Updated May 24, 2018
Learning Agents Inc., a Canadian corporation (“Service Provider”), is committed to protecting user privacy by complying with the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and the EU General Data Protection Regulation (“GDPR”).
The Service strives to offer Users a safe environment to accept, store, display and share digital credentials based on the Mozilla Open Badge standard (later referred to as badges).
Individuals under the age of 13 are not permitted to use the Service or the Service website. The Service does not collect personal information from individuals under the age of 13.
Description of personal information and methods for its collection
The Service collects the following User information to become a User of the Service:
- First name
- Last name
- Email address
The User may also optionally create a Profile that is shared with other registered uses or the public, containing his/her first name, last name and picture and, the following optional, independently entered personal information:
- Portrait picture
- Email address
- Phone number
- Facebook account
- LinkedIn account
- Twitter account
- Pinterest account
- Instagram account
The optional information can be selectively displayed on a Profile page along with recent badges which may have been accepted and shared by the User.
The User may also optionally create one or more Pages that can be shared with other registered uses or the public, containing badges he/she has earned, and other content such as text commentary, uploaded documents and links to other web sites. Recent Pages the User has created and shared are also displayed on the Profile page.
The User may also choose one or both of the following methods to log in using existing social media identities:
- Connect with Facebook
- Connect with LinkedIn
Purpose for the handling of personal information
The Service Provider collects information and personal data to maintain and handle the relationship between the Service Provider and the User and to plan and develop the business activity of the Service Provider through various research methods. The information and personal data may be used for distribution of information to the Users of the Service and possibly for direct marketing if user has given his/her consent or if allowed by law. The information and personal data may also be used for investigation and follow up in cases of suspected misuse.
Profile information entered by the User will be displayed to other registered users. It may also be displayed to the public at the discretion of the User.
If the User optionally provides links to his/her social media profiles on Third Party Services, these links will be displayed in the User’s profile on the Service.
If the User chooses to Connect to the Service with Third Party Services, such as Facebook and LinkedIn, the User allows the Service Provider access to personal information from these Third Party Services. The amount of personal information accessible from each Third party Service may vary according to User’s privacy settings on the Third Party Service.
The User has the option to share individual badges with other registered users and with the general public, directly from the Service or through social media or other online services. User may optionally share a badge accompanied by the User’s name and/or linked evidence that was provided by the User to earn the badge. The User shares badges at his/her own discretion and accepts full responsibility for this.
The User also has the option to create and share Pages containing one or more badges, optionally accompanied by other personal information such as files uploaded to the Service by the User, links and embedded frames to other websites and free text that may be added to the page by the user. These Pages may be shared with other registered users and with the general public, directly from the Service or through social media or other online services. The link to a Page may ootionally be protected by a password set by the User. User shares Pages at his/her own discretion and accepts full responsibility for this.
The Service Provider may also collect information about the use of the Service for statistical purposes. This information does not target any individual user.
Cookies and Links to Third Party Websites
The Service Provider’s Internet servers may passively and automatically collect certain information about the website visitors’ traffic patterns, which may be linked to their Internet Protocol (IP) addresses (which are unique Internet “addresses” assigned to all Internet users by their Internet Service Providers). Server logs may record statistical information, such as visitors’ IP addresses, type of operating systems, time and duration of visit, pages requested, and identify categories of visitors by items such as domains and browser types. These statistics are generally collected and used on an aggregate basis.
- Links to Third Party Websites: The Service website may contain links to other websites that are provided as a convenience only, and which may have different privacy policies and practices than those of the Service Provider. The Service Provider has no responsibility for these third party websites, and User is advised to review the privacy policies of any third party websites User chooses to visit.
Disclosure and Transfer of Personal Information
The Service Provider may also release the User’s information when the Service Provider believes release is appropriate to comply with applicable laws, enforce site policies, or protect its or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
The Service Provider maintains this service and stores and processes any information collected through this service on servers located in Canada. No personal data is transferred outside Canada by the Service Provider.
Preservation of personal information and security
The personal information is stored in the Service databases which are secured with firewalls and other appropriate technical measures. Some information may be kept outside the Service databases for the purposes of invoicing.
All persons handling the personal information have personal access rights (username, password and access level information) to the register issued by the register owner. Only persons who need said information to carry out their work assignments can access the user’s personal information. These persons include the Service Provider’s customer service and technical administrator personnel and trusted third parties.
The Service Provider will strive to ensure that no stored personal information disappears, is used for wrong purposes or is accessed or changed without authorization.
Personal information is retained for as long as is necessary for Service Provider to fulfill the purposes which have been identified to, and consented to by, User.
The User acknowledges that any information he/she provides to a badge issuer using badge issuing services such as CanCred Factory may be stored by that issuer, even after the User ceases using the Service and deletes his/her account information. The Service Provider is not responsible for how third parties such as badge issuers use, disclose or retain the User’s personal information, after the User discloses it to them.”
Users are warned not to disclose their username or password to anyone other than the Service Provider, such as in a situation where user support is requested of the Service Provider.
Withdrawal of User Consent
Right of Access and Correction of Personal Information
Under the Personal Information Protection and Electronic Documents Act (PIPEDA), individuals have a right of access to personal information in the custody or control of an organization and an account of its use. If you are a resident of Canada, you can request this information by contacting the Service Provider using the information provided below.
EU PRIVACY DETAILS
134 Home Street
Phone number: 1-204-219-5933
(hereafter ”we” or ”Learning Agents”)
Contact person for register matters
134 Home Street
Name of register
CUSTOMER REGISTER FOR CANCRED FACTORY SERVICE
What is the legal basis for and purpose of the processing of personal data?
The basis of processing personal data is Learning Agents’ justified interest on the basis of a customer relationship.
The basis of processing personal data is:
- the delivery and development of our Open Badge Factory Service (“Service”),
- fulfilling our contractual and other promises and obligations,
- taking care of the customer relationship,
- analyzing and profiling behaviour of the data subject,
- electronic and direct marketing
What data do we process?
We process the following personal data regarding the customer’s user account (data subject):
- Basic information of the data subject such as *name, display *name, *password;
- Contact information of the data subject *e-mail address;
- Information of the service relationship and the contract such as details of the user profile, correspondence with the data subject and other references, cookies and data related to use of them;
From where do we receive data?
We receive personal data primarily from the data subject him/herself, as the data is entered into the Service by the data subject.
For the purposes described in this privacy notice, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations. Data updating of this kind is performed manually or by automated means.
To whom we disclose data and do we transfer data outside of EU or EEA?
We receive and process data in Canada. Only the data subject’s admin display name which the admin can define him/herself, is displayed to other users in the Service.
We process information ourselves and use subcontractors that process personal data on behalf of and for us. We have outsourced the IT-management to an external service provider, located in Canada, on whose server the data is stored. The server is protected and managed by the external service provider.
Data may be disclosed to authorities under compelling provisions. We do not disclose information of the register to external quarters. We do not transfer personal data outside Canada.
How do we protect the data and how long do we store them?
The personal data is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons, i.e. only those of our employees, who on behalf of their work are entitled to process customer data. These persons include the Service Provider’s customer service personnel and the technical administrators of the Service. Each user has a personal username and password to the system.
The data subject may at any time add, change and remove all data from the Service as well as delete the account entirely.
We store the data as long as it is necessary for the purpose of processing the data. We estimate regularly the need for data storage taking into account the applicable legislation. In addition, we take care of such reasonable actions of which purpose is to ensure that no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing.
What are your rights as a data subject?
As a data subject you have a right to inspect the personal data concerning yourself, which is stored in the register, and a right to require rectification or erasure of the data. This may be done by accessing, modifying and/or deleting your personal data stored in the Service by logging into the Service. If you need assistance, please contact the person mentioned in Section 2 above.
As a data subject you have the right to object processing at any time free of charge, including profiling in so far as it relates to direct marketing.
Learning Agents Inc.