Your privacy is critically important to us. At AUMSA, we have a few fundamental principles:
- We are thoughtful about the personal information we ask you to provide and the personal information that we collect about you through the operation of our services.
- We store personal information for only as long as we have a reason to keep it.
- We share your billing/payment information only with selected partners.
- We aim for full transparency on how we gather, use, and share your personal information.
- You’re free to cancel your account and delete all your data at any moment.
Who We Are and What This Policy Covers
The Auckland Medical Students Association is dedicated to ensuring our members stay safe on the internet. For our ball this year, we will be using the the open source ticket reservation system, Alf.io, the open source ticket reservation system. This allows us to have our own private ticket selling system — to save you money!! (TicketMaster charges an excessive overhead).
- Our website (aumsa.org.nz);
- Other products and services that are available on or through our websites. e.g. ball.aumsa.org.nz
Below we explain how we collect, use, and share information about you, along with the choices that you have with respect to that information.
Information We Collect
We only collect information about you if we have a reason to do so –for example, to provide our Services, to communicate with you, or to make our Services better.
We collect information in three ways: if and when you provide information to us, automatically through operating our services, and from outside sources. Let’s go over the information that we collect.
Information You Provide to Us
It’s probably no surprise that we collect information that you provide to us. The amount and type of information depends on the context and how we use the information. Here are some examples:
- Basic Account Information: We ask for basic information from you in order to set up your account. For example, we require individuals who sign up for a AUMSA account to provide First, Last Name, a username and email address –and that’s it. You may provide us with more information but we don’t require that information to create your account.
- Transaction and Billing Information: If you buy something from us –a subscription to one of our plans, for example– you will provide additional personal and payment information that is required to process the transaction and your payment, such as your billing and credit card information, and contact information.
- Content Information: If you subscribe to the “Managed” plan, you may also provide us with information about you in the draft and published content of your Alf.io instance. For example, the date and location of all your events, and the data of all attendees. Please note that your data won’t be analyzed nor shared with anyone, and we won’t access it, unless you ask us to do so.
- Credentials: Depending on the Services you use, you may provide us with credentials for your existing infrastructure (like AWS ID/secret for example). For example, customers of our “Private” plan may provide us with these credentials in order to use our one-click installation feature, or to allow us to update their installation.
- Communications with Us (Hi There!): You may also provide us information when you respond to surveys, communicate with our System Engineers about a support question, or post a question/bug about your instance on GitHub.
Information We Collect Automatically
We also collect some information automatically:
- Log Information:Like most online service providers, we collect information that web browsers, mobile devices, and servers typically make available, such as the browser type, IP address, unique device identifiers, language preference, referring site, the date and time of access, operating system, and mobile network information. We collect log information when you use our Services –for example, when you create or make changes to your Alf.io instance on ball.aumsa.org.
- Usage Information:We collect information about your usage of our Services. For example, we collect information about the actions that instance administrators and users perform on an Alf.io instance hosted on our infrastructure –in other words, who did what, when and to what thing on an instance (e.g., [alf.io username] issued a refund for ticket “[uuid]” at [time/date]). We also collect anonymized information about what happens when you use our Services (e.g., page views, number of events created, etc.) along with information about your device (e.g., desktop or mobile). We use this information to, for example, provide our Services to you, as well as get insights on how people use our Services, so we can make our Services better.
How We Use Information
We use information about you as mentioned above and as follows:
- To provide our Services –for example, to set up and maintain your account, host backup and restore your Managed Alf.io instance, or charge you for any of our Services;
- To further develop our Services –for example by adding new features that we think our users will enjoy or will help them to create and manage their websites more efficiently;
- To monitor and analyze trends and better understand how users interact with our Services, which helps us improve our Services and make them easier to use;
- To monitor and protect the security of our Services, detect and prevent fraudulent transactions and other illegal activities, fight spam, and protect the rights and property of AUMSA and others;
- To communicate with you about offers and promotions offered by AUMSA and others we think will be of interest to you, solicit your feedback, or keep you up to date on AUMSA and our products.
How We Share Information
We do not sell our users’ private personal information.
We share information about you in the limited circumstances spelled out below and with appropriate safeguards on your privacy:
- Third Party Vendors: We may share information about you with third party vendors who need to know information about you in order to provide their services to us. This group includes vendors that help us provide our Services to you (like payment providers that process your credit and debit card information). We require vendors to agree to privacy commitments in order to share information with them.
- As Required by Law: According to the Swiss Code of Obligations, and only upon request of the Swiss Authority, we may disclose information about you in response to a subpoena, court order, or other governmental request.
- Aggregated and De-Identified Information: We may share information that has been aggregated or reasonably de-identified, so that the information could not reasonably be used to identify you. For instance, we may publish aggregate statistics about the use of our Services.
- Published Support Requests: And if you send us a request (for example, via a support email or one of our feedback mechanisms), we reserve the right to publish that request in order to help us clarify or respond to your request or to help us support other users.
Information Shared Publicly
Information that you choose to make public is –you guessed it– disclosed publicly. That means, of course, that information like your events that you make public on your Alf.io instance, are all available to others –and we hope you sell out your tickets soon! Public information may also be indexed by search engines or used by third parties.
While no online service is 100% secure, we work very hard to protect information about you against unauthorized access, use, alteration, or destruction, and take reasonable measures to do so. To enhance the security of your account, we encourage you to enable our advanced security settings, like Two Step Authentication.
You have several choices available when it comes to information about you:
- Opt-Out of Electronic Communications: You may opt out of receiving promotional messages from us. Just follow the instructions in those messages. If you opt out of promotional messages, we may still send you other messages, like those about your account and legal notices.
- Set Your Browser to Reject Cookies:At this time, AUMSA does not respond to “do not track” signals across all of our Services. However, you can usually choose to set your browser to remove or reject browser cookies before using AUMSA websites, with the drawback that certain features of AUMSA websites may not function properly without the aid of cookies.
Other Things You Should Know (Keep Reading!)
AUMSA is a worldwide service. By accessing or using the Services or otherwise providing information to us, you consent to the processing, transfer, and storage of information in and to the New Zealand, and other countries, which may have rights and protections that are different from those in your home country.
Our Users’ Event Pages
- 2018-22-07: first version