“ARUCC” means the Association of Registrars of the Universities and Colleges of Canada – ARUCC, a not-for-profit entity which owns the Solution. ARUCC is a federally incorporated entity established to support the post-secondary institutions across Canada to advance registrarial best practices and student success and mobility within the higher education sector. ARUCC members include colleges, universities, institutes, application centres, and other organizations from across Canada.
“Authorized Users” means users of the Solution.
“Issuer” means Authorized Users who issue and certify documents as official such as a college or university.
“Personal Information” means information about an identifiable individual.
“Service Provider CORE” means Service Provider’s Certified Online Record Exchange (CORE) cloud platform.
“Service Provider” means Digitary Canada Inc.
“Solution” means the MesCertif™, MyCreds™, MyCreds™ Portfolio, MyCreds Verify, and MyCreds Member sites at mycreds.ca and mescertif.ca, and the software solution for the verification of academic credentials for a network of Canadian post-secondary institutions, using the Certified Online Record Exchange (CORE) cloud platform, together with any updates, upgrades, documentation and new functionality made available from time to time.
How does ARUCC collect, use, disclose and protect the personal information of Authorized Users?
ARUCC is committed to protecting the privacy of Authorized Users when they use the Solution. The Solution is hosted in Canada and all Canadian student data is housed in Canada. The Authorized User’s information is collected and used in compliance with the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA).
Authorized Users who have attended foreign institutions may choose to access and share credentials that originate outside of Canada. In this case, providers of the documents would be subject to their own foreign privacy and data protection requirements.
Collection and Use of Personal Information
The Solution includes a document-issuing platform which is owned, provided and managed by the Service Provider. The Service Provider CORE collects the Personal Information provided by Authorized Users when they create their online account, including their name, mobile number for use in multi-factor authentication and email address from their original place of study.
The Service Provider CORE saves this information in its database so that Authorized Users may view and share their official transcripts, documents, and credentials with other post-secondary institutions and/or third parties without having to contact their current and former post-secondary institution(s).
Only information that is essential to verify your identity and provide the services that you have requested will be collected. No additional Personal Information will be requested from you without your express consent.
Authorized Users who are also Issuers, such as universities, colleges, application centres and data hubs may store personal academic information of other Authorized Users. Any such information may be stored for different lengths of time, depending on the policies and requirements of the Issuer. ARUCC has no access to Issuers’ documents for other Authorized Users.
Disclosure of Personal Information
When an Authorized User shares their official transcripts, documents, or credentials to another post-secondary institution or third party from within the Solution, the information is provided with the Authorized User’s permission.
ARUCC may collect, aggregate, and anonymize information or transactional data input or collected through the Solution, for the purpose of statistical analysis, data analytics, product improvement, benchmarking, policy, operations and other research, and for other business purposes, subject to the following:
- All aggregated data will be stripped of identifiers (such as specific users, names or student numbers) that would identify specifics about individual users;
- Aggregated data will not be traceable back to any specific users; and
- ARUCC shall have rights hereunder to use, dispose of and own such anonymized and aggregated data at its discretion whether during or after the term of this agreement.
ARUCC has specific written Tripartite Information Sharing Agreements with each Issuer and the Service Provider. All agreements are governed by applicable provincial or federal privacy legislation.
Authorized User’s Personal Information will never be released, sold or traded by ARUCC to any other external organizations, except as requested by you or specified in this Policy. Your information could be transmitted from one Authorized User to another Authorized User. This information may be disclosed if required by law, for example by a court order, or as otherwise permitted under applicable privacy laws.
Keeping Personal Information Secure
For security purposes, the Solution employs up-to-date software programs to monitor network traffic to identify unauthorized attempts to upload or change information, and to safeguard all Personal Information.
Steps to take
Authorized Users are obligated to learn about protecting their systems, connectors, personal computers and electronic devices to ensure that their online activities remain private and secure.
Only information that is essential to verify an Authorized User’s identity and provide the services that they have requested will be collected by ARUCC. Access to Authorized User Personal Information on the Solution is protected with a password selected by the Authorized User. It is strongly recommended that Authorized Users choose their own secure password and not disclose it to anyone. ARUCC will never ask Authorized Users for their password in any unsolicited communication and will not be held responsible if an Authorized User discloses their password to others.
Authorized Users of the Solution will provide their consent when activating their account to collect, use and transmit their information when they request services. By using the Solution, the Authorized User is providing consent to collection, use and disclosure of their Personal Information, and they enable the Service Provider to act as their agent to transfer their Personal Information to authorized third parties to provide the services they requested. If an Authorized User does not consent to sharing their Personal Information, it will not be passed to another third party.
Access and Correction of Personal Information
Authorized Users of the Solution will be able to view their Personal Information. The Service Provider will have access to the Authorized Users’ documents for the purposes of ensuring the effective operation of the Solution and to ensure diligence in the protection of Personal Information. Authorized Users who wish to correct errors or inaccuracies in the Personal Information must contact the Issuer of their original document (e.g., their current or former college or university). ARUCC does not have access to, nor authority to change or alter any of an Authorized User’s academic information or documents.
Web Site Information
The Solution provides services based on an Authorized User’s authenticated account. Therefore, the Solution records each time an Authorized User logs in and records their activities when using the Solution, and each time a website visitor visits our websites. Further, any information the Authorized User enters or updates is logged, including the date and time of the change. This logging protects users by enabling ARUCC and the Service Provider to investigate potential misuses of the Solution.
ARUCC also uses site access information to help make its site more useful to visitors and to learn about the number of visitors and types of technology used by visitors to the website.
Links to other websites
- To provide a great experience for visitors, learners, members, and verifiers visiting and using the MyCreds.ca and MesCertif.ca websites.
- To identify registered Authorized Users (Authorized Users are those who register with MyCreds.ca and MesCertif.ca as a learner, member, and verifier).
- To monitor and analyze the performance, operation and effectiveness of MyCreds.ca and MesCertif.ca websites.
- To ensure the MyCreds.ca and MesCertif.ca websites are secure and safe to use.
The following are the types of cookies that may be used on the MyCreds.ca and MesCertif.ca site:
- First-party cookies: Cookies that the ARUCC uses and other cookies that are placed and used by third parties.
- Third-party cookies: Cookies that Service Provider uses and other cookies that are placed and used by third parties.
ARUCC does not store Personal Information in cookies, nor collect Personal Information from Authorized Users without their knowledge as they browse this site.
Session (transient) cookies: These cookies are erased when site visitors close their browsers and are not used to collect information from their computers. They typically store information in the form of a session identification that does not personally identify the user.
Persistent (permanent or stored) cookies: These cookies are stored on a site visitor’s hard drive until they expire (at a set expiration date) or until they are deleted. These cookies are used to collect identifying information about the user, such as web surfing behavior or user preferences for a specific site.
Strictly necessary cookies: These are the cookies that let MyCreds.ca and MesCertif.ca visitors browse through the MyCreds.ca and MesCertif.ca websites. They are also necessary for security reasons.
Functional cookies: These cookies “remember” registered visitors/customers in order to improve their user experience.
On release of any updates, upgrades, documentation and new functionality made available from time to time, or material change in the Solution, ARUCC reserves the right to modify this Policy and to impose new or additional terms or conditions. The then-current terms (including any modifications and additional terms and conditions if applicable) will be presented to you and will be effective immediately upon your acceptance of the terms and continued use of the Solution.