Aussie Time Sheets - Data Protection Policy

Data Protection Policy And Information Sheet

 Last updated 25th July 2019

 

Background

This Data Protection Policy and Information Sheet (DPP) applies to all of the products and services offered by Aussie Time Clocks Pty Ltd ABN 20 163 959 779 trading as “Aussie Time Sheets”, “uAttend Australia” and Kiwi Time Sheets Ltd 6267616 NZBN 9429046076892 (individually and collectively called ATS) and contains important information about the data collected and stored by ATS products and any information, data in any medium provided by You, the ATS customer (You/Your) to ATS.

 

ATS may make changes to this DPP from time to time for any reason. ATS will publish changes to this DPP on our ATS Website being www.aussietimesheets.com.au.

 

It is important that You read and understand this DPP.

 

Acceptance

If you purchase any of ATS’s products or services, You acknowledge that You agree to this DPP and to the security protocol and data protection procedures that ATS adopts in its business.  If You do not wish to agree to be bound by this DPP or to any of the security protocols adopted by ATS, You must not proceed to purchase ATS’s products or services.  Once you place an order with ATS for one of its products or services, You are deemed to be bound by this DPP and its Privacy Policy which may be viewed here click here.

 

Security and Storage

  1. Aussie Time Sheets - Basic
  2. Aussie Time Sheets - Premier
  3. Aussie Time Sheets - Workforce TNA
  4. Aussie Time Sheets - PaySync
  5. Focus Enterprise
  6. ATS Company Data Protection Policy

 

N.B. Please note that you should obtain the prior written consent from each employee or contractor to collect, store and manage an employee’s or contractor’s biometric data. You should consult your solicitor to obtain appropriate documentation. Do not hesitate to contact us to discuss further if necessary.

 

 1. Aussie Time Sheets - Basic:

 Overview:

Aussie Time Sheets – Basic (“ATS Basic”) is a windows application connected to SQLLocal Database. It may also connect via API to other Payroll/HR applications. This application is provided to You to install on Your I.T infrastructure, it is not sold as a SaaS controlled by ATS. Access to the ATS Basic application, SQLLocal Database and time clock devices is controlled and secured by You.

 

Windows Application:

ATS Basic is a locally installed Windows application. This application is installed to Your local PC or Windows Server. While the ATS Basic application may be able to be executed via different Windows User Profiles on the local PC the software was installed on, access to ATS Basic database is only via the Windows User Profile that the application was installed under and initially configured.

 

SQL Database:

ATS Basic’s data is stored in a SQLLocal database saved in the Windows User Profile of the user the application was installed to. The SQLLocal Database is controlled by Windows Authentication. All data stored in the ATS Basic SQLLocal Database is owned and controlled by You.

ATS may obtain database backups to provide technical support or enhancement testing. These backups are stored securely in cloud storage. ATS can provide copies if the backup databases on file to You upon

request and can also permanently delete all databases held in cloud storage within 7 days of receiving a written request by You.

Passwords stored in the SQL Database are encrypted, as is all biometric data.

Data within the SQLLocal Database can be permanently deleted by You at any stage.

 

Time Clock:

The ATS Basic time clock devices store all data locally within their flash memory. The time clock device and its stored data is owned and controlled by You. The time clock data is transmitted to Your ATS Basic application via TCP/IP over a local network or via a USB drive that has securely obtained the data direct from the time clock itself. The menu of the time clock can be secured to Your login credentials.

Biometric data on the time clock is encrypted by the time clock device using a proprietary one-way algorithm. This fingerprint or facial recognition scan is taken, converted to binary code, then encrypted and stored as an encrypted data string. The entire image of a fingerprint or face scan is not saved, nor could it be reproduced from the data collected, only unique points taken during enrolment could possibly be reproduced.

The facial recognition device also captures a User Profile Photo and attaches this to the employees’ profile on the time clock and ATS Basic application. This User Profile Photo is stored within the time clock and the SQLLocal Database. This image can be deleted from both the time clock and ATS Basic, while still keeping all other associated user data, and not affect the use of the time clocks normal functions.

When an employee is Archived within the ATS Basic application, their user data should be removed off all time clocks by You. However, this data is retained within the SQLLocal Database until You choose to manually remove this data.

All data stored on the time clock device can be permanently deleted by You at any stage.

 

 2. Aussie Time Sheets - Premier:

 Overview:

Aussie Time Sheets – Premier (“ATS Premier”) is a windows application connected to Microsoft SQL Server Database. It may also connect via API to other Payroll/HR applications. This application is provided to You to install on Your I.T infrastructure, it is not sold as a SaaS controlled by ATS. Access to the ATS Premier application, Microsoft SQL Server Database and time clock devices is controlled and secured by You.

 

Windows Application:

ATS Premier is a locally installed Windows application. This application is installed to Your local PC or Windows Server.

 

SQL Database:

ATS Premier’s data is stored in a Microsoft SQL Server Database installed to a PC or Windows Server. Authentication between the ATS Premier software and the Microsoft SQL Server Database is recommended to be via Windows Authentication. All data stored in the ATS Premier Microsoft SQL Server Database is owned and controlled by You.

ATS may obtain database backups to provide technical support or enhancement testing. These backups are stored securely by ATS. ATS can provide copies if the backup databases on file to You upon request and can also permanently delete all databases held within 7 days of receiving a written request by You.

Passwords stored in the Microsoft SQL Server Database are encrypted, as is all biometric data. Data within the Microsoft SQL Server Database can be permanently deleted by You at any stage.

 

Time Clock:

The ATS Premier time clock devices store all data locally within their flash memory. The time clock device and its stored data is owned and controlled by You. The time clock data is transmitted to Your ATS

Premier application via TCP/IP over a local network or via a USB drive that has securely obtained the data direct from the time clock itself. The menu of the time clock can be secured to Your login credentials.

Biometric data on the time clock is encrypted by the time clock device using a proprietary one-way algorithm. This fingerprint or facial recognition scan is taken, converted to binary code, then encrypted and stored as an encrypted data string. The entire image of a fingerprint or face scan is not saved, nor could it be reproduced from the data collected, only unique points taken during enrolment could possibly be reproduced.

The facial recognition device also captures a User Profile Photo and attaches this to the employees’ profile on the time clock and ATS Premier application. This User Profile Photo is stored within the time clock and the Microsoft SQL Server Database. This image can be deleted from both the time clock and ATS Premier, while still keeping all other associated user data, and not affect the use of the time clocks normal functions. When an employee is Archived within the ATS Premier application, their user data should be removed off all time clocks by You. This data is retained within the Microsoft SQL Server Database until You choose to manually remove this data.

All data stored on the time clock device can be permanently deleted by You at any stage.

 

 3. Aussie Time Sheets - Workforce TNA:

 Overview:

Workforce TNA is an IIS web application connected to a Microsoft SQL Database. It may also connect via API to other Payroll/HR applications. This application is provided to You to install on Your I.T infrastructure, it is not sold as a SaaS controlled by ATS. Access to the Workforce TNA application, Microsoft SQL Database and time clock devices is controlled and secured by You.

 

Web Application:

Access to Workforce TNA is made using a web browser and the connection is forced to be secure HTTPS. Workforce TNA can be made available only on the local network or be made accessible via the Internet, however this choice is made by You. If You choose to make Workforce TNA available outside Your local network, then strong passwords that are routinely changed should be used.

 

SQL Database:

Workforce TNA’s data is stored in a locally installed Microsoft SQL Database Server. Access to the SQL Database is recommended to be controlled by Windows Authentication. All data stored in the Workforce TNA SQL Database is owned and controlled by You.

ATS may obtain database backups to provide technical support or enhancement testing. These backups are stored securely by ATS. ATS can provide copies if the backup databases on file to You upon request and can also permanently delete all databases held in cloud storage within 7 days of receiving a written request by You.

Passwords stored in the SQL Database are encrypted, as is all biometric data.

Data within the Microsoft SQL Database can be permanently deleted by You at any stage.

 

Time Clock:

The Workforce TNA time clock devices store all data locally within their flash memory. The time clock device and its stored data is owned and controlled by You. The time clock data is transmitted to Your Workforce TNA application via HTTPS or via a USB drive that has securely obtained the data direct from the time clock itself. The menu of the time clock can be secured to Your login credentials.

Biometric data on the time clock is encrypted by the time clock device using a proprietary one-way algorithm. This fingerprint or facial recognition scan is taken, converted to binary code, then encrypted and stored as an encrypted data string. The entire image of a fingerprint or face scan is not saved, nor could it be reproduced from the data collected, only unique points taken during enrolment could possibly be reproduced.


The facial recognition device also captures a User Profile Photo and attaches this to the employees’ profile on the time clock and Workforce TNA application. This User Profile Photo is stored within the time clock and the Microsoft SQL Database. This image can be deleted from both the time clock and Workforce TNA, while still keeping all other associated user data, and not affect the use of the time clocks normal functions. When an employee is Archived within the Workforce TNA application, their user data is removed off all time clocks automatically. However, this data is retained within the SQL Database until You choose to manually remove this data.

All data stored on the time clock device can be permanently deleted by You at any stage.

 

4. Aussie Time Sheets - PaySync:

 Overview:

PaySync is a cloud hosted middle-ware application designed to securely send and receive data between Aussie Time Sheets time and attendance software and cloud payroll applications and HR services. This is a cloud application available on a SaaS model only and is maintained and controlled by ATS.

 

Web Application:

Access to PaySync is made using a web browser and the connection is forced to be secure HTTPS. You gain access to PaySync with a username and password of Your choosing, we recommend using a unique secure password and changing this password every 6-12 months.

Authentication between PaySync and ATS software applications is done via a unique private key generated per account upon registration. Authentication between PaySync and any of the cloud payroll or HR applications available to PaySync is carried out securely, this authentication can be given and revoked at any time by You.

 

Data Storage:

PaySync does not permanently store any of the data that passes through it on it’s way to the connecting applications. PaySync may cache data that is sent to it until such a time as it can successfully process that data through to the connected application, any cached data is temporarily available within the secure PaySync database located on Australian data servers.

 

5. Focus Enterprise:

 Overview:

Focus Enterprise (“Focus”) is a windows application connected to Microsoft SQL Server Database. It may also connect via API to other Payroll/HR applications. This application is provided to You to install on Your I.T infrastructure, it is not sold as a SaaS controlled by ATS. Access to the Focus application, Microsoft SQL Server Database and time clock devices is controlled and secured by You.

 

Windows Application:

Focus is a locally installed Windows application. This application is installed to Your local PC and/or Windows Server.

 

SQL Database:

Focus’s data is stored in a Microsoft SQL Server Database installed to a PC or Windows Server. Authentication between Focus and the Microsoft SQL Server Database is recommended to be via Windows Authentication. All data stored in the Focus Microsoft SQL Server Database is owned and controlled by You.

ATS may obtain database backups to provide technical support or enhancement testing. These backups are stored securely by ATS. ATS can provide copies if the backup databases on file to You upon request and can also permanently delete all databases held within 7 days of receiving a written request by You.

Passwords stored in the Microsoft SQL Server Database are encrypted, as is all biometric data. Data within the Microsoft SQL Server Database can be permanently deleted by You at any stage.

 

Time Clock:

The Focus time clock devices store all data locally within their flash memory. The time clock device and its stored data is owned and controlled by You. The time clock data is transmitted to Your Focus application via TCP/IP over a local network or via a USB drive that has securely obtained the data direct from the time clock itself. The menu of the time clock can be secured to Your login credentials.

Biometric data on the time clock is encrypted by the time clock device using a proprietary one-way algorithm. This fingerprint or facial recognition scan is taken, converted to binary code, then encrypted and stored as an encrypted data string. The entire image of a fingerprint or face scan is not saved, nor could it be reproduced from the data collected, only unique points taken during enrollment could possibly be reproduced.

The facial recognition device also captures a User Profile Photo and attaches this to the employees’ profile on the time clock and manually to the Focus application. This User Profile Photo is stored within the time clock and the Microsoft SQL Server Database. This image can be deleted from both the time clock and Focus, while still keeping all other associated user data, and not affect the use of the time clocks normal functions. When an employee is Archived within the Focus application, their user data should be removed off all time clocks by You. This data is retained within the Microsoft SQL Server Database until You choose to manually remove this data.

All data stored on the time clock device can be permanently deleted by You at any stage.

 

6. ATS Company Data Protection Policy

 Overview:

ATS endeavours to apply best practice to its data security and storage of company and customer information.

 

Data Protection:

ATS may store data locally or on secure cloud servers. This data may be contained on email servers, cloud business applications, cloud storage applications, cloud servers and local PC’s.

 

Data is protected by using where possible:

  • Strong user password policies
  • 2-factor authentication enabled where possible on business applications
  • Updated antivirus software on PC’s and Servers
  • Staff acceptance of Data Protection Policies
  • IP address restriction to cloud services

 

When You request copies of your data, this will only be provided to authorised individuals within Your business that ATS has on record, actioned only after receiving the request in writing from that authorized individual.

 

Intellectual Property, Limitation of Liability and Indemnity

  • You acknowledge that all intellectual property in and to the ATS products and services (Intellectual Property) belongs to or are licensed to ATS and You must not purport to convey title to or grant any rights of ownership in respect of ATS’s Intellectual Property to any person nor attempt to do so.
  • You may not copy, adapt, reverse engineer, apply to register any legal rights over or take any steps in relation to ATS’s Intellectual Property that is inconsistent with ATS’s rights of full ownership to or full rights to use and exploit its Intellectual Property.
  • You must comply with any requirements or directions of ATS from time to time in relation to security measures, procedures and policies relating to ATS’s Intellectual Property.
  • You must immediately inform ATS of any matter or thing which comes to the attention of You which affects or may affect the security or ownership of ATS’s Intellectual Property or of any infringement of ATS’s Intellectual Property by You or a third party.
  • Should an ATS product or service be faulty or defective through no fault of Your own or the technical standard or skills of Your staff or contractors and ATS is notified by You of the fault or defect, the warranty provisions that appear on the back of the tax invoice issued to You on purchase of ATS’s products or services will apply. The acceptance of the warranty by ATS is in no way to constitute an admission of liability nor a waiver of any of its rights contained in this DPP or at law.
  • To the maximum extent permitted at law, ATS will not be liable to You for any claim, damages or other liability, any consequential, direct or indirect loss, damage, costs or expenses (including legal costs on a solicitor and own client basis) that are incurred by You in connection with or arising out of the use of, or other dealings with, the ATS products or services purchased by You or use of the licence to use the products or services granted to You. If ATS is held to be liable, liability for any such claim, damage or loss is limited to the purchase price of the products or services purchased by You.
  • If You purchases third party software or products to use in conjunction, connection or association with the ATS products and services for any reason, ATS will not be liable to You for any direct or indirect loss or damage that occur to the products or services or Your computer system as a result of the use by You of that third party software.

 

  • You indemnify ATS and keep ATS indemnified from and against all actions, claims, demands, costs or expenses including special, indirect or consequential damages (including legal costs and expenses on a solicitor and own client basis) made, sustained, brought or prosecuted or in any manner based upon damage to any property or occasioned by or attributable to any injury to any third party (including death) or any infringement of any third party’s Intellectual Property rights related directly or indirectly to the use of the ATS products or services by You or the grant of the licence to use the ATS products or services or the use by You of any third party software in conjunction, connection or association with the products or services provided such damage is in no way caused by the acts or omissions of ATS.

 

Governing Law

This DPP is governed by the laws in force in the State of Queensland and ATS and You agree to be bound by the exclusive jurisdiction of that State.