Data Collection Policy

Effective date: 4 May 2026

1. Purpose

This Data Collection Policy explains the categories of personal information Timing Plus collects, the purposes for collection, how data is collected and stored, and the responsibilities of customers when providing competitor data for events. It supports compliance with the Australian Privacy Principles (APPs).

2. Scope

This policy applies to all personal information provided to Timing Plus by customers, event organisers, schools and other authorised parties for the purpose of delivering timing services for cross country running events in Australia.

At a glance

We collect competitor identity and event details to deliver timing and results.
Customers control what data is uploaded and must ensure a lawful basis (including parent/guardian consent for competitors under 16).
We apply reasonable security measures and retain data only as agreed or as required by law/invoicing.
Privacy requests must be submitted by the customer/event organiser via privacy@timingplus.com.au.

3. Principles

Minimisation: Only collect data necessary for the event.
Customer control: Customers supply competitor data and must confirm lawful basis and parental consent for children under 16.
Security: Timing Plus protects personal information in accordance with its Privacy Policy and reasonable technical and organisational measures.
Transparency: Customers must inform competitors and parents/guardians how their data will be used and direct privacy enquiries to Timing Plus.

4. Categories of personal information collected

Timing Plus typically collects the following categories of personal information for each competitor:

Category	Fields
Identity & event details	First name, last name, school, house, class, year level, age information (date of birth or year of birth)
Event identifiers	Timing bib ID, RFID tag ID, allocated competitor number
Optional fields	Gender, emergency contact details (if provided by customer)
Technical data (website)	IP address, device and browser information, cookies and analytics data (Google Analytics)

Sensitive information: Timing Plus does not collect sensitive information (health, TFN, racial/ethnic origin, political beliefs, biometrics) unless explicitly authorised by the customer.

5. How data is collected

Primary method: Customer upload of competitor lists (CSV or other agreed format).
Event day: RFID reads and timing equipment outputs.
Website: Forms, contact submissions and analytics.
Other sources: Only where authorised by the customer (e.g., school database extracts).

6. Customer obligations when providing data

Customers must:

Provide only necessary data for the event.
Confirm lawful basis for providing each record.
Obtain parental/guardian consent for all children under 16.
Attest to having obtained parental consent at the time of upload.
Ensure accuracy and notify Timing Plus of corrections.
Use secure transfer methods as agreed with Timing Plus.
Avoid providing sensitive information unless expressly required.

7. Retention, deletion and de-identification

Retention: Determined by the customer. If no retention period is specified, Timing Plus retains data only as necessary to provide the service and meet legal or invoicing requirements.

Deletion: Timing Plus will delete or de-identify data on customer request where feasible.

De-identification: If required, customers should provide data already de-identified.

8. Security and access

Timing Plus implements reasonable security measures, including:

Encryption in transit
Role-based access controls
Multi-factor authentication for admin access
Periodic internal security reviews
Logging of access to competitor data
Secure daily backups retained for four weeks

Access to competitor data is restricted to authorised Timing Plus staff.

9. Data sharing and disclosures

Timing Plus shares personal information only with:

The customer who provided the data
Legal or regulatory authorities where required

Timing Plus does not sell personal information or transfer personal information outside Australia.

10. Handling privacy requests and disputes

All privacy requests must be made by the customer/event organiser to privacy@timingplus.com.au. Timing Plus will:

Acknowledge requests within 5 business days
Respond substantively within 30 days

Requests from individuals (e.g., parents) must be routed via the customer. Unresolved complaints may be escalated to the Office of the Australian Information Commissioner (OAIC).

11. Compliance and audit

Timing Plus conducts periodic internal security reviews. Customers may request evidence of Timing Plus's data handling practices where reasonably required for compliance.

12. Customer attestation (required on data upload)

Customers must confirm the following when uploading competitor data:

I confirm that I have the lawful basis to provide the personal information contained in this upload. For any competitor under 16, I confirm that I have obtained parental or guardian consent to provide their personal information to Timing Plus for the purposes of event timing and reporting.

Timing Plus will not accept data uploads without this attestation.

13. Changes to this policy

Timing Plus may update this policy. Material changes will be published on the website with an updated effective date.

14. Contact

Email: privacy@timingplus.com.au
Postal: PO BOX 215, CABOOLTURE QLD 4510

Timing Plus — The Trustee for The Minifies Trust ABN 94 110 042 700
PO BOX 215, CABOOLTURE QLD 4510 · privacy@timingplus.com.au