vSydney Privacy Collection Statement

Collection of information

When you are using vSydney, you may be asked to provide your unikey, name, contact details or other personal information/data.

In some circumstances, we will ask you to use a third party to provide us with information, such as where you register for a University event. Please see the University’s disclaimer.

vSydney has security measures in place to safeguard personal information from misuse, and unauthorised access, use, modification or disclosure, including those in the University’s Cyber Security Policy 2019 (pdf, 218KB) and the Acceptable Use of ICT Resources Policy 2019 (243KB). We retain your personal information in accordance with the State Records Act 1998 (NSW).

vSydney also automatically collect personal information when you are browsing or otherwise using our websites. The various mechanisms used by vSydney include server logs, proxy logs, and cookies.

A cookie is a package of data which a website requests be stored temporarily on your computer (or in memory) to identify you as a visitor to that website. You can choose to disallow cookies by changing settings on your web browser. However, if you reject all cookies you may not be able to use some of vSydney.

The information collected by these various mechanisms includes:

• the server and IP (Internet Protocol) address of the machine that has accessed the website
• the dates and times of each visit to the website
• the pages accessed and documents downloaded
• the type of browser used; and
• sometimes, the previous site visited.

Cookies may also store the following information: session (numbered key) and duration. A numbered key is a unique server-generated number used to identify the current session. The session key can be linked back to a user's login identification.

Use and disclosure

We will only use or disclose your personal information:

• for the purpose for which it was collected (such as to meet the object and functions of the University of Sydney Act 1989 (NSW))
• for a directly related purpose
• when we have the appropriate consent to do so; or
• as otherwise required, permitted or authorised by law.

Examples of how we will use or disclose your personal information include:

• Unikeys collected by vSydney are used for verification purposes to enable access to certain sections of vSydney’s websites.
• Information that we collect on our Alumni & Advancement forms may be relevantly used to update your contact details, inform you about our services, events and achievements, administer your gift or, respond to your bequest inquiry.
• Information that we collect on website forms may be used for business and learning analytics purposes to assist vSydney to make better decisions regarding its operations, services and community engagement.
• Information automatically collected on our websites is used for statistical and business purposes such as diagnosing a fault and improving our services or, when required, for investigations. The data is generally not accessible except to authorised University staff for these purposes. Information which is automatically collected may be published as aggregated (de-identified) information to assist with improving the services offered by vSydney through its websites.
• vSydney may use third party remarketing cookies, such as through Google and Facebook, to show advertisements when you visit other websites based on your prior visits to a University website. You can opt out by updating the ad settings for that particular third party, such as Google and Facebook. For more information about how to opt out you may also want to visit the Network Advertising Initiative website.

Access to and correction of personal information

Under NSW privacy laws, you have the right to request access to and correct any personal information concerning you held by vSydney.

If you reside in, or are located in, the European Economic Area, under the GDPR, where your information is collected, used or disclosed as a result of your express consent, you may withdraw that consent at any time. Further, you may have the right to request the erasure, portability or restriction of processing of their personal information, and, to object to the processing of your personal information.

Information about requesting access to or amending your information can be found on the Accessing University information page.

GDPR Compliance

The following document outlines how your data is stored, transmitted, and handled. You have the right to request that we delete the data we have about your account as well as contact the various partners we work with to ask them to delete your data as well. We may ask for appropriate identification to fulfil your request.

1. What Information does the app collect?

1.1 Personal information items to be collected

We ultimately strive to collect the minimal amount of information required to operate the vSydney application. The app collects information from you when you log in as a USYD user via USYD single-sign-on, and gather your account information including your first name, last name, faculty and units of study. The vSydney app does not own your USYD account infor-mation; if you think there is anything wrong with your USYD account information, kindly con-tact the ICT Helpdesk on 1800 SYD UNI (press “3”) for further assistance. Your vSydney data will be stored on our servers in Sydney, Australia. Your personal infor-mation is disclosed to other users.

Data	What does the app use it for
USYD Email address	Signing up for, providing support for and us-ing your vSydney profile.
USYD faculty & units of study	Providing USU clubs recommendation.
USYD user first name, last name, unikey	Using your vSydney profile and chatting online with other USYD students/staffs

1.2 Information collected while the users use vSydney services

• Log information: Log data, use time, search word input by users
• Equipment information
• Other information: Users’ favourited USU clubs

1.3 Method of collection

The vSydney app collects user information in the way of the following:

• Webpage, SAML Single-Sign-on (SSO) using ADFS
• Provided by 3rd party apps (e.g. search word input stats collected by Algolia Search)

2. Does the app disclose any information to outside parties?

The app does not collect or transfer user’s identifiable information to outside parties. The collected user information is for:

• To detect unauthorised or fraudulent use

Below are the trusted third parties who assist to operate the website and the backend API:

• Amazon Web Services: to host the vsydney.techlab.works website
• Algolia Search API: to provide search within the hosted site.

3. Other data vSydney does not collect or have access to

vSydney explicitly cannot access the following data:

• Your password of your USYD Unikey account

4. Cookies and persistent trackers

We use cookies to enable the vSydney website to recognise your browser. The vSydney app does not collect collective and impersonal information through “cookies”. Only strictly necessary cookies are used. We use neither self-hosted tracker nor third-party tracker in the vSydney app.

Cookie Name	Service	Cookie Expiry	Why do we store it?
sessionid	Django session	2 weeks	sessionid is the authentication token for vSydney
csrftoken	vSydney	6 months	Cross-site request forgery is a common attack used against website visitors. This cookie is to protect user from XSRF attacks.