Privacy Policy

Last reviewed: 1 Aug 2023

1. Overview

Vygo Pty Ltd ACN 609 658 531 (collectively, Vygo, we, us, our) is committed to protecting your privacy. We have prepared this Privacy Policy to describe to you (whether you are an End User or Partner as defined under our Related Terms) our practices regarding personal information we collect from users of our services, including the Vygo mobile app (App) and websites (collectively, Platform), and all other services provided by Vygo (Services).

The processing of Personal Data shall always be in line with the Australian Privacy Principles contained in the Privacy Act 1998 (Cth) (Privacy Act), the General Data Protection Regulation (GDPR), the Data Protection Act 2018 (DPA) and the California Consumer Privacy Act (CCPA), and in accordance with country-specific data protection regulations applicable to Vygo.

We have implemented a number of technical and organisational measures to ensure the most complete protection of Personal Data processed through the Services.

This Privacy Policy forms part of, and is subject to the provisions of our Related Platform Terms, which includes any relevant agreements, terms or policies such as our Acceptable Usage Policy (viewable here) and any Data Processing Agreements we may be party to, that support the provision of services through the Platform to the Partner and the End User. 

2. Collection Statement

We may collect personal information about you in order to provide you with the Services through this Platform and for purposes otherwise set out in this Privacy Policy. 

The information you provide will be collected by or on our behalf of us and may be disclosed to third parties that help us deliver our Services (including information technology suppliers, communication suppliers and our business partners) or as required by law. If you do not provide this information, we may not be able to provide all of the Services and functionality of the Platform to you. 

Our Privacy Policy explains: 

  1. how we store and use, and how you may access and correct your personal information; 
  2. how you can lodge a complaint regarding the handling of your personal information; and 
  3. how we will handle any complaint. 

If you would like any further information about our privacy policies or practices, please contact us.

By providing your personal information to us, you consent to the collection, processing, use, storage and disclosure of that information as described in the Privacy Policy and this collection notice. 

We may disclose your personal information to recipients that are located outside of your region, including to third parties as outlined in this Privacy Policy. 

3. Medical Data

We do not collect and store medical data in any way, and we disclaim any liability for the collection or storage of any kind of medical data. We do not use profile, chat or video or video features to input any medical data. Any End User information in chat or video logs may be accessed by Vygo or your University. This is most likely to happen if the conversation is manually flagged by a participant in that chat or session and then if Vygo or your University decides to review it. If the information is then reviewed, it will only be reviewed to determine if there is a breach of this Privacy Policy or our Related Terms, your University’s policies or to notify the relevant authorities if there is a risk of harm.

4. User Consent

Where we rely on your consent as the lawful basis to process your data under the GDPR we will always ask for you to positively affirm your acceptance. By clicking to accept this Privacy Policy you acknowledge and agree to be bound by this Privacy Policy.

We note that all contact or other data forms where consent is required to be given by you include no pre-checked checkboxes so that you are able to freely, affirmatively opt-in. We will also provide you with notice on the Services specifically detailing what it is that you are consenting to in clear and plain language as well ensuring that each matter which requires consent is clearly distinguishable.

For all areas of the Services where consent is given it is just as easily able to be withdrawn from Vygo through the appropriate account settings on the Services. Vygo is not responsible for any information your University has stored outside of Vygo, please contact your University for removal of any such information.

If you believe that consent has not been given freely or in breach of the terms of this Privacy Policy, please contact us or your University.

5. What personal data we collect

We will only collect personal information from you if it is reasonably necessary for one or more of our functions or activities.

In this section of our Privacy Policy, and in accordance with the Privacy Act, the GDPR, the DPA and the CCPA, “Personal Information or Personal Data” means any information that allows someone to identify you, including, for example, your name, address, telephone number, e-mail address, as well as any other non-public information about you that is associated with or linked to any of the foregoing data, to the extent that this information may identify, relate to, describe, are capable of being associated with, or could be reasonably linked, directly or indirectly, with you.

5.1 Information you provide to us

a) Account and User Content

You need to create an account with us to use some of our Services.

During your account registration and use of the Services, you may enter your details on the different forms or provide us with additional content.

We may collect this Personal Data from you, such as your name, e-mail, password, university/institution, interests and class records including what course you are studying, what year in your course you are currently at and other relevant details when you register to use the Services. This data is used to enable us to identify and verify you and provide you with support, services, mailings. Certain functionality of the Services requires your Personal Data to function properly. We may also collect information regarding your usage of the Platform such as when you create or share content, or upload content such as photos, videos, comments, meta data (geographic tags). 

The legal basis for this processing is based on:

  1. your consent through your voluntary submission of the form and agreeing to these terms;
  2. the Personal Data being necessary for the performance of a contract to which you are a party; 
  3. for carrying out pre-contractual measures; and/or
  4. any other legitimate interests as detailed below.

b) Contact and Messaging Data

If you provide us with feedback or contact us via e-mail, or other means including by phone call or by contracting with us, we will collect your name and e-mail address, as well as any other content included in the e-mail or conversation, in order to send you a reply. If you contact or message another user through the Platform, we will also collect this data. We will store and process your communications and information as needed. We may also collect contact information if you choose to upload, sync or import it from a device. 

The legal basis for this processing is based on:

  1. either through your consent through your voluntary submission of the form and agreeing to these terms or by your voluntary submission of data to us in other means;
  2. the Personal Data being necessary for the performance of a contract to which you are a party; 
  3. for carrying out pre-contractual measures; and/or
  4. any other legitimate interests as detailed below. 

By submitting a form or contacting us such Personal Data is transmitted on a voluntary basis and you consent to its collection.

c) Subscription Data

When you use the Services, you may have the ability to subscribe to various newsletters or other information digests. We may collect the data when you input your details for subscription purposes.

The Personal Data is processed for the purpose of informing you regularly by means of a newsletter or other offer form. The personal information collected during the subscription will only be used for marketing materials or for reasons made known on the form.

The legal basis for this processing is based on:

  1. your consent through your voluntary submission of the form and agreeing to these terms; and/or
  2. any other legitimate interests as detailed below.

By submitting the form and voluntarily providing us with your data, you are providing consent to the use of such data by us. For the purpose of revocation of consent there is a corresponding unsubscribe link found in each subscription email. Please review the consent section above in this Privacy Policy for how we deal with consent. Where we use your data for direct marketing, we will ensure that it is in compliance with relevant laws. Where you are a customer of ours, we may be required to send you emails for legitimate reasons including but not limited to account verification.

We retain information on your behalf, such as domain names, URLs, time zone preferences, Service invoices, messages and any other information that you store using your Account. 

We may also collect Personal Data at other points on our Services that state that Personal Data is being collected. In some circumstances, Personal Data is provided to us by third parties such as our related entities, service providers or other organisations conducting activities on your behalf. With your expressed consent, your Personal Data may be used and disclosed to us this way. The purposes as outlined above may include the processing of such Personal Data to the extent necessary for us to continue to provide the Services, conduct maintenance and upgrades on the Platform, comply with a law, regulation or legal request or to protect the safety of any person or to prevent fraud. In certain jurisdictions, we may ask for a government issued ID in limited circumstances including when setting up a wireless account and activating your device, or as required by law.

5.2 Information we collect as you use our Services

a) Meta Data including Location Data

Some of our Services (including the App) may allow you to add or may have metadata added to your content including hashtags (to mark keywords), geotags (to mark your location), comments or other data. This helps our Services and your content to be more searchable. We may also use such data to identify any breaches of our Related Terms or your institution's policies or codes of conduct. 

We use location data to help target and tailor the Services to your particular location and jurisdiction and to ensure that users are meeting in places that comply with our requirements and policies. With your consent we may also collect information about your precise location using methods including GPS, wireless networks, cell towers, Wi-Fi access points and other sensors.

b) Services Data through your usage of the Platform

When you use the Services through the Platform we and your University may also record details of your usage such as but not limited to your click history, your connections history and usage, your chat or video history, to enable efficient delivery of the Services through our Platform and to monitor for any breaches of the Related Terms or your institution's policies or codes of conduct.

We may record your chat or video conversations in order to help us or your University monitor for risky or harmful behaviour and to enable your University or us to provide assistance.

c) Log Data

To make our Services more useful to you, our servers (which may be hosted by a third-party service provider) gather some information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exit websites and applications, operating system, date/time stamp, and clickstream data.

We use this information to understand and analyse trends, to administer the Services, to learn about user behaviour regarding the Services, to improve our product and services, and to gather demographic information about our user base as a whole. Vygo may use this information in our marketing and advertising services.

In some of our email messages, we use a “click-through URL” linked to content on our Services. When customers click one of these URLs, they pass through a separate web server before arriving at the destination page on our website. We track this click-through data to help us determine interest in particular topics and measure the effectiveness of our customer communications. If you prefer not to be tracked in this way, you should not click text or graphic links in the email messages.

d) Analytics

We use third party analytics tools to collect information anonymously and report Platform trends without identifying individual visitors. These tools collect information sent by your device or our Services, including the web pages you visit, add-ons, and other information that assists us in improving the Services.

5.3 Information we collect from others

a) Data and content other people upload

We will only collect information about you directly from you, except where as set out below or if it is unreasonable or impracticable to do so. 

We may also collect information and communications that other people, including your University provide when they use our Services. This can include information about you such as name, email address, details about your study, when others send messages, documents and information to you. We may also collect your information if you are invited to participate in our Services this may include information such as your name, phone number, email address, contact preferences and is used for the purpose of enabling us to provide our Services to you.

6. How we use your Personal Data

6.1 Use of personal information

We will only use or disclose your personal information for the purposes for which we advised you we were collecting it as noted in this Privacy Policy and including to: 

  1. maintain your Account and contact details;
  2. remember information so you don’t have to re-enter it during your visit or the next time you visit the Platform or use the Service;
  3. provide personalised content and information to you and others;
  4. send marketing communication to you;
  5. conduct our business, generate content and provide customer support (including updates and improvements);
  6. administer contracts including to negotiate, execute and/or manage a contract with you and your institution (if applicable); 
  7. communicate with you;
  8. provide you with access to protected areas of the Platform or other Services;
  9. conduct surveys to determine use and satisfaction;
  10. detect, investigate and prevent potentially unlawful acts or omissions or acts or omissions with the potential to breach our Related Terms, this Privacy Policy or any other policy;
  11. enforce our Related Terms, this Privacy Policy or any other policy;
  12. verify information for accuracy or completeness;
  13. comply with our legal and contractual obligations;
  14. monitor metrics;
  15. combine or aggregate your personal information with information we collect from third parties and use it for the purposes set out in this Privacy Policy;
  16. protect a person’s rights, property or safety;
  17. resolve disputes and to identify, test and resolve problems;
  18. improve our Platform and Services; and
  19. any other purpose made known in this Privacy Policy or other policy.

We agree to not use or disclose this personal information for a secondary purpose unless you consent to us doing so, or another exception applies under applicable laws. 

For the purposes of the law, some information we or your University hold about you may be considered 'sensitive' (such as but not limited to your chat data) and therefore subject to greater protection. If we hold sensitive information about you, we will only disclose or use that information with your consent or if another exception applies under applicable laws. Your University is solely responsible for any information it has accessed about you.

We will also use or disclose your personal information or sensitive information if we are required to do so by law or a court / tribunal order, or if we reasonably believe that the use or disclosure of the information is reasonably necessary for an enforcement related activity or on behalf of an enforcement body, in which case we will make a written note of the use or disclosure or another exception applies under relevant laws.

6.2 Creation of anonymous data

We also collect data in a form that does not, on its own, permit direct association with any specific individual. We may collect, use, transfer, and disclose non-personal information for any purpose. 

We may collect information regarding customer activities on our Services including the Platform. This information is aggregated and used to help us provide more useful information to our customers and to understand which parts of our Platform, products, and Services are of most interest. Aggregated data is considered non-personal information for the purposes of this Privacy Policy.

7. Disclosure of your Personal Data

We may disclose your Personal Data to third parties for the purposes contained in this Privacy Policy, including without limitation to:

7.1 Universities and other institution partners

We may share some or all of your Personal Data with your University or your institution subject to obligations consistent with this Privacy Policy and any other appropriate confidentiality and security measures.

Vygo always has access to all data (including Personal Data) that arises from the usage of the Services and the Platform.

If we have a direct relationship with your University, your University shall also have access to all your data.

If there is a situation where you have opted into a direct relationship with Vygo, Vygo can contact you directly for marketing or any other purpose contemplated under this Privacy Policy.

7.2 IT Service Management

We use third-party analytics services to help understand your usage of our Services. In particular, we provide a limited amount of your information (such as sign-up date and some personal information like your email address) to an IT service management provider (ITSM Provider) and utilize the ITSM Provider to collect data for analytics purposes when you use the Platform. 

As a data processor acting on our behalf, the ITSM Provider analyses your use of the Platform and tracks our relationship by way of cookies and similar technologies so that we can improve our service to you. 

We may also use the ITSM Provider as a medium for communications, either through email, or through messages within the Platform. To enhance your user experience, the ITSM Provider may also collect publicly available contact and social information related to you, such as your email address, gender, company, job title, photos, website URLs, social network handles and physical addresses. 

You may request a copy of the ITSM Service Provider’s privacy policy from us. If you would like to opt out of having this information collected by or submitted to the ITSM Provider, please contact us.

7.3 Service Providers

We may share your Personal Data with service providers to: 

  1. provide you with the Services that we offer you, including the Platform;
  2. conduct quality assurance testing; 
  3. facilitate creation of accounts;
  4. provide technical support; and/or
  5. provide other services to Vygo.

The service providers (and if necessary, data processors) could include: 

  1. information technology service providers such as web host providers and analytical providers;
  2. mailing houses;
  3. market research organisations to enable them to measure the effectiveness of our advertising and business impact; and
  4. specialist consultants.

These third party service providers are obligated not to use your Personal Data, other than to provide the services requested by Vygo.

7.4 Affiliates and Acquisitions 

We may share some or all of your Personal Data with our parent company, subsidiaries, joint ventures, or other companies under a common control (Affiliates), in which case we will require our Affiliates to honour this Privacy Policy. If we are involved in a merger, acquisition or sale of assets we may disclose Personal Data collected by us to such entities that we propose to merge with or be acquired by and will assume the rights and obligations regarding your Personal Data as described in this Privacy Policy. This includes the disclosure of information to our clients where we act as a data processor.

7.5 Third parties including those you choose to share your data with

We may disclose your Personal Data to third parties to whom you expressly ask to us to send your Personal Data or to third parties to whom you choose to send your Personal Data. 

We may also, with your consent or at your direction, disclose your Personal Data to your authorised representatives.

7.6 Other disclosures 

Regardless of any choices you make regarding your Personal Data (as described below), Vygo may disclose Personal Data if it believes in good faith that such disclosure is necessary:

  1. in connection with any legal investigation;
  2. to comply with relevant laws, regulations, enforceable governmental requests or to respond to subpoenas or warrants served on Vygo;
  3. to protect or defend the rights or property of Vygo or users of the Services; 
  4. to investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy, or our Related Terms; 
  5. to protect the safety of any person or to protect the safety or integrity of our platform including for security reasons; and/or
  6. to detect, prevent or otherwise address fraud, security or technical issues.

We may share your Personal Data with such third parties subject to obligations consistent with this Privacy Policy and any other appropriate confidentiality and security measures, and on the condition that the third parties use your Personal Data only on our behalf and pursuant to our instructions.

We will take reasonable steps to ensure that anyone to whom we disclose your personal information respects the confidentiality of the information and abides by the Privacy Act, the GDPR, the DPA and the CCPA or equivalent privacy laws.

We will not share, sell, rent or disclose your Personal Data in ways different from what is disclosed in this Privacy Policy.

Where we act as a data processor the client may also provide us with instructions with regards to disclosure.

8. If we can't collect your data

If you do not provide us with your Personal Data described above, some or all of the following may happen:

  1. we may not be able to provide the requested products or services to you, either to the same standard or at all;
  2. we may not be able to run competitions and promotions in a way that benefits you;
  3. we may not be able to provide you with information about products and services that you may want; or
  4. we may be unable to tailor the content of our Services to your preferences and your experience of our Services may not be as enjoyable or useful.

9. Cookies Policy

9.1 What are cookies? 

A cookie is a small piece of text sent to your browser by a website that you visit. It helps the website to remember information about your visit, like your preferred language and other settings. That can make your next visit easier and the site more useful to you. Cookies play an important role. Without them, using the web would be a much more frustrating experience.

9.2 Use of cookies

Vygo’s Services including websites, online services, interactive applications, email messages, and advertisements may use cookies and other technologies such as pixel tags and web beacons. These technologies help us better understand user behaviour, tell us which parts of our applications people have visited, and facilitate and measure the effectiveness of advertisements and web searches. 

We treat information collected by cookies and other technologies as non-personal information. However, to the extent that Internet Protocol addresses or similar identifiers are considered personal information by local law, we also treat these identifiers as personal information. Similarly, to the extent that non-personal information is combined with personal information, we treat the combined information as personal information for the purposes of this Privacy Policy.

Vygo and our partners also use cookies and other technologies to remember personal information when you use our Services. Our goal in these cases is to make your experience with Vygo more convenient and personal. For example, knowing your first name lets us welcome you the next time you visit the Platform. Knowing someone using your computer or device has shopped for a certain product or used a particular service helps us make our advertising and email communications more relevant to your interests. Knowing your contact information, hardware identifiers, and information about your computer or device helps us personalize your operating system and provide you with better customer service.

Pixel tags enable us to send email messages in a format customers can read, and they tell us whether mail has been opened. We may use this information to reduce or eliminate messages sent to customers.

Many of these cookies are removed or cleared when you log out but some may remain so that your preferences are remembered for future sessions.

9.3 Third Party Cookies

We Do Not Sell Personal Information.

We do not sell your Personal Data, consistent with Section 1798.140 of the CCPA or applicable regional privacy legislation.

Where we disclose your Personal Data to third parties, including data processors, we will request that the third party handle your personal information in accordance with this Privacy Policy. The third party will only process your personal information in accordance with written instructions from us and we require that the third party either complies with the privacy shield principles set out in the GDPR or another mechanism set out by applicable data protection laws for the transfer and processing of personal information. 

When we refer to ‘processing’ in this clause and this Privacy Policy in general, we mean any operation or set of operations which is performed on Personal Data, whether or not by automated means, such as collecting, recording, organising, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available personal information.

Please note that we use the following third parties to process your Personal Data:

  1. Google Cloud Services;
  2. Algolia;
  3. Twilio; and
  4. Cronofy.

By providing us with your Personal Data, you consent to the disclosure of your Personal Data to third parties who reside outside your region and, if you are a United Kingdom (UK), European Union (EU) citizen, to third parties that reside outside the UK and EU. 

Where the disclosure of your Personal Data is solely subject to Australian privacy laws (and not subject to the GDPR), you acknowledge that we are not required to ensure that those third parties comply with Australian privacy laws.

9.4 How to manage cookies

Some people prefer not to allow cookies, which is why most browsers give you the ability to manage cookies to suit you. If you want to disable cookies and you’re using the Safari web browser, go to Safari preferences and then to the privacy pane to manage your preferences. For other browsers, check with your provider to find out how to disable cookies. Please note that certain features of the Services will not be available once cookies are disabled.

10. Third party websites

When you click on a link to any other website or location, you will leave our website and go to another site and another entity may collect Personal Data or Anonymous Data from you. We have no control over, do not review, and cannot be responsible for, these outside websites or their content. Please be aware that the terms of this Privacy Policy do not apply to these outside websites or content, or to any collection of data after you click on links to such outside websites.

11. Managing your Personal Data

Subject to the applicable privacy regulations, you may request to access the Personal Data we hold about you by contacting us. All requests for access will be processed within a reasonable time.

11.1 Accessing or rectifying your Personal Data

We may, if required, provide you with tools and account settings to access, correct, delete, or modify the Personal Data you provided to us. You can find out more about how to do this by contacting us. If you are unable to access your Account to access or rectify your Personal Data, you may submit a request to us to correct, delete or modify your Personal Data and/or download the data for you.

In most cases, you may have access to Personal Data that we hold about you. We will handle requests for access to your Personal Data in accordance with the Australian Privacy Principles. All requests for access to your Personal Data must be directed to the Privacy Officer as outlined further below.

We will deal with all requests for access to your Personal Data as quickly as possible. Requests for a large amount of information, or information that is not currently in use, may require further time before a response can be given. 

On receiving an access request, we will provide the necessary Personal Data in a portable and easily accessible format, normally within 45 days of the request.

If you are a California resident, you may request that we:

Disclose to you the following information for the 12 months preceding your request:

  1. the categories of Personal Data we collected about you and the categories of sources from which we collected such Personal Data;
  2. the specific pieces of Personal Data we collected about you;
  3. the business or commercial purpose for collecting Personal Data about you;
  4. the categories of Personal Data about you that we otherwise shared or disclosed, and the categories of third parties with whom we shared or to whom we disclosed such Personal Data (if applicable).

11.2 Deletion

We keep Personal Data for as long as it is needed for our operations. If you deactivate and delete your Account, your data will no longer be visible on your Account. Vygo deletes user and customer data upon request or upon termination of our customer contract. Please keep in mind that third parties, including your institution, may still retain copies of information you have made public through our Services or which we have shared with them in accordance with this Privacy Policy.

If you wish to have us delete your Personal Data, please contact us. 

11.3 Object, restrict or withdraw consent

If you have an Account on the Services, including the Platform, you will be able to view and manage your privacy settings. Alternatively, if you do not have an Account, you may manually submit a request to us if you object to any Personal Data being stored, or if you wish to restrict or withdraw any consent given for the collection of your Personal Data.

You may withdraw your consent to the processing of all your Personal Data at any time. If you wish to exercise this right, you may do so by contacting us.

You may withdraw your consent or manage your opt-ins by either viewing your account on the Services or clicking the unsubscribe link at the bottom of any marketing materials we send you.

11.4 Portability

We may, if required and possible, provide you with the means to download the Personal Data you have shared through our Services. Please contact us for further information on how this can be arranged.

11.5 Refusal to provide access to your information

In some cases, we may refuse to give you access to your Personal Data that we hold. This may include circumstances where giving you access would:

  1. be unlawful (e.g. where a record that contains Personal Data about you is subject to a claim for legal professional privilege by one of our contractual counterparties);
  2. have an unreasonable impact on another person’s privacy; or 
  3. prejudice an investigation of unlawful activity.

11.6 Correcting your personal information 

If you consider the Personal Data that we hold about you to be incorrect, incomplete, out of date or misleading, you can request that the Personal Data be amended. 

We will amend any of your Personal Data that is held by us and that is inaccurate, incomplete or out of date if you request us to do so. If we disagree with your view about the accuracy or completeness of a record of your Personal Data that is held by us, and you ask us to associate with that record a statement that you have a contrary view, we will take reasonable steps to do so.

Where a record is found to be inaccurate, a correction will be made. Where a request is made for a record be amended because it is inaccurate, but the record is found to be accurate, the details of the request for amendment will be noted on the record. 

In certain instances, we may not be required or able to provide you with access to your Personal Data.  If this occurs, we will give you reasons for our decision not to provide you with such access to your Personal Data in accordance with the Privacy Act, the CCPA, the DPA and the GDPR.

There is no application fee for making a request to access your Personal Data.  However, we may charge an administrative fee for the provision of information in certain circumstances such as if you make repeated requests for Personal Data or where the information is held by a third party provider.

Where we act as a data processor, we do so on behalf of our client and in accordance with their instructions. This means that should you wish to access, review, correct, transfer, modify or delete any Personal Data which we process on behalf of a client you should contact that client with your request.

12. Direct marketing materials

We may send you direct marketing communications and information about our products and services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. In addition, at any time you may opt-out of receiving marketing communications from us by contacting us (see the details below) or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list. 

13. Storage and Security of Your Personal Data

Vygo stores Personal Data in Google Cloud Services, see here how your information is stored and secured.

Vygo takes the security of your Personal Data very seriously. We will take all steps reasonable under the circumstances to protect your personal information from misuse, interference, loss; and unauthorised access, modification or disclosure. We will process Personal Data securely and apply and maintain appropriate technical and organisational measures to protect Personal Data. 

In furtherance of this goal Vygo is committed to high standards of privacy and as such is committed to ensuring our practices comply with SOC 2 standards. Please see here for the full list of our policies relating to data security and privacy.

The transmission and exchange of Personal Data is carried out at your own risk. We cannot guarantee the security of any Personal Data that you transmit to us or receive from us. Although we take measures to safeguard against unauthorised disclosures of Personal Data, we cannot assure you that Personal Data that we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.

14. International Transfer and Disclosure of Personal Data

We ensure that all our suppliers are required to adhere to the Australian Privacy Principles in the Privacy Act. 

Where we transfer Personal Data from within to outside of the United Kingdom, European Union or EFTA States, we ensure an adequate level of protection for the rights of data subjects based on the adequacy of the receiving country’s data protection laws.

We may disclose Personal Data to our related bodies corporate and third party suppliers and service providers located overseas for some of the purposes listed above. We take reasonable steps to ensure that the overseas recipients of your Personal data do not breach the privacy obligations relating to your Personal Data.

We may disclose your Personal Information to entities located outside of your region, including the following:

  1. our related bodies corporate;
  2. our data hosting and other IT service providers, located in various countries; and
  3. other third parties located in various foreign countries.

We may disclose your Personal Data to entities within your region who may store or process your data overseas.

15. Notifiable Data Breaches

We take data breaches very seriously. Depending on where you reside our policy is:

15.1 If you reside in Australia

If there is a data breach and we are required to comply with the notification of eligible data breaches provisions in Part IIIC of the Privacy Act or any other subsequent sections or legislation which supersede this Part IIIC, we will take all reasonable steps to contain the suspected or known breach where possible and follow the following process set out in this clause. 

We will take immediate steps to limit any further access or distribution where possible. If we have reasonable grounds to suspect that the data breach is likely to result in serious harm to any individuals involved, then we will take all reasonable steps to ensure an assessment is completed within 30 days of the breach or sooner if possible. We will follow the guide published by the Office of the Australian Information Commissioner (if any) in making this assessment. 

If we reasonably determine that the data breach is not likely to result in serious harm to any individuals involved or that any remedial action we take is successful in making serious harm no longer likely, then no notification or statement will be made. 

Where, following an assessment and undertaking remedial action (if any), we still have reasonable grounds to believe serious harm is likely, as soon as practicable, we will provide a statement to each of the individuals whose Personal Data was breached or who are at risk. The statement will contain details of the breach and recommendations of the steps each individual should take. We will also provide a copy of the statement to the Office of the Australian Information Commissioner.

15.2 If you reside in the United Kingdom, European Union or EFTA States: 

We will endeavour to meet the 72-hour deadline as imposed by the GDPR, to report any data breach to the supervisory authority where a data breach occurs that will likely be a risk to you.

Further, where there is likely to be a high risk to your rights, we will endeavour to contact you without undue delay. 

We will review every incident and take action to prevent future breaches.

16. Automated individual decision-making, including profiling

If you reside in the United Kingdom, European Union or EFTA States, you shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you, as long as the decision is not necessary for entering into, or the performance of, a contract between us, or is not authorized by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or is not based on your explicit consent. If you wish to exercise your rights, please contact us.

17. Integrity and Retention of Data

We take all reasonable steps to ensure that the Personal Data we collect about you is accurate, up to date and complete. Where we collect that information from you directly, we rely on you to supply accurate information. Vygo makes it easy for you to keep your Personal Data accurate, complete, and up to date. Where we use or disclose your Personal Data, we will also ensure that your Personal Data is relevant. We will retain your Personal Data for the period necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.

We may retain your information for fraud prevention or similar purposes. 

18. Contact Information

Vygo welcomes your comments or questions regarding this Privacy Policy. 

If you have a question regarding this Privacy Policy or you would like to make a complaint, please contact us by email by using our contact details on the Services or below.

18.1 If you reside in Australia

You can confidentially contact our Privacy Officer at:

Privacy Officer: Steven Hastie 

Entity: Vygo Pty Ltd CAN 609 658 531

Telephone: (+617) 3250 6800


Office Address: 'Central Plaza One' Level 38, 345 Queen Street, Brisbane QLD, Australia, 4000

Postal Address: 21 Settlement Court, Tallai, QLD, 4213


If we do not resolve your enquiry, concern or complaint to your satisfaction or you require further information in relation to any privacy matters, please contact the Office of the Australian Information Commission at:

Telephone: 1300 363 992


Office Address: Level 3, 175 Pitt Street, Sydney NSW 2000

Postal Address: GPO Box 5218, Sydney NSW 2001


18.2 If you reside in the United Kingdom, European Union or EFTA States: 

The data controller that is responsible for your Personal Data is:

Vygo Pty Ltd ACN 609 658 531

'Central Plaza One' Level 38 345 Queen Street Brisbane, QLD, Australia, 4000

If you wish to raise a concern about our use of your Personal Data you have the right to do so with your local supervisory authority. 

19. Children

We do not knowingly or specifically collect personal data from individuals under the age of 18 and no one under the age of 18 is authorized to submit any information, including Personal Data to us, via our Platform or otherwise. 

If we determine that such information has been inadvertently collected on anyone under the age of 18, we will take the necessary steps to ensure that such information is deleted from our systems. Unless these individuals are End Users via one of our University partners, in which case their Universities (not Vygo) are solely responsible for any Children’s Online Privacy Protection Act requirements and obligations.

20. Changes to this Privacy Policy

This Privacy Policy is subject to periodic review and Vygo reserves the right, at its sole discretion, to modify or replace any part of this Privacy Policy. Any changes will be in accordance with any applicable requirements under the Privacy Act and the Australian Privacy Principles. You can tell when the Privacy Policy was last updated by checking the date at the top of the Privacy Policy and we encourage you to check our Privacy Policy from time to time to ensure that you are aware of any changes.

If we make any material changes to our Privacy Policy, we will notify you by adding a notification to our homepage on the Platform and in some cases we may provide additional notice through an email notification to the email address you have provided to us.  Any changes will become effective on the date of posting on the Platform and the amended Privacy Policy will apply with respect to information we collect from that date, but will not be changed with respect to information that we have at that time already collected.  Your use of the Platform or Services or your providing consent to the updated Privacy Policy following such changes constitutes your acceptance of the updated Privacy Policy.