Tommy Associates Pty Ltd
Tommy Logo

Privacy Policy (Service Provider)

Last updated date: 13th January 2021
Tommy Associates Pty Ltd and its subsidiaries (herein “Tommy”) provide team management products and related services to organisations to help them manage their teams. As such, Tommy processes data about those organisations’ prospective, current and past team members (herein “Users” or “Individuals”) on behalf of those organisations and as per their instructions. This Privacy Policy (“Policy”) describes our general practices relating to the processing of data about these organisations’ Users (“Personal Information”). If you are an Individual whose prospective, current or past employer (herein “Employer”) uses a Tommy application such as Tommy Messenger, and your Employer has asked you to submit Personal Information as part of that service, you should review your Employer’s own privacy policy to understand that Employer’s privacy practices.

Personal Information Processing

In connection with products such as Tommy Messenger, Tommy will provide your Employer the ability to collect, store, use, transfer, share and disclose your Personal Information in support of a prospective, current or past team member relationship between you and your Employer. When Tommy processes your data in this manner, it acts as a processor for your Employer, who is the controller. In its capacity as a processor, Tommy only processes your Personal Information as per the instructions of the controller, for their benefit, and on their behalf. Therefore, Tommy’s customers- your Employer(s)- are responsible for providing you with a notice of what Personal Information they collect, use and disclose, for what purposes they do so, and with whom it is shared. They are also responsible for obtaining appropriate consent where required or identifying other legal basis upon which they may rely to process your Personal Information.
Tommy relies on its customers and its customers’ Users to supply Tommy with accurate, complete and up-to-date Personal Information where relevant to Tommy’s delivery of the services. Individuals are asked to review their records on a regular basis and make the appropriate updates or notify their Employer of errors promptly. Tommy may share Personal Information with service providers to help us provide your Employer with a product or a service, and to other third parties (e.g. banks, government tax agencies, benefit providers) at the instructions of your Employer. In addition, Tommy may disclose Personal Information to law enforcement or other government authorities if required by law. In the event that Tommy, or any portion of our assets, are acquired, sold, or transferred, Tommy will disclose Personal Information with the company involved to complete the business transition, including at the negotiation stage.
Tommy processes Personal Information that your Employer may collect through the service from or about you, or that your Employer may provide through the service. For example:
  • Personal details such as name, birth date, national ID numbers, driver’s license number/state ID, passport number, marital status, signature, and image;
  • Characteristics of protected classifications such as age, sex, race, ethnicity, physical or mental handicap;
  • Contact details such as mailing address, telephone number, and email address;
  • Contact details such as mailing address, telephone number, and email address;
  • Performance information such as appraisals, performance reviews, disciplinary records, training records, details of skills and experience, and absence records;
  • Information regarding your next of kin and other individuals such as emergency contacts, dependent information, and life insurance beneficiaries;
  • Health-related information such as information regarding benefits programs, insurance, and sick leave;
  • Voice commands and photos if you use Tommy’s mobile app;
  • Application activity in Tommy’s products through cookies, web beacons and server logs.
  • Biometric information such as your photo to perform a facial recognition check for clock-in and clock-out processes. For more information on how Tommy handles this particular information please see the biometric statement here
Tommy may process time and attendance-related information on behalf of your Employer collected by timekeeping devices that leverage biometrics such as your fingerprint.

Cross Border Transfers

To run our business, we may store and process your Personal Information in any country where Tommy and authorised third parties operate. When we transfer your Personal Information in this manner across country borders, we implement adequate measures for its protection, and for compliance with applicable laws.
Tommy utilises the adequacy determinations made by the European Commission to transfer Personal Information to countries with data protection that is adequate to the EU. Tommy also utilises Standard Contractual Clauses (SCCs) for the transfer of Personal Information from the EU and Switzerland to other countries.


Tommy has implemented policies and procedures to protect Personal Information. Tommy uses recognised industry standard security safeguards appropriate to the sensitivity of the Personal Information. Tommy reviews its security policies and procedures on a regular basis and updates them as needed to maintain their relevance. Tommy provides reasonable security controls for customers to configure in order to protect their Personal Information from and against risks, such as loss or theft, as well as unauthorised access, collection, use, disclosure, copying, modification, disposal and destruction.

Changes to this Privacy Policy

Tommy may update this Policy periodically to reflect changes to our privacy practices. We will provide notice online when we make any material changes to this Policy.