Our privacy principles
Data security protocols are based on a collecting and managing data that is specific, valid, purposeful and accessible only those who need it. Similarly system access is based on a 'need to know' approach with minimum privileges provided to each user category.
What we collect, and why we collect it
We collect various types of information in order to offer our Services. This ranges from basic information such as a user’s name, to more complex things like product usage information. We collect information in the following ways:
1. Information provided to us by your institution
Our Services integrate with various other technologies and systems used by your institution. Your institution provides us with necessary information that we need to set up and maintain your account to use our Services. This may include the following:
Learner Account and user information: This includes some of your personal information, including your name, university assigned email address, a unique student ID, and your enrolment status in the subject where Time Tink is being used. We do not receive your university passwords.
Supervisor Account and user information: This includes some of your personal information, including your name, the name of your organisation, your organisation assigned email address and your position or title in the organisation where Time Tink is being used.
2. From your direct use of our Services
We collect information about how you use Time Tink Services and Website. This includes the following:
We collect information on the devices and Internet addresses (IPs) you use to access our Services. This information is used to help us deliver the Service, keep you secure, and improve our Services.
We collect information on how you interact with the Time Tink platform, for example, if you generate or download an activity report. This information is used to help us debug issues, and deliver and improve our Services. We may collect personal information when you contact Time Tink support, for example, your name and email address. We use this information to debug issues and improve our Services.
Who we share your information with
1. Within Time Tink and your institution
Existing data may be anonymized or altered for the purposes of testing providing that it is deemed to be at the same or lower security risk level (for example, changes to user interface). Where new or amended features are identified as higher security risk level or having new security risks, dummy data will be used for testing.
2. Outside of Time Tink and your institution
We use a data hosting service provider (Servers Australia) to store and provide data hosting services in relation to your information. Your data is stored in Sydney, Melbourne or Brisbane and will not be transferred to a country outside of Australia.
We may share your personal information with third parties outside of Time Tink if it is deemed reasonably necessary in order to:
meet any applicable law, regulation, legal process or enforceable governmental request;
enforce applicable Terms of Service, including investigation of potential violations;
detect, prevent, or otherwise address fraud, security or technical issues; or
protect against harm to the rights, property or safety of Time Tink, our users or the public as required or permitted by law.
Information & system security
Aligning with our Privacy Principles, the following protocols are put in place to ensure that access is based on 'need to know' basis and with minimum privileges provided to each user type.
Software developers utilise secure programming protocols and best-practices in design, development and testing of Time Tink, including the separation of the staging and live environments/
All Services use SSL encryption for transmitting data.
We use secure signed HTTP cookies to authenticate and identify users. These cannot be shared with a third party or issued outside our Services.
We regularly review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems.
The system utilises OAuth 2 authentication, whereby a bearer token is supplied with requests to the backend. The backend can then utilise this token to perform authentication and authorisation functions. The Time Tink system has a built-in identity provider, which can be used for users who cannot login with a 3rd party identity provider. The Time Tink system does have infrastructure to facilitate the addition of more identity providers (e.g. institutes' SAML SSO providers, Google OAuth, etc.) through the use of identity consumers, however the identity consumers themselves have not been implemented yet.
We will only retain your personal information for as long as is required to satisfy the purpose for which it was collected by us or provided by you or as is otherwise required by relevant privacy laws.
Access and correction
If you wish to find out about the personal information we hold about you, or believe that some or all of the personal information we hold about you is out of date, incomplete, incorrect, irrelevant or misleading, you can contact us on the details below.
We reserve the right to refuse to provide you with or correct information that we hold about you as permitted by the Privacy Act 1988 (Cth).
If you have any complaints about how we have handled your personal information, please contact email@example.com. We take complaints seriously and will endeavour to respond within a reasonable time of receiving written notice of your complaint.
If you have not received a response of any kind in relation to your complaint within 30 days, you have the right to take the matter directly to the Office of the Australian Information Commissioner.
Compliance and cooperation with regulatory authorities
Last updated - 6 April 2022