Privacy Policy

Updated May 24, 2018

Introduction

We ask you to read this Privacy Policy carefully before using the CanCred Passport service (“Service”).

Learning Agents Inc., a Canadian corporation (“Service Provider”), is committed to protecting user privacy by complying with the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and the EU General Data Protection Regulation (“GDPR”).

Personal Information means information about an identifiable individual. This Privacy Policy covers personal information that the Service Provider is collecting from you (“User”) in connection with the Service and how the Service Provider uses such personal information.

The Service strives to offer Users a safe environment to accept, store, display and share digital credentials based on the Mozilla Open Badge standard (later referred to as badges).

As a User of the Service, your use is subject to this Privacy Policy. If you do not accept the processing of personal information as outlined herein, please do not use the Service.

Individuals under the age of 13 are not permitted to use the Service or the Service website. The Service does not collect personal information from individuals under the age of 13.

Description of personal information and methods for its collection

The Service collects the following User information to become a User of the Service:

  • First name
  • Last name
  • Email address
  • Language
  • Country

The User may also optionally create a Profile that is shared with other registered uses or the public, containing his/her first name, last name and picture and, the following optional, independently entered personal information:

  • Introduction
  • Portrait picture
  • Email address
  • Phone number
  • Address
  • City
  • State
  • Country
  • Facebook account
  • LinkedIn account
  • Twitter account
  • Pinterest account
  • Instagram account
  • Blog

The optional information can be selectively displayed on a Profile page along with recent badges which may have been accepted and shared by the User.

The User may also optionally create one or more Pages that can be shared with other registered uses or the public, containing badges he/she has earned, and other content such as text commentary, uploaded documents and links to other web sites. Recent Pages the User has created and shared are also displayed on the Profile page.

The User may also choose one or both of the following methods to log in using existing social media identities:

  • Connect with Facebook
  • Connect with LinkedIn

Purpose for the handling of personal information

The Service Provider collects information and personal data to maintain and handle the relationship between the Service Provider and the User and to plan and develop the business activity of the Service Provider through various research methods. The information and personal data may be used for distribution of information to the Users of the Service and possibly for direct marketing if user has given his/her consent or if allowed by law. The information and personal data may also be used for investigation and follow up in cases of suspected misuse.

Profile information entered by the User will be displayed to other registered users. It may also be displayed to the public at the discretion of the User.

If the User optionally provides links to his/her social media profiles on Third Party Services, these links will be displayed in the User’s profile on the Service.

If the User chooses to Connect to the Service with Third Party Services, such as Facebook and LinkedIn, the User allows the Service Provider access to personal information from these Third Party Services. The amount of personal information accessible from each Third party Service may vary according to User’s privacy settings on the Third Party Service.

When the User receives an email notice of having earned a badge from third party badge issuers using services such as CanCred Factory, he/she may ignore the notice, download the badge to his/her computer, or direct the badge to be transferred to his/her personal account on CanCred Passport. Irrespective of his/her decision, the third party issuer of the badge will retain a record of the earned badge containing the Earner’s email in their badge issuing service account. The Service Provider is not responsible for how third party badge issuers use, disclose or retain personal information they may have collected from the User. For more detail, please refer to the CanCred Factory Privacy Policy.

The User has the option to share individual badges with other registered users and with the general public, directly from the Service or through social media or other online services. User may optionally share a badge accompanied by the User’s name and/or linked evidence that was provided by the User to earn the badge. The User shares badges at his/her own discretion and accepts full responsibility for this.

The User also has the option to create and share Pages containing one or more badges, optionally accompanied by other personal information such as files uploaded to the Service by the User, links and embedded frames to other websites and free text that may be added to the page by the user. These Pages may be shared with other registered users and with the general public, directly from the Service or through social media or other online services. The link to a Page may ootionally be protected by a password set by the User. User shares Pages at his/her own discretion and accepts full responsibility for this.

The Service Provider may also collect information about the use of the Service for statistical purposes. This information does not target any individual user.

The Service Provider’s Internet servers may passively and automatically collect certain information about the website visitors’ traffic patterns, which may be linked to their Internet Protocol (IP) addresses (which are unique Internet “addresses” assigned to all Internet users by their Internet Service Providers). Server logs may record statistical information, such as visitors’ IP addresses, type of operating systems, time and duration of visit, pages requested, and identify categories of visitors by items such as domains and browser types. These statistics are generally collected and used on an aggregate basis.

  • Cookies: The Service website may use “cookies”. Cookies are small text files offered to your computer by servers in order to keep track of a browser as the User navigates a website. Cookies may be stored on the User’s hard drive, or in temporary (cache) memory, in which case they are deleted when the User shuts down the his/herbrowser or turns off his/her computer. The Service Provider may use cookies to record session information, such as the User’s browsing habits and past activity, to enable the Service Provider to provide the User with improved services such as customized webpage content. The User can disable cookies using his/her Internet browser’s settings. Please consult your browser’s help function for information about how to disable cookies. Note that if the User disables cookies, certain features of the Service website may not function properly.
  • Links to Third Party Websites: The Service website may contain links to other websites that are provided as a convenience only, and which may have different privacy policies and practices than those of the Service Provider. The Service Provider has no responsibility for these third party websites, and User is advised to review the privacy policies of any third party websites User chooses to visit.

Disclosure and Transfer of Personal Information

The Service Provider does not sell, trade, or otherwise transfer to outside parties the User’s personally identifiable information. This does not include trusted third parties who assist the Service Provider in operating its website, conducting its business, or servicing the User, so long as those parties agree to protect the personal information with a level of privacy protection which is comparable to that which is offered by Service Provider. Third parties can only use or disclose personal information for purposes which have been authorized by User in this Privacy Policy.

The Service Provider may also release the User’s information when the Service Provider believes release is appropriate to comply with applicable laws, enforce site policies, or protect its or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

The Service Provider maintains this service and stores and processes any information collected through this service on servers located in Canada. No personal data is transferred outside Canada by the Service Provider.

Preservation of personal information and security

The personal information is stored in the Service databases which are secured with firewalls and other appropriate technical measures. Some information may be kept outside the Service databases for the purposes of invoicing.

All persons handling the personal information have personal access rights (username, password and access level information) to the register issued by the register owner. Only persons who need said information to carry out their work assignments can access the user’s personal information. These persons include the Service Provider’s customer service and technical administrator personnel and trusted third parties.

The Service Provider will strive to ensure that no stored personal information disappears, is used for wrong purposes or is accessed or changed without authorization.

Personal information is retained for as long as is necessary for Service Provider to fulfill the purposes which have been identified to, and consented to by, User.

The User acknowledges that any information he/she provides to a badge issuer using badge issuing services such as CanCred Factory may be stored by that issuer, even after the User ceases using the Service and deletes his/her account information. The Service Provider is not responsible for how third parties such as badge issuers use, disclose or retain the User’s personal information, after the User discloses it to them.”

Users are warned not to disclose their username or password to anyone other than the Service Provider, such as in a situation where user support is requested of the Service Provider.

The User may withdraw his/her consent for the Service Provider to manage his/her personal information as described in this Privacy Policy, provided such withdrawal is subject to legal or contractual restrictions and reasonable notice. If the User withdraws consent, the Service Provider’s ability to provide Services to User may be restricted or rendered impossible.

Right of Access and Correction of Personal Information

Under the Personal Information Protection and Electronic Documents Act (PIPEDA), individuals have a right of access to personal information in the custody or control of an organization and an account of its use. If you are a resident of Canada, you can request this information by contacting the Service Provider using the information provided below.

EU PRIVACY DETAILS

For residents of the European Economic Area (EEA) or Switzerland, please note that the personal data information we obtain from or about you may be transferred, processed and stored outside of the EEA or Switzerland for the purposes described in this Privacy Policy. We take the privacy of our users seriously and therefore take steps to safeguard your information, including assuring an adequate level of data protection in accordance with EU standards.

Controller

Learning Agents
134 Home Street
Winnipeg, Manitoba
CANADA
Phone number: 1-204-219-5933
info@cancred.ca
(hereafter ”we” or ”Learning Agents”)

Contact person for register matters

Donald Presant
134 Home Street
Winnipeg, Manitoba
CANADA
info@cancred.ca

Name of register

CUSTOMER REGISTER FOR CANCRED FACTORY SERVICE

The basis of processing personal data is Learning Agents’ justified interest on the basis of a customer relationship.

The basis of processing personal data is:

  • the delivery and development of our Open Badge Factory Service (“Service”),
  • fulfilling our contractual and other promises and obligations,
  • taking care of the customer relationship,
  • analyzing and profiling behaviour of the data subject,
  • electronic and direct marketing

What data do we process?

We process the following personal data regarding the customer’s user account (data subject):

  • Basic information of the data subject such as *name, display *name, *password;
  • Contact information of the data subject *e-mail address;
  • Information of the service relationship and the contract such as details of the user profile, correspondence with the data subject and other references, cookies and data related to use of them;

Committing personal data marked with a star as well as allowing the use of cookies in the data subject’s browser, is a requirement for our contractual relationship with the customer. Without this necessary information we are not able to provide the Service.

From where do we receive data?

We receive personal data primarily from the data subject him/herself, as the data is entered into the Service by the data subject.

For the purposes described in this privacy notice, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations. Data updating of this kind is performed manually or by automated means.

To whom we disclose data and do we transfer data outside of EU or EEA?

We receive and process data in Canada. Only the data subject’s admin display name which the admin can define him/herself, is displayed to other users in the Service.

We process information ourselves and use subcontractors that process personal data on behalf of and for us. We have outsourced the IT-management to an external service provider, located in Canada, on whose server the data is stored. The server is protected and managed by the external service provider.

Data may be disclosed to authorities under compelling provisions. We do not disclose information of the register to external quarters. We do not transfer personal data outside Canada.

How do we protect the data and how long do we store them?

The personal data is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons, i.e. only those of our employees, who on behalf of their work are entitled to process customer data. These persons include the Service Provider’s customer service personnel and the technical administrators of the Service. Each user has a personal username and password to the system.

The data subject may at any time add, change and remove all data from the Service as well as delete the account entirely.

We store the data as long as it is necessary for the purpose of processing the data. We estimate regularly the need for data storage taking into account the applicable legislation. In addition, we take care of such reasonable actions of which purpose is to ensure that no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing.

What are your rights as a data subject?

As a data subject you have a right to inspect the personal data concerning yourself, which is stored in the register, and a right to require rectification or erasure of the data. This may be done by accessing, modifying and/or deleting your personal data stored in the Service by logging into the Service. If you need assistance, please contact the person mentioned in Section 2 above.

As a data subject you have the right to object processing at any time free of charge, including profiling in so far as it relates to direct marketing.

Changes to this Privacy Policy

The Service Provider reserves the right to make adjustments to this Privacy Policy at any time and from time to time. Service Providers suggests that Users you review this Privacy Policy on a regular basis.

Contact

If you have questions regarding this Privacy Policy or you believe that the Service Provider has not abided by this Privacy Policy, you are advised to contact the Service Provider using the information provided below:

Donald Presant
Learning Agents Inc.
(204) 219-5933
info@cancred.ca