What we collect, and why we collect it
We collect various types of information in order to offer our Services. This ranges from basic information such as a user’s name, to more complex things like product usage information. We collect information in the following ways:
1. Information provided to us by your institution
Our Services integrate with various other technologies used by your institution. Your institution provides us with important information that we need to set up and maintain your account to use our Services. This includes the following:
Account and user information:
This includes some of your personal information, including your name, university assigned email address, a unique student ID, and your enrolment status in the subject where Cadmus is being used. We do not receive your university passwords.
2. From your direct use of our Services
We collect information about how you use Cadmus. This includes the following:
We collect information on the devices and Internet addresses (IPs) you use to access our Services. This information is used to help us deliver the Service, keep you secure, and improve our Services.
Our Service is designed to enable our “Users” (teachers and students) to create and submit assignments and other assessment documents (“Your Work”). Your Work is regularly saved and stored on the Cadmus cloud servers. This information includes all the written and uploaded contents of Your Work, as well as additional information associated with its creation, such as a timestamp when Your Work is saved or submitted.
We may collect personal information when you contact Cadmus Support, for example, your name and email address. We use this information to debug issues and improve our Services.
Who we share your information with
1. Within Cadmus and your institution
Your information is only accessed by those who are required to provide support for the use of our Service. This may include technical staff who are responsible for developing and maintaining the Service, as well as support staff who are responsible for providing Users with help and assistance.
Within your institution:
2. Outside of Cadmus and your institution
For providing our Service:
We use third party partners to help us provide our Service on behalf of your institution. For example, we use Amazon Web Services (AWS) for hosting and storage, Turnitin to provide Users with Similarity Reports and grading tools, and Zendesk to help us administer support. These third party partners may have access to some of your personal information.
For legal reasons:
We may share your personal information with third parties outside of Cadmus if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- meet any applicable law, regulation, legal process or enforceable governmental request;
- enforce applicable Terms of Service, including investigation of potential violations;
- detect, prevent, or otherwise address fraud, security or technical issues; or
- protect against harm to the rights, property or safety of Cadmus, our users or the public as required or permitted by law.
We work hard to protect personal information we hold from misuse, interference and loss, as well as unauthorised access, modification and disclosure. In particular:
- All Services use SSL encryption for transmitting data.
- We use secure signed HTTP cookies to authenticate and identify users. These cannot be shared with a third party or issued outside our Services.
- We regularly review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems.
Your personal information will be sent to AWS and will be kept in accordance with AWS’ security policy.
We will only retain your personal information for as long as is required to satisfy the purpose for which it was collected by us or provided by you or as is otherwise required by relevant privacy laws.
Access and correction
If you wish to find out about the personal information we hold about you, or believe that some or all of the personal information we hold about you is out of date, incomplete, incorrect, irrelevant or misleading, you can contact us on the details below.
We reserve the right to refuse to provide you with or correct information that we hold about you as permitted by the Privacy Act 1988 (Cth). However, if we refuse to provide you access to or correct your personal information we will inform you of the reasons for that refusal.
A small administrative fee may be payable for the expenses associated with the provision of information.
If you have any complaints about how we have handled your personal information, please contact firstname.lastname@example.org. We take complaints seriously and will endeavour to respond within a reasonable time of receiving written notice of your complaint.
If you have not received a response of any kind in relation to your complaint within 30 days, you have the right take the matter directly to the Office of the Australian Information Commissioner.
Compliance and cooperation with regulatory authorities