Timetabling Solutions is an Australian software company providing timetable management software and cloud services to schools. Our head office is located in Geelong, Victoria, with additional offices in Melbourne and Brisbane.

Our cloud services are hosted using Microsoft Azure cloud services within Microsoft Australian regions.

We recognise that many of our customers have obligations under privacy legislation, including the Australian Privacy Act 1988, the European Union General Data Protection Regulation (EU GDPR) and the United Kingdom General Data Protection Regulation (UK GDPR).

Where Timetabling Solutions processes personal information on behalf of a customer, we do so as a data processor (or equivalent service provider) acting on the customer's documented instructions. Schools remain responsible for determining the purposes for which personal information is collected and processed, identifying the appropriate lawful basis for processing, and meeting their obligations under applicable privacy legislation.

Timetabling Solutions has established an Information Security Management System (ISMS) to protect customer information, company information and business operations. Our ISMS incorporates governance practices aligned with recognised information security standards, including relevant principles of ISO/IEC 27001:2022, where appropriate to the size, operations and risk profile of the organisation.

Our Role

Timetabling Solutions provides software and cloud services that assist schools with timetable creation, timetable management, daily organisation, staffing management, student subject selection and related educational administration.

In providing these services, Timetabling Solutions processes personal information on behalf of schools. The school determines what information is collected, how it is used and the lawful basis for processing that information. Timetabling Solutions processes that information only for the purpose of providing the contracted services.

Timetabling Solutions does not have a direct relationship with students, parents or caregivers. Requests relating to access, correction, deletion or other rights concerning personal information should generally be directed to the relevant school, which remains responsible for managing those requests.

Personal Information Processed

The categories of personal information processed vary depending on the products and services used by the school.

Typical information may include:

  • Student names and identifiers
  • Student email addresses
  • Parent and caregiver email addresses
  • Teacher names and contact information
  • Timetable information
  • Class, subject and room allocations
  • Authentication identifiers used to access cloud services
  • User account information
  • Other information entered by the school to support its operational requirements

Schools may choose to record additional information in the software, appropriate to their operational and educational requirements. Timetabling Solutions does not determine what information schools choose to record within their own environment.

Information Security

Timetabling Solutions protects customer information using administrative, technical and physical security controls appropriate to the services provided and the risks being managed.

Our Information Security Management System is supported by documented policies covering areas including:

  • Information Security
  • Risk Management
  • Asset Management
  • Access Control
  • Information Classification
  • Cryptography
  • Supplier Security
  • Secure Software Development
  • Change Management
  • Vulnerability Management
  • Logging and Monitoring
  • Backup and Recovery
  • Incident Response
  • Business Continuity
  • Privacy and Information Handling
  • Records Retention and Secure Disposal
  • Human Resources Security

The ISMS is further supported by our Employment Handbook, Business Continuity & Disaster Recovery Plan, Incident Response Plan, Patch Management Policy, Modern Slavery Statement and other operational procedures.

Data Processing Addendum

Customers requiring contractual commitments for the processing of personal information under the GDPR or similar privacy legislation may request execution of the Timetabling Solutions Data Processing Addendum (DPA).

The DPA forms part of our contractual framework and describes the obligations of both parties regarding the processing and protection of personal information.

Instructions for execution are included within the Data Processing Addendum.

Further Information

Additional information on privacy and information security is available in our Privacy & Security Knowledge Base.

If you have any questions regarding privacy, GDPR, our Information Security Management System or our Data Processing Addendum, please contact:

Timetabling Solutions

Email: support@timetabling.com.au