Privacy Policy

Services Privacy Policy


Last modified: JUNE 12, 2024


1. Introduction

Culture Foundry is a web-based language learning platform for remote or in-person learning of languages by students of
various educational organizations and by the general public. Culturefoundry.app and related language learning websites
(“Sites”) are owned and operated by Achievement Unlocked Inc. (dba Culture Foundry) (“Culture Foundry” or “we” or “us”).


Culture Foundry respects your privacy and is committed to protecting it through our compliance with this Privacy Policy
(“Policy”). The privacy and security of our users is of utmost importance to us. This Policy enables you to better understand
how Culture Foundry collects, uses, discloses and protects Personal Information  when you use our Services. Culture
Foundry complies with, at a minimum, privacy law requirements in accordance with the federal Personal Information
Protection and Electronic Documents Act (S.C. 2000, c. 5) (PIPEDA), and, as applicable, substantially similar provincial
private  sector  privacy  laws.  In  some  instances,  Culture  Foundry  privacy  practices  may  comply  with  more  stringent
legislative  requirements  of  other  jurisdictions,  such  as  the  EU  General  Data  Protection  Regulation  (Regulation  (EU)
2016/679) (“GDPR”). As well, Culture Foundry’s privacy practices strive to be generally consistent with ISO/IEC 27001 and
ISO/IEC 27002, and Culture Foundry is working towards ISO/IEC 27001 and ISO/IEC 27002 certification.


2. What Does This Policy Apply To?

This Policy applies to the Personal Information we may collect relating to users (“you” or “your”) through our web-based
language learning Sites and Culture Foundry applications (“Services”). Please also refer to your Education Organization’s
(defined below) privacy policy, which governs its use of Organization User’s Personal Information.

3. Definitions

For the purposes of this Policy, in addition to the definitions otherwise stated in this Policy, the following definitions
apply:
Personal  Information”  is  any  information  provided  to  us  or  generated  within  Culture  Foundry  Services  about  an
identifiable individual, which includes information that can be used on its own or with other information to identify,
contact, or locate a single person, including name, username, or email address. Unless otherwise specified, Personal
Information referenced in this Policy is interchangeable with Personally Identifiable Information, which is information
that, that when used alone or in combination with other information, can identify an individual. Personal Information
which Culture Foundry collects is summarized in Section 6.


"Data Breach or Security Incident" means (i) any act or omission that materially compromises the security, confidentiality,
or integrity of Personal Information or the physical, technical, administrative, or organizational safeguards put in place by
Culture  Foundry  that  relate  to  the  protection  of  the  security,  confidentiality,  availability,  or  integrity  of  Personal
Information, or (ii) receipt of a complaint in relation to the privacy and data security practices of Culture Foundry or a
breach or alleged breach of this Policy relating to such privacy and data security practices.


Education  Organization”  refers  to  various  types  of  organizations  that  contract  with  Culture  Foundry  to  provide  its
language learning platform for remote or in-person learning of languages. Education Organizations may include schools,
school districts, ministries of education, and other organizations. Culture Foundry is selected by Education Organizations
through a procurement process which includes rigorous evaluation of many factors including privacy and security of
student user data. Each Education Organization retains ownership of all the information provided to Culture Foundry as
well as control over all the information created in the Services by Administrators and Organization Users.


Administrator” refers to any teacher, administrator, or other person related to the Education Organization that creates
an administration account on behalf of the Education Organization within the Culture Foundry Services to use the Services,
including the ability to add, delete, and manage Organization User accounts.


Organization User” refers to any student user who uses the Services through a user account created by or on behalf of
an Education Organization.  


Community User” refers to any user who uses the Services outside of Education Organization-created user account.
Note – an Organization User can become a Community User, and vice versa – see Section 5.


4. Who Uses Culture Foundry?

Culture Foundry is a broad language revitalization and learning platform purpose-built to support in-classroom and
remote  language  learning  both  within  schools  and  within  communities.  It  is  intended  both  for  use  by  Education
Organizations for their student users of all age levels, and also for use by community members, whether it’s individuals
in the wider community or independent student users.


5. How Are User Accounts Owned and Created?


Organization  Users  -  Education  Organizations  own  and  create  new  user  accounts  individually  or  in  bulk,  and  then
distribute  such  accounts  to  Organization  Users.  Organization  User  accounts  may  be  generated  with  no  Personally
Identifiable Information or Administrators can input certain Personally Identifiable Information. Administrators linked
to an Education Organization can then assign these accounts to Organization Users within their class. Organization Users
are managed by the Education Organization and/or Administrator. As such, Organization Users cannot make changes to
their username - only Administrators or Education Organizations can make changes to or delete the Organization User
accounts. Administrators will have access to Personal Information of Organization Users to whom the Administrator is
linked. Organization Users cannot create their own accounts. Culture Foundry Services for Organization Users are only
deployed as an officially sanctioned language learning platform by an Education Organization under that organization’s
umbrella opt-in and official data governance policies. Organization User consent obligations are the responsibility of the
Education Organization customer.
An  Education  Organization  can  release  an  Organization  User  account  to  no  longer  manage  it.  In  this  scenario,  the
Organization  User  account  becomes  a  Community  User  account  and  the  control  and  ownership  of  the  account  is
transferred to the Community User.


Community Users – Community Users own and create a user account directly on the Services learning platform.
An Education Organization can invite Community User accounts to be managed by the Education Organization. In this
scenario, Community User accounts become Education Organization-managed accounts. The account control/ownership
is transferred from the Community User to the Education Organization who will manage it, and the Community User
becomes an Organization User.


6. What Personal Information Do We Collect?

Culture Foundry collects limited Personal Information from its users, limited to Personal Information required for users
to create a user account and use the Services, and for Administrators to manage Organization User accounts and manages
their classes on the Services. Personally Identifiable Information of users which Culture Foundry collects or has access to
is as follows:

Table 1. Personally Identifiable Information

Collected Personal information Community Users and Administrators Organization Users
Username Yes Yes
Password Yes Yes
First Name Yes Optional*
Last Name Initial Yes Optional*
Spirit Name Optional Optional*
Emai Yes Optional*
Recovery Email Yes Optional*


*Administrators are the only users able to put this information into an Organization User account.


Organization Users - Each Education Organization determines generally what Personal Information they collect, store,
and  how  it  is  used.  We  use  Personal  Information  for  users  to  create  a  user  account  and  use  the  Services,  and  for
Administrators to manage Organization User accounts and manages their classes on the Services, in accordance with the
specific contractual agreement with that Education Organization. The Education Organization manages parent consent to
Culture Foundry and its other applications.
Please refer to your Education Organization’s privacy policy to inform yourself how your Education Organization collects
and shares your Personal Information.


7. What Other Information Do We Collect?

We collect and use several types of other non-personal information, including:


Non-personal Information collected by us: Culture Foundry may collect non-personal information directly through your
interaction on our Services. That non-personal information may include but is not limited to:


Information about user progress, such as amount of learning units completed (such as activities, modules, courses,
etc.); time taken to complete learning units; accuracy obtained when completing a learning unit; obtained in-app points
(experience, currency, etc).


User-generated digital content, such as text, including notes added to word flashcards and submitting experience
with word flashcards.


Usage information, such as information about how many users generally and at the Education Organization use the
Services, and how the Services are being used. The information collected may include information such as date stamp of
last time user logged in; how many consecutive days a user has logged in. The usage analytics information generated by
user activity in the Services is de-identified and aggregated and used for Culture Foundry product improvement. Internal
analytics data also allow us to monitor the security of our Services. Culture Foundry Service usage data is never collected
by a third party, hosted elsewhere or shared with other parties or monetized.


Culture Foundry does not collect biometric or geolocation data. We only collect and manage information as users use our
Services and do not augment or cross reference it with other data sources. The information above is collected only to
provide the Services and is not used for other commercial purposes.


8. How Do We Use Your Personal Information?

We use user’s Personal Information for users to create a user account and use the Services, and for Administrators to
manage Organization User accounts and manages their classes on the Services. The Education Organization determines
how it uses your Personal Information.
Please visit your Education Organization’s privacy policy to see how it uses your
Personal Information.


We do not sell your Personal Information or the content you provide. We do not subject users to any advertising,
contextual, personal or otherwise. There is no marketing to opt-out of, as Culture Foundry does not send marketing
messages to users. And we do not sell, rent or otherwise share any Personal Information with any third party that does.

Please see Section 9, which describes who we may share your Personal Information with.


9. Who Do We Share Your Personal Information With?

We do not sell your Personal Information or the content you provide. There are certain circumstances in which we may
disclose, transfer or share your Personal Information with third parties, such as under the following circumstances:


–  Your  Education  Organization:  For  Organization  Users,  the  Personal  Information  we  collect  and  store  about  you  is
accessible to Administrators and authorized employees of your Education Organization. Your Education Organization
controls  who  has  access  to  this  Personal  Information.  We  also  make  usage  information  available  to  your  Education
Organization.


Cloud service providers: A carefully selected small number of companies provide essential elements of our cloud-
based  Service.  We  limit  the  Personal  Information  we  share  with  these  service  providers  through  contractual,
administrative and technical means. Our cloud service providers may not use the Personal Information disclosed to
them for any other purpose other than to provide us with a specific service.


Legal authorities, as required by law: The Personal Information we process and store may be disclosed by us to legal
authorities if we are required to do so by law. We may also disclose to them, at our discretion, select Personal Information
we collect and store where we have reason to believe that disclosing this Personal Information is necessary to identify,
contact or bring legal action against someone who may be causing interference with the rights, property or rules of the
Education Organization using our Services, or someone who may be violating the Services Terms and Conditions. For
Organization Users, the Education Organization will be informed and will notify affected parties as it sees fit.


Business transaction: We may transfer our assets and rights to our Services, including information in our Services, in
the event of a merger or sale (including any transfers made as part of an insolvency or bankruptcy proceeding) involving
all or part of our business or as part of a corporate reorganization, stock sale or other change in control. In such a case,
for Organization Users, your Education Organization will be provided with notice and will have the option of advising the
pending changes to Culture Foundry with its users or of opting out of our Services. For Community Users, we will advise
you of the pending changes to Culture Foundry and provide you with the option to opt out of our Services and delete your
account. We will limit the disclosure of Personal Information to only what is necessary and limit the use of the Personal
Information to the purpose for which the Personal Information was collected before the transaction and in accordance
with applicable laws Culture Foundry will honour any data update or deletion requests using the process as detailed in
Section 11.2 How Does Culture Foundry Manage Data Update & Deletion Requests?


We limit who we share your Personal Information with. We also limit what other information we share and how third
parties may use, access, process or store such information in the course of performing their duties for us. When we
disclose Personal Information, we minimize the disclosure to only what is necessary in accordance with instructions from
our Education Organization customers, de-identifying if appropriate (removing any name and unique identifier) and
contractually prohibiting attempts at re-identifying, and in compliance with appropriate privacy, confidentiality, and
security measures.  


Organization Users - Should there be a conflict between our Privacy Policy and Services Terms and Conditions and our
contract with an Education Organization, the terms and obligations set out in our specific contract with your Education
Organization will prevail.


We do not have control over the Personal Information that Education Organizations themselves may disclose to third
parties.
For example, an Education Organization may export certain Personal Information collected in the Services and
make it accessible to others at the Education Organization’s discretion.


10. How Do We Protect Your Information?

The  security  of  your  Personal  Information  is  very  important  to  us.  We  use  physical,  electronic,  and  administrative
measures  designed  to  secure  your  Personal  Information  from  accidental  loss  and  from  unauthorized  access,  use,
alteration, and disclosure. We have taken measures to protect the Personal Information on our Services, which include
data encryption, firewalls and access controls for staff. Some other security measures we implement include:


– Organization Users - Limiting account creation to only those Administrators which the Education Organization selects.
Persons outside the Education Organization cannot create an Organization User account.


– You may only access Culture Foundry Services with your username/email and password.


– Encryption of data sent between the Culture Foundry server and Culture Foundry client (web browser, smartphone app,
tablet app) in transit and at rest.


– Restricting access to Personal Information to those Culture Foundry staff members who need to know that information
for the purpose set out in this Policy and ensuring those staff members are trained in Culture Foundry’s information
protection policies.


–  employing  reasonable  security  measures  to  protect  Personal  Information  in  accordance  with  Culture  Foundry’s
information security policy as amended from time to time and generally consistent with accepted industry standards
(ISO/IEC 27001 and ISO/IEC 27002).


The safety and security of your Personal Information also depends on you. Where you have been given or where you have
chosen a password for access to our Services, you are responsible for keeping this password confidential. We ask you not
to share your password with anyone. Unfortunately, the transmission of information via the Internet is not completely
secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Personal
Information transmitted to our Services.


11. How Do We Manage Your Information?

As  a  user  of  our  Services,  you  have  rights  to  access,  download,  correct  and/or  delete  your  Personal  Information  in
accordance with applicable laws. Our general practice is to not retain Personal Information any longer than is necessary
for users to use the Services, for Administrators to manage Organization User accounts and manages their classes on
the Services, and to comply with legal obligations. Parents may manage their children’s Personal Information, including
withdrawing consent, or opting out of any data sharing.

 
If your Education Organization relies on your consent to process your Personal Information, such as making it available in
Culture Foundry Services, you have the right to withdraw your consent at any time. You may withdraw your consent by
contacting your Education Organization. Note this will not affect the lawfulness of the processing before it’s withdrawn
nor when applicable laws allow for continued processing.


11.1 How Long Do We Keep Your Personal Information?

Organization Users - Culture Foundry retains Personal Information on behalf of Education Organizations pursuant to its
specific contractual terms with each Education Organization. If the Education Organization does not otherwise define the
duration  for  data  retention  and  destruction,  Culture  Foundry  retains  Personal  Information  for  2  years  after  an
Organization User account becomes inactive, after which it is deleted.  


Community Users - Culture Foundry retains Personal Information for 1 year after a Community User account becomes
inactive, after which it is deleted.


11.2 How Does Culture Foundry Manage Data Update & Deletion Requests?

Organization Users – For Organization Users, Culture Foundry is best characterized as a processor that manages data at
the direction of the Education Organization, the controller. If an Organization User sends a request to update or delete
their Personal Information, these requests are routed to or need to be made to the Education Organization to review and
advise Culture Foundry of necessary action.


If  Culture  Foundry  receives  a  specific  request  from  an  authorized  individual  at  the  Education  Organization  to  delete
Personal Information of any Organization User, Culture Foundry complies and provides a confirmation of data destruction
within 30 days of request.


Community Users – Community Users can update their Personal Information on the Services. Community Users can also
request that Culture Foundry update or delete their Personal Information. Culture Foundry will update, correct, or delete
a Community User’s Personal Information within 30 days of request.


12. What About Children’s Privacy?

Organization Users - We are a service provider to Education Organizations, which may disclose very limited Personal
Information to us about students. The Personal Information we collect is limited to what we need to fulfill our obligations
as outlined in our contracts with Education Organizations. We do not use your Personal Information for any purpose other
than to provide our Services to Education Organizations and improve our Services to you.


We  do  not  knowingly  collect  Personal  Information  from  children  under  the  age  of  13  unless  and  until  an  Education
Organization has provided us with authority for a student under the age of 13 to use our Services.


If you are a parent or guardian who believes that we have inadvertently collected or stored Personal Information about
your child without proper consent, please contact us or your Education Organization and we will investigate and delete
any such Personal Information to the extent applicable.
Community Users – No one under age 13 may provide any Personal Information to or on the Site. We do not knowingly
collect Personal Information from children under 13. If you are under 13, do not provide any information about yourself
to us, including your name, address, telephone number, email address, or any screen name or username you may use on
other services. If we learn we have collected or received Personal Information from a child under 13 without verification
of parental consent, we will delete that information. If you believe we might have any information from or about a child
under 13, please contact us at privacy@culturefoundrystudios.com.


13. Where Is Your Information Stored?

Culture Foundry hosts, stores, and processes your Personal Information in the country in which you or your Education
Organization is located.


Organization Users - Please also refer to your Education Organization’s privacy policy to identify where they process
and/or store Personal Information and how they protect it.


14. Cookies and Similar Technologies

Our Services use cookies and similar technologies. “Cookies” are small text files installed on your computer hard drive
or web browser when you visit or use our Services. Most browsers accept cookies by default.


14.1 What Information Do We Collect Using Cookies?

We use first-party cookies, such a session cookie, to help us authenticate you. Third-party cookies are limited to essential
cookies for the operation of the Vimeo streaming video player. We do not control these third parties' cookies or how they
are used – please see Vimeo’s cookie policy at https://vimeo.com/cookie_policy. Most of the cookies on our Services
collect information that is not identifiable to you. To learn more about cookies, visit www.allaboutcookies.org.


14.2 How Can You Manage Cookies?

Although  most  browsers  accept  cookies,  you  can  set  your  browser  to  reject  cookies.  You  will  need  to  follow  the
instructions contained in your browser’s help file (usually located within the “Help,” “Tools,” or “Edit” settings). If you
have more than one browser, the opt-out or settings you set will only apply to that specific browser and not the others.
If you choose to disable cookies, some Culture Foundry Services might not function properly.


15. What About Breach Reporting?

We maintain procedures and recordkeeping regarding breach reporting consistent with ISO/IEC 27001 and ISO/IEC 27002.
As soon as reasonably practicable after we become aware of a Data Breach or Security Incident, we will directly notify all
affected  users  and  Education  Organizations  by  in-app  and/or  email  notification.  We  may  also  publish  information
regarding a Data Breach or Security Incident on our Site and social media channels. We also adhere to our obligations in
relation to Data Breaches and Security Incidents as required in the jurisdictions in which we provide Services.


16. Changes To This Privacy Policy

Culture Foundry reserves the right to modify or update this Privacy Policy from time to time to reflect changes in our
business and practices. When we change the Policy, we will directly notify all affected users and Education Organizations
by in-app and/or email notification 30 days or more prior to such changes. We will also reflect the ‘last modified’ date at
the top of this Privacy Policy. All previous versions remain linked to the bottom of the Privacy Policy on our website for
historical reference.


17. How To Contact Us?

You may contact us at privacy@culturefoundrystudios.com with any questions, concerns or grievances you may have
related to your Personal Information. We may also be reached as follows:


2031 Store St., Victoria, BC, V8T 5L9, Canada  
1-250-732-6981


We  have  procedures  in  place  to  receive  and  respond  to  complaints  or  inquiries  about  our  handling  of  Personal
Information, our compliance with this Policy, and with applicable privacy laws. To discuss our compliance with this Policy
please contact our Privacy Officer using the contact information listed above.

See Previous Versions