We are undergoing an audit or certification (ex. SOC, ISO 9001, CMMI) and need additional information about WeWorked’s security.

Over the past decade, we’ve dedicated ourselves to cultivating trust among hundreds of thousands of companies globally. While we’re unable to fill out security questionnaires, we trust our Security Overview provides the necessary information.

Please contact us if you have additional questions or concerns.

On-Site (Clock In/Out) Timesheets

Clocking In and Out

There are two ways to clock in and out based on your timesheet type. If you have the timesheet type…

  • Online or remotely (Manual/Duration)
  • On-Site (Clock In/Out)

Online or remotely (Manual/Duration)

Online or remotely (Manual/Duration) timesheet type users can enter time in three ways: week view, day view, and clock in/out view. Clocking in and out is optional for these users. However, they can clock in and out by following the steps below:

Note: This applies to users with the Timesheet Type set to Online (Manual/Duration) in their profile.

1. From the week view, switch to clock in/out view by clicking the date and selecting Clock In/Out View.
switch to clock in out

2. Click Add a task then complete the form.
clock in task

Note: This action will override any time you entered for the day using the day or week views. On-Site (Clock In/Out) type timesheet type are required to clock in and out from the main login screen. Users are allowed to view the current day and week total hours upon logging in using a special PIN. These users are not allowed pass the clock in/out screens. For example, they cannot run reports or view leave balances. These users do not submit timesheets.

On-Site (Clock In/Out)

Note: This applies to users with the Timesheet Type set to On-Site (Clock In/Out) in their profile.

On-Site timesheet users follow the steps below to clock in and out:

1. From the tablet or device that you wish for people to use to clock in and out, an administrator should first enable quick clock in/out by turning on the setting under Settings -> Timesheets -> Quick clock in/out on this device.

2. Click the clock icon at the bottom of the login screen to switch to the clock in/out form.
switch to clock in out

3. Enter your PIN and either clock in or out. If an administrator did not assign you a default task, you will be required to select a task before clocking in.
enter pin to clock in

Note: You will have to enter your email or mobile number and PIN if the device is not enabled for quick clock in/out. If you receive a message “you are not authorized to clock in/out from this device” an administrator needs to enable the setting that allows you to clock in and out from anywhere. Administrators will find this setting under your profile.

Timesheet Types

Timesheets in WeWorked are controlled by the timesheet type selected in a user’s profile. Time in worked is captured in two ways:

  • Online or remotely (Duration) – entering the overall time spent on a task. For example, 2 hours in a meeting.
  • On-Site (Clock In and Out) – capturing the specific start and end times of a task. For example, in a meeting from 02:00 to 04:00.

Online or remotely (Duration)

Duration is the default timesheet type in WeWorked. Select this timesheet type when your main focus is to capture the overall time worked on a task. Duration is the most flexible timesheet type. Users log into WeWorked.com or the mobile app to adjust their timesheets. Users can still add clock in and out times, if required. The duration will automatically adjust based on the start and time entered. Note that clock in and out entries will override any duration entries. Once a clock in and out entry is entered for a day, duration cannot be adjusted for that day.

On-Site (Clock In and Out)

The On-Site (Clock In and Out) timesheet type is only for capturing the actual start and end times of a task. It is far more restrictive than the Duration timesheet type. Users with this timesheet type do not log into WeWorked. They simply clock in and out from a single screen. These users are not allowed pass the clock in/out screens. For example, they cannot run reports or view leave balances. These users do not submit timesheets.

Options for Clock In and Out

Handling time after midnight – automatically split timesheets that cross over midnight so that hours after midnight are added to the next day. If turned off, the time that crosses is applied to the same day (the day clocked in). An administrator can control this under Settings -> Timesheets -> Split timesheets at midnight.

Default Task

A default task can be assigned to a user that clocks in and out, or they can be allowed to select a task at the time of clocking in. Turn this option on and off from a user’s profile. Select or deselect the Allow Task Selection option.

Setting Up a Default Task

Administrators can setup a default task under Settings -> Timesheet. The default task will apply to all users that clock in and out and have Allow Task Selection disabled.

Clock In and Out from Anywhere

Users can be limited to clocking in and out from specific devices (computers, iPads), or they can be allowed to clock in and out from any device. Turn this option on and off from a user’s profile. Select or deselect the Allow Remote Access option.

Setting up a Device for Clock In and Out

From the device they want people to clock in and out from, an administrator can allow clocking in and out from a device under Settings ->Timesheets -> Quick Clock In/Out on this device. This will allow all the users that are not allowed to clock in and out from anywhere to clock in and out on the device.

WeWorked and the General Data Protection Regulation (GDPR)

The European General Data Protection Regulation (GDPR) is a new privacy regulation that goes into effect May 2018.

This document provides information about the law and how we plan to comply with the requirements set forth in the GDPR. We are actively working to incorporate new features that support user choice and bring increased transparency to our existing policies and procedures around the collection, storage, and usage of your data. We expect WeWorked to be in compliance with the GDPR by May 2018.

Know that we already build security and privacy into everything we do and the protection and proper usage of your data has always been a priority.

What is the GDPR?

At a high level, the GDPR requires companies to be transparent about how they collect, use, and share personal data. It also gives individuals more control over the usage and deletion of their data. Although the GDPR is an EU law, it is applicable to all online sites that collect data from or about residents of the EU.

For more information, read the full law here or take a look at this GDPR infographic.

WeWorked and the GDPR

Data protection and user privacy has always been a priority for us. Our existing privacy policy aligns with any of the GDPR principles. WeWorked was built from the ground up with privacy and security in mind. For example:

Content Control. Our goal is to give you as much control as possible over who can see your data. The security settings in WeWorked give you the ability to control who has rights to see and view certain information.

Government Requests. We understand the importance of safeguarding your data. We have strict guidelines and notification procedures for how we respond to data requests from law enforcement or governments. It is our policy to notify you when these requests are made and fulfilled.

Security is Priority. Understanding that no online service is every 100% secure, we work nonstop to protect your information from unauthorized access. We serve our website traffic over the encrypted Secure Socket Layers (SSL) that is the same level of protection used by the world’s leading banks.

It is your Data. Just as easily as you put your data in, you are able to get it out. It is our goal for you to stay with WeWorked; however, if you need to take your data somewhere else, you can always and easily export your data.

What rights does the GDPR give me?

The GDPR gives EU individuals rights to their personal data. There are some exceptions/exemptions to the rights granted by the GDPR, but in general it includes rights to:

  • request access to the data we store about you
  • request updates/changes to your personal data
  • request the deletion of your personal data
  • take your personal data to a new service
  • request we limit our collection and use of your personal data (e.g., opt out of being tracked by our first party analytics tool)

Although GDPR is a law that only applies within the European Union, we are offering tools to manage your personal data to all of our users.

Additionally, you can expect that we as a company will work to protect the privacy of your personal data, will only collect the data when we have a reason to do so, and will delete your personal data once we no longer have a need for it.

How do I request access to my personal data? How do I request changes to it?

If you’d like to know what personal data we have stored about you, please contact us with your request. If upon reviewing that data you need to request changes to it, please let us know and we will work with you to make the necessary corrections.

How do I take my data to a new service?

Your data is yours and your content belongs to you. We hope you find our services useful, but if you decided to move elsewhere, you can export your data to .csv format using our reports. This file can be used to assist with migrating to a new platform.

How do I delete my personal data?

Simply send us an email requesting complete removal of your account. We will remove your account once we confirm the identify of the owner.

Questions About Your Responsibilities as a Site Owner

What Tools Do You Offer to Help Me Comply with GDPR?

We provide permissions to help you manage your user’s data, and to respond to requests from your users, for example, the ability to edit profiles.  In general we try to make it possible for you to manage your account without needing our help, but if you get a request from one of your site’s users that you don’t have the ability to fulfill, you can contact us to request our help.

For me to be compliant with GDPR, I need a data processing contract from you stating you comply with the GDPR and/or that any data transmitted to your servers is done so in compliance with European law. How do I get that?

We are able to provide data processing amendments to users on active, paid subscriptions. If your account has an active upgrade, please contact us to let us know what you need.

Data Collection Questions

What data do you collect about me?

We have always tried to collect the minimal amount of data that’s necessary.

For example, when you sign up for WeWorked.com, we ask only for limited information needed to set up your WeWorked.com account. We require an email address and a username, nothing more. If you purchase a paid plan, we’ll need additional information to process your payment. You are welcome to add other information to your public profile and account settings, but we don’t require you to give us any other personal information to get your account up and running. The same principle applies to all our products and services.

Do you sell or give away my personal data?

We do not sell your private personal information.

We will share information about you in limited circumstances, and with appropriate safeguards on your privacy. You can read more details of when we share your information, and what we share, in our privacy policy.

How long do you keep logs?

Our system logs, which record information about visitors to our websites, are kept for 30 days after which they are deleted.

Where are your servers located?

Our servers are all over the world. This allows us to provide the fastest service to our users, and to the visitors viewing our users’ sites, no matter where they live. It also allows us to keep our service, and your site, running should one or more of our servers go down.

Although we have servers all over the world, at present all personal and site data is stored exclusively on US-based servers.

 

Managing Holidays

Enter company holidays so they display on timesheets. You have the option to lock individual days from timesheet entries. You can give the same holidays to all users or choose to group holidays by specific users. For example, you may have different holidays that apply to different parts of your organization depending on their country, ex. Holidays in the USA will be different from those recognized in Italy. Holidays have to be defined each year.