Last Updated: March 11, 2025
Welcome to DashUCL. This Privacy Policy is designed to help you understand how your personal information is handled when using our Application.
DashUCL is committed to protecting your privacy. This Privacy Policy explains our practices regarding the minimal processing of information necessary for our Application to function, as well as your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
For the purposes of this Privacy Policy:
"Account" means Your UCL account which You use to access our Service.
"Application" means the software program named DashUCL, provided by the Developer and downloaded by You on any electronic device.
"Developer" (referred to as either "the Developer", "We", "Us" or "Our" in this document) refers to Kaibin Zhang, 185 Park Street, London SE1 9FL, UK.
"Country" refers to United Kingdom.
"Device" means any device that can access the Service such as a computer, a cell phone or a digital tablet.
"Personal Data" is any information that relates to an identified or identifiable individual as defined in the UK GDPR.
"Service" refers to the Application.
"UCL" refers to University College London.
"UCL API" refers to an API service developed by a student society formerly affiliated with UCL Student Union, which this Application utilizes to provide information to users.
"Usage Data" refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself.
"Website" refers to auth.support, which provides contact information and displays these Terms and Conditions, but is not the Application itself.
"You" means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
DashUCL is designed as a privacy-first application. We do not collect, store, or process your personal data beyond what is minimally necessary for the Application to function as an interface to the UCL API.
Specifically:
Authentication: You authenticate directly with UCL's systems using UCL's OAuth service. We do not store your UCL credentials or authentication tokens beyond the current session.
Edge Function: Our edge function only assists with UCL API redirection and data parsing. It does not store user data or session information beyond what is necessary to facilitate the current request.
No Usage Tracking: We do not implement any analytics, tracking, or monitoring systems in the Application.
No Cookies: The Application does not use cookies or similar tracking technologies.
When you use DashUCL:
You log in through UCL's OAuth system.
The Application receives a temporary token that allows it to access the UCL API on your behalf.
The Application displays information retrieved from the UCL API.
Although we do not store your data, we are committed to ensuring that any transient data processing is conducted securely. All communication between the Application and the UCL API is encrypted using industry-standard protocols.
To the extent that any minimal processing of personal data may occur, the legal basis for such processing is:
Contractual Necessity: Processing is necessary for the performance of our contract to provide you with the Service.
Legitimate Interests: Processing is necessary for our legitimate interests in providing a functional Application that interacts with the UCL API, while having minimal privacy impact.
Your Consent: By using the Application, you consent to the minimal data processing described in this Privacy Policy.
Under the UK GDPR, you have certain rights in relation to your personal data, including:
Right to Access: You have the right to request information about any personal data we might process.
Right to Rectification: You have the right to request correction of any inaccurate personal data.
Right to Erasure: You have the right to request deletion of any personal data we might process.
Right to Restrict Processing: You have the right to request restriction of processing of your personal data.
Right to Data Portability: You have the right to receive any personal data we might have in a structured, commonly used, and machine-readable format.
Right to Object: You have the right to object to our processing of your personal data.
Rights Related to Automated Decision Making: You have the right not to be subject to a decision based solely on automated processing.
Since we minimally process your personal data, these rights may have limited applicability. However, we are committed to honoring these rights to the extent they are relevant to our Service.
To exercise any of these rights, please contact us using the information provided at the end of this Privacy Policy.
Our Application interfaces with the UCL API, which is developed by a student society formerly affiliated with UCL Student Union. We do not control the UCL API's data practices. By using our Application, you are also subject to the UCL API's terms and privacy practices.
We recommend reviewing the UCL API's privacy information as part of your use of our Application. The UCL API may have its own data collection, processing, and retention policies that are separate from ours.
As we do not collect or store personal data beyond temporary processing for functionality, we do not have a data retention policy for user data. Any temporary data processed during the use of the Application is only held for the duration necessary to complete the current session or request.
The Developer operates from the United Kingdom. The Application is designed for use by UCL students and does not transfer data internationally. All data processing takes place within the UK.
Our Service does not address anyone under the age of 16. We do not knowingly collect or process data from anyone under 16 years of age. The Service is designed for University College London students who are typically 18 years of age or older.
If we become aware that we have inadvertently received personal data from anyone under the age of 16, we will delete this information from our records. If you believe we might have any information from or about a child under 16, please contact us at the email address provided below.
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on our Website and updating the "Last Updated" date at the top of this document.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on the Website.
If you have any questions about this Privacy Policy or our data practices, please contact us:
Email: kaibin.zhang.23@ucl.ac.uk
Website: auth.support
If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's OfficeWebsite: https://ico.org.uk/
Telephone: 0303 123 1113