Introduction
This Privacy Policy applies to MesCertif™, MyCreds™, MyCreds™ Portfolio, MyCreds™ Verify, and MyCreds™ Member websites (the “Solution” as further defined below).
Defined Terms
“ARUCC” means the Association of Registrars of the Universities and Colleges of Canada – ARUCC, a not-for-profit entity which owns the Solution. ARUCC is a federally incorporated entity established to support the post-secondary institutions across Canada to advance registrarial best practices and student success and mobility within the higher education sector. ARUCC members include colleges, universities, institutes, application centres, and other organizations from across Canada.
“Authorized Users” means users of the Solution.
“Issuer” means Authorized Users who issue and certify documents as official such as a college or university.
“Personal Information” means information about an identifiable individual.
“Service Provider CORE” means Service Provider’s Certified Online Record Exchange (CORE) cloud platform.
“Service Provider” means Digitary Canada Inc.
“Solution” means the MesCertif™, MyCreds™, MyCreds™ Portfolio, MyCreds Verify, and MyCreds Member sites at mycreds.ca and mescertif.ca, and the software solution for the verification of academic credentials for a network of Canadian post-secondary institutions, using the Certified Online Record Exchange (CORE) cloud platform, together with any updates, upgrades, documentation and new functionality made available from time to time.
How does ARUCC collect, use, disclose and protect the personal information of Authorized Users?
ARUCC’s Commitment
ARUCC is committed to protecting the privacy of Authorized Users when they use the Solution. The Solution is hosted in Canada and all Canadian student data is housed in Canada. The Authorized User’s information is collected and used in compliance with the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA).
Authorized Users who have attended foreign institutions may choose to access and share credentials that originate outside of Canada. In this case, providers of the documents would be subject to their own foreign privacy and data protection requirements.
Collection and Use of Personal Information
The Solution includes a document-issuing platform which is owned, provided and managed by the Service Provider. The Service Provider CORE collects the Personal Information provided by Authorized Users when they create their online account, including their name, mobile number for use in multi-factor authentication and email address from their original place of study.
The Service Provider CORE saves this information in its database so that Authorized Users may view and share their official transcripts, documents, and credentials with other post-secondary institutions and/or third parties without having to contact their current and former post-secondary institution(s).
Please visit the Service Provider’s website for more information on their privacy policy: https://www.digitary.net/privacy-policy/.
ARUCC uses Stripe, a third party provider, to process payments for document delivery transactions which is integrated with the Solution. For this, all payment information including credit card information is held by Stripe, not by ARUCC or the Service Provider. Both ARUCC and Service Provider have no access to credit card information. Only an Authorized User’s name, email, and the amount charged, along with the transaction type are kept and accessible to ARUCC and the Service Provider. More information regarding Stripe’s privacy policy is available online: https://stripe.com/en-ca/privacy
Only information that is essential to verify your identity and provide the services that you have requested will be collected. No additional Personal Information will be requested from you without your express consent.
Authorized Users who are also Issuers, such as universities, colleges, application centres and data hubs may store personal academic information of other Authorized Users. Any such information may be stored for different lengths of time, depending on the policies and requirements of the Issuer. ARUCC has no access to Issuers’ documents for other Authorized Users.
Authorized Users may lodge a request to have any data that we have collected erased. Requests should be lodged in writing and sent to support@digitary.net. We will review requests and act on them in accordance with this Policy and applicable privacy laws. Please note that in cases where we are not the data controller of the personal information in question, we may have to refer such requests to the applicable data controller for processing.
Disclosure of Personal Information
When an Authorized User shares their official transcripts, documents, or credentials to another post-secondary institution or third party from within the Solution, the information is provided with the Authorized User’s permission.
ARUCC may collect, aggregate, and anonymize information or transactional data input or collected through the Solution, for the purpose of statistical analysis, data analytics, product improvement, benchmarking, policy, operations and other research, and for other business purposes, subject to the following:
- All aggregated data will be stripped of identifiers (such as specific users, names or student numbers) that would identify specifics about individual users;
- Aggregated data will not be traceable back to any specific users; and
- ARUCC shall have rights hereunder to use, dispose of and own such anonymized and aggregated data at its discretion whether during or after the term of this agreement.
ARUCC has specific written Tripartite Information Sharing Agreements with each Issuer and the Service Provider. All agreements are governed by applicable provincial or federal privacy legislation.
Authorized User’s Personal Information will never be released, sold or traded by ARUCC to any other external organizations, except as requested by you or specified in this Policy. Your information could be transmitted from one Authorized User to another Authorized User. This information may be disclosed if required by law, for example by a court order, or as otherwise permitted under applicable privacy laws.
Keeping Personal Information Secure
For security purposes, the Solution employs up-to-date software programs to monitor network traffic to identify unauthorized attempts to upload or change information, and to safeguard all Personal Information.
Steps to take
Authorized Users are obligated to learn about protecting their systems, connectors, personal computers and electronic devices to ensure that their online activities remain private and secure.
Only information that is essential to verify an Authorized User’s identity and provide the services that they have requested will be collected by ARUCC. Access to Authorized User Personal Information on the Solution is protected with a password selected by the Authorized User. It is strongly recommended that Authorized Users choose their own secure password and not disclose it to anyone. ARUCC will never ask Authorized Users for their password in any unsolicited communication and will not be held responsible if an Authorized User discloses their password to others.
Giving Consent
Authorized Users of the Solution will provide their consent when activating their account to collect, use and transmit their information when they request services. By using the Solution, the Authorized User is providing consent to collection, use and disclosure of their Personal Information, and they enable the Service Provider to act as their agent to transfer their Personal Information to authorized third parties to provide the services they requested. If an Authorized User does not consent to sharing their Personal Information, it will not be passed to another third party.
Access and Correction of Personal Information
Authorized Users of the Solution will be able to view their Personal Information. The Service Provider will have access to the Authorized Users’ documents for the purposes of ensuring the effective operation of the Solution and to ensure diligence in the protection of Personal Information. Authorized Users who wish to correct errors or inaccuracies in the Personal Information must contact the Issuer of their original document (e.g., their current or former college or university). ARUCC does not have access to, nor authority to change or alter any of an Authorized User’s academic information or documents.
Web Site Information
The Solution provides services based on an Authorized User’s authenticated account. Therefore, the Solution records each time an Authorized User logs in and records their activities when using the Solution, and each time a website visitor visits our websites. Further, any information the Authorized User enters or updates is logged, including the date and time of the change. This logging protects users by enabling ARUCC and the Service Provider to investigate potential misuses of the Solution.
ARUCC also uses site access information to help make its site more useful to visitors and to learn about the number of visitors and types of technology used by visitors to the website.
Links to other websites
This website contains links to other sites. ARUCC is not responsible for the content or the privacy practices of external websites. Authorized Users are encouraged to examine each site’s privacy policy and disclaimers and make their own decisions regarding the accuracy, reliability, and correctness of material and information found.
Use of cookies
A cookie is a file placed on an Authorized User’s computer with their temporary internet files while they are visiting a website. Our Solution and website uses cookies to track how visitors use the website and to maintain a login session.
ARUCC uses cookies to aid in the collection of anonymous statistical information such as browser type, screen size, traffic patterns and pages visited. This information is then used to improve service.
The reasons ARUCC uses cookies are as follows:
- To provide a great experience for visitors, learners, members, and verifiers visiting and using the MyCreds.ca and MesCertif.ca websites.
- To identify registered Authorized Users (Authorized Users are those who register with MyCreds.ca and MesCertif.ca as a learner, member, and verifier).
- To monitor and analyze the performance, operation and effectiveness of MyCreds.ca and MesCertif.ca websites.
- To ensure the MyCreds.ca and MesCertif.ca websites are secure and safe to use.
The following are the types of cookies that may be used on the MyCreds.ca and MesCertif.ca site:
- First-party cookies: Cookies that the ARUCC uses and other cookies that are placed and used by third parties.
- Third-party cookies: Cookies that Service Provider uses and other cookies that are placed and used by third parties.
ARUCC does not store Personal Information in cookies, nor collect Personal Information from Authorized Users without their knowledge as they browse this site.
Duration:
Session (transient) cookies: These cookies are erased when site visitors close their browsers and are not used to collect information from their computers. They typically store information in the form of a session identification that does not personally identify the user.
Persistent (permanent or stored) cookies: These cookies are stored on a site visitor’s hard drive until they expire (at a set expiration date) or until they are deleted. These cookies are used to collect identifying information about the user, such as web surfing behavior or user preferences for a specific site.
Category:
Strictly necessary cookies: These are the cookies that let MyCreds.ca and MesCertif.ca visitors browse through the MyCreds.ca and MesCertif.ca websites. They are also necessary for security reasons.
Functional cookies: These cookies “remember” registered visitors/customers in order to improve their user experience.
Changes
On release of any updates, upgrades, documentation and new functionality made available from time to time, or material change in the Solution, ARUCC reserves the right to modify this Policy and to impose new or additional terms or conditions. The then-current terms (including any modifications and additional terms and conditions if applicable) will be presented to you and will be effective immediately upon your acceptance of the terms and continued use of the Solution.
Contact Us
ARUCC works to protect the privacy of Authorized Users by regularly reviewing its privacy policy. For more information about any of the privacy policies and practices described here, please contact ARUCC using the contact information below.
For concerns or questions about ARUCC’s privacy policy, please email: info@aruccnationalnetwork.ca