Privacy Policy

Updated May 24, 2018


We ask you to read this Privacy Policy carefully before using the CanCred Factory service (“Service”).

Learning Agents Inc., a Canadian corporation (“Service Provider”), is committed to protecting user privacy by complying with the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and the EU General Data Protection Regulation (“GDPR”).

Personal Information means information about an identifiable individual. This Privacy Policy covers personal information that the Service Provider is collecting from you (“User”) in connection with the Service and how the Service Provider uses such personal information.

The Service strives to offer Users a safe environment to issue and manage digital credentials based on the Mozilla Open Badge standard (later referred to as badges)

As a User of the Service, your use is subject to this Privacy Policy. If you do not accept the processing of personal information as outlined herein, please do not use the Service.

Individuals under the age of 13 are not permitted to use the Service or the Service website. The Service does not collect personal information from individuals under the age of 13.


The Service collects the following User information (mandatory):

  • Names of registered Users
  • Email addresses of registered Users
  • Names of User Organizations
  • Website addresses of User Organizations
  • Organization emails of User Organizations
  • Mailing addresses of User Organizations

The Service also collects the following information if provided by the User Organization:

  • Country (and province if in Canada)
  • Organization type
  • Description
  • Logo

The Service also collects the following personal information:

  • Email addresses of recipients of badges (Earners) that have been issued by the User. The User acknowedges responsibility for the collection and safeguarding of the private information of Earners of the badges the User issues.


The Service Provider collects personal information to maintain and handle the relationship between the Service Provider and the User and to plan and develop the business activity of the Service Provider through various research methods. The information and personal data may be used for distribution of information to the Users of the Service and possibly for direct marketing if user has given his/her consent or if allowed by law. The information and personal data may also be used for investigation and follow up in cases of suspected misuse.

The User may operate one or more role-based accounts on the Service to issue badges to badge Earners. These badges contain Earner email addresses which the User has gathered. The email addresses of Earners are encrypted to prevent unauthorized access, according to the Open Badge standard. Other personal information in the badge may include links to Earner evidence and Additional Criteria, which can describe how an individual Earner achieved a particular badge – this information is not encrypted. When a User issues a badge the User shares this Earner personal information with the Service provider. The User represents and warrants that Earners have consented to the collection and use of their personal information for this purpose.

When an Earner receives an email notice of having earned a badge, he/she may ignore the notice, download the badge to their computer, or direct the badge to be transferred to a personal account on CanCred Passport. Irrespective of his/her decision, User will retain a record of the earned badge containing the Earner’s email in their Service account. Users are responsible for protecting the personal information of their Earners. For more detail, please refer to the CanCred Passport Privacy Policy.

The Service Provider may also collect information about the use of the Service for statistical purposes. This information does not target any individual user.

The Service Provider’s Internet servers may passively and automatically collect certain information about the website visitors’ traffic patterns, which may be linked to their Internet Protocol (IP) addresses (which are unique Internet “addresses” assigned to all Internet users by their Internet Service Providers). Server logs may record statistical information, such as visitors’ IP addresses, type of operating systems, time and duration of visit, pages requested, and identify categories of visitors by items such as domains and browser types. These statistics are generally collected and used on an aggregate basis.

  • Cookies: The Service website may use “cookies”. Cookies are small text files offered to your computer by servers in order to keep track of a browser as the User navigates a website. Cookies may be stored on the User’s hard drive, or in temporary (cache) memory, in which case they are deleted when the User shuts down the his/herbrowser or turns off his/her computer. The Service Provider may use cookies to record session information, such as the User’s browsing habits and past activity, to enable the Service Provider to provide the User with improved services such as customized webpage content. The User can disable cookies using his/her Internet browser’s settings. Please consult your browser’s help function for information about how to disable cookies. Note that if the User disables cookies, certain features of the Service website may not function properly.
  • Links to Third Party Websites: The Service website may contain links to other websites that are provided as a convenience only, and which may have different privacy policies and practices than those of the Service Provider. The Service Provider has no responsibility for these third party websites, and User is advised to review the privacy policies of any third party websites User chooses to visit.


The Service Provider does not sell, trade, or otherwise transfer to outside parties the User’s personally identifiable information. This does not include trusted third parties who assist the Service Provider in operating its website, conducting its business, or servicing the User, so long as those parties agree to protect the personal information with a level of privacy protection which is comparable to that offered by the Service Provider. Third parties can only use or disclose personal information for purposes which have been authorized by the User in this Privacy Policy.

The Service Provider may also release the User’s personal information when the Service Provider believes release is appropriate to comply with applicable laws, enforce site policies, or protect its or others rights, property, or safety.Non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

Only the username, which each User uses to define her/himself, is displayed to other users in the Service.

The Service Provider maintains this service and stores and processes any information collected through this service on servers located in Canada. No personal data is transferred outside Canada by the Service Provider.


The personal information is stored in the Service databases which are secured with firewalls and other appropriate technical measures. Some information may be kept outside the Service databases for the purposes of invoicing.

All persons handling the personal information have personal access rights (username, password and access level information) to the register issued by the register owner. Only persons who need said information to carry out their work assignments can access the user’s personal information. These persons include the Service Provider’s customer service and technical administrator personnel and trusted third parties.

The Service Provider will strive to ensure that no stored personal information disappears, is used for wrong purposes or is accessed or changed without authorization.

Personal information is retained for as long as is necessary for the Service Provider to fulfill the purposes which have been identified and consented to by the User. If the User quits the Service, the Service Provider guarantees the validity of issued badges for at least two years. This guarantee requires the retention of personal information. The User may request complete deletion of the account, which will destroy all personal information stored on the Service server.

Users are warned not to disclose their username or password to anyone other than the Service Provider.

The User may withdraw his/her consent for the Service Provider to manage his/her personal information as described in this Privacy Policy, provided such withdrawal is subject to legal or contractual restrictions and reasonable notice. If the User withdraws consent, the Service Provider’s ability to provide Services to User may be restricted or rendered impossible.


Under the Personal Information Protection and Electronic Documents Act (PIPEDA), individuals have a right of access to personal information in the custody or control of an organization and an account of its use. If you are a resident of Canada, you can request this information by contacting the Service Provider using the information provided below.


For residents of the European Economic Area (EEA) or Switzerland, please note that the personal data information we obtain from or about you may be transferred, processed and stored outside of the EEA or Switzerland for the purposes described in this Privacy Policy. We take the privacy of our users seriously and therefore take steps to safeguard your information, including assuring an adequate level of data protection in accordance with EU standards.


Learning Agents
134 Home Street
Winnipeg, Manitoba
Phone number: 1-204-219-5933
(hereafter ”we” or ”Learning Agents”)

Contact person for register matters

Donald Presant
134 Home Street
Winnipeg, Manitoba

Name of register


The basis of processing personal data is Learning Agents’ justified interest on the basis of a customer relationship.

The basis of processing personal data is:

  • the delivery and development of our Open Badge Factory Service (“Service”),
  • fulfilling our contractual and other promises and obligations,
  • taking care of the customer relationship,
  • analyzing and profiling behaviour of the data subject,
  • electronic and direct marketing

What data do we process?

We process the following personal data regarding the customer’s user account (data subject):

  • Basic information of the data subject such as *name, display *name, *password;
  • Contact information of the data subject *e-mail address;
  • Information of the service relationship and the contract such as details of the user profile, correspondence with the data subject and other references, cookies and data related to use of them;

Committing personal data marked with a star as well as allowing the use of cookies in the data subject’s browser, is a requirement for our contractual relationship with the customer. Without this necessary information we are not able to provide the Service.

From where do we receive data?

We receive personal data primarily from the data subject him/herself, as the data is entered into the Service by the data subject.

For the purposes described in this privacy notice, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations. Data updating of this kind is performed manually or by automated means.

To whom we disclose data and do we transfer data outside of EU or EEA?

We receive and process data in Canada. Only the data subject’s admin display name which the admin can define him/herself, is displayed to other users in the Service.

We process information ourselves and use subcontractors that process personal data on behalf of and for us. We have outsourced the IT-management to an external service provider, located in Canada, on whose server the data is stored. The server is protected and managed by the external service provider.

Data may be disclosed to authorities under compelling provisions. We do not disclose information of the register to external quarters. We do not transfer personal data outside Canada.

How do we protect the data and how long do we store them?

The personal data is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons, i.e. only those of our employees, who on behalf of their work are entitled to process customer data. These persons include the Service Provider’s customer service personnel and the technical administrators of the Service. Each user has a personal username and password to the system.

The data subject may at any time add, change and remove all data from the Service as well as delete the account entirely.

We store the data as long as it is necessary for the purpose of processing the data. We estimate regularly the need for data storage taking into account the applicable legislation. In addition, we take care of such reasonable actions of which purpose is to ensure that no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing.

What are your rights as a data subject?

As a data subject you have a right to inspect the personal data concerning yourself, which is stored in the register, and a right to require rectification or erasure of the data. This may be done by accessing, modifying and/or deleting your personal data stored in the Service by logging into the Service. If you need assistance, please contact the person mentioned in Section 2 above.

As a data subject you have the right to object processing at any time free of charge, including profiling in so far as it relates to direct marketing.


The Service Provider reserves the right to make adjustments to this Privacy Policy at any time and from time to time. Service Providers suggests that Users review this Privacy Policy on a regular basis.


If you have questions regarding this Privacy Policy or you believe that the Service Provider has not abided by this Privacy Policy, you are advised to contact the Service Provider using the information provided below:

Donald Presant
Learning Agents Inc.
(204) 219-5933