Kingdom is no longer a Member State of the European Union, if you are a resident of the United Kingdom and believe we maintain your Personal Data within the scope of the applicable laws relating to personal data in the United Kingdom, you may direct questions or complaints to the UK supervisory authority, the Information Commissioner’s Office.