1. Purpose
Timetabling Solutions is committed to protecting the privacy of personal information entrusted to us by our customers, employees, suppliers and other individuals with whom we interact.
This Privacy Policy explains how Timetabling Solutions collects, uses, stores, discloses and protects personal information in connection with our products, cloud services, websites and business operations.
We are committed to handling personal information in accordance with applicable privacy legislation, including:
- the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs);
- the New Zealand Privacy Act 2020;
- where applicable, the European Union General Data Protection Regulation (EU GDPR);
- the United Kingdom General Data Protection Regulation (UK GDPR); and
- other applicable privacy and data protection laws.
This Privacy Policy should be read together with our:
- Information Security Management System (ISMS) Statement;
- GDPR and Data Processing article;
- International Data Transfers article;
- Authorised Sub-processors article; and
- Data Processing Addendum (where applicable).
These documents form part of Timetabling Solutions' privacy and information security framework and are available from our Privacy & Security Knowledge Base:
https://timetabling.elevio.help/en/categories/86-privacy-security
2. Who this Privacy Policy applies to
This Privacy Policy applies to personal information collected by Timetabling Solutions when:
- you visit our websites;
- you use our software or cloud services;
- you contact us for support or sales enquiries;
- you attend training, webinars or events;
- you purchase products or services from us;
- you apply for employment or provide services to us; or
- you otherwise interact with Timetabling Solutions.
It applies to our activities where Timetabling Solutions acts as a controller (or equivalent) of personal information.
Where Timetabling Solutions processes personal information on behalf of a school or other customer, we generally act as a processor (or equivalent), and the customer remains responsible for determining the purposes and means of processing that information.
3. Our Role
Timetabling Solutions provides software and cloud services to schools and educational organisations.
Depending on the circumstances, Timetabling Solutions may act as either:
- a controller (or equivalent) when collecting and processing personal information relating to our own business operations, employees, contractors, suppliers, prospective customers and website users; or
- a processor (or equivalent) when processing personal information on behalf of a school or other customer using our products or services.
Where Timetabling Solutions acts as a processor, the customer remains responsible for determining the purposes for which personal information is collected and processed, including ensuring that they have an appropriate legal basis for doing so and for responding to requests from individuals regarding their personal information.
Timetabling Solutions processes personal information only in accordance with the customer's instructions, our contractual obligations and applicable law.
4. Personal Information We Collect
The types of personal information we collect depend on how you interact with Timetabling Solutions and the services you use. Examples include:
- Contact information, such as your name, organisation, position, postal address, email address and telephone number.
- Account information, such as usernames, user roles and authentication details.
- Transaction information relating to purchases, subscriptions and invoices.
- Technical information, including IP address, browser type, device information, operating system, log information and product usage information.
- Support information that you voluntarily provide when requesting assistance or lodging a support request.
- Training and event information regarding registrations, attendance, and participation in webinars, training courses, or consultations.
- Employment or supplier information where you apply for employment or provide services to Timetabling Solutions.
We generally do not intentionally collect sensitive personal information unless it is reasonably necessary for a legitimate business purpose or required by law.
5. How We Collect Personal Information
We collect personal information in a variety of ways, including when:
- you contact us by telephone, email or through our websites;
- you purchase or use our products or services;
- you register for training, webinars or events;
- you submit a support request;
- your organisation provides your details in connection with the purchase or administration of our products or services;
- you visit our websites;
- you apply for employment; or
- you otherwise interact with Timetabling Solutions.
We may also receive personal information from third parties, such as student administration systems, identity providers, integration partners or publicly available sources, where authorised by our customers or otherwise permitted by law.
6. Why We Collect Personal Information
We collect, use and disclose personal information only where reasonably necessary for our business operations and the delivery of our products and services.
Examples include:
- providing and supporting our software and cloud services;
- administering customer accounts and subscriptions;
- providing technical support;
- processing payments and managing accounts;
- communicating with customers about products, services and support;
- providing training and professional services;
- improving our products and services;
- protecting the security of our systems and users;
- complying with legal and regulatory obligations; and
- other purposes authorised by law or with your consent.
Where required by applicable privacy legislation, Timetabling Solutions relies on an appropriate legal basis for processing personal information, including contractual necessity, legitimate interests, legal obligations or consent.
7. Disclosure of Personal Information
Timetabling Solutions only discloses personal information where reasonably necessary to provide our products and services, to operate our business, to comply with legal obligations, or where otherwise authorised or required by law.
We may disclose personal information to:
- our employees and authorised contractors who require access to perform their duties;
- trusted service providers and authorised sub-processors who provide services on our behalf, including cloud hosting, customer support, payment processing, business systems and communications;
- professional advisers, auditors, insurers and financial institutions where necessary;
- government authorities, regulators, courts or law enforcement agencies where required or authorised by law; and
- other parties where you have requested or authorised the disclosure.
- Timetabling Solutions requires third-party service providers that process personal information on our behalf to implement appropriate security measures and to process personal information only for authorised purposes.
Further information regarding our authorised sub-processors is available in our Authorised Sub-processors article.
8. International Data Transfers
Timetabling Solutions primarily hosts its cloud services using Microsoft Azure infrastructure located in Australia.
Where personal information is transferred outside the jurisdiction in which it was collected, Timetabling Solutions takes reasonable steps to ensure that the transfer is undertaken in accordance with applicable privacy and data protection legislation.
Further information regarding international data transfers and data residency is available in our International Data Transfers article.
9. Information Security
Timetabling Solutions is committed to protecting the confidentiality, integrity and availability of the personal information entrusted to us.
We maintain an Information Security Management System (ISMS) incorporating governance practices aligned with recognised information security standards, including relevant principles of ISO/IEC 27001:2022, where appropriate to the organisation's size, operations and risk profile.
Technical and organisational measures implemented by Timetabling Solutions include, where appropriate:
- identity and access management;
- Multi-Factor Authentication (MFA);
- encryption of data in transit and, where appropriate, at rest;
- secure software development practices;
- vulnerability management;
- logging and monitoring;
- backup and recovery procedures;
- incident response procedures; and
- business continuity arrangements.
Information security controls are reviewed periodically to reflect changes in technology, business operations and information security risks.
Further information is available in our Information Security Management System (ISMS) Statement.
10. Data Retention
Timetabling Solutions retains personal information only for as long as reasonably necessary to fulfil the purposes for which it was collected, to provide our products and services, to comply with legal obligations, resolve disputes and enforce our agreements.
Retention periods vary depending on the nature of the information, applicable legal requirements and operational needs.
When personal information is no longer required, it is securely deleted, de-identified, or otherwise disposed of in accordance with our Records Retention & Secure Disposal Policy, where appropriate.
11. Your Privacy Rights
Depending on the privacy legislation that applies to you, you may have rights relating to your personal information, including the right to:
- request access to personal information we hold about you;
- request correction of inaccurate or incomplete personal information;
- request deletion of personal information, where applicable;
- request restriction of certain processing activities;
- object to certain processing activities;
- withdraw consent where processing is based on consent; and
- lodge a complaint with an appropriate privacy regulator.
Where Timetabling Solutions processes personal information on behalf of a customer, requests relating to that information should generally be directed to the relevant customer (such as the school), as they determine the purposes and means of processing.
Timetabling Solutions will assist its customers in responding to such requests where required under our contractual obligations or applicable law.
Requests relating to personal information held by Timetabling Solutions may be submitted by contacting our Privacy Officer using the details at the end of this Privacy Policy.
12. Privacy Complaints
Timetabling Solutions takes privacy complaints seriously.
If you believe we have breached your privacy or mishandled your personal information, please contact our Privacy Officer with full details of your complaint.
We will acknowledge your complaint promptly, investigate the matter and endeavour to respond within a reasonable period.
If you are not satisfied with our response, you may lodge a complaint with the relevant privacy regulator, including:
- Office of the Australian Information Commissioner (OAIC);
- Office of the New Zealand Privacy Commissioner; or
- your applicable supervisory authority under the EU GDPR or UK GDPR, where relevant.
13. Related Documents
This Privacy Policy should be read together with the following documents, where applicable:
- Information Security Management System (ISMS) Statement
- GDPR and Data Processing
- International Data Transfers
- Authorised Sub-processors
- Data Processing Addendum (DPA)
- Records Retention & Secure Disposal Policy
- Privacy & Information Handling Policy
These documents provide additional information regarding Timetabling Solutions' privacy, security and governance practices.
14. Changes to this Privacy Policy
Timetabling Solutions may update this Privacy Policy from time to time to reflect changes to legislation, technology, business operations or our products and services.
Where changes materially affect the way we collect, use or protect personal information, we will take reasonable steps to notify affected users where required by applicable law.
The most current version of this Privacy Policy will always be available on our website.
15. Contact Us
If you have any questions regarding this Privacy Policy or wish to exercise your privacy rights, please contact:
Privacy Officer
Timetabling Solutions
Email: support@timetabling.com.au
Telephone: +61 3 5228 3700
Postal Address:
PO Box 928
Torquay VIC 3228
Australia