Badgr is an online platform to create, curate, distribute, receive, explore, and share micro-credentials (“Badges”) and users can access tools to issues Badges to Badge Recipients, as well as associated administrative tools and services.
1. PRIVACY RESPONSIBILITIES.
1.2. Your Responsibilities. We process Customer Data pursuant to the Badgr Terms of Service or, if applicable, the master agreement your organization has with us. We have no direct control or ownership of the Personal Information we process for Business Account Owners. Business Accounts Owners are responsible for complying with any regulations or laws that require provided notice, disclosure, and/or obtaining consent prior to transferring the Customer Data to us for process purposes.
2. PERSONAL INFORMATION WE PROCESS.
3. PERSONAL INFORMATION WE DO NOT PROCESS.
3.1. Sensitive Personal Data. We do not intentionally collect any sensitive personal data, such as health information, genetic data, religious information, and government issued ID numbers.
3.1. Children’s Personal Data. We do not intentionally collect any personal data from, or direct Badgr to, children under 13. Our Terms prohibit anyone under the age of 13 from using Badgr.
4. HOW WE SHARE PERSONAL INFORMATION.
We share Personal Information contained in the Customer Data with certain third parties in the following circumstances:
4.1. Badge Sharing with Badge Recipients. Once a Badge is issued, that Badge becomes sharable at the discretion of the Badge Recipient.
4.2. Badge Sharing by Third Parties. As part of the Badge Connect™ open standard, CSky may share issued Badges with third parties. The third party accessing Badgr for such purposes is solely responsible for obtaining the Badge Recipient’s consent in advance of accessing Badgr for such purposes and for ensuring it shares such Badges only with third-party services the Badge Recipients’ have expressly authorized.
4.3. Service Providers. To assist us in meeting business operations needs and to perform certain services it is sometimes necessary to share Personal Information with third-party providers, such as providers of hosting, payment processing, email communication, and analytics. If required under applicable law, we will make a list of third-party service providers available to you upon request sent to firstname.lastname@example.org.
4.4. Business Transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of a service to another provider, Personal Information and other information may be transferred to a successor or affiliate as part of that transaction.
4.5. Legal Requirements. We may share Personal Information in order to: (a) comply with our legal obligations, (b) detect, prevent, or otherwise address fraud, security or technical issues, (c) enforce applicable policies, including investigation of potential violations, or (d) protect against harm to the rights, property or safety of our users, the public, or ourselves.
5. DATA RETENTION. CSky will delete or return all Personal Information contained in Customer Data (including copies thereof), on termination or expiration of your Business Account in accordance with the procedures and timeframes set out in the Badgr Terms of Service, except that this requirement shall not apply to the extent we are required by applicable law to retain some or all of the Personal Information we have archived on back-up systems, which data we will securely isolate and protect from any further processing. Please note that once a Badge is issued, it is freely sharable by that Badge Recipient on an ongoing basis and any Personal Information included in that Badge’s meta-data remains as part of the Badge unless CSky is directed to delete such information pursuant to a deletion request made by the Badge Recipient or unless the issuer of the Badge corrects or revokes the Badge through its Business Account. Contact us at email@example.com if you have questions about retention of Business Account related Personal Information.
6. INTERNATIONAL TRANSFER OF DATA. If you are using Badgr from a country outside the United States, Customer Data may be transferred for processing from your current location to our offices and servers and our authorized third-party service providers located globally, including in the United States. Other countries may have data protection laws less stringent than or otherwise different from the laws in effect in the country in which you are located. When we transfer information of individuals in the European Economic Area (EEA) or the United Kingdom (UK), we make use of standard contractual data protection clauses, which have been approved by the European Commission, and we also self-certify with the U.S. Department of Commerce that Badgr complies with EU-US Privacy Shield in relation to the GDPR framework as set forth by the European Union regarding the collection, use, and retention of personal data based in the EEA and the UK; please refer to our Privacy Shield Statement.
8. SECURITY. We take reasonable administrative and technical steps to protect Customer Data from loss, misuse and unauthorized access, disclosure, alteration, or destruction. We protect the security of Customer Data during transmission by using Secure Sockets Layer (SSL) software or other encryption technology, which encrypts personal data you input. Wherever appropriate, we obfuscate and/or encrypt Customer Data in our systems and/or during information transfer. However, no method of transmission over the internet is 100% secure and we cannot absolutely guarantee the security of Customer Data. It is important for you to protect against unauthorized access to your password to the Site and to your computer. Be sure to sign out of Badgr when finished.
10. DATA REQUESTS. If you want to access, correct, amend, or delete data controlled by a Business Account Owner, you should direct your query to the Business Account Owner (the data controller). We will work with customers to respond to data subject requests as outlined in our DPA.
You may request the deletion of your Badgr account by sending a request to firstname.lastname@example.org. You should also review our DPA to understand our obligations as a processor of your data and how we comply with relevant data protection laws.
LAST REVISED: April 8, 2022.