Last Updated January 6, 2019
Commitment to Privacy. Learning Agents Inc., a Canadian corporation, is the provider of the Service (“Service Provider”) and is committed to privacy by complying with Canada’s federal Personal Information Protection and Electronic Documents Act (“PIPEDA”) and the European Union’s General Data Protection Regulation (“GDPR”).
Definition of Personal Information or Personal Data. Personal information or personal data means any information about an identified or identifiable individual.
The Service. The Service strives to offer all Users a safe environment to issue and manage digital credentials (“Badges”) based on the Mozilla Open Badge standard. Users operate role-based logins (e.g. administrator, creator or issuer) on the Service to issue Badges and manage their accounts. The Service is designed to enable subscribers to the Service (“Issuers” or “Users”) to issue Badges to individuals who meet prescribed requirements (“Badge Earners”).
Designations under GDPR. For the purposes of the GDPR, the Service Provider is the “processor” of the Badge Earners’ personal data acting on behalf of and based on the instructions of the Users/Issuers, who are the “controllers” of the Badge Earners’ personal data.
Children under the Age of 16. Individuals under the age of 16 are not permitted to use the Service or the Service website. The Service does not intentionally collect personal information from individuals under the age of 16. If the Service Provider becomes aware that it has inadvertently collected personal information about children under the age of 16, it will take steps to delete the information as soon as possible.
WITHDRAWAL OF USER CONSENT
Users may withdraw their consent to process personal information at any time by deleting their own accounts and all personal data associated with their accounts or by contacting the Service Provider to delete their accounts and all personal data associated with their accounts, provided such withdrawal is subject to legal or contractual restrictions. If the User withdraws consent, the Service Provider’s ability to provide Services to the User may be restricted or rendered impossible. The Service Provider will delete the personal information following the withdrawal of consent, however, such withdrawal will not affect the lawfulness of processing prior to withdrawal.
DESCRIPTION OF PERSONAL INFORMATION, METHODS FOR ITS COLLECTION AND THE APPLICABLE LEGAL BASES
“CONDITIONS OF SERVICE” INFORMATION. The Service collects the following information that are necessary and integral to the provision of the Service, some of which are considered personal information in certain jurisdictions, but not in others:
- Names of registered Users
- Email addresses of registered Users
- The role of the registered Users
- Names of User organizations
- Website addresses of User organizations
- Organization emails of User organizations
- Mailing addresses of User organizations
- Payment information and payment history of User organizations
- All communication, correspondence and contract history in specific matters (e.g. testimonials, service reviews, other statements)
Legal Basis in the European Union. It is the obligation of the Users who are the controllers to determine the legal basis of processing the personal data of Badge Earners. The processing of personal data is necessary for the Service Provider to perform the Service and the related promises and obligations based on the contract entered into between the User and the Service Provider or if it required for the Service Provider to comply with any legal obligations
OPTIONAL INFORMATION. The Service also collects the following information if provided by the User organization:
- Country (and province if in Canada)
- Organization type
- Description of the organization
- Logo and banner graphics
BADGE EARNERS INFORMATION. The Service also collects the following personal information:
- Email addresses of recipients of Badges (“Badge Earners”) that have been issued by the User/Issuer, as the Badges contain the Badge Earners’ email addresses, phone numbers and URLs in hashed form, which the User/Issuer has gathered. The User/Issuer acknowledges responsibility for the collection and safeguarding of the personal information of Badge Earners.
- Other personal information in the Badge may include links to the Badge Earner’s evidence and “Additional Criteria”, which can describe how an individual Badge Earner achieved a particular Badge.
Legal Basis in the European Union. It is the obligation of the Users who are the controllers to determine the legal basis of processing the personal data of Badge Earners. The processing of personal data is necessary for the Service Provider to perform the Service and the related promises and obligations based on the contract entered into between the User/Issuer and the Service Provider. The use of Badge Earners personal information will be limited to the purpose of providing the Service to the User/Issuer.
Badge Earners’ Consent. When the User/Issuer issues a Badge, the User/Issuer shares the Badge Earner’s personal information with the Service Provider. It is the User’s/Issuer’s responsibility to obtain the consent of the Badge Earners. The User/Issuer represents and warrants that the Badge Earners have consented to the collection and use of their personal information for this purpose and disclosure to the Service Provider and understand how their information will be used by the Service Provider. The Service Provider may request a copy or evidence of such consent.
Legal Basis in the European Union. The processing of personal data related to the use of strictly necessary cookies is necessary for the Service Provider to perform the Service and the related promises and obligations based on the contract entered into between the User and the Service Provider. Without use of the strictly necessary cookies, Service Provider is not able to provide the Service.
DISCLOSURE AND TRANSFER OF PERSONAL INFORMATION
Only the username, which each User uses to define themselves, is displayed to other users in the Service.
The Service Provider may use the following third-party services, provided by service providers, who are called subprocessors under GDPR: software development, platform maintenance and hosting.
PURPOSES FOR COLLECTING, USING AND DISCLOSING PERSONAL INFORMATION
The Service Provider collects personal information for the following purposes:
- to open User accounts
- to verify the identity of Users of the Service
- to deliver the Service
- to inform the Users of updates, modifications and other matters relating to the Service
- to issue and display credentials of Badge Earners
- to provide support and customer services to Users
- to process payment, send purchase and billing confirmations and reminders
- to plan and develop the business activity of the Service Provider through various research methods
- to investigate and follow up in cases of suspected misuse of the Service
- to comply with legal requirements
COOKIES AND SIMILAR TECHNOLOGIES
What a Cookie is. The Service website may use “cookies”. Cookies are small text files offered to Users’ computers or devices by servers in order to keep track of a browser as a User navigates the Service website. Cookies may be stored on a User’s hard drive, or in temporary (cache) memory, in which case they are deleted when the User shuts down his/her browser or turns off his/her computer or device.
How Users Can Disable and Delete Cookies. The User can disable cookies using his/her Internet browser’s settings. Note that if the User disables cookies, certain features of the Service website may not function properly. For more information on managing cookies, please go to www.allaboutcookies.org.
STRICTLY NECESSARY OR FUNCTIONAL COOKIES. The Service Provider uses only strictly necessary cookies. The most important cookies are the functional or strictly necessary cookies that are written onto the Users’ computers or mobiles device for browsing, optimizing and customizing purposes. They are essential and help Users to navigate on the Service website and the Service and to use basic features. These cookies are strictly necessary to provide the Service by managing logins and keeping sessions open. No further cookies are used for any other kind of tracking purposes.
SOURCES OF PERSONAL INFORMATION
LOCATION OF PERSONAL INFORMATION
The Service Provider maintains the Service and stores and processes any personal information collected through the Service on servers located in Canada. No personal data is transferred outside Canada by the Service Provider.
PROTECTION AND SECURITY OF PERSONAL INFORMATION
The Service Provider and its third-party service providers use appropriate technical and organizational measures to protect the security of personal information provided or generated through or received as a result of the Service.
The personal information is stored in the Service databases which are secured with firewalls, passwords, backups, malware scanning and other appropriate technical and organizational measures. For example, the email addresses of Badge Earners are encrypted to prevent unauthorized access, according to the Open Badge standard. The Service databases and the backup copies of them are maintained in locked and monitored premises and can be accessed only by certain designated persons, i.e. only those of the Service Provider’s employees, who as a result of their work are entitled to process personal information with designated access rights (username, password and access level information). These persons include the Service Provider’ customer service personnel, the technical administrators of the Service and trusted third parties.
Some information may be kept outside the Service databases for the purposes of invoicing. That information is also subject to appropriate technical and organizational security measures.
The Service Provider ensures its personnel and third-party service providers abide by the appropriate confidentiality commitments. The Service Provider will strive to ensure that no stored personal information (i) disappears, (ii) is used for wrong purposes or (iii) is accessed or (iv) changed without authorization.
Users are warned not to disclose their username or password to anyone other than the Service Provider.
Data Breaches. A personal data breach is a breach of security leading to the accidental, unlawful or unauthorized destruction, loss, alteration, disclosure of, or access to personal data. Breaches can happen when personal information is stolen, lost or mistakenly shared. The Service Provider and its third-party service providers have procedures in place to deal with any suspected or actual data security breach, including risk assessment of any suspected or actual breach and maintaining records of all breaches. The Service Provider will notify the User without undue delay after becoming aware of any personal data breach and any applicable regulator of a suspected or actual data security breach where the Service Provider is legally required to do so.
Links to Third Party Websites. The Service website may contain links to other websites that are provided as a convenience only, neither owned, nor managed by the Service Provider, and which may have different privacy policies and practices than those of the Service Provider. The Service Provider has no responsibility for these third-party websites, and User is advised to review the privacy policies of any third-party websites User chooses to visit.
RETENTION OF PERSONAL INFORMATION
Personal information is retained for as long as is necessary for the Service Provider to fulfill the purposes which have been identified and consented to by the User or otherwise required by the law. If the User quits the Service, the related personal information is deleted. The User may request complete deletion of their account, which will destroy all personal information stored on the Service server. The Badge Earners can also delete their personal information on their own initiative.
Under the PIPEDA, Users have right to
- access their personal information in the custody or control of the Service Provider and have an account of its collection and use.
- correction to have the User’s personal information corrected if it is incorrect, have incomplete personal information completed or out-of-date data updated.
- erasure to request deletion of personal information processed by the Service Provider at any time in a number of situations, except for the following situation:
- the User has an ongoing matter with the Service Provider’s customer service or technical administrator personnel.
- complain to the Service Provider and the Office of the Privacy Commissioner of Canada, if the User believes that the Service Provider has processed the personal information incorrectly.
In addition to the above rights, and if the Badge Earners reside in the United Kingdom (UK) or a country within the European Union, under GDPR, subject to certain exceptions, Badge Earners have additional rights, such as the right to data portability and the right to restrict processing. Service Provider, as a processor of the Badge Earners personal data will assist the Users, who are controllers of the Badge Earners’ personal data, by appropriate technical and organizational measures, as technically feasible and applicable, to respond to Badge Earners’ requests for exercising their rights, taking into account the nature of the processing carried out by the Service Provider.
Users can exercise their right to access, correction and erasure by accessing, modifying and/or deleting any personal information stored in the Service by logging into their Service account.
In addition, Users can exercise any of these rights by contacting the Service Provider using the information provided below in the “Contact Us” section. The Service Provider will respond to any User request within a reasonable timeframe in accordance with the applicable law.
Learning Agents Inc. Mailing address: 134 Home Street Winnipeg, Manitoba CANADA Phone number: 1 (204) 219-5933 Email address: firstname.lastname@example.org