Privacy and Cookie Policy
Last Updated December 14, 2020
Introduction
We ask you to read this privacy and cookie policy (“Privacy Policy”) carefully before using the CanCred Passport service which is a service where users (“Badge Earners”) can easily receive, organize, store, display and share their digital credentials (“Service”).
Commitment to Privacy. Learning Agents Inc., a Canadian corporation, is the provider of the Service (“Service Provider”) and is committed to privacy by complying with Canada’s federal Personal Information Protection and Electronic Documents Act (“PIPEDA”) and the European Union’s General Data Protection Regulation (“GDPR”).
Definition of Personal Information or Personal Data. Personal Information or personal data means any information about an identified or identifiable individual.
Content of this Privacy Policy. This Privacy Policy describes the types of personal information that the Badge Earners provide to the Service Provider or the Service Provider is collecting from the Badge Earners in connection with the Service and how and why the Service Provider collects, uses, discloses and protects such personal information and the Badge Earners’ privacy rights in relation to personal data. In addition, this Privacy Policy outlines how to contact the Service Provider and supervisory authorities in the event a Badge Earner would like to report a concern about the way in which the Service Provider processes personal information.
The Service. The Service strives to offer all Badge Earners a safe environment to receive, accept, organize, store, display and share digital credentials (“Badges”) based on the Mozilla Open Badge standard.
Designations under GDPR. For the purposes of the GDPR, the Service Provider is the “controller” of certain types of personal data provided by the Badge Earners or collected by the Service Provider as part of the Service.
Consent. Any Badge Earner’s use of the Service is subject to this Privacy Policy. If a Badge Earner does not consent to the processing of his/her personal information as outlined herein, the Service Provider asks the Badge Earner to not use the Service.
Legal Basis in Canada. The Badge Earner’s use of the Service constitutes consent to the Service Provider’s collection, use and disclosure of personal information in accordance with this Privacy Policy. No law requires the Badge Earner to provide the Service Provider with personal information.
Legal Basis in the European Union. For the applicable various legal bases of processing in the European Union please refer to the “DESCRIPTION OF PERSONAL INFORMATION, METHODS FOR ITS COLLECTION AND THE APPLICABLE LEGAL BASES” section of this Privacy Policy.
Children under the Age of 16. Individuals under the age of 16 are not permitted to use the Service or the Service website. The Service does not intentionally collect personal information from individuals under the age of 16. If the Service Provider becomes aware that it has inadvertently collected personal information about children under the age of 16, it will take steps to delete the information as soon as possible.
WITHDRAWAL OF USER CONSENT
Badge Earners may withdraw their consent to process personal information at any time by deleting their own account and all personal data associated with their accounts or by contracting the Service Provider to delete their accounts and all personal data associated with their accounts, provided such withdrawal is subject to legal or contractual restrictions. If the Badge Earner withdraws consent, the Service Provider’s ability to provide Services to the Badge Earner may be restricted or rendered impossible. The Service Provider will delete the personal information following the withdrawal of consent, however, such withdrawal will not affect the lawfulness or processing prior to withdrawal.
DESCRIPTION OF PERSONAL INFORMATION, METHODS FOR ITS COLLECTION AND THE APPLICABLE LEGAL BASES
“CONDITIONS OF SERVICE” INFORMATION. The Service collects the following information that are necessary and integral to the provision of the Service, some of which are considered personal information in certain jurisdictions, but not in others:
- First and last name
- Email address
- Language
- Country
Legal Basis in the European Union. The processing of personal data is necessary for the Service Provider to perform the Service and the related promises and obligations based on the contract entered into between the Badge Earner and the Service Provider.
OPTIONAL INFORMATION.
The Badge Earner may enter his/her location on a map to share with other registered Badge Earners, or the public.
The Badge Earner may also optionally create a profile (“Profile”) that is shared with other registered Badge Earners or the public, containing his/her first and last name and the following optional, independently entered personal information:
- Introduction
- Portrait picture
- Phone number
- Address
- City
- State/Province/Territory
- Facebook account information
- LinkedIn account information
- Twitter account information
- Pinterest account information
- Instagram account information
- Blog information
The optional information can be selectively displayed on a Profile page along with recent Badges which may have been received, accepted and shared by the Badge Earner.
OPTIONAL PAGES INFORMATION. The Badge Earner may also optionally create one or more pages (“Pages”) that can be shared with other registered Badge Earners or the public, containing Badges he/she has earned, and other content such as text commentary, uploaded documents and links to other websites. Recent Pages the Badge Earner has created and shared are also displayed on the Profile page.
OPTIONAL SOCIAL MEDIA IDENTIFIERS. Badge Earners may also choose one or both of the following methods to log in using their existing social media identifiers, in which case, Service Provider will process the following personal data:
- Social media identifier with Facebook
- Social media identifier with LinkedIn
Legal Basis in the European Union for the Processing of Optional Information, Optional Pages and Optional Social Media Identifiers. The processing of personal data is necessary for the Service Provider to perform the Service and the related promises and obligations based on the contract entered into between the Badge Earner and the Service Provider. The use of Badge Earners personal information is limited to the purpose of providing the Service to the Badge Earners.
COOKIES AND TRACKING INFORMATION. The Service Provider will also process the following categories of personal data connected to its use of cookies or similar tracking technologies (web beacons or pixel tags, device fingerprinting):
- The Badge Earner’s IP address;
- The Badge Earner’s unique cookie identifier;
- The Badge Earner’s unique device identifier and device type;
- The Badge Earner’s browser type and language,
- The Badge Earner’s operating system and system settings;
- Websites previously visited by the Badge Earner;
- Information about the Badge Earners’ interaction with the Service website, such as the date and time of their visit, how long the Badge Earners remained on the Service website, and the pages visited on the Service website;
- The Badge Earner’s use of embedded social media services;
- Location information.
For more information on the use of cookies and similar tracking technologies, please refer to the “Cookies and Similar Technologies” section of this Privacy Policy.
Legal Basis in the European Union. The Badge Earners’ use of the Service constitutes consent to the Service Provider’s collection, use and disclosure of the above (personal) information in accordance with this Privacy Policy.
DISCLOSURE AND TRANSFER OF PERSONAL INFORMATION
The Service Provider does not sell, trade, or otherwise transfer to outside parties the Badge Earners’ personal information. This does not include trusted third parties who assist the Service Provider in operating its website, conducting its business, or servicing the Badge Earners, so long as those parties agree to protect the personal information with a level of privacy and security protection which is the same to that is offered by Service Provider. Third parties can only use or disclose personal information for purposes which have been authorized by the Badge Earners in this Privacy Policy to provide necessary services to the Service Provider as specified in the contract between the Service Provider and the third party. Third parties must return or dispose any shared personal information upon completion of the contract between the Service Provider and the third party.
The Service Provider may also release the Badge Earner’s information when the Service Provider believes release is appropriate to comply with applicable laws, the reasonable requests of law enforcement, enforce Service website or Service policies, Terms of Use or protect its or other’s rights, property, or safety.
Analytics information may be provided to other parties for marketing or other uses when appropriate consents and permissions are obtained.
The Service Provider may use the following third-party services, provided by service providers, who are called processors under GDPR: software development, platform maintenance and hosting.
PURPOSES FOR COLLECTING, USING AND DISCLOSING PERSONAL INFORMATION
The Service Provider collects personal data for the following purposes:
- to open Badge Earner accounts
- to verify the identity of Badge Earners
- to deliver the Service
- to inform the Badge Earners of updates, modifications and other matters relating to the Service
- to display credentials of Badge Earners
- to provide support and customer services to Badge Earners
- to plan and develop the business activity of the Service Provider through various research methods
- to investigate and follow up in cases of suspected misuse of the Service
- to comply with legal requirements
Profile Information. Profile information entered by Badge Earners will be displayed to other registered Badge Earners. It may also be displayed to the public at the discretion of the Badge Earner.
Social Media Identifiers and Related Personal Data. If the Badge Earner optionally provides links to his/her social media profiles on third-party services (“Third-Party Services”), these links will be displayed in the Badge Earner’s profile on the Service. If the Badge Earner chooses to connect to the Service with Third-Party Services, such as Facebook and LinkedIn, the Badge Earner allows the Service Provider access to personal information from these Third-Party Services. The amount of personal information accessible from each Third-Party Services may vary according to Badge Earner’s privacy settings on the Third-Party Services.
CanCred Factory Connection. When the Badge Earner receives an email notice of having earned a Badge from third-party badge issuers using services such as CanCred Factory, he/she may (i) ignore the notice, (ii) download the Badge to his/her computer, or (iii) direct the Badge to be transferred to his/her personal account on CanCred Passport service, the Service. Irrespective of his/her decision, the third-party issuer of the Badge, including CanCred Factory, will retain a record of the earned Badge containing the Badge Earner’s email in their badge issuing service account. The Service Provider is not responsible for how third-party badge issuers use, disclose or retain personal information they may have collected from the Badge Earner. For more detail, please refer to the CanCred Factory Privacy Policy.
Sharing Badges. The Badge Earners have the option to share their individual Badges with other registered Badge Earners and with the general public, directly from the Service or through Third-Party Services, e.g. social media or other online services. Badge Earners may optionally share a Badge accompanied by their name and/or linked evidence and “Additional Criteria” that can describe how the Badge Earners achieved a particular Badge. The Badge Earners share their badges at their own discretion and accept full responsibility for such sharing.
Pages. Badge Earners also have the option to create and share Pages containing one or more Badges, optionally accompanied by other personal information, such as files uploaded to the Service by the Badge Earners, links and embedded frames to other websites and text commentary that may be added to the Page by the Badge Earners. These Pages may be shared with other registered Badge Earners and with the general public, directly from the Service or through Third-Party Services, e.g. social media or other online services. The link to a Page may optionally be protected by a password set by the Badge Earner. The Badge Earner shares Pages at his/her own discretion and accepts full responsibility for this. Recent Pages the Badge Earner has created and shared are also displayed on the Profile page.
The Service Provider may also collect information about the use of the Service for statistical purposes. This information does not target any individual Badge Earner.
COOKIES AND SIMILAR TECHNOLOGIES
*What a cookie is. The Service website may use “cookies”. Cookies are small text files offered to Badge Earners’ computers or devices by servers in order to keep track of a browser as the Badge Earner navigates the Service website and remember information about you. Cookies may be stored on the Badge Earner’s hard drive, or in temporary (cache) memory, in which case they are deleted when the Badge Earner shuts down the his/her browser or turns off his/her computer or device. The cookies are either set by the Service Provider or third parties from a domain different from the Service Provider’s.
How Badge Earners Can Disable and Delete Cookies. The Badge Earner can disable cookies using his/her Internet browser’s settings. Note that if the Badge Earner disables cookies, certain features of the Service website may not function properly. For more information on managing cookies, please go to www.allaboutcookies.org, or visit www.youronlinechoices.com which has further information about user choices.
The Service Provider Uses the Following Types of Cookies for the following purposes:
STRICTLY NECESSARY COOKIES. These cookies are necessary for the Service website to function and cannot be switched off in our systems. They are usually only set in response to actions made by the Badge Earner which amount to a request for services. Badge Earners can set their browser to block or alert them about these cookies, but some parts of the Service website may not work then. These cookies are used for browsing, optimizing and customizing purposes. They are essential and help Badge Earners to navigate on and use the Service website and the Service. The Service Provider is not obligated by law to obtain the Badge Earners consent to use strictly necessary cookies.
PERFORMANCE AND ANALYTICS COOKIES. These cookies allow the Service Provider to count visits and traffic sources, so it can measure and improve the performance of the Service website. All information these cookies collect is aggregated and therefore anonymous. Performance and analytics cookies collect information about the way the Service website and Service is used and the Badge Earners who browse it (e.g., country/city of origin, type of device, type of browser, time spent on pages). They allow the Service Provider to (i) learn more about the Badge Earners and their preferences, (ii) identify patterns and trends amongst the Badge Earners, (iii) improve the functionality of the Service website and the Service (e.g., by tracking errors and loading time of pages). This data may then be compiled statistically to furnish the Service Provider with information that will allow the Service Provider to (i) enhance user experience on the Service website, (ii) make future improvements to the Service website and Service, and (iii) provide information, content and offerings tailored and relevant to the Badge Earners’ needs.
SOURCES OF PERSONAL INFORMATION
The Service Provider receives personal information primarily from the Badge Earners, as the data is entered into the Service by the Badge Earners. For the purposes described in this Privacy Policy, personal information may also be collected and updated from cookies. Data updating of this kind is performed manually or by automated means.
LOCATION OF PERSONAL INFORMATION
The Service Provider maintains the Service and stores and processes any personal information collected through the Service on servers located in Canada, outside of the EEA or Switzerland for the purposes described in this Privacy Policy.
PROTECTION AND SECURITY OF PERSONAL INFORMATION
The Service Provider and its third-party service providers use appropriate technical and organizational measures to protect the security of personal information provided or generated through or received as a result of the Service.
The personal information is stored in the Service databases which are secured with firewalls, passwords, backups, malware scanning and other appropriate technical and organizational measures. For example, the email addresses of Badge Earners are encrypted to prevent unauthorized access, according to the Open Badge standard. The Service databases and the backup copies of them are maintained in locked and monitored premises and can be accessed only by certain designated persons, i.e. only those of the Service Provider’s employees, who as a result of their work are entitled to process personal information with designated access rights (username, password and access level information). Only persons who need said information to carry out their work assignments can access the Badge Earner’s personal information. These persons include the Service Provider’s customer service personnel, the technical administrators of the Service and trusted third parties.
The Service Provider ensures its personnel and third-party service providers abide by the appropriate confidentiality commitments. The Service Provider will strive to ensure that no stored personal information (i) disappears, (ii) is used for wrong purposes or (iii) is accessed or (iv) changed without authorization.
Badge Earners are warned not to disclose their username or password to anyone other than the Service Provider, such as in a situation where user support is requested of the Service Provider.
Data Breaches. A personal data breach is a breach of security leading to the accidental, unlawful or unauthorized destruction, loss, alteration, disclosure of, or access to personal data. Breaches can happen when personal information is stolen, lost or mistakenly shared. The Service Provider and its third-party service providers have procedures in place to deal with any suspected or actual data security breach, including risk assessment of any suspected or actual breach and maintaining records of all breaches. The Service Provider will notify the Badge Earner within the applicable deadline after becoming aware of any personal data breach and any applicable regulator of a suspected or actual data security breach where the Service Provider is legally required to do so.
Links to Third-Party Websites: The Service website may contain links to other websites that are provided as a convenience only, neither owned, nor managed by the Service Provider, and which may have different privacy policies and practices than those of the Service Provider. The Service Provider has no responsibility for these third-party websites, and the Badge Earner is advised to review the privacy policies of any third-party websites the Badge Earner chooses to visit.
RETENTION OF PERSONAL INFORMATION
Personal information is retained for as long as is necessary for Service Provider to fulfill the purposes which have been identified and consented to by the Badge Earner or otherwise required by the law. If the Badge Earner quits the Service, the related personal information is deleted. The Badge Earners may request complete deletion of their account, which will destroy all personal information stored on the Service server.
The Badge Earner acknowledges that any information he/she provides to a badge issuer using badge issuing services, such as CanCred Factory may be stored by that issuer, even after the Badge Earner ceases using the Service and deletes his/her account and the related personal information. The Service Provider is not responsible for how third parties, such as badge issuers use, disclose or retain the Badge Earner’s personal information, after the Badge Earner discloses it to them.
USER RIGHTS
Under the PIPEDA, Badge Earners have right to
- access their personal information in the custody or control of the Service Provider and have an account of its collection and use.
- correction to have the Badger Earner’s personal information corrected if it is incorrect, have incomplete personal information completed or out-of-date data updated.
- erasure to request deletion of personal information processed by the Service Provider at any time in a number of situations, except for the following situation:
- the Badge Earner has an ongoing matter with the Service Provider’s customer service or technical administrator personnel.
- complain to the Service Provider and the Office of the Privacy Commissioner of Canada, if the Badge Earner believes that the Service Provider has processed the personal information incorrectly.
In addition to the above rights, and if the Badge Earner resides in the United Kingdom (UK) or a country within the European Union, under GDPR, subject to certain exceptions, Badge Earners have the right to
- data portability to have a copy of the Badge Earner’s personal data transferred to the Badge Earner or to another third party.
- restriction to request the Service Provider restrict the processing of the Badge Earner’s personal data under the following circumstances:
- if the Badge Earner claims that the Badge Earner’s personal data is incorrect, the Service Provider must restrict all processing of such data pending the verification of the accuracy of the personal data.
- if the processing is unlawful, the Badge Earner can oppose the erasure of personal data and instead request the restriction of the use of personal data.
- if the Service Provider no longer needs the personal data but is required to keep it to establish or defend legal claims.
- withdraw consent where the Service Provider have obtained the Badge Earner’s consent for the processing of the Badge Earner’s personal data.
- complain to the Service Provider and the applicable data protection authority in the European Union if the Badge Earner believes that the Service Provider has processed the personal information incorrectly.
Badge Earners can exercise their right to access, correction and erasure by accessing, modifying and/or deleting any personal information stored in the Service by logging into their Service account.
In addition, Badge Earners can exercise any of these rights by contacting the Service Provider using the information provided below in the “Contact” section. The Service Provider will respond to any Badge Earner request within a reasonable timeframe in accordance with the applicable law.
CHANGES TO THIS PRIVACY POLICY
The Service Provider reserves the right to make adjustments to this Privacy Policy at any time and from time to time. The Service Providers suggests that Badge Earners review this Privacy Policy on a regular basis.
CONTACT
If you have questions regarding this Privacy Policy or Badge Earners believe that the Service Provider has not abided by this Privacy Policy or wish to exercise any of their privacy rights, Badge Earners should contact the Service Provider using the information provided below:
Learning Agents Inc.
Mailing address: 134 Home Street
Winnipeg, Manitoba
CANADA
Phone number: 1 (204) 219-5933
Email: info@learningagents.ca