At Deputy, maintaining the privacy and security of your personal data is one of our key priorities. We understand the great responsibility that comes with looking after your data and we have implemented stringent privacy and security measures to ensure that your data is safely stored and securely managed. If you are curious to know more, please read through these helpful FAQ’s to stay informed about why your data is secure with Deputy.


Are there laws that protect the privacy of Deputy's customer data?

Yes! There are several of them and a detailed discussion of each regulation is beyond the scope of this article. Some of the big ones you may have heard of are the General Data Protection Regulation (GDPR) which applies to the European Union and European Economic Area; the California Consumer Privacy Act (CCPA) which applies to customers and users in California; and the Privacy Act of 1988 which applies to Australian customers and users. These laws have lots of similarities and some differences. For purposes of this FAQ, we will focus on the GDPR. 

What is the GDPR?

The GDPR is an EU regulation on data protection and privacy. It also discusses the transfer of data outside the EU and EEA. The purpose of the GDPR is to give individuals control over their "personal data."

 What is personal data?

Generally speaking, personal data is any information from which a person can be identified or potentially identified. Some examples of personal data are: names and surnames, nicknames, home address, email address, telephone number, credit card numbers, ID numbers, geolocation data (e.g., location data on a cell phone), an IP address, a cookie ID, facial and voice recognition data, and the like.

What are my rights with respect to my personal data?

Subject to certain limitations and restrictions (e.g., depending on circumstances such as where you reside) you may have certain rights in relation to your personal information, including the following:

• The right of access to personal information we hold about you.

• The right to know what personal information we collect about you, and how it is used and shared.

• The right of rectification to update your personal information if it is inaccurate or incomplete.

• The right to erasure/deletion (‘right to be forgotten’) of your personal information.

• The right to object to our use and handling of your personal information.

• The right to restrict our handling of your personal information.

• The right of data portability for transfer of your personal information to another party.

• The right to withdraw consent you have previously provided.

Please note that in order to verify your request or the applicability of any of these rights to your circumstances, we may ask you for further information and to verify your identity before responding.

What kind of personal data does Deputy collect?

Deputy collects several types of personal data in order to provide best in class workforce management software to our customers, including but not limited to:

Information Type


Profile information

This information is provided by you at signup and may include name, contact details, date of birth, gender, and photo

Financial information

This is information you provide that allows us to charge you for services and may include bank information, credit card details, transaction history, and other billing information

Employment information

This may include your employees' rosters, timesheets, pay information, positions or job functions, and other information about their employment

Sensitive information

This may include biometric information you or your employees' provide to Deputy if your instance of the service has a "kiosk" (iPad) device and facial or voice recognition features enables

See our Privacy Policy and CCPA Addendum for more information about the types of personal data Deputy may collect.

As an employee, how do I request for Deputy to delete my personal data?

Because your data is held by both Deputy (your Deputy account) and your current or previous employer (your company employee account), the process to delete your data in Deputy requires two steps:

1. Delete your Deputy account

To delete your account in Deputy, please follow the instructions provided in our Help Docs. You’ll need to login to Deputy to delete your account. If you can’t remember your log-in details please follow our reset password link.

Following these steps will delete your Deputy personal account, however, it won’t delete the information your current or previous employer holds about you in their Deputy account (personal information, timesheets, shifts, tasks, journals, employment terms).

2. Delete your employee account

To delete the information your current or previous employer holds about you, you need to send a request directly to this employer asking them to delete your employee account. They can then delete your employee account in Deputy. If you have worked for multiple employers, you will need to contact each employer individually.

As an employer, how do I delete an employee account?

You can only delete an employee if the employee has been archived first. To archive an employee, you must ensure that they do not have any outstanding timesheets to be approved, or shifts that need to be worked. For more information about archiving and unarchiving employees, check out our help guide here. For specific instructions on how to delete an employee's account please see our Help Docs.

Who can delete an employee's Deputy account?

Only System Administrators can delete accounts.

 When I delete an account, how much data is deleted?

All data associated with that account is deleted including contact details, previous timesheets, shifts, tasks, journals, employment terms.

Can I recover a deleted account?

No, once an account is deleted it cannot be recovered.

How does Deputy keep my personal data secure?

Deputy uses industry leading technical and organizational measures to secure the physical and electronic information we store. For more information about Deputy’s security measures, visit our Security page. Please note no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe.

How long does Deputy retain my personal data?

Your personal data will be retained for only the period that is necessary according to the purpose it was originally collected for, to fulfill the purpose outlined in our Privacy Policy, or to meet legislative or regulatory obligations, such as financial reporting requirements. After it is determined that your personal data reaches the end of its retention period, we will either delete or anonymize your information or, if this is not possible then we will securely store your information and isolate it from any further use until deletion is possible.

Where does Deputy process or transfer my personal data?

If you are based within the UK/EU we will only process and/or transfer data outside of the European Economic Area or EEA (i.e. the Member States of the European Union, together with Norway, Iceland and Liechtenstein) where it is compliant with the GDPR and the means of transfer provides adequate safeguards in relation to your personal information, including for example:

• By way of a data transfer agreement with your employer organization, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal information by controllers in the EEA to controllers and processors in jurisdictions without adequate data protection laws; or

• By way of a data transfer agreement with a third party, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal information by controllers in the EEA to controllers and processors in jurisdictions without adequate data protection laws; or

• By transferring your personal information to a country where there has been a finding of adequacy by the European Commission in respect of that country's levels of data protection via its legislation; or

• Where it is necessary for the conclusion or performance of a contract between Deputy and a third party and the transfer is in your interests for the purposes of that contract (for example, if we need to transfer your personal information to a benefits provider based outside the EEA); or

• Where you have consented to the data transfer.

Further questions and information sources

If you have more detailed questions about how Deputy is GDPR compliant or what it means for your business, please contact California residents may alternatively call us on 1-888-532-4785.

Did this answer your question?