Privacy Policy

VacationTracker provides an employer-administered absence and time-off management platform. Organizations configure absence categories and manage employee records within the service.

We collect and process information necessary to operate, secure, and improve the service. Information is not sold and is shared only with service providers required to deliver the platform or where legally required.

  • Information may be processed to investigate, prevent, or take action regarding illegal activities, suspected fraud, safety risks, or violations of Terms of Service.
  • If VacationTracker is acquired or merged, information may transfer subject to continued protection under a new privacy policy.

INFORMATION GATHERING AND USAGE

  • When an organization registers for VacationTracker, we collect administrator name, company name, email, billing address, and payment details.
  • Employers configure absence types and administer employee access.
  • Employees may submit absence requests and optional notes.
  • VacationTracker uses collected information for service provision, authentication, billing, support, service improvement, and security monitoring.

SPECIAL CATEGORY DATA

Absence categories defined by employers may include information relating to health, family status, or other sensitive matters. Where this occurs:

  • The employer determines the categories used and the lawful basis for processing.
  • VacationTracker processes such information solely under the employer’s instructions.
  • We do not independently determine or infer health conditions.
  • User-entered notes are processed only for operational purposes and are not analyzed for profiling or marketing.

ROLE OF THE PARTIES

  • Employer organizations act as data controllers for employee data processed within the service.
  • VacationTracker acts as a data processor for employee absence data and as a controller for account, billing, and operational service data.
  • Data processing terms governing controller-processor obligations are incorporated into the Terms of Service.

SUBPROCESSORS

We use third-party service providers necessary to operate the platform:

  • Hosting provider: Amazon Web Services, Akamai Technologies
  • Email delivery: Postmark
  • Payment processor: Stripe
  • Analytics: Google Analytics
  • Support systems: Freshdesk, Chatify, email

THIRD-PARTY AUTHENTICATION AND API INTEGRATIONS

  • VacationTracker supports integrations to enable authentication and workflow automation.

Google Integration

  • Basic profile data is received to authenticate accounts.
  • Calendar access is used solely to synchronize absence events selected by the user.
  • Only minimal encrypted tokens and identifiers are stored.
  • We do not access or process unrelated calendar content.
  • Use of Google data complies with the Google API Services User Data Policy and Limited Use requirements.

Microsoft Integration

  • Basic profile data is received to authenticate accounts.
  • Calendar access is used solely to synchronize absence events selected by the user.
  • Only minimal encrypted tokens and identifiers are stored.
  • We do not access or process unrelated calendar content.
  • Use of Microsoft data complies with the Microsoft API Services User Data Policy and Limited Use requirements.

Slack Integration

  • Slack OAuth may be used for authentication and absence notifications.
  • Only minimal encrypted tokens and identifiers are stored.
  • Processing occurs only based on user authorization.

DATA RETENTION

  • Account data after cancellation: 90 days
  • Backups: up to 180 days
  • System logs: up to 1 year
  • OAuth tokens after disconnect: deleted immediately
  • Billing records: retained as legally required

INTERNATIONAL DATA TRANSFERS

Data may be processed in the UK, EU, United States, and other jurisdictions where subprocessors operate. Where transfers occur outside the UK/EEA, appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms are used.

DATA PROTECTION AND SECURITY

  • Encryption in transit and at rest
  • Role-based access controls
  • Administrative audit logging
  • Key management and rotation
  • Incident response procedures
  • Vulnerability scanning and patching

In the event of a confirmed data breach affecting customer data, VacationTracker will notify the relevant controller organization without undue delay.

COOKIES AND TRACKING

  • Session cookies are required for authentication and service operation.
  • We use Google Tag Manager to manage scripts and consent preferences.
  • Analytics cookies (Google Analytics) are used only after you provide consent via our cookie banner, where required by law.
  • You can withdraw or change your cookie preferences using the controls provided in the cookie banner (where available).

DATA STORAGE

VacationTracker uses third-party infrastructure providers to operate the platform. Customers retain ownership of their organizational data and may export it using available tools.

DISCLOSURE

  • Personal information may be disclosed where required by law, to enforce agreements, or to protect rights and safety.

YOUR RIGHTS AND BUSINESS CONTEXT

VacationTracker is administered by employer organizations.

  • Employers determine how employee data is used.
  • Employees should direct privacy requests to their employer administrator first.

Where applicable under UK GDPR, EU GDPR, and other laws:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction
  • Right to data portability
  • Right to object

Requests may be directed to your employer administrator or to dpo@vacationtracker.com.

US PRIVACY RIGHTS

Where applicable, US residents may have rights regarding access, deletion, and disclosure of personal information under state privacy laws.

CHILDREN

VacationTracker is not intended for individuals under 16.

LEGAL INFORMATION

  • Company incorporated in Ireland
  • Service offered globally (UK, EU, US and other regions)
  • Privacy contact: dpo@vacationtracker.com
  • Postal address: Envision Technologies, 28b Princes Street, Cork, Ireland
  • Effective date: 2025-07-15

CHANGES

VacationTracker may update this policy periodically. Material changes will be communicated via the service or account email.

QUESTIONS

Any questions about this Privacy Policy should be addressed to support@vacationtracker.com