Last Updated: [11/02-2019]
When using the Pickatale service (“Pickatale”) or making contact with us, Pickatale AS (“Pickatale” or “we”) will collect and process your personal data. The submission of personal data is optional, however, most of the information is necessary for the performance of Pickatale, and necessary for entering into a contract with us. If you do not provide the information, you will not be able to use Pickatale.
Below you will find information about personal data collected, why we do this and your rights regarding the processing of personal data.
The controller of the personal data is Pickatale AS by Marketing Manager Richard Hatleskog.
Contact information for Pickatale AS is:
Org.Nr: 999 638 058
2 Why do we collect and what data do we save?
We collect and process your personal data for different purposes, depending on who you are and how we get in touch with you. We try to limit stored personal data to a minimum.
We collect the following personal data for the specified purposes[A2] :
Reading Progression Information
Region based location
Personal data is collected and processed to fulfill our contract with you regarding the use of Pickatale.
In order to help those who approach us, we have, based on an interest assessment, considered the processing of personal data necessary.
Upon initial registration in Pickatale we will ask you for specific consent the treatments listed here:
• Personal follow-up with reports and tips so that you can follow your child’s progress in the game.
• Sending newsletters, if you are interested in future products from Pickatale.
• Use of personal data to customize Pickatale to user.
For treatments based on consent, it is of course voluntary to consent, and consent may be withdrawn at any time by contacting us email@example.com or by entering the parent menu of Pickatale (available from the gear wheel below the map after registration).
3 How do we secure your data?
Your information is transferred from your device to our servers using HTTPS. Our database is set up for one-way communication, so no outsider can retrieve information. We have implemented and use reputable security solutions to ensure your personal data.
4 Who has access to your data?
We will not pass on your personal data to others unless there is a legal basis for such disclosure. Examples of such a basis will typically be an agreement with you or a legal basis that obligates us to disclose the information.
Pickatale has restricted access to the database so that only our employees and third parties we have data processing agreements with have access. Pickatale will in some cases share statistics of anonymous information with third parties.
Pickatale only uses subcontractors that have the same level of protection for personal data as we have. See below under point 8.
5 Your rights?
You have the right to require access, correction or deletion of personal data we are processing about you. You also have the right to demand limited treatment, objection to treatment and claim the right to data portability.
To use your rights, please email us at firstname.lastname@example.org or send us a letter at the address listed above.
We will respond to your inquiry as soon as possible and no later than 30 days.
We will ask you to confirm your identity or provide additional information before we allow you to exercise your rights towards us. We do this to ensure that we only provide access to your personal data to you – and not someone pretending to be you.
You may withdraw your consent for processing personal data at any time. The easiest way to do this is to (change your settings on “My Page” or) send us an email at email@example.com.
Pickatale is currently working with an interface that will automate this process.
6 How long are your personal data stored?
We store your personal data with us as long as it is necessary to fulfill the purpose for which the personal data was collected.
This means, for example, that personal data that we process on the basis of your consent will be deleted if you withdraw your consent.
Personal data we process to fulfill an agreement with you will be deleted when the agreement is fulfilled and all obligations arising from the agreement are fulfilled.
Your information is stored as long as you continue to use Pickatale.
If you cancel your subscription, your personal data will be deleted after 1 year. Please note that uninstalling the app does not involve deletion of personal data or subscription termination.
7 Where are my information stored?
On our Amazon Cloud server
8 Who are our subcontractors?
Pickatale uses data servers to collect, store or otherwise process personal data on our behalf. We have entered into data processing agreements with the following:
• Google, Inc. (Database, Email, Analytics, Marketing)
• Microsoft Corporation. (Language Pack Hosting, License Management)
• Facebook, Inc. (Analytics, Marketing)
• Slack Technologies (Internal Communications)
If you are dissatisfied with Pickatale processing of personal data, please contact us at firstname.lastname@example.org. Registered users can also appeal to Pickatale processing of personal data by contacting Datatilsynet (the Norwegian Data Protection Authority).
Information We Collect from Children and Why
Prior to obtaining Consent (which is further described below), we only collect from Children a first name, last initial, username, password, date of birth and parent’s email address. [A3] The Website tells Children not to include their real name in their username. We only collect this information in order to establish whether we are required to obtain Consent, to obtain such consent, and, only after obtaining such Consent, to create an account on the Website.
After we obtain Consent (which is further described below), we collect certain personally identifiable information from and about Children. Specifically, we collect their name, email address, birthdate, [other information collected[A4] ]. Except for the Child’s username and parent’s email address, parents provide us with all other personally identifiable information about their Child through their Parent Account.
Pickatale currently does not have any features that allow Children to make their personally identifiable information publicly available (e.g., blog comments or public forums). If we ever decide to include features that will allow this type of disclosure, we will update this Children’s Policy, notify parents, and obtain Consent before allowing a Child to access such features.
We only collect and use information, whether personally identifiable or not, from Children that is reasonably necessary for us to make the Pickatale’s services available to our users, for the internal operations of the serivce, and to evaluate and improve our services. For example, we will use Children’s information to enable our Child users to access and utilize the features of Pickatale.
To Whom We Disclose Children’s Information
We only provide Children’s personally identifiable information to our trusted service providers who have agreed to maintain the confidentiality of that information, and who assist us with the internal operations of the Pickatale. We currently share Children’s personally identifiable information with [name third-parties and why[A5] ]. We never sell any Child’s personally identifiable information to any third party, and we do not use it for behavioral advertising purposes. However, we may offer contextual advertising on Pickatale.
How We Obtain Consent
We will obtain verifiable parental consent prior to colleting any personally identifiable information from a Child (except in certain limited circumstances, as allowed by COPPA). We currently do this using the “email plus” method, as follows: first, we will collect a username, password, date of birth and parent email address from a Child that wishes to register for a Pickatale account. Second, we will send an email to the parent’s email address provided by the Child containing a notice of the information we wish to collect and how we would like to use it, along with a link to provide consent. If the parent affirmatively declines to consent or fails to respond within seven (7) days of when we send the email, we will automatically delete all of the information provided by the Child. Third, if the parent does consent to the creation of the Child’s account and our collection and use of the Child’s personally identifiable information, we will send the parent to a website where he or she must create a parent account. Through the parent account, the parent can provide as much or as little of the remainder of the information we ask for relating to the Child. The parent account also allows parents to (i) monitor their Child’s activity on Pickatale; (ii) access, review, change and delete their Child’s personally identifiable information or even delete the entire account; and (iii) restrict certain of our uses for their Child’s personally identifiable information. Within a reasonable time after the parent provides this consent, we will send a second confirmatory email from which the parent must indicate consent again. If we do not receive this second consent within seven (7) days of when we send the email, we will delete the Child’s account and all information provided by the Child.
Pickatale takes a range of security measures designed to protect Children’s information and keep it confidential and secure (unless it is non-confidential by nature, for example, publicly-available information) and free from any unauthorized alteration. Children’s personally identifiable information is contained behind secured networks and is only accessible by a limited number of persons who are required to keep the information confidential. In addition, all Children’s personally identifiable information is encrypted via Secure Socket Layer (SSL) technology. [A6] In addition, we take reasonable steps to ensure that our service providers are capable of maintaining the confidentiality, security and integrity of Children’s personally identifiable information.
However, the Internet is, by its nature, not a secure environment and the nature of security risks is constantly evolving as are the technical and organizational industry standards relating to management of those risks. While we strive to keep current our security technology and will review, refine and upgrade our security technology as we deem appropriate based on new tools that may become available in the future, the complete security of any information collected, stored or used by us cannot therefore be guaranteed. In the unlikely event that an unauthorized third party compromises Pickatale’ security measures, Pickatale will not be responsible for any damages directly or indirectly caused by an unauthorized third party’s ability to view, use or disseminate such information. If you ever discover inaccuracies in our data or your Child’s personally identifiable information, we urge you to notify us immediately.
Pickatale is certified as COPPA-compliant by [name of safe-harbor program]. We are therefore entitled to the protections of the safe harbor program established by the Federal Trade Commission.[A7]