College / School Alumni Website Network - Alumnly
College / School Alumni Website Network - AlumnlyCollege / School Alumni Website Network - Alumnly

1. Introduction

1.1 We are committed to safeguarding the privacy of our website visitors, mobile application users, alumni users, business directory users and subscribers, chat group participants, institutional and organisation administrators, individual customers and customer personnel.

1.2 This policy applies where we are acting as a data controller with respect to the personal data of such persons. In other words, where we determine the purposes and means of the processing of that personal data.

1.3 We use cookies on our website. Insofar as those cookies are not strictly necessary for the provision of our website and services, we will ask you to consent to our use of cookies when you first visit our website.

1.4 In this policy, "we", "us" and "our" refer to Alumnly Pty Ltd. For more information about us, see Section 16.

1.5 References in this policy to “users” include alumni, non-alumni users, business directory users and subscribers, chat group participants, institutional and organisation administrators, and other persons who access or use the Alumnly platform or services.

2. The personal data that we collect

2.1 In this Section 2 we have set out the general categories of personal data that we process and, in the case of personal data that we did not obtain directly from you, information about the source and specific categories of that data.

2.2 We may process data enabling us to get in touch with you ("contact data"). The contact data may include your name, email address, telephone number, postal address and/or social media account identifiers. The source of the contact data is you and/or your site Administrator. If you log into our website using a social media account, we will obtain elements of the contact data from the relevant social media account provider.

2.3 We may process your website user account data ("account data"). The account data may include your account identifier, name, email address, business name, account creation and modification dates, website settings and marketing preferences. The primary source of the account data is you and/or your site Administrator, although some elements of the account data may be generated by our website. If you log into our website using a social media account, we will obtain elements of the account data from the relevant social media account provider.

2.4 We may process your information included in your personal profile on our website ("profile data"). The profile data may include your name, address, telephone number, email address, profile pictures, gender, date of birth, relationship status, interests and hobbies, educational details and employment details. The source of the profile data is you and/or your site Administrator. If you log into our website using a social media account, we will obtain elements of the profile data from the relevant social media account provider.

2.5 We may process information contained in or relating to any communication that you send to us or that we send to you ("communication data"). The communication data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms.

2.6 We may process information contained in or relating to a business directory listing, subscription or enquiry submitted through the platform (“business directory data”). Business directory data may include the user’s name, business name, business description, business category, job title or role, email address, telephone number, mobile number, business address, website address, social media links, images, logos, promotional content, subscription status, verification information, payment status and communications relating to the listing. The source of business directory data is you, the relevant institution or organisation administrator, and/or information generated through your use of the platform.

2.7 We may process information contained in or relating to chat groups, messages and other interactive features on the platform (“chat data”). Chat data may include message content, attachments, reactions, group membership, sender and recipient details, timestamps, read or delivery status, moderation records, reports, complaints and metadata associated with communications made through the platform. The source of chat data is you, other users, the relevant institution or organisation administrator, and/or information generated by the platform.

2.8 We may process information relating to subscriptions, plans, payments and transactions made through or in connection with the platform (“transaction data”). Transaction data may include subscription plan details, billing contact details, payment status, transaction identifiers, invoices, receipts, renewal dates and records of payment-related communications. Payment card details are processed by Stripe or another payment processor and are not stored by Alumnly.

2.9 We may process data about your use of our website and services ("usage data"). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system.

2.10 Please do not supply any other person's personal data to us unless we prompt you to do so.

3. Purposes of processing and legal bases

3.1 In this Section 3, we have set out the purposes for which we may process personal data and the legal bases of the processing.

3.2 Operations - We may process your personal data for the purposes of operating our website and providing our services. The legal basis for this processing is our legitimate interests, namely the proper administration of our website, services and business.

3.3 Publications - We may process account data and/or profile data for the purposes of publishing such data on our website and elsewhere through our services in accordance with your express instructions. The legal basis for this processing is our legitimate interests, namely the publication of content in the ordinary course of our operations.

3.4 Business directory listings, promotions, advertisements, user profiles, posts, comments, chat messages and other content submitted through the platform may be published or made available to other users, group members, institutions, organisations, administrators, and/or third parties, depending on the relevant platform settings and the nature of the service used.

3.5 Relationships and communications - We may process contact data, account data and/or communication data for the purposes of managing our relationships, communicating with you (excluding communicating for the purposes of direct marketing) by email, SMS, post, and/or telephone, providing support services and compliance handling. The legal basis for this processing is our legitimate interests, namely communications with our website visitors and service users, the maintenance of relationships, and the proper administration of our website, services and business.

3.6 Business Directory – We may process contact data, account data, profile data, business directory data, transaction data and communication data for the purposes of creating, verifying, publishing, managing, administering, moderating, renewing, cancelling, archiving and removing business directory listings and associated subscriptions. The legal basis for this processing is our legitimate interests, namely the proper operation and administration of the Business Directory and related services, and, where applicable, the performance of our contractual arrangements with users, institutions and organisations.

3.7 Chat Groups and interactive features – We may process account data, profile data, chat data and communication data for the purposes of enabling users to participate in chat groups and other interactive features, sending and receiving messages, administering groups, moderating content, investigating complaints, enforcing our Website Terms and Conditions, and maintaining platform safety and security. The legal basis for this processing is our legitimate interests, namely the proper operation, administration, security and moderation of our platform and services.

3.8 Payments and subscriptions – We may process transaction data, contact data, account data and communication data for the purposes of administering subscriptions, processing payment-related records, issuing invoices or receipts, managing renewals, dealing with payment enquiries, and supporting institutions and organisations in relation to payments made through the platform. The legal basis for this processing is our legitimate interests, namely the proper administration of payment-related services, and, where applicable, the performance of our contractual arrangements with users, institutions and organisations.

3.9 Personalisation - We may process account data and/or usage data for the purposes of personalising the content and advertisements that you see on our website and through our services to ensure that you only see material that is relevant to you. The legal basis for this processing is our legitimate interests, namely offering the best possible experience for our website visitors and service users.

3.10 Direct marketing - We may process contact data, account data and profile data for the purposes of creating, targeting and sending direct marketing communications by email, SMS, and/or post and making contact by telephone for marketing-related purposes. The legal basis for this processing is our legitimate interests, namely promoting our business and communicating marketing messages and offers to our website visitors and service users.

3.11 Research and analysis - We may process usage data for the purposes of researching and analysing the use of our website and services, as well as researching and analysing other interactions with our business. The legal basis for this processing is our legitimate interests, namely monitoring, supporting, improving and securing our website, services and business generally.

3.12 Record keeping - We may process your personal data for the purposes of creating and maintaining our databases, back-up copies of our databases and our business records generally. The legal basis for this processing is our legitimate interests, namely ensuring that we have access to all the information we need to properly and efficiently run our business in accordance with this policy.

3.13 Security - We may process your personal data for the purposes of security and the prevention of fraud and other criminal activity. The legal basis of this processing is our legitimate interests, namely the protection of our website, services and business, and the protection of others.

3.14 Insurance and risk management - We may process your personal data where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks and/or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.

3.15 Legal claims - We may process your personal data where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.

3.16 Legal compliance and vital interests - We may also process your personal data where such processing is necessary for compliance with a legal obligation to which we are subject or in order to protect your vital interests or the vital interests of another natural person.

4. Providing your personal data to others

4.1 Our website includes features that enable users to interact with other websites and platforms (sub-processors) -

  • Amazon Web Services (AWS): Alumnly's platform is hosted on AWS, ensuring reliable and scalable performance.
  • Google Analytics: used to enhance the customer experience by analysing user interactions on our platform.
  • Microsoft Clarity: leveraged for insights into user behaviour, improving customer experience.
  • SendGrid: utilised for sending email newsletters and communications by our registered institutions and organisations.
  • Facebook: alumni can easily register and log in using their Facebook account. Institutions and alumni can also share content directly to Facebook.
  • Google: alumni can register and log in using their Google account.
  • LinkedIn: alumni can register and log in using their LinkedIn account, and content can be shared directly to LinkedIn by institutions and alumni.
  • X (formerly Twitter): allows for seamless content sharing by institutions and alumni on their X accounts.
  • Apple App Store: The Alumnly mobile app is available for download on the Apple store.
  • Google Play Store: The Alumnly mobile app is also available on the Google Play store for easy access.
  • Stripe Payment: used to process payments and subscriptions associated with the platform, including Business Directory subscriptions. Payment processing may occur directly through Stripe and/or the relevant institution’s or organisation’s Stripe account. Alumnly does not store payment card details.

4.2 Where you access or use an Alumnly site, Business Directory, chat group or other service associated with a particular institution or organisation, your personal data and content may be disclosed to, accessible by, or managed by the relevant institution or organisation and its authorised administrators. This may include profile data, business directory data, chat data, communication data, subscription status, moderation records and usage information reasonably required to administer the relevant Alumnly site or service.

4.3 We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice.

4.4 We may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise, or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

4.5 We maintain appropriate safeguards to help protect the confidentiality and security of information transmitted to us. You also have an obligation to protect against unauthorised access of any account, password or your computer. Personal data may be accessed by persons within our organization, or other entities described in this Privacy Policy, or our third-party service providers, who require such access to carry out the purposes described in this Privacy Policy, or as otherwise permitted or required by applicable law.

4.6 No data transmission over the Internet or other network can be guaranteed to be completely secure and no security measures can provide absolute protection. While we strive to protect information transmitted on or through this Website or in the course of delivery of our services, we cannot and do not guarantee the security of any information you transmit on or through this Website or in the course of delivering our services and you do so at your own risk.

5. Retaining and deleting personal data

5.1 This Section 5 sets out our data retention policies and procedures, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.

5.2 Users may delete or edit certain content they have posted on the platform themselves, including comments, photos, business listing content and other user-generated content, where the relevant functionality is available and subject to any administrator controls or platform settings.

5.3 If a user wishes to request deletion of their account profile, or removal of their profile and content from an institution’s Alumnly site, they should first contact the administrator of the relevant institution or organisation.

5.4 If the user is unable to have the request processed by the relevant institution or organisation, or is unable to contact that institution or organisation, the user may contact Alumnly directly through the contact form on the Contact Us page or by using the contact details published there.

5.5 Alumnly may require the user to verify their identity before processing any deletion or removal request.

5.6 Where a request is approved, Alumnly may remove the user’s access and remove or de-identify personal information, profile details and content from the relevant institution’s or organisation’s Alumnly site.

5.7 However, Alumnly may retain certain information where this is reasonably necessary for administrative, legal, security, audit, fraud prevention, dispute resolution, backup, or record-keeping purposes. In particular, Alumnly may retain records necessary to identify the user and their association with the relevant institution or organisation.

5.8 Deleting content from a user profile or removing an account may not remove information that has already been copied, reposted or retained by other users, institutions, organisations or third-party systems.

5.9 Business directory listings, chat group content, messages, posts, comments, subscription records and related administrative records may be retained, archived, moderated, anonymised, de-identified or removed in accordance with our Website Terms and Conditions, applicable institution or organisation settings, administrator decisions, legal requirements and our legitimate business purposes.

5.10 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

5.11 Contact, account, profile, business directory, chat, communication, transaction and usage data will be retained for a minimum period of 6 years following the date of the most recent communication between you and us, and thereafter for such period as we consider reasonably necessary for legal, administrative, security, audit, backup, fraud prevention, dispute resolution or record-keeping purposes.

5.12 Where records are deleted, they may be soft-deleted for up to 30 days and then purged in accordance with our deletion and backup processes. Backups containing deleted records are generally retained for up to 30 days, after which they expire or are overwritten in the ordinary course of our backup retention cycle.

5.13 We retain your personal data even after you have closed your account if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our Website Terms and Conditions, or fulfil your request to unsubscribe from further messages from us. We will retain de-identified information after your account has been closed.

5.14 Information you have shared with others will remain visible after you close your account or delete the information from your own profile, and we do not control data that other Alumni or School Admins have copied out of their Alumnly Site. Content associated with closed accounts will show an unknown user as the source. Your profile may continue to be displayed in the services of others (including in search engine results) until they refresh their cache.

5.15 Notwithstanding the other provisions of this Section 5, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

6. Your rights

6.1 We reserve the right to retain your personal data unless required by law to delete or relinquish this data.

6.2 Your profile data may be retained and remain viewable even following the cancellation of any paid membership to our website.

6.3 Any request for removal of profile data, business directory data, chat group content or other user-generated content associated with an institution or organisation should initially be made to the relevant institution or organisation admin responsible for administering the applicable Alumnly site, Business Directory, chat group or service. If the user is unable to have the request processed by the relevant institution or organisation, or is unable to contact that institution or organisation, the user may contact Alumnly directly through the contact form on the Contact Us page or by using the contact details published there.

6.4 You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. You can access your personal data by visiting your site page when logged into our website.

6.5 You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

6.6 You may exercise any of your rights in relation to your personal data by written notice to us.

7. Third party websites

7.1 Our website includes hyperlinks to, and details of, third party websites.

7.2 In general we have no control over, and are not responsible for, the privacy policies and practices of third parties.

8. Personal data of children

8.1 Unless expressly stated otherwise for a particular service, our website and services are targeted at persons over the age of 16.

8.2 Where a service is made available to students or other persons under 16 through an institution or organisation, the relevant institution or organisation is responsible for ensuring that any required notices, consents or authorisations are obtained, subject to any applicable contractual arrangements with us.

8.3 If we have reason to believe that we hold personal data of a person under the applicable minimum age in our databases, we may delete or de-identify that personal data.

9. Updating information

9.1 Please let us know if the personal information that we hold about you needs to be corrected or updated.

10. Acting on behalf of institutions and organisations

10.1 Some Alumnly sites, Business Directories, chat groups and related services are administered by or on behalf of a particular institution or organisation. In those circumstances, the relevant institution or organisation may determine the purposes for which personal data is collected and used, including who may access the relevant site or service, what content is published, and how user requests are handled.


10.2 Where we process personal data on behalf of an institution or organisation, we do so in accordance with our contractual arrangements with that institution or organisation and applicable law.


10.3 Where a user submits an access, correction, deletion or removal request directly to Alumnly in relation to an institution or organisation site, Business Directory or chat group, we may refer the request to the relevant institution or organisation administrator and/or assist that institution or organisation to respond to the request.


10.4 We may also process personal data as an independent controller for our own business purposes, including account administration, platform security, legal compliance, record keeping, billing support, analytics, service improvement and enforcement of our Website Terms and Conditions.

11. About cookies

11.1 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

11.2 Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

11.3 Cookies may not contain any information that personally identifies a user, but personal data that we store about you may be linked to the information stored in and obtained from cookies.

12. Cookies that we may use

12.1 We may use cookies for the following purposes:

  1. authentication and status - to identify you when you visit our website and as you navigate our website, and to determine if you are logged into the website;
  2. personalisation - to store information about your preferences and to personalise the website for you;
  3. security - as an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect our website and services generally;
  4. advertising - to help us to display advertisements that will be relevant to you;
  5. analysis - to help us to analyse the use and performance of our website and services; and
  6. cookie consent - to store your preferences in relation to the use of cookies more generally.

13. Cookies used by our service providers

13.1 Our service providers use cookies and those cookies may be stored on your computer when you visit our website.

13.2 We use Google Analytics. Google Analytics gathers information about the use of our website by means of cookies. The information gathered is used to create reports about the use of our website. You can find out more about Google's use of information by visiting https://www.google.com/policies/privacy/partners/ and you can review Google's privacy policy at https://policies.google.com/privacy.

13.3 We may use Microsoft Clarity to help us understand how users interact with our website and services through behavioural metrics, heatmaps, session replay and related analytics. Microsoft Clarity may use cookies and similar technologies to collect usage data, including information about how users navigate and interact with our website and services.

14. Managing cookies

14.1 Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version.

14.2 Blocking all cookies may have a negative impact upon the usability of many websites.

14.3 If you block cookies, you may not be able to use all the features on our website.

15. Amendments

15.1 We may update this policy from time to time by publishing a new version on our website.

15.2 You should check this page occasionally to ensure you are happy with any changes to this policy.

15.3 We may notify you of significant changes to this policy by email.

16. Our details

16.1 This website is owned and operated by Alumnly Pty Ltd.

16.2 We are registered as a business in Australia under ABN 24 602 502 983, and our registered office and principal place of business is at 321 Moorabool Street, Geelong, Victoria 3220.

16.3 You can contact us:

  1. by post, to the postal address given above;
  2. using our website contact form; or
  3. by telephone, on the contact number published on our website.