Privacy Policy

Purpose

Time Tink and its related services, content, products and functions ("Services") accessed via www.timetink.com.au ("Website") are owned and operated by Time Tink Pty Limited ("We", "Us", "Our"). When you engage with the Website or use the Services we collect data. This Privacy Policy outlines what data we collect, why we collect it, what we do with it and steps we take to protect your privacy.

Our privacy principles

Data security protocols are based on a collecting and managing data that is specific, valid, purposeful and accessible only those who need it. Similarly system access is based on a 'need to know' approach with minimum privileges provided to each user category.

What we collect, and why we collect it

We collect various types of information in order to offer our Services. This ranges from basic information such as a user’s name, to more complex things like product usage information. We collect information in the following ways:

1. Information provided to us by your institution

Our Services integrate with various other technologies and systems used by your institution. Your institution provides us with necessary information that we need to set up and maintain your account to use our Services. This may include the following:

Learner Account and user information: This includes some of your personal information, including your name, university assigned email address, a unique student ID, and your enrolment status in the subject where Time Tink is being used. We do not receive your university passwords.

Supervisor Account and user information: This includes some of your personal information, including your name, the name of your organisation, your organisation assigned email address and your position or title in the organisation where Time Tink is being used.

2. From your direct use of our Services

We collect information about how you use Time Tink Services and Website. This includes the following:

Cookies:

We use secure cookies to remember whether you have signed into Time Tink on your internet browser. We collect and store this information locally on your device using mechanism such as browser web storage and application data caches. This allows you to access our Services directly, without first needing to log in through your institution’s Learning Management System. We only use cookies for authentication to our Services and do not make it available for third party services or advertisers. For more details on how we use Cookies, please read out Cookie Policy

Device information:

We collect information on the devices and Internet addresses (IPs) you use to access our Services. This information is used to help us deliver the Service, keep you secure, and improve our Services.

Usage information:

We collect information on how you interact with the Time Tink platform, for example, if you generate or download an activity report. This information is used to help us debug issues, and deliver and improve our Services. We may collect personal information when you contact Time Tink support, for example, your name and email address. We use this information to debug issues and improve our Services.

Who we share your information with

We share your information with your institution in accordance with your institution’s privacy policy. There are two ways in which we may share your information:

1. Within Time Tink and your institution

Your information is only accessed by those who are required to provide support for the use of our Service. This may include technical staff who are responsible for developing and maintaining the Service, as well as support staff who are responsible for providing Users with help and assistance. The information we collect and use is shared with your institution as part of the Service. Please read your institution’s privacy policy to learn more.

Existing data may be anonymized or altered for the purposes of testing providing that it is deemed to be at the same or lower security risk level (for example, changes to user interface). Where new or amended features are identified as higher security risk level or having new security risks, dummy data will be used for testing.

2. Outside of Time Tink and your institution

We use a data hosting service provider (Servers Australia) to store and provide data hosting services in relation to your information. Your data is stored in Sydney, Melbourne or Brisbane and will not be transferred to a country outside of Australia.

We may share your personal information with third parties outside of Time Tink if it is deemed reasonably necessary in order to:

meet any applicable law, regulation, legal process or enforceable governmental request;
enforce applicable Terms of Service, including investigation of potential violations;
detect, prevent, or otherwise address fraud, security or technical issues; or
protect against harm to the rights, property or safety of Time Tink, our users or the public as required or permitted by law.

Information & system security

Aligning with our Privacy Principles, the following protocols are put in place to ensure that access is based on 'need to know' basis and with minimum privileges provided to each user type.

Software developers utilise secure programming protocols and best-practices in design, development and testing of Time Tink, including the separation of the staging and live environments/
All Services use SSL encryption for transmitting data.
We use secure signed HTTP cookies to authenticate and identify users. These cannot be shared with a third party or issued outside our Services.
We regularly review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems.
The system utilises OAuth 2 authentication, whereby a bearer token is supplied with requests to the backend. The backend can then utilise this token to perform authentication and authorisation functions. The Time Tink system has a built-in identity provider, which can be used for users who cannot login with a 3rd party identity provider. The Time Tink system does have infrastructure to facilitate the addition of more identity providers (e.g. institutes' SAML SSO providers, Google OAuth, etc.) through the use of identity consumers, however the identity consumers themselves have not been implemented yet.

We will only retain your personal information for as long as is required to satisfy the purpose for which it was collected by us or provided by you or as is otherwise required by relevant privacy laws.

Access and correction

If you wish to find out about the personal information we hold about you, or believe that some or all of the personal information we hold about you is out of date, incomplete, incorrect, irrelevant or misleading, you can contact us on the details below.

We reserve the right to refuse to provide you with or correct information that we hold about you as permitted by the Privacy Act 1988 (Cth).

Complaints

If you have any complaints about how we have handled your personal information, please contact admin@timetink.com.au. We take complaints seriously and will endeavour to respond within a reasonable time of receiving written notice of your complaint.

If you have not received a response of any kind in relation to your complaint within 30 days, you have the right to take the matter directly to the Office of the Australian Information Commissioner.

Compliance and cooperation with regulatory authorities

We regularly review our compliance with our Privacy Policy. We work with the appropriate Australian regulatory authorities, including data protection authorities to resolve any complaints regarding the transfer of personal data that we cannot resolve with our Users directly. Time Tink is GDPR compliant.

Changes

Our Privacy Policy may change from time to time. We will not reduce your rights under this Privacy Policy without your explicit consent. We will post the most recent version of this Privacy Policy on our website. Please check the website from time to time to review any changes to our Privacy Policy.

Last updated - 6 April 2022