Effective Date 12/6/2022
Canvas Badges is an online platform to create, curate, distribute, receive, explore, and share micro-credentials (“Badges”), and users can access tools to issues Badges to Badge Recipients, as well as associated administrative tools and services, such as Canvas Credentials.
- PRIVACY RESPONSIBILITIES.
1.2. Your Responsibilities. We process Customer Data pursuant to the Canvas Badges Terms of Service or, if applicable, the master agreement your organization has with us. We have no direct control or ownership of the Personal Information we process for Business Account Owners. Business Accounts Owners are responsible for complying with any regulations or laws that require provided notice, disclosure, and/or obtaining consent prior to transferring the Customer Data to us for process purposes.
- PERSONAL INFORMATION WE PROCESS.
- PERSONAL INFORMATION WE DO NOT PROCESS.
3.1. Sensitive Personal Data. We do not intentionally collect any sensitive personal data, such as health information, genetic data, religious information, and government issued ID numbers.
3.1. Children’s Personal Data. Canvas Badges are not intended for children under 13. Our Terms prohibit anyone under the age of 13 from using Canvas Badges.
- HOW WE SHARE PERSONAL INFORMATION.
We share Personal Information contained in the Customer Data with certain third parties in the following circumstances:
4.1. Badge Sharing with Badge Recipients. Once a Badge is issued, that Badge becomes sharable at the discretion of the Badge Recipient.
4.2. Badge Sharing by Third Parties. As part of the Badge Connect™ open standard, Instructure may share issued Badges with third parties. The third party accessing Canvas Badges for such purposes is solely responsible for obtaining the Badge Recipient’s consent in advance of accessing Canvas Badges for such purposes and for ensuring it shares such Badges only with third-party services the Badge Recipients’ have expressly authorized.
4.3. Service Providers. To assist us in meeting business operations needs and to perform certain services it is sometimes necessary to share Personal Information with third-party providers, such as providers of hosting, payment processing, email communication, and analytics. If required under applicable law, we will make a list of third-party service providers available to you upon request sent to firstname.lastname@example.org.
4.4. Business Transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of a service to another provider, Personal Information and other information may be transferred to a successor or affiliate as part of that transaction.
4.5. Legal Requirements. We may share Personal Information in order to: (a) comply with our legal obligations, (b) detect, prevent, or otherwise address fraud, security or technical issues, (c) enforce applicable policies, including investigation of potential violations, or (d) protect against harm to the rights, property or safety of our users, the public, or ourselves. We may also share Personal Information with your consent or as otherwise disclosed at the time of collection.
5. DATA RETENTION. Instructure will delete or return all Personal Information contained in Customer Data (including copies thereof), on termination or expiration of your Business Account in accordance with the procedures and timeframes set out in the Canvas Badges Terms of Service, except that this requirement shall not apply to the extent we are required by applicable law to retain some or all of the Personal Information we have archived on back-up systems, which data we will securely isolate and protect from any further processing. Please note that once a Badge is issued, it is freely sharable by that Badge Recipient on an ongoing basis and any Personal Information included in that Badge’s meta-data remains as part of the Badge unless Instructure is directed to delete such information pursuant to a deletion request made by the Badge Recipient or unless the issuer of the Badge corrects or revokes the Badge through its Business Account. Contact us at email@example.com if you have questions about retention of Business Account related Personal Information.
6. INTERNATIONAL TRANSFER OF DATA. If you are using Canvas Badges from a country outside the United States, Customer Data may be transferred for processing from your current location to our offices and servers and our authorized third-party service providers located globally, including in the United States. Other countries may have data protection laws less stringent than or otherwise different from the laws in effect in the country in which you are located. When we transfer information of individuals in the European Economic Area (EEA) or the United Kingdom (UK), we make use of standard contractual data protection clauses, which have been approved by the European Commission.
8. SECURITY. We take reasonable administrative and technical steps to protect Customer Data from loss, misuse and unauthorized access, disclosure, alteration, or destruction. We protect the security of Customer Data during transmission by using Secure Sockets Layer (SSL) software or other encryption technology, which encrypts personal data you input. Wherever appropriate, we obfuscate and/or encrypt Customer Data in our systems and/or during information transfer. However, no method of transmission over the internet is 100% secure and we cannot absolutely guarantee the security of Customer Data. It is important for you to protect against unauthorized access to your password to the Site and to your computer. Be sure to sign out of Canvas Badges when finished.
10. DATA REQUESTS. If you want to access, correct, amend, or delete data controlled by a Business Account Owner, you should direct your query to the Business Account Owner (the data controller). We will work with customers to respond to data subject requests as outlined in our DPA.
You may request the deletion of your Canvas Badges account by sending a request to firstname.lastname@example.org. You should also review our DPA to understand our obligations as a processor of your data and how we comply with relevant data protection laws.