Data privacy, security & cloud services
UVic is bound by the Freedom of Information and Protection of Privacy Act (FOIPPA), a law that governs how public bodies in BC collect, use, disclose and protect personal information. Protection of Privacy Policy (GV0235) (pdf, 835 KB) formally describes the policies and procedures UVic uses to meet its obligations.
Cloud-based web apps and platforms have become the kind of software people use the most, both in higher education and other sectors. UVic shares information with cloud software providers within the bounds of BC's . Usually, this is done to:
- verify that students and employees are entitled to use a service that UVic pays for
- allow students and employees to sign in using their UVic credentials
This page provides plain-language information about how we apply UVic's privacy policy to cloud software.
Audit logs
We're required to maintain audit logs of system access to ensure security and accountability within UVic systems and services.
Audit logs typically include your:
- NetLink ID
- name
- date and time of access
- device's IP address
This includes anything you sign into with your NetLink ID, like online services, Wi-Fi and computer labs.
We use audit log information for:
- systems administration purposes
- abuse prevention
- governmental requests and applicable laws
- other related purposes described in UVic's privacy policy
User information may be shared with third-party vendors to the extent necessary to provide and improve web services or other communications to users. However, UVic does not give permission to any third parties who receive user information for this purpose to use or share user information for any purpose other than providing services for the benefit of our users.
General cloud services
To protect the privacy of UVic students and employees while using cloud software:
- We work with the Privacy and Access to Information Office to conduct a privacy impact assessment (PIA) for every new initiative that uses cloud software.
- We do not provide cloud software providers with unnecessary personal information. We choose to opt out of data collection whenever possible.
- We will tell you what information we're sharing with a cloud service provider. This may be:
- in an information release consent agreement that we present when you first sign up for a service
- in a terms of use document on UVic Online Services
- provided upon request
If you want to request information about how your personal information is used, contact the Privacy and Access to Information Office.
We usually provide cloud service providers with your:
- NetLink ID
- first or preferred name
- last name
- UVic or preferred email address
This information is used to let you sign in to third-party services using your UVic account.
In some cases, we also provide:
- your V Number
- your affiliations to UVic (for example, whether you're an undergrad or grad student, an employee or a faculty member)
- other roles or groups your account is assigned to
- the courses you're currently enrolled in
- contact information listed in the employee directory
We only disclose as much information as the service provider requires to run the service.
As part of UVic's procurement process for software and cloud services, we work with the Privacy Office, project team staff and technical staff to conduct privacy impact assessments (PIAs) and information security reviews.
Every cloud software supplier we work with completes a thorough technical review. This includes assessing security standards, privacy controls, identifying remaining risks, and planning to manage and mitigate those risks.
Specific apps
We've included links to the privacy policies of some of the most-used services below. Contact the Privacy and Access to Information Office for more details or information about apps and services not listed here.
Personal information
UVic provides this personal information about users to Cisco:
- name
- NetLink ID
- UVic email address
If you use the Duo Mobile app, it will also collect:
- information about the devices you use Duo Mobile on
- pseudonymized usage and crash report data, unless you opt out of this data collection
Read and for details.
Who can access your data?
- UVic system administrators
- Duo Security service administrators, who are located worldwide
Personal information
UVic provides this personal information about users to Microsoft:
- NetLink ID
- first and last name
- department affiliation
- email address
- group membership
- course enrolments
- UVic telephone number
- information about devices using UVic Microsoft services
Privacy policy
Because of the scope of Microsoft 365 and all the products that are integrated with it, Microsoft doesn't have a single privacy policy that covers everything. The is a hub for data privacy and security information.
Data processing and storage
UVic data in Microsoft is stored in Canada where possible. Some Microsoft services store or process data outside of Canada.
You can refer to where your Microsoft 365 customer data is stored. In many cases, Microsoft's documentation will refer you to contact your "tenant administrator" to find the actual data location, which is specific to UVic's tenant.
Who can access your data?
- UVic system administrators
- Microsoft admins and subcontractors
If you have questions about data privacy specific to UVic's tenant, contact the Privacy and Access to Information Office.
Personal information
UVic provides this personal information about Brightspace users to D2L:
- NetLink ID
- preferred name
- email address
- course enrolment
Privacy policy
Data processing and storage
Brightspace data is hosted and processed in Canada.
Who can access your data?
- UVic system administrators
- support staff in LTSI
- D2L admins
Personal information
UVic provides this personal information about users to SurveyMonkey:
- NetLink ID
- first and last name
- preferred email address
Read for details.
Data processing and storage
Survey questions and responses are stored in Canada.
Who can access your data?
Your SurveyMonkey data is accessible to:
- UVic system administrator
- SurveyMonkey admins and customer service staff
- SurveyMonkey staff only access customer information when asked to provide support
- Service requests may be fulfilled by employees outside of Canada, unless you choose to limit support to employees located in Canada
Personal information
UVic provides this personal information about users to Adobe:
- name
- NetLink ID
- UVic email address
Adobe also collects:
- information about the devices you use Adobe software on
- anything you save to Adobe cloud storage
Read for details.
Data processing and storage
Adobe processes and stores data in data centres outside of Canada. This includes anything you save to Adobe cloud storage and process using AI tools.
Who can access your data?
Your Adobe account information is accessible to:
- UVic system administrators
- authorized Adobe employees and contractors
Personal information
UVic provides this personal information about users to Zoom:
- name
- UVic email address
- roles at UVic (for example, whether you're a student or employee)
Zoom also collects:
- information about the devices you use Zoom on
- any other personal information you enter in your Zoom settings or profile
Read for details.
Data processing and storage
Zoom processes and stores data in data centres outside of Canada. This includes sound, video and transcripts recorded using cloud recording. Local recordings are saved to your computer, not Zoom’s data centres in the U.S.
Who can access your data?
Your Zoom account information is accessible to:
- UVic system administrators
- Zoom’s customer service staff
- Zoom staff only access customer information when they're asked to provide customer support
Shared responsibility
Everyone in the UVic community shares responsibility for protecting the privacy of others. When using cloud computing services:
- Protect your UVic account's security.
- Don't share your passphrase with anyone.
- Report phishing and scams targeting the UVic community.
- Report any data breaches and security incidents that you find out about.
As a student:
- Read your course syllabuses and materials provided by your instructor. Any online platforms used in your courses should be outlined in the course syllabus. If you have any privacy concerns about an online platform, you can discuss it with your instructor.
As an instructor:
- Any online platforms or cloud services required for your course must be approved for use. This can include a privacy impact assessment and security consultation.
- If your course requires engagement with online platforms like GenAI or large language models (LLMs), you must include .
As an employee:
- If you're not sure whether the information you're working with is confidential or how you can keep it safe, ask your supervisor.
- The administrative authority you report to (dean, director, etc) is responsible for giving you clear guidance and resources to help you do your work safely.
As a project manager or someone starting a new initiative:
- Consult with the InfoSec team early on in your project.
- You can get a project consultation to help you navigate UVic processes like privacy impact assessments and technical approval. Consultations are most effective when they're done early.
As a researcher:
- Consult with the Research Computing team early on in your project to ensure you're gathering and storing research data safely.
- UVic Libraries offers research data services and consultations with data specialists.
- Protect your research subjects' privacy and sensitive data. Consult with the Office of Research Services.
Learn more about the acceptable use of UVic's IT services.
Related policies & resources
- Personal information & confidentiality information for UVic students
- Access to information requests through UVic's Privacy and Access Office
- UVic Policy GV0235 Protection of Privacy
Get help now
If you have any questions or concerns about how your personal information is handled, please contact the UVic Privacy Office.