Privacy

AURADATA PRIVACY POLICY

AuraData acts as an agent to Canadian educational institutions and professional bodies ("Institutions") that have signed a Master Service Agreement with AuraData.  AuraData does not collect information from an Institution, but, as authorized by YOU (being the "data subject"), simply accesses the Institution's data, which is located on AuraData's leased server space in conjunction with the Master Service Agreement or by contacting the Institute and checking the information on their own database. Thus, AuraData's role is to manage education and professional designation verification requests on behalf of Institutions that are signatory’s to the Master Service Agreement and the employer’s.

AuraData respects the privacy of individuals whose data we access. We are committed to protecting the personal information of data subjects when providing our services to Institutions and Subscribers (AuraData's clients who are authorized to access the AuraData System). Your personal information is only collected, used and disclosed by AuraData in accordance with this Privacy Policy. AuraData reserves the right, in its sole discretion, to modify, alter or otherwise update this Policy at any time, without providing notice, and you agree to be bound by such modifications, alterations or updates. Use of AuraData's services will signify your acceptance of revisions to this Policy. You should visit this page periodically to review this Policy.


WHY DO WE COLLECT PERSONAL INFORMATION?

As an individual authorizing the release of past education or professional designation information ("Verification Data") to a Subscriber, you are asked to provide specific data in order for us to accurately verify your records on behalf of the Institution. AuraData collects the data subject's name, birth date, the Institution attended and the Student ID or Membership Number. Additionally, for education or professional designation verification, AuraData asks for the data subject's graduation year or year of membership with a professional body, and the degree or designation respectively.

For education or professional designation verification, the only mandatory fields are the data subject's name and date of birth. Providing the other information requested helps increase the accuracy of the search results.

We use the information collected strictly to fulfill a Subscriber's verification request and provide the Subscriber and the Institution with detailed transactional history of verification requests and Verification Data that have been processed using the AuraData System. AuraData never collects more personal information than is needed to fulfill these purposes.

We may collect and use statistical data regarding, for example, the number of verification requests or unmatched searches, to assess and improve the functionality of the AuraData System, but such aggregate data remains at all times anonymous, and thus is not of a personal nature. In the event that the Institution transmits and stores its data on AuraData's leased server space, any testing required to ensure accurate transmission occurs on unidentifiable data fields.


WHEN DO WE DISCLOSE PERSONAL INFORMATION AND TO WHOM?

Your personal information is only disclosed to a Subscriber, upon the Subscriber's request, with your knowledge and consent. Verification Data is comprised of the following fields:

Education
Verification Data
Professional Designation
Verification Data

Data subject's name (First name, middle name, last name, maiden name if applicable)

Data subject's name (First name, middle name, last name, maiden name if applicable)

Student number.

Membership number.

Birth date.

Birth date.

Degree, diploma or certificate.

Professional designation.

Date of graduation.

Date of membership.

Any Major and/or Minors and/or Specializations.

 

Distinctions/Honours.

 

Your personal information is never traded, sold or leased by us to any other external organizations, except as specified in this policy. Your information may be disclosed by AuraData as required to meet legal and regulatory requirements, for example to comply with a court order.

Since AuraData acts as the Institution's agent, the release of Subscriber verification requests to the Institution through transaction logs does not constitute a disclosure of personal information. Such information may be required by the Institution in order to investigate complaints, confirm accounting, confirm compliance audits and track information accessed.

Your information may be shared with contractors that we engage to provide support for the AuraData System and to fulfill manual search requests as required. However, we ensure that any such contractor is screened and enters into a written agreement with AuraData that clearly binds them to protect your personal information and honour the principles of privacy in accordance with applicable privacy laws.


HAVE YOU CONSENTED?

AuraData ensures that a Subscriber submits a signed authorization form to the AuraData System before releasing any information to a Subscriber. The AuraData authorization form states that you authorize the release to the identified company of any information concerning your education, enrolment or professional designation, only to be directly used by the company for the purposes for which the information is being requested. AuraData and the Institution do not accept any responsibility in the event that a Subscriber uses Verification Data for any additional purposes, or in the event that the Subscriber subsequently discloses the search results to third parties.

By providing the Subscriber with your signed authorization form, you have consented to AuraData's involvement, as an authorized agent, in transferring the Institution's data about you to the Subscriber.


HOW LONG IS YOUR INFORMATION RETAINED?

We retain a Subscriber's search request and the search results in the AuraData System for a period of 7 years after the search results are presented to the Subscriber. During that period of time, only the Subscriber and the Institution have access to this data using their unique usernames and passwords.

To the extent that paper records are required for or created when conducting manual searches, such records will be immediately shredded when no longer required for the search. The original electronic documents will be maintained on the system.


HOW DO WE KEEP YOUR PERSONAL INFORMATION SECURE?

We have implemented the technology as well as procedures and policies to ensure that personal information stored in the AuraData System is kept secure. For example:

  • AuraData uses state-of-the-art data centres that provide a highly secure physical infrastructure, including the latest in biometric authentication, video surveillance, and round-the-clock security officers.
  • A separate dedicated firewall is in place for AuraData's servers.
  • All transactions are secured using an SSL certificate (256 bit encryption and authentication that assures the user that data is only being transferred to AuraData).
  • Subscribers must choose strong passwords based on password intelligence built into the system and passwords automatically expire after 60 days. Subscribers are required to protect their passwords and inform AuraData if they feel their password has been compromised.
  • Subscribers are required through a Terms of Use Agreement to protect any and all personal information obtained using the AuraData System in accordance with the CSA Model Code for the Protection of Personal Information (CAN/CSA-Q830-96) and applicable laws.
  • A unique transfer program will be developed for each Institution that will be storing their data on the AuraData leased server space to ensure secure transfer.
  • Back-ups of the AuraData system occur nightly. Nightly backups are overwritten on a weekly basis and stored at the secure data centre. Also, monthly backups of the system are transferred to a secure location and stored for one year. Annual backups are stored for seven years.

When paper records are required for manual searches, such records are not left in plain view when unattended and are locked up when not in use. All staff are appropriately trained to comply with this policy and applicable privacy laws.


HOW CAN YOU ACCESS YOUR PERSONAL INFORMATION AND CHECK ITS ACCURACY?

AuraData receives search results directly from the Institution's databases, and relies fully on the Institution to provide accurate records of your personal information. Note that for those Institutions leasing space on AuraData's servers to store their data, there may be a one week delay in data updates depending on when updated information is transmitted to the leased space. AuraData is not responsible for the accuracy of the information that is provided to Subscribers.

You may at any time make a written request to the Institution for access to your personal information, as stored by the Institution, in order to verify any of your information. You may at any time make a written request for access to any Verification Data, as stored by AuraData, but you must contact the Institution directly if you have any concerns about the accuracy of this data.

CONTACT US WITH ANY QUESTIONS OR CONCERNS

AuraData takes full responsibility for the management and confidentiality of the personal information it holds. AuraData and the Institution have no control and accept no responsibility for any decisions made by the Subscriber after receiving search results from AuraData.

If you have any concerns about this policy, or feel that AuraData is not abiding by it, please send a message to tom@auradata.com.

Privacy Officer
AuraData
 

Contact Institution directly:
Alternatively, you may contact the University of the Fraser Valley to discuss the education verification services being provided by AuraData to the University:

 

Registrar

University of the Fraser Valley

33844 King Road

Abbotsford, B.C.

V2S 7M8


Phone: 604-504-7441 Ext. 4393

Toll Free in Canada: 1-888-504-7441 Ext. 4393