Aussie Time Sheets – Data Protection Policy
Data Protection Policy and Information Sheet
Last updated 29 November 2022
Background
This Data Protection Policy and Information Sheet (DPP) applies to all of the products and services offered by Aussie Time Clocks Pty Ltd ABN 20 163 959 779 trading as “Aussie Time Sheets”, “uAttend Australia” and Kiwi Time Sheets Ltd 6267616 NZBN 9429046076892 (individually and collectively called ATS) and contains important information about the data collected and stored by ATS products and any information, data in any medium provided by You, the ATS customer (You/Your) to ATS.
ATS may make changes to this DPP from time to time for any reason. ATS will publish changes to this DPP on our ATS Website being www.aussietimesheets.com.au.
It is important that You read and understand this DPP.
Acceptance
If you purchase any of ATS’s products or services, You acknowledge that You agree to this DPP and to the security protocol and data protection procedures that ATS adopts in its business. If You do not wish to agree to be bound by this DPP or to any of the security protocols adopted by ATS, You must not proceed to purchase ATS’s products or services. Once you place an order with ATS for one of its products or services, You are deemed to be bound by this DPP and its Privacy Policy which may be viewed here click here.
Security and Storage
- Aussie Time Sheets – Basic
- Aussie Time Sheets – Premier
- Aussie Time Sheets – Workforce TNA
- Aussie Time Sheets – PaySync
- Focus Enterprise
- ATS Company Data Protection Policy
- Aussie Time Sheets – Lite
- ATS Onboarding
N.B. Please note that you must obtain the prior written consent from each employee or contractor to collect, store and manage an employee’s or contractor’s biometric data. You should consult your solicitor to obtain appropriate documentation. Do not hesitate to contact us to discuss further if necessary.
1. Aussie Time Sheets – Basic:
Overview:
Aussie Time Sheets – Basic (“ATS Basic”) is a windows application connected to SQLLocal Database. It may also connect via API to other Payroll/HR applications. This application is provided to You to install on Your I.T. infrastructure, it is not sold as a SaaS controlled by ATS. Access to the ATS Basic application, SQLLocal Database and time clock devices is controlled and secured by You.
Windows Application:
ATS Basic is a locally installed Windows application. This application is installed to Your local PC or Windows Server. While the ATS Basic application may be able to be executed via different Windows User Profiles on the local PC the software was installed on, access to ATS Basic database is only via the Windows User Profile that the application was installed under and initially configured.
SQL Database:
ATS Basic’s data is stored in a SQLLocal database saved in the Windows User Profile of the user the application was installed to. The SQLLocal Database is controlled by Windows Authentication. All data stored in the ATS Basic SQLLocal Database is owned and controlled by You.
ATS may obtain database backups to provide technical support or enhancement testing. These backups are stored securely in cloud storage. ATS may provide copies if the backup databases on file to You upon
request and can also permanently delete all databases held in cloud storage within 7 days of receiving a written request by You. However ATS does not warrant that backups will be made or kept by ATS.
Passwords stored in the SQL Database are encrypted, as is all biometric data.
Data within the SQLLocal Database can be permanently deleted by You at any stage.
Aussie Time Sheets – Cloud Clocking:
The new ATS Cloud Clocking option allows you to use our cloud server to easily transmit data from time clocks to ATS Basic. This option sends employee profile, biometric and clocking data to our secure cloud server to then pass on to your software.. This cloud option temporarily hosts the data in Australia using Microsoft Azure Datacentres. Data transfer between ATS Basic and cloud clocking can be encrypted, depending on your time clock model, biometric data is always encrypted. At anytime you can request your database to be relocated to a local installation.
Time Clock:
The ATS Basic time clock devices store all data locally within their flash memory. The time clock device and its stored data is owned and controlled by You. The time clock data is transmitted to Your ATS Basic application via TCP/IP over a local network or via a USB drive that has securely obtained the data direct from the time clock itself. The menu of the time clock can be secured to Your login credentials.
Biometric data on the time clock is encrypted by the time clock device using a proprietary one-way algorithm. This fingerprint or facial recognition scan is taken, converted to binary code, then encrypted and stored as an encrypted data string. The entire image of a fingerprint or face scan is not saved, nor could it be reproduced from the data collected, only unique points taken during enrolment could possibly be reproduced.
The facial recognition device also captures a user profile photo and attaches this to the employees’ profile on the time clock and ATS Basic application. This user profile photo is stored within the time clock and the SQLLocal Database. This image can be deleted from both the time clock and ATS Basic, while still keeping all other associated user data, and not affect the use of the time clocks normal functions.
When an employee is archived within the ATS Basic application, their user data should be removed off all time clocks by You. However, this data is retained within the SQLLocal Database until You choose to manually remove this data.
All data stored on the time clock device can be permanently deleted by You at any stage.
2. Aussie Time Sheets – Premier:
Overview:
Aussie Time Sheets – Premier (“ATS Premier”) is a web application connected to Microsoft SQL Server Database. It may also connect via API to other payroll/HR applications. This application is provided to You to install on Your I.T infrastructure, it is not sold as a SaaS controlled by ATS. Access to the ATS Premier application, Microsoft SQL Server Database and time clock devices is controlled and secured by You. We strongly recommend turning on Two-Factor Authentication and enforcing this in ATS Premier.
Web Application:
ATS Premier is a locally installed web application. This application is installed to Your local PC or Windows Server.
SQL Database:
ATS Premier’s data is stored in a Microsoft SQL Server Database installed to a PC or Windows Server. Authentication between the ATS Premier software and the Microsoft SQL Server Database is recommended to be via Windows Authentication. All data stored in the ATS Premier Microsoft SQL Server Database is owned and controlled by You.
ATS may obtain database backups to provide technical support or enhancement testing. These backups are stored securely by ATS. ATS may provide copies if the backup databases on file to You upon request and can also permanently delete all databases held within 7 days of receiving a written request by You. However ATS does not warrant that backups will be made or kept by ATS.
Passwords stored in the Microsoft SQL Server Database are encrypted, as is all biometric data. Data within the Microsoft SQL Server Database can be permanently deleted by You at any stage.
Premier Cloud Hosting:
Premier can also be implemented as a cloud hosted solution. ATC provides a dedicated web server hosted with Microsoft Azure only using Australian Datacentres. Data on the cloud hosted solution is backed up daily, with backups retained for 30 days. Premier data using the cloud hosting option is stored and secured by Aussie Time Sheets.
Time Clock:
The ATS Premier time clock devices store all data locally within their flash memory. The time clock device and its stored data is owned and controlled by You. The time clock data is transmitted to Your ATS
Premier application via TCP/IP over a local network or via a USB drive that has securely obtained the data direct from the time clock itself. The menu of the time clock can be secured to Your login credentials.
Biometric data on the time clock is encrypted by the time clock device using a proprietary one-way algorithm. This fingerprint or facial recognition scan is taken, converted to binary code, then encrypted and stored as an encrypted data string. The entire image of a fingerprint or face scan is not saved, nor could it be reproduced from the data collected, only unique points taken during enrolment could possibly be reproduced.
The facial recognition device also captures a user profile photo and attaches this to the employees’ profile on the time clock and ATS Premier application. This user profile photo is stored within the time clock and the Microsoft SQL Server Database. This image can be deleted from both the time clock and ATS Premier, while still keeping all other associated user data, and not affect the use of the time clocks normal functions. When an employee is archived within the ATS Premier application, their user data should be removed off all time clocks by You. This data is retained within the Microsoft SQL Server Database until You choose to manually remove this data.
All data stored on the time clock device can be permanently deleted by You at any stage.
3. Aussie Time Sheets – Workforce TNA:
Overview:
Workforce TNA is a web application connected to a Microsoft SQL Database. It may also connect via API to other payroll/HR applications. This application is provided to You to install on Your I.T. infrastructure, it is not sold as a SaaS controlled by ATS. Access to the Workforce TNA application, Microsoft SQL Database and time clock devices is controlled and secured by You. We strongly recommend turning on Two-Factor Authentication and enforcing this in Workforce TNA.
Web Application:
Access to Workforce TNA is made using a web browser and the connection is forced to be secure HTTPS. Workforce TNA can be made available only on the local network or be made accessible via the Internet, however this choice is made by You. If You choose to make Workforce TNA available outside Your local network, then strong passwords that are routinely changed should be used.
SQL Database:
Workforce TNA’s data is stored in a locally installed Microsoft SQL Database Server. Access to the SQL Database is recommended to be controlled by Windows Authentication. All data stored in the Workforce TNA SQL Database is owned and controlled by You.
ATS may obtain database backups to provide technical support or enhancement testing. These backups are stored securely by ATS. ATS may provide copies if the backup databases on file to You upon request and can also permanently delete all databases held in cloud storage within 7 days of receiving a written request by You. However ATS does not warrant that backups will be made or kept by ATS.
Passwords stored in the SQL Database are encrypted, as is all biometric data.
Data within the Microsoft SQL Database can be permanently deleted by You at any stage.
Workforce TNA Cloud Hosting:
Workforce TNA can also be implemented as a cloud hosted solution. ATC provides a dedicated web server hosted with Microsoft Azure only using Australian Datacentres. Data on the hosted solution is backed up daily, with backups retained for 30 days. Workforce TNA data using the cloud hosting option is stored and secured by Aussie Time Sheets.
Time Clock:
The Workforce TNA time clock devices store all data locally within their flash memory. The time clock device and its stored data is owned and controlled by You. The time clock data is transmitted to Your Workforce TNA application via HTTPS or via a USB drive that has securely obtained the data direct from the time clock itself. The menu of the time clock can be secured to Your login credentials.
Biometric data on the time clock is encrypted by the time clock device using a proprietary one-way algorithm. This fingerprint or facial recognition scan is taken, converted to binary code, then encrypted and stored as an encrypted data string. The entire image of a fingerprint or face scan is not saved, nor could it be reproduced from the data collected, only unique points taken during enrolment could possibly be reproduced.
The facial recognition device also captures a user profile photo and attaches this to the employees’ profile on the time clock and Workforce TNA application. This user profile photo is stored within the time clock and the Microsoft SQL Database. This image can be deleted from both the time clock and Workforce TNA, while still keeping all other associated user data, and not affect the use of the time clocks normal functions. When an employee is archived within the Workforce TNA application, their user data is removed off all time clocks automatically. However, this data is retained within the SQL Database until You choose to manually remove this data.
All data stored on the time clock device can be permanently deleted by You at any stage.
- Aussie Time Sheets -PaySync:
Overview:
PaySync is a cloud hosted middle-ware application designed to securely send and receive data between Aussie Time Sheets time and attendance software and cloud payroll applications and HR services. This is a cloud application available on a SaaS model only and is maintained and controlled by ATS.
Web Application:
Access to PaySync is made using a web browser and the connection is forced to be secure HTTPS. You gain access to PaySync with a username and password of Your choosing, we recommend using a unique secure password and changing this password every 6-12 months.
Authentication between PaySync and ATS software applications is done via a unique private key generated per account upon registration. Authentication between PaySync and any of the cloud payroll or HR applications available to PaySync is carried out securely, this authentication can be given and revoked at any time by You.
Data Storage:
PaySync does not permanently store any of the data that passes through it on it’s way to the connecting applications. PaySync may cache data that is sent to it until such a time as it can successfully process that data through to the connected application, any cached data is temporarily available within the secure PaySync database located on Australian data servers.
- Focus Enterprise:
Overview:
Focus Enterprise (“Focus”) is a windows application connected to Microsoft SQL Server Database. It may also connect via API to other payroll/HR applications. This application is provided to You to install on Your I.T infrastructure, it is not sold as a SaaS controlled by ATS. Access to the Focus application, Microsoft SQL Server Database and time clock devices is controlled and secured by You.
Windows Application:
Focus is a locally installed Windows application. This application is installed to Your local PC and/or Windows Server.
SQL Database:
Focus’s data is stored in a Microsoft SQL Server Database installed to a PC or Windows Server. Authentication between Focus and the Microsoft SQL Server Database is recommended to be via Windows Authentication. All data stored in the Focus Microsoft SQL Server Database is owned and controlled by You.
ATS may obtain database backups to provide technical support or enhancement testing. These backups are stored securely by ATS. ATS may provide copies if the backup databases on file to You upon request and can also permanently delete all databases held within 7 days of receiving a written request by You. However ATS does not warrant that backups will be made or kept by ATS.
Passwords stored in the Microsoft SQL Server Database are encrypted, as is all biometric data. Data within the Microsoft SQL Server Database can be permanently deleted by You at any stage.
Time Clock:
The Focus time clock devices store all data locally within their flash memory. The time clock device and its stored data is owned and controlled by You. The time clock data is transmitted to Your Focus application via TCP/IP over a local network or via a USB drive that has securely obtained the data direct from the time clock itself. The menu of the time clock can be secured to Your login credentials.
Biometric data on the time clock is encrypted by the time clock device using a proprietary one-way algorithm. This fingerprint or facial recognition scan is taken, converted to binary code, then encrypted and stored as an encrypted data string. The entire image of a fingerprint or face scan is not saved, nor could it be reproduced from the data collected, only unique points taken during enrolment could possibly be reproduced.
The facial recognition device also captures a user profile photo and attaches this to the employees’ profile on the time clock and manually to the Focus application. This user profile photo is stored within the time clock and the Microsoft SQL Server Database. This image can be deleted from both the time clock and Focus, while still keeping all other associated user data, and not affect the use of the time clocks normal functions. When an employee is archived within the Focus application, their user data should be removed off all time clocks by You. This data is retained within the Microsoft SQL Server Database until You choose to manually remove this data.
All data stored on the time clock device can be permanently deleted by You at any stage.
- ATS Company Data Protection Policy
Overview:
ATS endeavours to apply best practice to its data security and storage of company and customer information.
Data Protection:
ATS may store data locally or on secure cloud servers. This data may be contained on email servers, cloud business applications, cloud storage applications, cloud servers and local PC’s.
Data is protected by using where possible:
- Strong user password policies
- 2-factor authentication enabled where possible on business applications
- Updated antivirus software on PC’s and Servers
- Staff acceptance of Data Protection Policies
- IP address restriction to cloud services
When You request copies of your data, this will only be provided to authorised individuals within Your business that ATS has on record, and actioned only after receiving the request in writing from that authorized individual.
7. Aussie Time Sheets – Lite:
Overview:
Aussie Time Sheets – Lite (“ATS Lite”) is a windows application connected to SQLLocal Database. This application is provided to You to install on Your I.T. infrastructure, it is not sold as a SaaS controlled by ATS. Access to the ATS Lite application, SQLLocal Database and time clock devices is controlled and secured by You.
Windows Application:
ATS Lite is a locally installed Windows application. This application is installed to Your local PC or Windows Server. While the ATS Lite application may be able to be executed via different Windows User Profiles on the local PC the software was installed on, access to ATS Lite database is only via the Windows User Profile that the application was installed under and initially configured.
SQL Database:
ATS Lite’s data is stored in a SQLLocal database saved in the Windows User Profile of the user the application was installed to. The SQLLocal Database is controlled by Windows Authentication. All data stored in the ATS Lite SQLLocal Database is owned and controlled by You.
ATS may obtain database backups to provide technical support or enhancement testing. These backups are stored securely in cloud storage. ATS may provide copies if the backup databases on file to You upon request and can also permanently delete all databases held in cloud storage within 7 days of receiving a written request by You. However ATS does not warrant that backups will be made or kept by ATS.
Passwords stored in the SQL Database are encrypted, as is all biometric data.
Data within the SQLLocal Database can be permanently deleted by You at any stage.
Time Clock:
The ATS Lite time clock devices store all data locally within their flash memory. The time clock device and its stored data is owned and controlled by You. The time clock data is transmitted to Your ATS Lite application via TCP/IP over a local network or via a USB drive that has securely obtained the data direct from the time clock itself. The menu of the time clock can be secured to Your login credentials.
Biometric data on the time clock is encrypted by the time clock device using a proprietary one-way algorithm. This fingerprint or facial recognition scan is taken, converted to binary code, then encrypted and stored as an encrypted data string. The entire image of a fingerprint or face scan is not saved, nor could it be reproduced from the data collected, only unique points taken during enrolment could possibly be reproduced.
The facial recognition device also captures a user profile photo and attaches this to the employees’ profile on the time clock and ATS Lite application. This user profile photo is stored within the time clock and the SQLLocal Database. This image can be deleted from both the time clock and ATS Lite, while still keeping all other associated user data, and not affect the use of the time clocks normal functions.
When an employee is archived within the ATS Lite application, their user data should be removed off all time clocks by You. However, this data is retained within the SQLLocal Database until You choose to manually remove this data.
All data stored on the time clock device can be permanently deleted by You at any stage.
- ATS Onboarding:
Overview:
ATS Onboarding is a cloud hosted application designed to securely receive personal information from an employee relevant to starting employment. This is a cloud application available on a SaaS model only and is maintained and controlled by ATS.
Web Application:
Access to ATS Onboarding is made using a web browser and the connection is forced to be secure HTTPS. You gain access to ATS Onboarding with a username and password of Your choosing, we recommend using a unique secure password and changing this password every 6-12 months. We strongly recommend turning on and enforcing two-factor authentication for all user logins.
Authentication between ATS Onboarding and ATS software applications is done via a unique private key generated per account upon registration. Authentication between ATS Onboarding and any of the cloud payroll or HR applications available to PaySync is carried out securely, this authentication can be given and revoked at any time by You.
Data Storage:
ATS Onboarding securely stores your employee data in Australian Datacentres only.