You may wish to know what is the nature of data collected by Verdiem from its customers and for what purpose it is collected.
If a customer raises a support ticket with Verdiem for technical assistance, it is possible that support agents ask customers to share client logs and server logs based on the issue being investigated. The client logs and server logs are files generated under the Surveyor installation and application data folders such as:
- C:\Program Files\Verdiem\
- Windows XP agents: C:\Documents and Settings\<user>\local Settings\Application Data\Verdiem\Surveyor\Logs
- Windows Vista, 7, or 8 agents and above: C:\Users\<user>\AppData\Local\Verdiem\Surveyor\Logs
- MacOS agents: ~\library\logs\verdiem
- IIS webserver: C:\inetpubs\logs\logfiles
These logs collected can only be generated by the Verdiem application with its services and are retrieved from the folder paths above. These logs only capture Verdiem-related events which can be used for reporting and analytics and these are summarized data. They are saved in the Verdiem database and one example of this is the User and System activity report.
In summary, the client logs only collect information about how the users running Verdiem are setting up power policies, how events are being triggered, what the application settings are, what kind of errors are encountered, and about actions carried out within the Verdiem application itself.
The only other data collection that occurs are IIS logs which are from the IIS webserver which runs the Verdiem application. None of this data contains any personal information about any of the users accessing or logging into the server to use the Verdiem applications.
It is possible that a customer has asked to sign a Data and Privacy agreement with Avolin. One example of such an agreement was raised by Warwick University. Some of the relevant clauses from the agreement are:
- the exclusive purposes for which the student data will be used;
- how Vendor will ensure that subcontractors, persons or entities that Vendor will share the student data with, if any, will abide by data protection and security requirements;
that student data will be returned or destroyed upon expiration of the Agreement;
if and how a parent, student, or eligible student may challenge the accuracy of the student data that is collected; and
where the student data will be stored (described in such a manner as to protect data security), and the security protections were taken to ensure such data will be protected, including whether such data will be encrypted.