AuraData Privacy Policy

As an individual authorizing the release of past education or professional designation information ("Verification Data") to a Subscriber, the data subject is asked to provide specific data in order for AuraData to accurately verify the data subject’s records on behalf of the Institution. AuraData collects the data subject's name, birth date, the Institution attended and the Student ID or Membership Number. Additionally, for education or professional designation verification, AuraData asks for the data subject's graduation year or year of membership with a professional body, and the degree or designation respectively.

For education or professional designation verification, the only mandatory fields are the data subject's name and/or date of birth. Providing the other information requested helps increase the accuracy of the search results.

We use the information collected strictly to fulfill a Subscriber's verification request and provide the Subscriber and the Institution with detailed transactional history of verification requests and Verification Data that have been processed using the AuraData System. AuraData never collects more personal information than is needed to fulfill these purposes.

We may collect and use statistical data regarding, for example, the number of verification requests or unmatched searches, to assess and improve the functionality of the AuraData System, but such aggregate data remains at all times anonymous, and thus is not of a personal nature. In the event that the Institution transmits and stores its data on AuraData's leased server space, any testing required to ensure accurate transmission occurs on de-identified data.

A data subject’s personal information is only disclosed to a Subscriber, upon the Subscriber's request, with your knowledge and consent. Verification Data is comprised of the following fields:

Education Verification Data

• Data subject's name (First name, middle name, last name, maiden name if applicable)
• Student Number
• Birth Date
• Degree, Diploma, Certificate
• Date of Graduation
• Any Major and/or Minor and/or Specializations
• Distinction/Honours
• Dates of Attendance

Professional Designation Verification Data

• Data subject's name (First name, middle name, last name, maiden name if applicable)
• Membership Number
• Birth Date
• Professional Designation
• Date of membership
• Dates of Attendance

Personal information is never traded, sold or leased by us to any other external organizations, except as specified in this policy. Your information may be disclosed by AuraData as required or permitted by legal and regulatory requirements, for example to comply with a court order or to facilitate a police investigation.

Since AuraData acts as the Institution's agent, the release of Subscriber verification requests to the Institution through transaction logs does not constitute a disclosure of personal information. Such information may be required by the Institution in order to investigate complaints, confirm accounting, confirm compliance audits and track information accessed.

A data subject’s information may be shared with contractors that we engage to provide support for the AuraData System and as required to fulfill manual search requests. However, we ensure that any such contractor is screened and enters into a written agreement with AuraData that clearly binds them to protect personal information and honour the principles of privacy in accordance with applicable privacy laws.

AuraData is a Canadian company and stores your data in Canada. Note that personal information may be transferred to a foreign jurisdiction other than the country in which the data subject lives in the context of a Subscriber verification request. Such information may be accessible by law enforcement or national security authorities of that jurisdiction upon request, in order to comply with foreign laws.

AuraData requires that a Subscriber submits a consent form to the AuraData System before releasing any information to a Subscriber. The AuraData authorization form states that data subjects authorize the release to the identified company of any information concerning education, enrolment or professional designation, only to be directly used by the company for the purposes for which the information is being requested. AuraData and the Institution do not accept any responsibility in the event that a Subscriber uses Verification Data for any additional purposes, or in the event that the Subscriber subsequently discloses the search results to third parties.

By providing a Subscriber with a signed authorization form, the data subject has consented to AuraData's involvement, as an authorized agent, in transferring the Institution's data about the data subject to the Subscriber.

We retain a Subscriber's search request and the search results in the AuraData System for 7 years after the search results are presented to the Subscriber. During that period of time, only the Subscriber and the Institution have access to this data using their unique usernames and passwords.

To the extent that paper records are required for or created when conducting manual searches, such records will be immediately shredded when no longer required for the search. The original electronic documents will be maintained on the system.

We have implemented the technology as well as procedures and policies to ensure that personal information stored in the AuraData System is kept secure. For example:

• AuraData uses state-of-the-art data centres that provide a highly secure physical infrastructure, including the latest in biometric authentication, video surveillance, and round-the-clock security officers.
• A separate dedicated firewall is in place for AuraData's servers.
• All transactions are secured using an SSL certificate.
• AES 256 bit encryption and authentication ensures that data can only be decrypted by AuraData, securing your personal information from intruder attacks.
• Subscribers must choose strong passwords based on password intelligence built into the system and passwords automatically expire after 180 days. Subscribers are required to protect their passwords and inform AuraData if they feel their password has been compromised.
• Subscribers are required through a Terms of Use Agreement to protect any and all personal information obtained using the AuraData System in accordance with the CSA Model Code for the Protection of Personal Information (CAN/CSA-Q830-96) and applicable laws.
• A unique transfer program has been developed for each Institution that will be storing their data on the AuraData leased server space to ensure secure transfer.
• Back-ups of the AuraData system occur nightly. Nightly backups are overwritten on a weekly basis. All back ups are stored at secure data centres.
• When paper records are required for manual searches, such records are not left in plain view when unattended and are locked up when not in use.

All staff are appropriately trained to comply with this policy and applicable privacy laws and appropriate data security best practices.

AuraData is not responsible for the training, handling of information, turnover or agreements between institutions and their employees and/or contractors. AuraData cannot guarantee the vetting, security, training or technical soundness of any educational institution’s method of handling, sending or storing of data.

AuraData receives search results directly from the Institution's databases and relies fully on the Institution to provide accurate records of your personal information. Note that for those Institutions leasing space on AuraData's servers to store their data, there may be a one week delay in data updates depending on when updated information is transmitted to the leased space. AuraData is not responsible for the accuracy of the information that is provided to Subscribers.

Data subjects may at any time make a written request to the Institution for access to their personal information, as stored by the Institution, in order to verify any such information. A data subject may also at any time make a written request for access to any Verification Data, as stored by AuraData, but must contact the Institution directly with any concerns about the accuracy of this data.

AuraData takes full responsibility for the management and confidentiality of the personal information it holds. We also have a detailed privacy breach response plan to effectively manage and mitigate privacy risks.

EU data subjects permanently residing in the European Union may have supplementary statutory rights with respect to their personal information as outlined in the General Data Protection Regulation EU/2016/679. This includes the right to access your personal information, have it deleted, have it corrected, or object to or restrict processing. If you would like to make such a request, please email service@auradata.com and we will respond in a timely manner. In the context of a request for erasure, AuraData will scramble or pseudonymize the data subject’s information to make it anonymous.

AuraData is a Canadian organization and uses data hosting providers that only store and process data within Canada. Canada was the first country outside of Europe deemed adequate by the EU Commission in 2001, under the EU Data Protection Directive 95/46/EC (the GDPR’s predecessor). An adequacy finding allows the flow of data from the EU to Canada as a trusted country in data protection.

Cookies are small text files stored on your device when you visit a website. They serve various purposes, enhancing your browsing experience, remembering preferences, and providing personalized content. We use cookies for the following purposes:

1. Essential Cookies

These are necessary for the basic functionality of our Website, enabling navigation, essential features, and access to secure areas. Without these cookies, certain services may not be available.

2. Preference Cookies

These cookies enhance your overall user experience by remembering preferences, such as language settings and font size.

3. Third-Party Cookies

Our website uses Google reCAPTCHA, a service provided by Google LLC ("Google"), as the only third-party cookie. Google reCAPTCHA enhances the security of our forms and helps prevent spam.

Google reCAPTCHA works by collecting various types of user information to determine whether the actions on our Website are being performed by a human or an automated bot. The information collected may include IP addresses, mouse movements, keystrokes, and other data. By using Google reCAPTCHA, you are subject to Google's Privacy Policy, which can be found here.

We recommend reviewing Google's privacy policy to understand how they collect, use, and protect your information when using their services.

4. Your Cookie Choices

You have the option to control and manage cookies through your browser settings.

We use Google Analytics, a web analytics service provided by Google LLC ("Google"). Google Analytics uses cookies to collect information about how visitors use our website. This information is used to analyze trends, administer the site, track user interactions, and gather demographic information.

The data collected by Google Analytics is processed in a way that does not directly identify individuals. It may include the IP address of your device, browser type, Internet Service Provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information solely for the purpose of understanding how visitors interact with our website and to improve the user experience.

By using our website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. For more information on how Google Analytics collects and processes data, as well as your options for controlling the information sent to Google, please visit Google's Privacy & Terms.

You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on, available at  https://tools.google.com/dlpage/gaoptout.