Privacy Policy
Services Privacy Policy
Last modified: JUNE 12, 2024
1. Introduction
Culture Foundry is a web-based language learning platform for remote or in-person learning of languages by students of
various educational organizations and by the general public. Culturefoundry.app and related language learning websites
(“Sites”) are owned and operated by Achievement Unlocked Inc. (dba Culture Foundry) (“Culture Foundry” or “we” or “us”).
Culture Foundry respects your privacy and is committed to protecting it through our compliance with this Privacy Policy
(“Policy”). The privacy and security of our users is of utmost importance to us. This Policy enables you to better understand
how Culture Foundry collects, uses, discloses and protects Personal Information when you use our Services. Culture
Foundry complies with, at a minimum, privacy law requirements in accordance with the federal Personal Information
Protection and Electronic Documents Act (S.C. 2000, c. 5) (PIPEDA), and, as applicable, substantially similar provincial
private sector privacy laws. In some instances, Culture Foundry privacy practices may comply with more stringent
legislative requirements of other jurisdictions, such as the EU General Data Protection Regulation (Regulation (EU)
2016/679) (“GDPR”). As well, Culture Foundry’s privacy practices strive to be generally consistent with ISO/IEC 27001 and
ISO/IEC 27002, and Culture Foundry is working towards ISO/IEC 27001 and ISO/IEC 27002 certification.
2. What Does This Policy Apply To?
This Policy applies to the Personal Information we may collect relating to users (“you” or “your”) through our web-based
language learning Sites and Culture Foundry applications (“Services”). Please also refer to your Education Organization’s
(defined below) privacy policy, which governs its use of Organization User’s Personal Information.
3. Definitions
For the purposes of this Policy, in addition to the definitions otherwise stated in this Policy, the following definitions
apply:
“Personal Information” is any information provided to us or generated within Culture Foundry Services about an
identifiable individual, which includes information that can be used on its own or with other information to identify,
contact, or locate a single person, including name, username, or email address. Unless otherwise specified, Personal
Information referenced in this Policy is interchangeable with Personally Identifiable Information, which is information
that, that when used alone or in combination with other information, can identify an individual. Personal Information
which Culture Foundry collects is summarized in Section 6.
"Data Breach or Security Incident" means (i) any act or omission that materially compromises the security, confidentiality,
or integrity of Personal Information or the physical, technical, administrative, or organizational safeguards put in place by
Culture Foundry that relate to the protection of the security, confidentiality, availability, or integrity of Personal
Information, or (ii) receipt of a complaint in relation to the privacy and data security practices of Culture Foundry or a
breach or alleged breach of this Policy relating to such privacy and data security practices.
“Education Organization” refers to various types of organizations that contract with Culture Foundry to provide its
language learning platform for remote or in-person learning of languages. Education Organizations may include schools,
school districts, ministries of education, and other organizations. Culture Foundry is selected by Education Organizations
through a procurement process which includes rigorous evaluation of many factors including privacy and security of
student user data. Each Education Organization retains ownership of all the information provided to Culture Foundry as
well as control over all the information created in the Services by Administrators and Organization Users.
“Administrator” refers to any teacher, administrator, or other person related to the Education Organization that creates
an administration account on behalf of the Education Organization within the Culture Foundry Services to use the Services,
including the ability to add, delete, and manage Organization User accounts.
“Organization User” refers to any student user who uses the Services through a user account created by or on behalf of
an Education Organization.
“Community User” refers to any user who uses the Services outside of Education Organization-created user account.
Note – an Organization User can become a Community User, and vice versa – see Section 5.
4. Who Uses Culture Foundry?
Culture Foundry is a broad language revitalization and learning platform purpose-built to support in-classroom and
remote language learning both within schools and within communities. It is intended both for use by Education
Organizations for their student users of all age levels, and also for use by community members, whether it’s individuals
in the wider community or independent student users.
5. How Are User Accounts Owned and Created?
Organization Users - Education Organizations own and create new user accounts individually or in bulk, and then
distribute such accounts to Organization Users. Organization User accounts may be generated with no Personally
Identifiable Information or Administrators can input certain Personally Identifiable Information. Administrators linked
to an Education Organization can then assign these accounts to Organization Users within their class. Organization Users
are managed by the Education Organization and/or Administrator. As such, Organization Users cannot make changes to
their username - only Administrators or Education Organizations can make changes to or delete the Organization User
accounts. Administrators will have access to Personal Information of Organization Users to whom the Administrator is
linked. Organization Users cannot create their own accounts. Culture Foundry Services for Organization Users are only
deployed as an officially sanctioned language learning platform by an Education Organization under that organization’s
umbrella opt-in and official data governance policies. Organization User consent obligations are the responsibility of the
Education Organization customer.
An Education Organization can release an Organization User account to no longer manage it. In this scenario, the
Organization User account becomes a Community User account and the control and ownership of the account is
transferred to the Community User.
Community Users – Community Users own and create a user account directly on the Services learning platform.
An Education Organization can invite Community User accounts to be managed by the Education Organization. In this
scenario, Community User accounts become Education Organization-managed accounts. The account control/ownership
is transferred from the Community User to the Education Organization who will manage it, and the Community User
becomes an Organization User.
6. What Personal Information Do We Collect?
Culture Foundry collects limited Personal Information from its users, limited to Personal Information required for users
to create a user account and use the Services, and for Administrators to manage Organization User accounts and manages
their classes on the Services. Personally Identifiable Information of users which Culture Foundry collects or has access to
is as follows:
Table 1. Personally Identifiable Information
*Administrators are the only users able to put this information into an Organization User account.
Organization Users - Each Education Organization determines generally what Personal Information they collect, store,
and how it is used. We use Personal Information for users to create a user account and use the Services, and for
Administrators to manage Organization User accounts and manages their classes on the Services, in accordance with the
specific contractual agreement with that Education Organization. The Education Organization manages parent consent to
Culture Foundry and its other applications.
Please refer to your Education Organization’s privacy policy to inform yourself how your Education Organization collects
and shares your Personal Information.
7. What Other Information Do We Collect?
We collect and use several types of other non-personal information, including:
Non-personal Information collected by us: Culture Foundry may collect non-personal information directly through your
interaction on our Services. That non-personal information may include but is not limited to:
– Information about user progress, such as amount of learning units completed (such as activities, modules, courses,
etc.); time taken to complete learning units; accuracy obtained when completing a learning unit; obtained in-app points
(experience, currency, etc).
– User-generated digital content, such as text, including notes added to word flashcards and submitting experience
with word flashcards.
– Usage information, such as information about how many users generally and at the Education Organization use the
Services, and how the Services are being used. The information collected may include information such as date stamp of
last time user logged in; how many consecutive days a user has logged in. The usage analytics information generated by
user activity in the Services is de-identified and aggregated and used for Culture Foundry product improvement. Internal
analytics data also allow us to monitor the security of our Services. Culture Foundry Service usage data is never collected
by a third party, hosted elsewhere or shared with other parties or monetized.
Culture Foundry does not collect biometric or geolocation data. We only collect and manage information as users use our
Services and do not augment or cross reference it with other data sources. The information above is collected only to
provide the Services and is not used for other commercial purposes.
8. How Do We Use Your Personal Information?
We use user’s Personal Information for users to create a user account and use the Services, and for Administrators to
manage Organization User accounts and manages their classes on the Services. The Education Organization determines
how it uses your Personal Information. Please visit your Education Organization’s privacy policy to see how it uses your
Personal Information.
We do not sell your Personal Information or the content you provide. We do not subject users to any advertising,
contextual, personal or otherwise. There is no marketing to opt-out of, as Culture Foundry does not send marketing
messages to users. And we do not sell, rent or otherwise share any Personal Information with any third party that does.
Please see Section 9, which describes who we may share your Personal Information with.
9. Who Do We Share Your Personal Information With?
We do not sell your Personal Information or the content you provide. There are certain circumstances in which we may
disclose, transfer or share your Personal Information with third parties, such as under the following circumstances:
– Your Education Organization: For Organization Users, the Personal Information we collect and store about you is
accessible to Administrators and authorized employees of your Education Organization. Your Education Organization
controls who has access to this Personal Information. We also make usage information available to your Education
Organization.
– Cloud service providers: A carefully selected small number of companies provide essential elements of our cloud-
based Service. We limit the Personal Information we share with these service providers through contractual,
administrative and technical means. Our cloud service providers may not use the Personal Information disclosed to
them for any other purpose other than to provide us with a specific service.
– Legal authorities, as required by law: The Personal Information we process and store may be disclosed by us to legal
authorities if we are required to do so by law. We may also disclose to them, at our discretion, select Personal Information
we collect and store where we have reason to believe that disclosing this Personal Information is necessary to identify,
contact or bring legal action against someone who may be causing interference with the rights, property or rules of the
Education Organization using our Services, or someone who may be violating the Services Terms and Conditions. For
Organization Users, the Education Organization will be informed and will notify affected parties as it sees fit.
– Business transaction: We may transfer our assets and rights to our Services, including information in our Services, in
the event of a merger or sale (including any transfers made as part of an insolvency or bankruptcy proceeding) involving
all or part of our business or as part of a corporate reorganization, stock sale or other change in control. In such a case,
for Organization Users, your Education Organization will be provided with notice and will have the option of advising the
pending changes to Culture Foundry with its users or of opting out of our Services. For Community Users, we will advise
you of the pending changes to Culture Foundry and provide you with the option to opt out of our Services and delete your
account. We will limit the disclosure of Personal Information to only what is necessary and limit the use of the Personal
Information to the purpose for which the Personal Information was collected before the transaction and in accordance
with applicable laws Culture Foundry will honour any data update or deletion requests using the process as detailed in
Section 11.2 How Does Culture Foundry Manage Data Update & Deletion Requests?
We limit who we share your Personal Information with. We also limit what other information we share and how third
parties may use, access, process or store such information in the course of performing their duties for us. When we
disclose Personal Information, we minimize the disclosure to only what is necessary in accordance with instructions from
our Education Organization customers, de-identifying if appropriate (removing any name and unique identifier) and
contractually prohibiting attempts at re-identifying, and in compliance with appropriate privacy, confidentiality, and
security measures.
Organization Users - Should there be a conflict between our Privacy Policy and Services Terms and Conditions and our
contract with an Education Organization, the terms and obligations set out in our specific contract with your Education
Organization will prevail.
We do not have control over the Personal Information that Education Organizations themselves may disclose to third
parties. For example, an Education Organization may export certain Personal Information collected in the Services and
make it accessible to others at the Education Organization’s discretion.
10. How Do We Protect Your Information?
The security of your Personal Information is very important to us. We use physical, electronic, and administrative
measures designed to secure your Personal Information from accidental loss and from unauthorized access, use,
alteration, and disclosure. We have taken measures to protect the Personal Information on our Services, which include
data encryption, firewalls and access controls for staff. Some other security measures we implement include:
– Organization Users - Limiting account creation to only those Administrators which the Education Organization selects.
Persons outside the Education Organization cannot create an Organization User account.
– You may only access Culture Foundry Services with your username/email and password.
– Encryption of data sent between the Culture Foundry server and Culture Foundry client (web browser, smartphone app,
tablet app) in transit and at rest.
– Restricting access to Personal Information to those Culture Foundry staff members who need to know that information
for the purpose set out in this Policy and ensuring those staff members are trained in Culture Foundry’s information
protection policies.
– employing reasonable security measures to protect Personal Information in accordance with Culture Foundry’s
information security policy as amended from time to time and generally consistent with accepted industry standards
(ISO/IEC 27001 and ISO/IEC 27002).
The safety and security of your Personal Information also depends on you. Where you have been given or where you have
chosen a password for access to our Services, you are responsible for keeping this password confidential. We ask you not
to share your password with anyone. Unfortunately, the transmission of information via the Internet is not completely
secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Personal
Information transmitted to our Services.
11. How Do We Manage Your Information?
As a user of our Services, you have rights to access, download, correct and/or delete your Personal Information in
accordance with applicable laws. Our general practice is to not retain Personal Information any longer than is necessary
for users to use the Services, for Administrators to manage Organization User accounts and manages their classes on
the Services, and to comply with legal obligations. Parents may manage their children’s Personal Information, including
withdrawing consent, or opting out of any data sharing.
If your Education Organization relies on your consent to process your Personal Information, such as making it available in
Culture Foundry Services, you have the right to withdraw your consent at any time. You may withdraw your consent by
contacting your Education Organization. Note this will not affect the lawfulness of the processing before it’s withdrawn
nor when applicable laws allow for continued processing.
11.1 How Long Do We Keep Your Personal Information?
Organization Users - Culture Foundry retains Personal Information on behalf of Education Organizations pursuant to its
specific contractual terms with each Education Organization. If the Education Organization does not otherwise define the
duration for data retention and destruction, Culture Foundry retains Personal Information for 2 years after an
Organization User account becomes inactive, after which it is deleted.
Community Users - Culture Foundry retains Personal Information for 1 year after a Community User account becomes
inactive, after which it is deleted.
11.2 How Does Culture Foundry Manage Data Update & Deletion Requests?
Organization Users – For Organization Users, Culture Foundry is best characterized as a processor that manages data at
the direction of the Education Organization, the controller. If an Organization User sends a request to update or delete
their Personal Information, these requests are routed to or need to be made to the Education Organization to review and
advise Culture Foundry of necessary action.
If Culture Foundry receives a specific request from an authorized individual at the Education Organization to delete
Personal Information of any Organization User, Culture Foundry complies and provides a confirmation of data destruction
within 30 days of request.
Community Users – Community Users can update their Personal Information on the Services. Community Users can also
request that Culture Foundry update or delete their Personal Information. Culture Foundry will update, correct, or delete
a Community User’s Personal Information within 30 days of request.
12. What About Children’s Privacy?
Organization Users - We are a service provider to Education Organizations, which may disclose very limited Personal
Information to us about students. The Personal Information we collect is limited to what we need to fulfill our obligations
as outlined in our contracts with Education Organizations. We do not use your Personal Information for any purpose other
than to provide our Services to Education Organizations and improve our Services to you.
We do not knowingly collect Personal Information from children under the age of 13 unless and until an Education
Organization has provided us with authority for a student under the age of 13 to use our Services.
If you are a parent or guardian who believes that we have inadvertently collected or stored Personal Information about
your child without proper consent, please contact us or your Education Organization and we will investigate and delete
any such Personal Information to the extent applicable.
Community Users – No one under age 13 may provide any Personal Information to or on the Site. We do not knowingly
collect Personal Information from children under 13. If you are under 13, do not provide any information about yourself
to us, including your name, address, telephone number, email address, or any screen name or username you may use on
other services. If we learn we have collected or received Personal Information from a child under 13 without verification
of parental consent, we will delete that information. If you believe we might have any information from or about a child
under 13, please contact us at privacy@culturefoundrystudios.com.
13. Where Is Your Information Stored?
Culture Foundry hosts, stores, and processes your Personal Information in the country in which you or your Education
Organization is located.
Organization Users - Please also refer to your Education Organization’s privacy policy to identify where they process
and/or store Personal Information and how they protect it.
14. Cookies and Similar Technologies
Our Services use cookies and similar technologies. “Cookies” are small text files installed on your computer hard drive
or web browser when you visit or use our Services. Most browsers accept cookies by default.
14.1 What Information Do We Collect Using Cookies?
We use first-party cookies, such a session cookie, to help us authenticate you. Third-party cookies are limited to essential
cookies for the operation of the Vimeo streaming video player. We do not control these third parties' cookies or how they
are used – please see Vimeo’s cookie policy at https://vimeo.com/cookie_policy. Most of the cookies on our Services
collect information that is not identifiable to you. To learn more about cookies, visit www.allaboutcookies.org.
14.2 How Can You Manage Cookies?
Although most browsers accept cookies, you can set your browser to reject cookies. You will need to follow the
instructions contained in your browser’s help file (usually located within the “Help,” “Tools,” or “Edit” settings). If you
have more than one browser, the opt-out or settings you set will only apply to that specific browser and not the others.
If you choose to disable cookies, some Culture Foundry Services might not function properly.
15. What About Breach Reporting?
We maintain procedures and recordkeeping regarding breach reporting consistent with ISO/IEC 27001 and ISO/IEC 27002.
As soon as reasonably practicable after we become aware of a Data Breach or Security Incident, we will directly notify all
affected users and Education Organizations by in-app and/or email notification. We may also publish information
regarding a Data Breach or Security Incident on our Site and social media channels. We also adhere to our obligations in
relation to Data Breaches and Security Incidents as required in the jurisdictions in which we provide Services.
16. Changes To This Privacy Policy
Culture Foundry reserves the right to modify or update this Privacy Policy from time to time to reflect changes in our
business and practices. When we change the Policy, we will directly notify all affected users and Education Organizations
by in-app and/or email notification 30 days or more prior to such changes. We will also reflect the ‘last modified’ date at
the top of this Privacy Policy. All previous versions remain linked to the bottom of the Privacy Policy on our website for
historical reference.
17. How To Contact Us?
You may contact us at privacy@culturefoundrystudios.com with any questions, concerns or grievances you may have
related to your Personal Information. We may also be reached as follows:
2031 Store St., Victoria, BC, V8T 5L9, Canada
1-250-732-6981
We have procedures in place to receive and respond to complaints or inquiries about our handling of Personal
Information, our compliance with this Policy, and with applicable privacy laws. To discuss our compliance with this Policy
please contact our Privacy Officer using the contact information listed above.
See Previous Versions
