Privacy Policy (AU)


Purpose

When you use Cadmus’ products, software or services (“Services”), you provide us with your information. We want you to be clear about how we’re using your information — and the ways in which we protect your privacy. This Privacy Policy is meant to help you understand what data we collect, why we collect it, and what we do with it.

When referring to “us,” “we,” or “our” in this Privacy Policy, we are referring to Vericus Pty Ltd, the owner of the Cadmus products.

What we collect, and why we collect it

We collect various types of information in order to offer our Services. This ranges from basic information such as a user’s name, to more complex things like product usage information. We collect information in the following ways:

1. Information provided to us by your institution

Our Services integrate with various other technologies used by your institution. Your institution provides us with important information that we need to set up and maintain your account to use our Services. This includes the following:

Account and user information: This includes some of your personal information, including your name, university-assigned email address, a unique student ID, and your enrolment status in the subject where Cadmus is being used. We do not receive your university passwords.

In some cases, a university may wish to participate in an evaluation of our Services, by sharing past assessment and subject information with us for comparison purposes. This information is non-personal and anonymised, and may also be requested directly from Subject Coordinators. This information includes the following:

Assessment outcomes information: This includes student enrollment and submission numbers, anonymised grade distributions, academic misconduct case numbers, and Turnitin similarity score distributions.

Subject outcomes information: This includes anonymised subject experience survey information, student enrollment and completion numbers, and anonymised grade distributions.

2. From your direct use of our Services

We collect information about how you use Cadmus. This includes the following:

Cookies: We use secure cookies to remember whether you have signed into Cadmus on your internet browser. We collect and store this information locally on your device using mechanisms such as browser web storage and application data caches. This allows you to access our Services directly, without first needing to log in through your institution’s Learning Management System. We only use cookies for authentication to our Services and do not make them available for third-party services or advertisers.

Device information: We collect information on the devices and Internet addresses (IPs) you use to access our Services. This information is used to help us deliver the Service, keep you secure, and improve our Services.

Your Work: Our Service is designed to enable our “Users” (teachers and students) to create and submit assignments and other assessment documents (“Your Work”). Your Work is regularly saved and stored on the Cadmus cloud servers. This information includes all the written and uploaded contents of Your Work, as well as additional information associated with its creation, such as a timestamp when Your Work is saved or submitted.

Usage information: We collect information on how you interact with our Service outside of Your Work. This includes how you interact with the Cadmus interface, for example, if you click on an assessment resource or access articles in Cadmus Manual. This information is used to help us debug issues, and deliver and improve our Services. In accordance with your institution’s privacy policy, we may also provide teachers, and other institutional staff members access to your information so that they can support you.

Accessing Support: We may collect personal information when you contact Cadmus Support, for example, your name and email address. We use this information to debug issues and improve our Services.

Who we share your information with

We share your information with your institution in accordance with your institution’s privacy policy. There are two ways in which we may share your information:

1. Within Cadmus and your institution

Within Cadmus: Your information is only accessed by those who are required to provide support for the use of our Service. This may include technical staff who are responsible for developing and maintaining the Service, as well as support staff who are responsible for providing Users with help and assistance.

Non-personal information, like past assessment and subject outcomes information, is only accessed by those required to complete evaluations of our Service. This may include staff who are responsible for data analysis and the communication of findings. 

Within your institution: The information we collect and use is shared with your institution as part of the Service. Please read your institution’s privacy policy to learn more.

2. Outside of Cadmus and your institution

For providing our Service: We use third-party partners to help us provide our Service on behalf of your institution. For example, we use Amazon Web Services (AWS) for hosting and storage, Turnitin to provide Users with Similarity Reports and grading tools, Userpilot to deliver in-app onboarding and updates, and HubSpot to help us administer support. These third-party partners may have access to some of your personal information.

For evaluating our Service: We use third-party partners to collect and store non-personal information, like past assessment and subject outcomes information. For example, we collect information using Typeform and store information using Google Drive.

For storage: We use a data hosting service provider (AWS) to store and provide data hosting services in relation to your information. We only disclose information to the extent necessary for us to store and host your data. In compliance with your institution’s privacy policy, your data is stored only in Australia.

For legal reasons: We may share your personal information with third parties outside of Cadmus if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:

  1. meet any applicable law, regulation, legal process or enforceable governmental request;

  2. enforce applicable Terms of Service, including investigation of potential violations;

  3. detect, prevent, or otherwise address fraud, security or technical issues; or

  4. protect against harm to the rights, property or safety of Cadmus, our users or the public as required or permitted by law.

Information security

We work hard to protect the personal information we hold from misuse, interference and loss, as well as unauthorised access, modification and disclosure. In particular:

  1. All Services use SSL encryption for transmitting data.

  2. We use secure signed HTTP cookies to authenticate and identify users. These cannot be shared with a third party or issued outside our Services.

  3. We regularly review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems.

Your personal information will be sent to AWS and will be kept in accordance with AWS’ security policy.

We will only retain your personal information for as long as is required to satisfy the purpose for which it was collected by us or provided by you or as is otherwise required by relevant privacy laws.

Access and correction

If you wish to find out about the personal information we hold about you, or believe that some or all of the personal information we hold about you is out of date, incomplete, incorrect, irrelevant or misleading, you can contact us on the details below.

We reserve the right to refuse to provide you with or correct information that we hold about you as permitted by the Privacy Act 1988 (Cth). However, if we refuse to provide you access to or correct your personal information, we will inform you of the reasons for that refusal.

A small administrative fee may be payable for the expenses associated with the provision of information.

Complaints

If you have any complaints about how we have handled your personal information, please contact support@cadmus.io. We take complaints seriously and will endeavour to respond within a reasonable time of receiving written notice of your complaint.

If you have not received a response of any kind in relation to your complaint within 30 days, you have the right to take the matter directly to the Office of the Australian Information Commissioner.

Compliance and cooperation with regulatory authorities

We regularly review our compliance with our Privacy Policy. We work with the appropriate Australian regulatory authorities, including data protection authorities to resolve any complaints regarding the transfer of personal data that we cannot resolve with our Users directly.

Changes

Our Privacy Policy may change from time to time. We will not reduce your rights under this Privacy Policy without your explicit consent. We will post the most recent version of this Privacy Policy on our website. Please check the website from time to time to review any changes to our Privacy Policy.