Last updated 21st May 2019


This Data Protection Information Sheet applies to all of the products and services offered by Aussie Time Clocks

Pty Ltd ABN 20 163 959 779 trading as “Aussie Time Sheets”, “uAttend Australia” and Kiwi Time Sheets Ltd NZBN 9429046076892 (ATS) and contains important information about the data collected and stored by ATS products and any information, data in any medium provided by You, the ATS customer (You/Your) to ATS. 


ATS may make changes to this Data Protection Information Sheet from time to time for any reason. ATS will

publish changes to this Data Protection Information page on our ATS Website being

www.aussietimesheets.com.au.


It is important that You read and understand this Data Protection Information Sheet.



Security and Storage

  1. Aussie Time Sheets - Basic

  2. Aussie Time Sheets - Premier

  3. Aussie Time Sheets - Workforce TNA

  4. Aussie Time Sheets - PaySync

  5. ATS Company Data Protection Policy


Please note that you should obtain the prior written consent from each employee or contractor to collect, store and manage an employee’s or contractor’s biometric data.  You should consult your solicitor to obtain appropriate documentation.  Do not hesitate to contact us to discuss further if necessary.


1) Aussie Time Sheets - Basic:


Overview:

Aussie Time Sheets – Basic (“ATS Basic”) is a windows application connected to SQLLocal Database.  It may also connect via API to other Payroll/HR applications.  This application is provided to You to install on Your I.T infrastructure, it is not sold as a SaaS controlled by ATS.  Access to the ATS Basic application, SQLLocal Database and time clock devices is controlled and secured by You.

 

Windows Application:

ATS Basic is a locally installed Windows application.  This application is installed to Your local PC or Windows Server.  While the ATS Basic application may be able to be executed via different Windows User Profiles on the local PC the software was installed on, access to ATS Basic database is only via the Windows User Profile that the application was installed under and initially configured.


SQL Database:

ATS Basic’s data is stored in a SQLLocal database saved in the Windows User Profile of the user the application was installed to.  The SQLLocal Database is controlled by Windows Authentication.  All data stored in the ATS Basic  SQLLocal Database is owned and controlled by You. 

ATS may obtain database backups to provide technical support or enhancement testing.  These backups are stored securely in cloud storage.  ATS can provide copies if the backup databases on file to You upon request and can also permanently delete all databases held in cloud storage within 7 days of receiving a written request by You.

Passwords stored in the SQL Database are encrypted, as is all biometric data.

Data within the SQLLocal Database can be permanently deleted by You at any stage.


Time Clock:

The ATS Basic time clock devices store all data locally within their flash memory.  The time clock device and its stored data is owned and controlled by You.  The time clock data is transmitted to Your ATS Basic application via TCP/IP over a local network or via a USB drive that has securely obtained the data direct from the time clock itself.  The menu of the time clock can be secured to Your login credentials.

Biometric data on the time clock is encrypted by the time clock device using a proprietary one-way algorithm.  This fingerprint or facial recognition scan is taken, converted to binary code, then encrypted and stored as an encrypted data string.  The entire image of a fingerprint or face scan is not saved, nor could it be reproduced from the data collected, only unique points taken during enrollment could possibly be reproduced.

The facial recognition device also captures a User Profile Photo and attaches this to the employees’ profile on the time clock and ATS Basic application.  This User Profile Photo is stored within the time clock and the SQLLocal Database. This image can be deleted from both the time clock and ATS Basic, while still keeping all other associated user data, and not affect the use of the time clocks normal functions.

When an employee is Archived within the ATS Basic application, their user data should be removed off all time clocks by You.  However, this data is retained within the SQLLocal Database until You choose to manually remove this data.

All data stored on the time clock device can be permanently deleted by You at any stage.


2) Aussie Time Sheets - Premier:


Overview:

Aussie Time Sheets – Premier (“ATS Premier”) is a windows application connected to Microsoft SQL Server Database.  It may also connect via API to other Payroll/HR applications.  This application is provided to You to install on Your I.T infrastructure, it is not sold as a SaaS controlled by ATS.  Access to the ATS Premier application, Microsoft SQL Server Database and time clock devices is controlled and secured by You.

 

Windows Application:

ATS Premier is a locally installed Windows application.  This application is installed to Your local PC or Windows Server.  


SQL Database:

ATS Premier’s data is stored in a Microsoft SQL Server Database installed to a PC or Windows Server.  Authentication between the ATS Premier software and the Microsoft SQL Server Database is recommended to be via Windows Authentication.  All data stored in the ATS Premier Microsoft SQL Server Database is owned and controlled by You. 

ATS may obtain database backups to provide technical support or enhancement testing.  These backups are stored securely by ATS.  ATS can provide copies if the backup databases on file to You upon request and can also permanently delete all databases held within 7 days of receiving a written request by You.

Passwords stored in the Microsoft SQL Server Database are encrypted, as is all biometric data.

Data within the Microsoft SQL Server Database can be permanently deleted by You at any stage.


Time Clock:

The ATS Premier time clock devices store all data locally within their flash memory.  The time clock device and its stored data is owned and controlled by You.  The time clock data is transmitted to Your ATS Premier application via TCP/IP over a local network or via a USB drive that has securely obtained the data direct from the time clock itself.  The menu of the time clock can be secured to Your login credentials.

Biometric data on the time clock is encrypted by the time clock device using a proprietary one-way algorithm.  This fingerprint or facial recognition scan is taken, converted to binary code, then encrypted and stored as an encrypted data string.  The entire image of a fingerprint or face scan is not saved, nor could it be reproduced from the data collected, only unique points taken during enrollment could possibly be reproduced.

The facial recognition device also captures a User Profile Photo and attaches this to the employees’ profile on the time clock and ATS Premier application.  This User Profile Photo is stored within the time clock and the Microsoft SQL Server Database. This image can be deleted from both the time clock and ATS Premier, while still keeping all other associated user data, and not affect the use of the time clocks normal functions.

When an employee is Archived within the ATS Premier application, their user data should be removed off all time clocks by You.  This data is retained within the Microsoft SQL Server Database until You choose to manually remove this data.

All data stored on the time clock device can be permanently deleted by You at any stage.


3) Aussie Time Sheets - Workforce TNA:


Overview:

Workforce TNA is an IIS web application connected to a Microsoft SQL Database.  It may also connect via API to other Payroll/HR applications.  This application is provided to You to install on Your I.T infrastructure, it is not sold as a SaaS controlled by ATS.  Access to the Workforce TNA application, Microsoft SQL Database and time clock devices is controlled and secured by You.

 

Web Application:

Access to Workforce TNA is made using a web browser and the connection is forced to be secure HTTPS.  Workforce TNA can be made available only on the local network or be made accessible via the Internet, however this choice is made by You.  If You choose to make Workforce TNA available outside Your local network, then strong passwords that are routinely changed should be used.


SQL Database:

Workforce TNA’s data is stored in a locally installed Microsoft SQL Database Server.  Access to the SQL Database is recommended to be controlled by Windows Authentication.  All data stored in the Workforce TNA SQL Database is owned and controlled by You. 

ATS may obtain database backups to provide technical support or enhancement testing.  These backups are stored securely by ATS.  ATS can provide copies if the backup databases on file to You upon request and can also permanently delete all databases held in cloud storage within 7 days of receiving a written request by You.

Passwords stored in the SQL Database are encrypted, as is all biometric data.

Data within the Microsoft SQL Database can be permanently deleted by You at any stage.


Time Clock:

The Workforce TNA time clock devices store all data locally within their flash memory.  The time clock device and its stored data is owned and controlled by You.  The time clock data is transmitted to Your Workforce TNA application via HTTPS or via a USB drive that has securely obtained the data direct from the time clock itself.  The menu of the time clock can be secured to Your login credentials.

Biometric data on the time clock is encrypted by the time clock device using a proprietary one-way algorithm.  This fingerprint or facial recognition scan is taken, converted to binary code, then encrypted and stored as an encrypted data string.  The entire image of a fingerprint or face scan is not saved, nor could it be reproduced from the data collected, only unique points taken during enrollment could possibly be reproduced.

The facial recognition device also captures a User Profile Photo and attaches this to the employees’ profile on the time clock and Workforce TNA application.  This User Profile Photo is stored within the time clock and the Microsoft SQL Database. This image can be deleted from both the time clock and Workforce TNA, while still keeping all other associated user data, and not affect the use of the time clocks normal functions.

When an employee is Archived within the Workforce TNA application, their user data is removed off all time clocks automatically.  However, this data is retained within the SQL Database until You choose to manually remove this data.

All data stored on the time clock device can be permanently deleted by You at any stage.


4) Aussie Time Sheets - PaySync:


Overview:

PaySync is a cloud hosted middle-ware application designed to securely send and receive data between Aussie Time Sheets time and attendance software and cloud payroll applications and HR services.  This is a cloud application available on a SaaS model only and is maintained and controlled by ATS.


Web Application:

Access to PaySync is made using a web browser and the connection is forced to be secure HTTPS.  You gain access to PaySync with a username and password of Your choosing, we recommend using a unique secure password and changing this password every 6-12 months.

Authentication between PaySync and ATS software applications is done via a unique private key generated per account upon registration.  Authentication between PaySync and any of the cloud payroll or HR applications available to PaySync is carried out securely, this authentication can be given and revoked at any time by You.


Data Storage:

PaySync does not permanently store any of the data that passes through it on it’s way to the connecting applications.  PaySync may cache data that is sent to it until such a time as it can successfully process that data through to the connected application, any cached data is temporarily available within the secure PaySync database located on Australian data servers.  


5) ATS Company Data Protection Policy


Overview:

ATS endeavours to apply best practice to its data security and storage of company and customer information.


Data Protection:

ATS may store data locally or on secure cloud servers.  This data may be contained on email servers, cloud business applications, cloud storage applications, cloud servers and local PC’s.  


Data is protected by using where possible:

  • Strong user password policies

  • 2-factor authentication enabled where possible on business applications

  • Updated antivirus software on PC’s and Servers

  • Staff acceptance of Data Protection Policies

  • IP address restriction to cloud services


When You request copies of your data, this will only be provided to authorised individuals within Your business that ATS has on record, actioned only after receiving the request in writing from that authorized individual.


Acceptance

If You do not accept how ATS stores and protects Your data, You must stop using the ATS Website, the ATS

products or services and not provide ATS with any Personal Information. Your continued

use of these products and services deems Your acknowledgement and acceptance of how ATS stores and secures Your data.