Privacy Policy

Effective Date: January 2025 | Last Updated: January 2025

1. Information We Collect

1.1 Personal Information

• Account Information: Name, email address, employee ID, phone number
• Work Information: Company details, department, position, work schedule
• Authentication Data: Login credentials, authentication tokens
• Profile Information: Profile photos, personal settings, preferences

1.2 Location Data

• GPS Coordinates: Precise location data for attendance verification
• Location History: Timestamped location records for clock-in/out events
• Geofencing Data: Location-based attendance boundaries and zones
• Address Information: Converted addresses from GPS coordinates for verification

1.3 Attendance and Time Data

• Clock Records: Clock-in/out times, break times, overtime hours
• Attendance Status: Present, absent, late, early departure records
• Leave Information: Vacation requests, sick leave, personal time off
• Work Patterns: Daily, weekly, and monthly attendance summaries

1.4 Device and Technical Information

• Device Information: Device model, operating system, app version
• Network Data: IP address, network type, connectivity status
• App Usage: Feature usage, session duration, error logs
• Push Notification Tokens: For sending attendance reminders and updates

1.5 Files and Documents

• Document Uploads: Payslips, certificates, identification documents
• Generated Reports: Attendance reports, timesheets, analytics data
• Signature Data: Digital signatures for attendance verification

2. How We Use Your Information

2.1 Primary Purposes

• Attendance Tracking: Record and verify employee work hours and location
• Time Management: Calculate work hours, overtime, and break times
• Location Verification: Ensure employees are at designated work locations
• Report Generation: Create attendance reports for employers and employees

2.2 Secondary Purposes

• App Functionality: Provide features like notifications, calendar integration, and analytics
• Communication: Send attendance reminders, updates, and important notifications
• Security: Prevent fraud, verify identity, and maintain system integrity
• Support: Provide customer support and troubleshoot technical issues

2.3 Legal and Compliance

• Legal Obligations: Comply with labor laws and employment regulations
• Audit Requirements: Maintain records for tax and compliance purposes
• Dispute Resolution: Resolve attendance-related disputes and investigations

3. Data Sharing and Disclosure

3.1 With Your Employer

• Attendance records and time tracking data
• Location verification information
• Leave requests and approvals
• Generated reports and analytics

3.2 With Service Providers

• Firebase (Google): Cloud storage, authentication, and push notifications
• Google Maps: Location services and mapping functionality
• Hosting Providers: Data storage and app hosting services
• Analytics Services: App performance and usage analytics

3.3 Legal Requirements

• When required by law or legal process
• To protect our rights or prevent harm
• In case of emergency or safety concerns
• For fraud prevention and security purposes

3.4 We Do NOT Share

• Your personal information with third parties for marketing purposes
• Your data with advertisers or data brokers
• Your location data outside of attendance verification
• Your personal information without your explicit consent (except as required by law)

4. Data Security

4.1 Technical Safeguards

• Encryption: All data is encrypted in transit (HTTPS) and at rest (AES-256)
• Authentication: Multi-factor authentication and secure login systems
• Access Controls: Role-based access with minimum necessary permissions
• Network Security: Secure APIs and protected communication channels

4.2 Administrative Safeguards

• Employee Training: Regular security training for all staff
• Access Monitoring: Continuous monitoring of data access and usage
• Incident Response: Comprehensive security incident response procedures
• Regular Audits: Periodic security assessments and vulnerability testing

4.3 Physical Safeguards

• Secure Facilities: Data centers with physical security controls
• Device Security: Encrypted devices and secure disposal procedures
• Backup Security: Encrypted backups with secure storage

4.4 Data Breach Notification

In accordance with the Australian Notifiable Data Breaches (NDB) Scheme under the Privacy Act 1988, we are committed to protecting your personal information and will notify you promptly if a data breach occurs that is likely to result in serious harm.

• Immediate Assessment: We will assess any suspected data breach within 30 days
• Notification to Affected Individuals: If a breach is likely to result in serious harm, we will notify affected individuals as soon as practicable
• OAIC Notification: We will notify the Office of the Australian Information Commissioner (OAIC) in accordance with the NDB Scheme requirements
• Remediation Steps: We will provide information about the breach and steps individuals can take to protect themselves

5. Your Rights and Choices

5.1 Access and Control

• View Your Data: Access your attendance records and personal information
• Update Information: Correct inaccurate or outdated information
• Export Data: Download your data in a portable format
• Delete Account: Request account deletion (subject to legal requirements)

5.2 Location Controls

• Location Permission: You can grant or revoke location access at any time
• Precise Location: Choose between precise or approximate location tracking
• Background Location: Control background location access for attendance tracking

5.3 Notification Controls

• Push Notifications: Enable or disable push notifications
• Email Notifications: Control email communication preferences
• Reminder Settings: Customize attendance reminder frequency

5.4 Employee and Employer Responsibilities

Both employees and employers have important responsibilities when using S&S Clocked In:

Employee Responsibilities

• Accurate Information: Provide accurate personal and work information
• Secure Access: Keep login credentials secure and report any unauthorized access
• Location Privacy: Understand that location data is collected for attendance verification
• Data Accuracy: Ensure attendance records are accurate and report any discrepancies

Employer Responsibilities

• Data Protection: Implement appropriate security measures for employee data
• Access Control: Limit access to employee data to authorized personnel only
• Report Security: Download and store reports containing personal data securely
• Compliance: Ensure compliance with Australian privacy laws and workplace regulations
• Employee Notification: Inform employees about data collection and usage practices
• Data Breach Response: Promptly notify affected employees and authorities of any data breaches

6. Data Retention

6.1 Retention Periods

• Attendance Records: 7 years (for tax and compliance purposes)
• Account Information: Until account deletion or 3 years of inactivity
• Location Data: 2 years (for attendance verification purposes)
• App Logs: 1 year (for security and troubleshooting)
• Generated Reports: 5 years (for business and legal purposes)

6.2 Deletion Process

• Data is securely deleted using industry-standard methods
• Backup data is deleted according to retention schedules
• Some data may be retained longer for legal compliance
• Anonymized data may be retained for analytics purposes

7. Children's Privacy

S&S Clocked In is designed for workplace use and is not intended for children under 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

8. International Data Transfers

Your data may be transferred to and processed in countries other than Australia. Here's where your data is stored and processed:

8.1 Primary Data Storage

• Primary Servers: Australia (Sydney region) - where most of your data is stored
• Backup Servers: United States (for disaster recovery and redundancy)
• CDN Services: Global distribution for faster app performance

8.2 Third-Party Services

• Firebase Services: Google Cloud Platform (primarily US-based)
• Google Maps API: Global Google servers
• Analytics Services: Firebase Analytics (US-based)

8.3 Safeguards for International Transfers

We ensure appropriate safeguards are in place for international transfers, including:

• Binding Corporate Rules for intra-company transfers
• Standard contractual clauses where applicable
• Certification schemes and codes of conduct
• Compliance with Australian privacy laws
• Data minimization and purpose limitation
• Regular security assessments of international partners

9. Third-Party Services

9.1 Firebase Services

• Firebase Authentication: User authentication and account management
• Firebase Storage: Secure file storage and document management
• Firebase Messaging: Push notifications and real-time updates
• Firebase Analytics: App usage analytics and performance monitoring

9.2 Google Services

• Google Maps API: Location services and mapping functionality
• Google Play Services: App distribution and updates

9.3 Third-Party Privacy Policies

• Google Privacy Policy
• Firebase Privacy Policy

10. Cookies and Tracking

S&S Clocked In uses minimal tracking technologies to provide essential functionality:

10.1 Analytics and Performance

• Firebase Analytics: Used for app performance monitoring, crash reporting, and usage analytics
• Google Analytics: Provides insights into app usage patterns and user behavior
• No Marketing Cookies: We do not use cookies for advertising or marketing purposes

10.2 Essential Cookies

• Authentication Tokens: Secure session management and user authentication
• App Preferences: User settings and configuration data
• Security Tokens: Fraud prevention and security monitoring

10.3 Cookie Control

You can control cookie settings through your device's privacy settings. However, disabling essential cookies may affect app functionality, including login capabilities and attendance tracking.

11. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated policy in the app
• Sending push notifications about significant changes
• Emailing users about major policy updates
• Displaying a prominent notice in the app

Your continued use of the app after changes become effective constitutes acceptance of the updated policy.

11. Contact Information

12. Complaints Handling

We are committed to resolving any privacy concerns you may have. If you believe we have breached your privacy rights or have concerns about how we handle your personal information, please follow these steps:

12.1 Making a Complaint

1. Contact Us First: Email us at info@snstechservices.com with details of your complaint
2. Response Time: We will acknowledge your complaint within 5 business days and provide a full response within 30 days
3. Investigation: We will investigate your complaint thoroughly and take appropriate action
4. Resolution: We will work with you to resolve the issue to your satisfaction

12.2 External Complaints

If you are not satisfied with our response to your complaint, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• OAIC Website: https://www.oaic.gov.au/privacy/privacy-complaints
• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au
• Post: GPO Box 5218, Sydney NSW 2001

12.3 Our Commitment

We take all privacy complaints seriously and are committed to:

• Investigating complaints thoroughly and fairly
• Providing clear explanations of our findings
• Taking corrective action when necessary
• Learning from complaints to improve our practices
• Maintaining confidentiality throughout the process

13. Australian Privacy Principles (APPs)

If you are in Australia, you have rights under the Privacy Act 1988 and the Australian Privacy Principles (APPs):

• APP 1 - Open and Transparent Management: We maintain this privacy policy and handle personal information openly and transparently
• APP 6 - Use or Disclosure: We only use or disclose personal information for the primary purpose for which it was collected, or for a related secondary purpose
• APP 7 - Direct Marketing: We do not use personal information for direct marketing purposes
• APP 8 - Cross-border Disclosure: When we transfer data overseas, we take reasonable steps to ensure the recipient complies with Australian privacy laws
• APP 10 - Quality of Personal Information: We take reasonable steps to ensure personal information is accurate, up-to-date, and complete
• APP 11 - Security of Personal Information: We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorized access
• APP 12 - Access to Personal Information: You have the right to access your personal information we hold
• APP 13 - Correction of Personal Information: You have the right to request correction of inaccurate personal information

This privacy policy was last updated on January 2025.