Last reviewed: 1 Aug 2023
The processing of Personal Data shall always be in line with the Australian Privacy Principles contained in the Privacy Act 1998 (Cth) (Privacy Act), the General Data Protection Regulation (GDPR), the Data Protection Act 2018 (DPA) and the California Consumer Privacy Act (CCPA), and in accordance with country-specific data protection regulations applicable to Vygo.
We have implemented a number of technical and organisational measures to ensure the most complete protection of Personal Data processed through the Services.
The information you provide will be collected by or on our behalf of us and may be disclosed to third parties that help us deliver our Services (including information technology suppliers, communication suppliers and our business partners) or as required by law. If you do not provide this information, we may not be able to provide all of the Services and functionality of the Platform to you.
If you would like any further information about our privacy policies or practices, please contact us.
We note that all contact or other data forms where consent is required to be given by you include no pre-checked checkboxes so that you are able to freely, affirmatively opt-in. We will also provide you with notice on the Services specifically detailing what it is that you are consenting to in clear and plain language as well ensuring that each matter which requires consent is clearly distinguishable.
For all areas of the Services where consent is given it is just as easily able to be withdrawn from Vygo through the appropriate account settings on the Services. Vygo is not responsible for any information your University has stored outside of Vygo, please contact your University for removal of any such information.
We will only collect personal information from you if it is reasonably necessary for one or more of our functions or activities.
a) Account and User Content
You need to create an account with us to use some of our Services.
During your account registration and use of the Services, you may enter your details on the different forms or provide us with additional content.
We may collect this Personal Data from you, such as your name, e-mail, password, university/institution, interests and class records including what course you are studying, what year in your course you are currently at and other relevant details when you register to use the Services. This data is used to enable us to identify and verify you and provide you with support, services, mailings. Certain functionality of the Services requires your Personal Data to function properly. We may also collect information regarding your usage of the Platform such as when you create or share content, or upload content such as photos, videos, comments, meta data (geographic tags).
The legal basis for this processing is based on:
b) Contact and Messaging Data
If you provide us with feedback or contact us via e-mail, or other means including by phone call or by contracting with us, we will collect your name and e-mail address, as well as any other content included in the e-mail or conversation, in order to send you a reply. If you contact or message another user through the Platform, we will also collect this data. We will store and process your communications and information as needed. We may also collect contact information if you choose to upload, sync or import it from a device.
The legal basis for this processing is based on:
By submitting a form or contacting us such Personal Data is transmitted on a voluntary basis and you consent to its collection.
c) Subscription Data
When you use the Services, you may have the ability to subscribe to various newsletters or other information digests. We may collect the data when you input your details for subscription purposes.
The Personal Data is processed for the purpose of informing you regularly by means of a newsletter or other offer form. The personal information collected during the subscription will only be used for marketing materials or for reasons made known on the form.
The legal basis for this processing is based on:
We retain information on your behalf, such as domain names, URLs, time zone preferences, Service invoices, messages and any other information that you store using your Account.
We may also collect Personal Data at other points on our Services that state that Personal Data is being collected. In some circumstances, Personal Data is provided to us by third parties such as our related entities, service providers or other organisations conducting activities on your behalf. With your expressed consent, your Personal Data may be used and disclosed to us this way. The purposes as outlined above may include the processing of such Personal Data to the extent necessary for us to continue to provide the Services, conduct maintenance and upgrades on the Platform, comply with a law, regulation or legal request or to protect the safety of any person or to prevent fraud. In certain jurisdictions, we may ask for a government issued ID in limited circumstances including when setting up a wireless account and activating your device, or as required by law.
a) Meta Data including Location Data
Some of our Services (including the App) may allow you to add or may have metadata added to your content including hashtags (to mark keywords), geotags (to mark your location), comments or other data. This helps our Services and your content to be more searchable. We may also use such data to identify any breaches of our Related Terms or your institution's policies or codes of conduct.
We use location data to help target and tailor the Services to your particular location and jurisdiction and to ensure that users are meeting in places that comply with our requirements and policies. With your consent we may also collect information about your precise location using methods including GPS, wireless networks, cell towers, Wi-Fi access points and other sensors.
b) Services Data through your usage of the Platform
When you use the Services through the Platform we and your University may also record details of your usage such as but not limited to your click history, your connections history and usage, your chat or video history, to enable efficient delivery of the Services through our Platform and to monitor for any breaches of the Related Terms or your institution's policies or codes of conduct.
We may record your chat or video conversations in order to help us or your University monitor for risky or harmful behaviour and to enable your University or us to provide assistance.
c) Log Data
To make our Services more useful to you, our servers (which may be hosted by a third-party service provider) gather some information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exit websites and applications, operating system, date/time stamp, and clickstream data.
We use this information to understand and analyse trends, to administer the Services, to learn about user behaviour regarding the Services, to improve our product and services, and to gather demographic information about our user base as a whole. Vygo may use this information in our marketing and advertising services.
In some of our email messages, we use a “click-through URL” linked to content on our Services. When customers click one of these URLs, they pass through a separate web server before arriving at the destination page on our website. We track this click-through data to help us determine interest in particular topics and measure the effectiveness of our customer communications. If you prefer not to be tracked in this way, you should not click text or graphic links in the email messages.
We use third party analytics tools to collect information anonymously and report Platform trends without identifying individual visitors. These tools collect information sent by your device or our Services, including the web pages you visit, add-ons, and other information that assists us in improving the Services.
a) Data and content other people upload
We will only collect information about you directly from you, except where as set out below or if it is unreasonable or impracticable to do so.
We may also collect information and communications that other people, including your University provide when they use our Services. This can include information about you such as name, email address, details about your study, when others send messages, documents and information to you. We may also collect your information if you are invited to participate in our Services this may include information such as your name, phone number, email address, contact preferences and is used for the purpose of enabling us to provide our Services to you.
6.1 Use of personal information
We agree to not use or disclose this personal information for a secondary purpose unless you consent to us doing so, or another exception applies under applicable laws.
For the purposes of the law, some information we or your University hold about you may be considered 'sensitive' (such as but not limited to your chat data) and therefore subject to greater protection. If we hold sensitive information about you, we will only disclose or use that information with your consent or if another exception applies under applicable laws. Your University is solely responsible for any information it has accessed about you.
We will also use or disclose your personal information or sensitive information if we are required to do so by law or a court / tribunal order, or if we reasonably believe that the use or disclosure of the information is reasonably necessary for an enforcement related activity or on behalf of an enforcement body, in which case we will make a written note of the use or disclosure or another exception applies under relevant laws.
6.2 Creation of anonymous data
We also collect data in a form that does not, on its own, permit direct association with any specific individual. We may collect, use, transfer, and disclose non-personal information for any purpose.
7.1 Universities and other institution partners
Vygo always has access to all data (including Personal Data) that arises from the usage of the Services and the Platform.
If we have a direct relationship with your University, your University shall also have access to all your data.
7.2 IT Service Management
We use third-party analytics services to help understand your usage of our Services. In particular, we provide a limited amount of your information (such as sign-up date and some personal information like your email address) to an IT service management provider (ITSM Provider) and utilize the ITSM Provider to collect data for analytics purposes when you use the Platform.
As a data processor acting on our behalf, the ITSM Provider analyses your use of the Platform and tracks our relationship by way of cookies and similar technologies so that we can improve our service to you.
We may also use the ITSM Provider as a medium for communications, either through email, or through messages within the Platform. To enhance your user experience, the ITSM Provider may also collect publicly available contact and social information related to you, such as your email address, gender, company, job title, photos, website URLs, social network handles and physical addresses.
7.3 Service Providers
We may share your Personal Data with service providers to:
The service providers (and if necessary, data processors) could include:
These third party service providers are obligated not to use your Personal Data, other than to provide the services requested by Vygo.
7.4 Affiliates and Acquisitions
7.5 Third parties including those you choose to share your data with
We may disclose your Personal Data to third parties to whom you expressly ask to us to send your Personal Data or to third parties to whom you choose to send your Personal Data.
We may also, with your consent or at your direction, disclose your Personal Data to your authorised representatives.
7.6 Other disclosures
Regardless of any choices you make regarding your Personal Data (as described below), Vygo may disclose Personal Data if it believes in good faith that such disclosure is necessary:
We will take reasonable steps to ensure that anyone to whom we disclose your personal information respects the confidentiality of the information and abides by the Privacy Act, the GDPR, the DPA and the CCPA or equivalent privacy laws.
Where we act as a data processor the client may also provide us with instructions with regards to disclosure.
If you do not provide us with your Personal Data described above, some or all of the following may happen:
9.1 What are cookies?
A cookie is a small piece of text sent to your browser by a website that you visit. It helps the website to remember information about your visit, like your preferred language and other settings. That can make your next visit easier and the site more useful to you. Cookies play an important role. Without them, using the web would be a much more frustrating experience.
Pixel tags enable us to send email messages in a format customers can read, and they tell us whether mail has been opened. We may use this information to reduce or eliminate messages sent to customers.
Many of these cookies are removed or cleared when you log out but some may remain so that your preferences are remembered for future sessions.
9.3 Third Party Cookies
We Do Not Sell Personal Information.
We do not sell your Personal Data, consistent with Section 1798.140 of the CCPA or applicable regional privacy legislation.
Please note that we use the following third parties to process your Personal Data:
By providing us with your Personal Data, you consent to the disclosure of your Personal Data to third parties who reside outside your region and, if you are a United Kingdom (UK), European Union (EU) citizen, to third parties that reside outside the UK and EU.
Where the disclosure of your Personal Data is solely subject to Australian privacy laws (and not subject to the GDPR), you acknowledge that we are not required to ensure that those third parties comply with Australian privacy laws.
9.4 How to manage cookies
Some people prefer not to allow cookies, which is why most browsers give you the ability to manage cookies to suit you. If you want to disable cookies and you’re using the Safari web browser, go to Safari preferences and then to the privacy pane to manage your preferences. For other browsers, check with your provider to find out how to disable cookies. Please note that certain features of the Services will not be available once cookies are disabled.
Subject to the applicable privacy regulations, you may request to access the Personal Data we hold about you by contacting us. All requests for access will be processed within a reasonable time.
11.1 Accessing or rectifying your Personal Data
We may, if required, provide you with tools and account settings to access, correct, delete, or modify the Personal Data you provided to us. You can find out more about how to do this by contacting us. If you are unable to access your Account to access or rectify your Personal Data, you may submit a request to us to correct, delete or modify your Personal Data and/or download the data for you.
In most cases, you may have access to Personal Data that we hold about you. We will handle requests for access to your Personal Data in accordance with the Australian Privacy Principles. All requests for access to your Personal Data must be directed to the Privacy Officer as outlined further below.
We will deal with all requests for access to your Personal Data as quickly as possible. Requests for a large amount of information, or information that is not currently in use, may require further time before a response can be given.
On receiving an access request, we will provide the necessary Personal Data in a portable and easily accessible format, normally within 45 days of the request.
If you are a California resident, you may request that we:
Disclose to you the following information for the 12 months preceding your request:
If you wish to have us delete your Personal Data, please contact us.
11.3 Object, restrict or withdraw consent
If you have an Account on the Services, including the Platform, you will be able to view and manage your privacy settings. Alternatively, if you do not have an Account, you may manually submit a request to us if you object to any Personal Data being stored, or if you wish to restrict or withdraw any consent given for the collection of your Personal Data.
You may withdraw your consent to the processing of all your Personal Data at any time. If you wish to exercise this right, you may do so by contacting us.
You may withdraw your consent or manage your opt-ins by either viewing your account on the Services or clicking the unsubscribe link at the bottom of any marketing materials we send you.
We may, if required and possible, provide you with the means to download the Personal Data you have shared through our Services. Please contact us for further information on how this can be arranged.
11.5 Refusal to provide access to your information
In some cases, we may refuse to give you access to your Personal Data that we hold. This may include circumstances where giving you access would:
11.6 Correcting your personal information
If you consider the Personal Data that we hold about you to be incorrect, incomplete, out of date or misleading, you can request that the Personal Data be amended.
We will amend any of your Personal Data that is held by us and that is inaccurate, incomplete or out of date if you request us to do so. If we disagree with your view about the accuracy or completeness of a record of your Personal Data that is held by us, and you ask us to associate with that record a statement that you have a contrary view, we will take reasonable steps to do so.
Where a record is found to be inaccurate, a correction will be made. Where a request is made for a record be amended because it is inaccurate, but the record is found to be accurate, the details of the request for amendment will be noted on the record.
In certain instances, we may not be required or able to provide you with access to your Personal Data. If this occurs, we will give you reasons for our decision not to provide you with such access to your Personal Data in accordance with the Privacy Act, the CCPA, the DPA and the GDPR.
There is no application fee for making a request to access your Personal Data. However, we may charge an administrative fee for the provision of information in certain circumstances such as if you make repeated requests for Personal Data or where the information is held by a third party provider.
Where we act as a data processor, we do so on behalf of our client and in accordance with their instructions. This means that should you wish to access, review, correct, transfer, modify or delete any Personal Data which we process on behalf of a client you should contact that client with your request.
We may send you direct marketing communications and information about our products and services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. In addition, at any time you may opt-out of receiving marketing communications from us by contacting us (see the details below) or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list.
Vygo stores Personal Data in Google Cloud Services, see here how your information is stored and secured.
Vygo takes the security of your Personal Data very seriously. We will take all steps reasonable under the circumstances to protect your personal information from misuse, interference, loss; and unauthorised access, modification or disclosure. We will process Personal Data securely and apply and maintain appropriate technical and organisational measures to protect Personal Data.
In furtherance of this goal Vygo is committed to high standards of privacy and as such is committed to ensuring our practices comply with SOC 2 standards. Please see here for the full list of our policies relating to data security and privacy.
We ensure that all our suppliers are required to adhere to the Australian Privacy Principles in the Privacy Act.
Where we transfer Personal Data from within to outside of the United Kingdom, European Union or EFTA States, we ensure an adequate level of protection for the rights of data subjects based on the adequacy of the receiving country’s data protection laws.
We may disclose Personal Data to our related bodies corporate and third party suppliers and service providers located overseas for some of the purposes listed above. We take reasonable steps to ensure that the overseas recipients of your Personal data do not breach the privacy obligations relating to your Personal Data.
We may disclose your Personal Information to entities located outside of your region, including the following:
We may disclose your Personal Data to entities within your region who may store or process your data overseas.
We take data breaches very seriously. Depending on where you reside our policy is:
15.1 If you reside in Australia
If there is a data breach and we are required to comply with the notification of eligible data breaches provisions in Part IIIC of the Privacy Act or any other subsequent sections or legislation which supersede this Part IIIC, we will take all reasonable steps to contain the suspected or known breach where possible and follow the following process set out in this clause.
We will take immediate steps to limit any further access or distribution where possible. If we have reasonable grounds to suspect that the data breach is likely to result in serious harm to any individuals involved, then we will take all reasonable steps to ensure an assessment is completed within 30 days of the breach or sooner if possible. We will follow the guide published by the Office of the Australian Information Commissioner (if any) in making this assessment.
If we reasonably determine that the data breach is not likely to result in serious harm to any individuals involved or that any remedial action we take is successful in making serious harm no longer likely, then no notification or statement will be made.
Where, following an assessment and undertaking remedial action (if any), we still have reasonable grounds to believe serious harm is likely, as soon as practicable, we will provide a statement to each of the individuals whose Personal Data was breached or who are at risk. The statement will contain details of the breach and recommendations of the steps each individual should take. We will also provide a copy of the statement to the Office of the Australian Information Commissioner.
15.2 If you reside in the United Kingdom, European Union or EFTA States:
We will endeavour to meet the 72-hour deadline as imposed by the GDPR, to report any data breach to the supervisory authority where a data breach occurs that will likely be a risk to you.
Further, where there is likely to be a high risk to your rights, we will endeavour to contact you without undue delay.
We will review every incident and take action to prevent future breaches.
If you reside in the United Kingdom, European Union or EFTA States, you shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you, as long as the decision is not necessary for entering into, or the performance of, a contract between us, or is not authorized by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or is not based on your explicit consent. If you wish to exercise your rights, please contact us.
We may retain your information for fraud prevention or similar purposes.
18.1 If you reside in Australia
You can confidentially contact our Privacy Officer at:
Privacy Officer: Steven Hastie
Entity: Vygo Pty Ltd CAN 609 658 531
Telephone: (+617) 3250 6800
Office Address: 'Central Plaza One' Level 38, 345 Queen Street, Brisbane QLD, Australia, 4000
Postal Address: 21 Settlement Court, Tallai, QLD, 4213
If we do not resolve your enquiry, concern or complaint to your satisfaction or you require further information in relation to any privacy matters, please contact the Office of the Australian Information Commission at:
Telephone: 1300 363 992
Office Address: Level 3, 175 Pitt Street, Sydney NSW 2000
Postal Address: GPO Box 5218, Sydney NSW 2001
18.2 If you reside in the United Kingdom, European Union or EFTA States:
The data controller that is responsible for your Personal Data is:
Vygo Pty Ltd ACN 609 658 531
'Central Plaza One' Level 38 345 Queen Street Brisbane, QLD, Australia, 4000
If you wish to raise a concern about our use of your Personal Data you have the right to do so with your local supervisory authority.
We do not knowingly or specifically collect personal data from individuals under the age of 18 and no one under the age of 18 is authorized to submit any information, including Personal Data to us, via our Platform or otherwise.
If we determine that such information has been inadvertently collected on anyone under the age of 18, we will take the necessary steps to ensure that such information is deleted from our systems. Unless these individuals are End Users via one of our University partners, in which case their Universities (not Vygo) are solely responsible for any Children’s Online Privacy Protection Act requirements and obligations.