Data Handling Agreement
Last Updated: 7 October 2024
Between Skillstone Pty Ltd (hereinafter referred to as "we" or "App Provider") and the Users (Employers) and End-Users (Employees, Subcontractors, and Suppliers).
1. Purpose of this Agreement
This agreement explains how we handle data when you use our Onboarding and Employee Engagement App, including the Skillstone Admin Portal. It covers our data collection, storage, and transmission practices. It clarifies the responsibilities of the App Provider, Users (Employers), and End-Users regarding the collection, storage, and secure transmission of private and sensitive information.
2. Data Collection and Consent
We collect personal and sensitive information with the aid of your employer, who is responsible for informing you and obtaining your consent. The data collected via the Skillstone Admin Portal include personal identifiers, employment details, and possibly sensitive personal data, only with explicit permission.
For clients who enable the optional chat feature powered by CometChat, data related to chat communications (text, audio, media) will be handled directly by CometChat. Skillstone does not have access to or control over the data collected through this chat service. Clients and users are encouraged to review CometChat’s Privacy Policy for more details on managing chat-related data.
3. Data Storage
We store all collected data on Amazon Web Services (AWS) servers in the Asia Pacific region, Sydney, Australia. These servers adhere to the highest industry standards for data security, including encryption, access controls, and physical security measures to protect data. The Skillstone Admin Portal, which allows for the management of this data, utilises advanced security measures such as SSL/TLS encryption, multi-factor authentication, and regular security audits to ensure the safety and compliance of your data handling practices.
4. Data Access, Management, and Security
Employers can securely access, manage, and download employee data and manage User-Generated Content (UGC) through our Skillstone Admin Portal. This web-based interface provides robust tools for comprehensive user management, ensuring data confidentiality, integrity, and compliance with our Terms of Service.
Admin Portal Access and Functions: Employers log into the Skillstone Admin Portal to access and manage employee data and UGC stored on AWS. The portal is fortified with security protocols to provide a safe and efficient environment for handling sensitive data and content.
Secure Data Management: All data transmissions to and from the portal are encrypted using SSL/TLS technologies. This encryption helps protect the integrity and privacy of personal data and user-generated content. Employers are responsible for securely managing the data and content within their control. The portal maintains detailed access logs to monitor and audit all interactions, ensuring compliance with our security policies and legal standards.
Employer's Responsibility for Data and Content Deletion: Employers must initiate secure deletion of an employee's data and any associated UGC through the Skillstone Admin Portal upon termination of employment or at an employee's request. This process must comply with legal requirements and best data and content management practices.
UGC Monitoring and Compliance: We actively monitor the UGC to ensure it adheres to the standards outlined in our Terms of Service. Employers are responsible for ensuring that the content created and managed within the portal does not violate laws or platform policies. This includes proactive monitoring to prevent sharing prohibited content, such as hate speech, explicit material, or copyrighted content without authorisation.
Optional Chat Feature Data Management: If the optional chat feature powered by CometChat is enabled, data transmitted through the chat function (such as messages and media) is managed and secured by CometChat. Skillstone does not have direct access to or control over this data. CometChat applies its security protocols, including encryption and secure data management practices. Clients must ensure the chat service complies with their internal data protection requirements.
5. Data Retention and Minimisation
We adhere to the principle of data minimisation, collecting only the data necessary for onboarding and engagement processes. Data is retained only as long as needed to fulfil the intended purposes or as required by law.
Sensitive Data Deletion: After the intended use is complete, sensitive data such as bank details, health information, criminal records, and emergency contacts are promptly deleted.
Chat Data Retention and Management: CometChat determines the data retention period for chat communications for the chat feature. Please refer to CometChat’s Data Retention Policy for details on how chat data is handled.
6. User Responsibilities
Users (Employers) are solely responsible for properly managing and deleting data within their control, as outlined in the admin portal guidelines. This includes maintaining compliance with applicable data protection regulations and ensuring all data management activities are logged and auditable.
7. Data Incident Response
In case of a data breach, particularly involving UGC, we will enact a structured incident response plan. This plan includes immediate notification to affected parties, a detailed assessment of the breach's impact, especially concerning UGC, and comprehensive strategies to prevent future incidents. The plan complies with regulatory requirements and best data protection practices, emphasising swift and effective resolution and mitigation.
Chat Feature Data Breach and Incident Response: CometChat handles and responds to any breaches or incidents involving the optional chat feature. Clients should review CometChat’s Vulnerability Disclosure Program for more information on managing and reporting such incidents.
8. Limitation of Liability
We, the App Provider, are not liable for any mismanagement of data once it is in the User (Employer) possession, except as required by law.
9. Agreement Acceptance
By continuing to use our App, including the Skillstone Admin Portal, Users (Employers) and End-Users agree to abide by the terms and conditions outlined in this Data Handling Agreement, as well as our Cookie Policies, Privacy Policies, Terms of Service, and End User Licence Agreement (EULA), which are published on our website and accessible through our app.
10. Contact Information
If you have any questions or concerns about this Agreement, please contact us at support@skillstone.com.