Updated May 24, 2018
Learning Agents Inc., a Canadian corporation (“Service Provider”), is committed to protecting user privacy by complying with the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and the EU General Data Protection Regulation (“GDPR”).
The Service strives to offer Users a safe environment to issue and manage digital credentials based on the Mozilla Open Badge standard (later referred to as badges)
Individuals under the age of 13 are not permitted to use the Service or the Service website. The Service does not collect personal information from individuals under the age of 13.
DESCRIPTION OF PERSONAL INFORMATION AND METHODS FOR ITS COLLECTION
The Service collects the following User information (mandatory):
- Names of registered Users
- Email addresses of registered Users
- Names of User Organizations
- Website addresses of User Organizations
- Organization emails of User Organizations
- Mailing addresses of User Organizations
The Service also collects the following information if provided by the User Organization:
- Country (and province if in Canada)
- Organization type
The Service also collects the following personal information:
- Email addresses of recipients of badges (Earners) that have been issued by the User. The User acknowedges responsibility for the collection and safeguarding of the private information of Earners of the badges the User issues.
PURPOSE FOR COLLECTING AND STORING PERSONAL DATA
The Service Provider collects personal information to maintain and handle the relationship between the Service Provider and the User and to plan and develop the business activity of the Service Provider through various research methods. The information and personal data may be used for distribution of information to the Users of the Service and possibly for direct marketing if user has given his/her consent or if allowed by law. The information and personal data may also be used for investigation and follow up in cases of suspected misuse.
The User may operate one or more role-based accounts on the Service to issue badges to badge Earners. These badges contain Earner email addresses which the User has gathered. The email addresses of Earners are encrypted to prevent unauthorized access, according to the Open Badge standard. Other personal information in the badge may include links to Earner evidence and Additional Criteria, which can describe how an individual Earner achieved a particular badge – this information is not encrypted. When a User issues a badge the User shares this Earner personal information with the Service provider. The User represents and warrants that Earners have consented to the collection and use of their personal information for this purpose.
The Service Provider may also collect information about the use of the Service for statistical purposes. This information does not target any individual user.
COOKIES AND LINKS TO THIRD PARTY WEBSITES
The Service Provider’s Internet servers may passively and automatically collect certain information about the website visitors’ traffic patterns, which may be linked to their Internet Protocol (IP) addresses (which are unique Internet “addresses” assigned to all Internet users by their Internet Service Providers). Server logs may record statistical information, such as visitors’ IP addresses, type of operating systems, time and duration of visit, pages requested, and identify categories of visitors by items such as domains and browser types. These statistics are generally collected and used on an aggregate basis.
- Links to Third Party Websites: The Service website may contain links to other websites that are provided as a convenience only, and which may have different privacy policies and practices than those of the Service Provider. The Service Provider has no responsibility for these third party websites, and User is advised to review the privacy policies of any third party websites User chooses to visit.
DISCLOSURE AND TRANSFER OF PERSONAL INFORMATION
The Service Provider may also release the User’s personal information when the Service Provider believes release is appropriate to comply with applicable laws, enforce site policies, or protect its or others rights, property, or safety.Non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
Only the username, which each User uses to define her/himself, is displayed to other users in the Service.
The Service Provider maintains this service and stores and processes any information collected through this service on servers located in Canada. No personal data is transferred outside Canada by the Service Provider.
PRESERVATION OF PERSONAL INFORMATION AND SECURITY
The personal information is stored in the Service databases which are secured with firewalls and other appropriate technical measures. Some information may be kept outside the Service databases for the purposes of invoicing.
All persons handling the personal information have personal access rights (username, password and access level information) to the register issued by the register owner. Only persons who need said information to carry out their work assignments can access the user’s personal information. These persons include the Service Provider’s customer service and technical administrator personnel and trusted third parties.
The Service Provider will strive to ensure that no stored personal information disappears, is used for wrong purposes or is accessed or changed without authorization.
Personal information is retained for as long as is necessary for the Service Provider to fulfill the purposes which have been identified and consented to by the User. If the User quits the Service, the Service Provider guarantees the validity of issued badges for at least two years. This guarantee requires the retention of personal information. The User may request complete deletion of the account, which will destroy all personal information stored on the Service server.
Users are warned not to disclose their username or password to anyone other than the Service Provider.
WITHDRAWAL OF USER CONSENT
RIGHT OF ACCESS AND CORRECTION OF PERSONAL INFORMATION
Under the Personal Information Protection and Electronic Documents Act (PIPEDA), individuals have a right of access to personal information in the custody or control of an organization and an account of its use. If you are a resident of Canada, you can request this information by contacting the Service Provider using the information provided below.
EU PRIVACY DETAILS
134 Home Street
Phone number: 1-204-219-5933
(hereafter ”we” or ”Learning Agents”)
Contact person for register matters
134 Home Street
Name of register
CUSTOMER REGISTER FOR CANCRED FACTORY SERVICE
What is the legal basis for and purpose of the processing of personal data?
The basis of processing personal data is Learning Agents’ justified interest on the basis of a customer relationship.
The basis of processing personal data is:
- the delivery and development of our Open Badge Factory Service (“Service”),
- fulfilling our contractual and other promises and obligations,
- taking care of the customer relationship,
- analyzing and profiling behaviour of the data subject,
- electronic and direct marketing
What data do we process?
We process the following personal data regarding the customer’s user account (data subject):
- Basic information of the data subject such as *name, display *name, *password;
- Contact information of the data subject *e-mail address;
- Information of the service relationship and the contract such as details of the user profile, correspondence with the data subject and other references, cookies and data related to use of them;
From where do we receive data?
We receive personal data primarily from the data subject him/herself, as the data is entered into the Service by the data subject.
For the purposes described in this privacy notice, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations. Data updating of this kind is performed manually or by automated means.
To whom we disclose data and do we transfer data outside of EU or EEA?
We receive and process data in Canada. Only the data subject’s admin display name which the admin can define him/herself, is displayed to other users in the Service.
We process information ourselves and use subcontractors that process personal data on behalf of and for us. We have outsourced the IT-management to an external service provider, located in Canada, on whose server the data is stored. The server is protected and managed by the external service provider.
Data may be disclosed to authorities under compelling provisions. We do not disclose information of the register to external quarters. We do not transfer personal data outside Canada.
How do we protect the data and how long do we store them?
The personal data is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons, i.e. only those of our employees, who on behalf of their work are entitled to process customer data. These persons include the Service Provider’s customer service personnel and the technical administrators of the Service. Each user has a personal username and password to the system.
The data subject may at any time add, change and remove all data from the Service as well as delete the account entirely.
We store the data as long as it is necessary for the purpose of processing the data. We estimate regularly the need for data storage taking into account the applicable legislation. In addition, we take care of such reasonable actions of which purpose is to ensure that no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing.
What are your rights as a data subject?
As a data subject you have a right to inspect the personal data concerning yourself, which is stored in the register, and a right to require rectification or erasure of the data. This may be done by accessing, modifying and/or deleting your personal data stored in the Service by logging into the Service. If you need assistance, please contact the person mentioned in Section 2 above.
As a data subject you have the right to object processing at any time free of charge, including profiling in so far as it relates to direct marketing.
Learning Agents Inc.