1) What this Privacy Policy covers
This Privacy Policy explains how WigTech collects and processes personal data when you use the WigTech T&A mobile application and related services (together, the “Service”).
WigTech T&A is a time and attendance service made available to users through their employer or organisation.
2) Who is responsible for your data (Controller vs Processor)
In most cases, your employer/organisation (the “Organisation”) is the data controller. This means the Organisation decides what employee data is used in the Service and for what purposes (for example, attendance records, leave management, and workplace administration).
WigTech typically acts as a data processor, meaning we process personal data on the Organisation’s behalf and under their instructions to provide and secure the Service.
If you have questions about how your employer uses your data, you should contact your Organisation.
3) What data we collect
We collect only the data needed to operate and secure the Service. Depending on how your Organisation uses WigTech T&A, we may process:
A) Technical and log data (collected by us)
- IP address
- Browser type / user agent (device and browser information)
- Time and date of access/login
- Basic security and diagnostic logs related to access to the Service
B) Content you submit (provided by you)
- Selfie images (if your Organisation uses selfies for identity/attendance verification)
- Holiday/leave requests, including dates and any text you enter
- Attachments you upload in connection with requests (if enabled by your Organisation)
C) Work records shown in the app (provided by your Organisation)
The app may display and make available attendance and workplace information coming from your Organisation’s clocking/time system. This data is provided and controlled by your Organisation.
4) What we do not collect
- We do not use advertising SDKs.
- We do not run analytics tracking.
- We do not sell personal data.
5) How we use personal data
We use (and process) personal data to:
- Provide the Service features (for example access/login, holiday request submission, selfie upload)
- Maintain the security and integrity of the Service (fraud prevention, abuse detection, troubleshooting)
- Support customers and respond to enquiries
- Comply with legal obligations where applicable
6) Legal basis for processing (UK GDPR / EU GDPR)
Where UK/EU data protection law applies:
- The Organisation (controller) typically relies on lawful bases such as legitimate interests, legal obligations, and/or employment-related necessity for processing employee data.
- WigTech (processor) processes personal data to perform the Service contract with the Organisation and under the Organisation’s instructions.
- Where we rely on consent for optional features (if any), you can withdraw it by changing your device/app permissions — though some features may not work.
7) Sharing of data
We do not sell your data. We may share data only as follows:
- With your Organisation: authorised administrators may access data you submit or that relates to your account, according to your Organisation’s policies and permissions.
- Service providers: we may use hosting, storage, and security providers to run the Service. They are bound to protect data and may only process it to provide services to us.
- Legal and security: we may disclose data if required by law or to protect the rights, safety, and security of users, organisations, or the Service.
8) Data retention
We retain personal data only as long as necessary:
- Technical logs (IP address, browser type, access times) are retained for security and operational purposes.
- Selfies, leave requests, and related records are retained according to the Organisation’s needs and retention policies, and may be deleted or anonymised when no longer required.
If you want specific retention timeframes, your Organisation can provide them (as controller).
9) Security
We use reasonable technical and organisational measures designed to protect personal data, including access controls and secure transmission where applicable. No method of transmission or storage is completely secure, but we work to protect your data.
10) Your rights
Depending on your location, you may have rights such as access, correction, deletion, restriction, objection, and portability.
Because your Organisation is usually the controller, requests about employment/time records should generally be directed to your Organisation. If you contact WigTech, we may forward or coordinate the request with your Organisation where appropriate.
11) Children’s privacy
WigTech T&A is intended for workplace use and is not directed to children. We do not knowingly collect personal data from children.
12) Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will update the effective date and may provide notice in the Service where appropriate.
13) Contact
If you have questions about this Privacy Policy, contact: