Who is the administrator of User’s personal data?
1. The administrator of User’s personal data and Child User’s personal data is SafeKiddo spółka z ograniczoną odpowiedzialnością sp. k. with its registered office in Warsaw (02-777), Aleja Komisji Edukacji Narodowej 93, Poland, entered in the registry of entrepreneurs in the National Court Registry under the number 0000742143, with the NIP (tax identification number) number: 7010449679 (hereinafter referred to as the “Administrator” or „We”).
What is the legal basis of processing personal data and for what purpose personal data is processed?
2. The basis for processing personal information by the Administrator is the necessity to perform the contract on rendering Service within the Product, a party of which is the User, and the necessity to process data for legally justified purposes fulfilled by the Administrator. In European Union the legal basis for processing the User’s personal data is Article 6(1) of the GDPR (General Data Protection Regulation 2016/679). At the time of downloading the Child App on the Child’s Device, the User, as a statutory representative of Child User, consents to the processing of Child User’s personal data mentioned in point 4 below, by the Administrator in order to perform the contract on rendering Services within the Product.
3. The Administrator shall process the personal information of the User in order to provide Services within the Product and for settlement purposes, issuing invoices, as well as statistical and marketing purposes.
4. By legally justified purposes fulfilled by the Administrator, mentioned in point 2 above, We mean marketing of Administrator’s services, sending notices of payments or notices of necessity to complete registration process, notifying the User of new functionalities etc.
What kind of data is processed?
5. In connection with performing the Service, the Administrator processes the following User’s personal information: name, e-mail, IMEI number and serial number of the Parent’s Device, payment information (e.g. credit card number, credit card expiry date, CVV number). The Administrator also processes the following Child User’s personal information: name (nick name), IMEI number and serial number of the Child’s Device, current location data of Child’s Device, websites viewed on Child’s Device (including Youtube movies and key words used in Google and Bing) and time of viewing, names of application downloaded to the Child’s Device and time of using these applications (applies to devices with Android system) or time of using applications, that connected to the internet (applies to devices with iOS system), Child’s Device battery level, information about mute sounds, set vibrations or ringtone on the Child’s Device.
6. Entering personal information during registration process is required to operate the Service (without it We will not be able to create User Account in the Service). In particular, We need User’s e-mail address, which is the login for User Account and is used for sending the User notifications from the Product. We also collect information about devices that the User connects to the Service for monitoring and protection. This information is used for identifying these devices and in order to check whether the User is using allowed number of devices. We may take automated decisions on: a) extending Service subscription for another period (in accordance with Terms & Conditions), b) blocking the access to certain web pages browsed on Child’s Device in accordance with the settings the User makes in the Service. If the User does not agree with the automatic decisions the User should inform the Administrator by sending an e-mail at firstname.lastname@example.org. At any time the User can view and change his personal information at https://my.safekiddo.com/user.
What are cookies and why does the Administrator use them?
a) browser’s and device’s data such as IP address, type of device, type of the operating system and Internet browser, screen resolution, name and version of the operating system, device manufacturer and model, language, plug-ins, add-ons;
b) usage data such as time spent on the Website and SafeKiddo Mobile App, pages visited, links clicked, language preferences, the pages that led or referred the User to the Website, User’s and Child User’s behaviour on the Website and Safekiddo Mobile App. We use Google Analytics on the Website and SafeKiddo Mobile App to help us analyse User’s use of our the Website and SafeKiddo Mobile App and diagnose technical issues;
8. We use the following categories of cookies:
a) necessary cookies
This kind of cookies enables User to use Website and SafeKiddo Mobile App and all their features, such as enabling access to secure area of the Website and SafeKiddo Mobile App. Without these cookies User may not be able to use all the features of the Website and SafeKiddo Mobile App;
b) performance cookies
This kind of cookies collects information about how the User uses the Website or SafeKiddo Mobile App so We can improve them in the future. For example, these cookies collect information on which pages User visits most often and any error messages User may get. The information collected by these cookies is anonymous. They do not collect any information that can identify User personally. From this category of cookies we use Google Analytics cookies to monitor Website performances and SafeKiddo Mobile App performances and check their users activities to improve our services.
c) functionality cookies
This kind of cookies enables us to provide the User with the more personalized services. Thanks to them, you can save your settings, username, language etc. on the Website or SafeKiddo Mobile App. The information that these cookies collect is anonymous.
d) marketing cookies
We and our service providers may use marketing cookies (Google Adwords remarketing cookies) to display the User our ads on other websites, which are affiliated in Google Network. Whenever the User visits Website for more than 10 seconds, makes more than three activities (clicks) and scrolls more than 50% of page, on User’s Device marketing cookies file has been saved, that allow to display our ads in above websites, applications and online services. If the User doesn’t want the cookies to be placed on User’s Device, we suggest to set User’s preferences regarding cookies. We use also Google Analytics remarketing features in combination with Google AdWords and DoubleClick features on various devices. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
This function enables to link targeted advertising groups drawn up by Remarketing Google Analytics with Google AdWords and Google DoubleClick functions between different devices. In this way, personalized advertising messages that have been tailored based on previous online behavior on one device (e.g. cell phone) can be displayed on another (e.g. tablet or computer).
If the User has given consent, Google will link the User’s browsing history of websites and applications to the User’s Google account for this purpose. In this way, the same personalized advertising messages can appear on every device the User logs in to using his/her Google account. The User can permanently opt out of remarketing/targeting by turning off personalized ads in Google account entering the following link: https://www.google.com/settings/ads/onweb/ .
Does the Administrator share User’s personal data with any third party?
9. Administrator doesn’t sell or rent User’s personal data and Child User’s personal data to any third party. User’s personal data and Child User’s personal data can be provided to entities authorized to receive them under applicable law, including the competent judicial authorities. User’s personal data may also be shared with trusted entities, as outlined below:
a) payment operators – currently the payment operator is Stripe. When the User makes payments, Stripe receives User’s transaction information such as credit or debit card number, expiration date of credit or debit card, CVV code, bank account information, purchase amount, date of purchase, payment method and User’s e-mail address;
b) location service providers – in order to provide possibility of checking the location of Child’s Device by the User, We cooperate with entities that provide location services. We provide them information about latitude and longitude of Child’s Device location as well as the IP address of Child’s Device to provide the User with the approximate address of the Child’s Device location and a map with approximate Child’s Device location;
c) SMS gate providers – in order to provide the service of sending SOS text messages from the Child’s Device to the User’s Device, we cooperate with SMS gate providers. We provide them telephone number of User’s Device whenever Child User presses the SOS button in Child App;
d) service providers – We can share User’s personal data and Child User’s personal data with our service providers such as website hosting providers, technical services providers (concerning the Product), marketing services providers, tax and accountants services providers, advisor’s services providers. User’s or Child User’s personal data shall be shared with such service providers on the basis of contracts between the Administrator and service provider and only for the purpose of the contract implementation and execution.
How long does the Administrator store User’s personal data?
10. The User’s personal data and Child User’s personal data are stored by the Administrator for the time of the contract and after the termination of the contract – for the the time necessary to service the User in the process of complaints, securing or pursuing claims, and fulfilling the Administrator’s legal obligations (eg resulting from tax obligations).
What is the contact to Administrator?
11. The User and Child User can contact with Administrator in any cases concerning User’s and Child User’s personal data procession by e-mail: email@example.com.
Does User have to submit personal data?
12. Submitting personal information is voluntary, but it is indispensable for providing Services within the Product.
What are the User’s obligations and rights?
13. The User represents and guarantees that the User is authorised to provide the Administrator with personal information for the purposes of processing necessary for performing Service, and that the User was given necessary consents of persons whose personal information and other information pertaining them are submitted for processing, and that above actions do not infringe personal rights of third persons.
14. The User shall have the right to:
a) access his/her personal information at any time,
b) modify it (complete it, update it);
c) restrict the use of personal data;
d) delete personal data in certain circumstances provided by law;
e) request confirmation whether the Administrator processes User’s or Child User’s personal data, and if so, to request a copy of that data;
f) request to transfer personal data, if it is technically feasible. Changes/additions of certain personal information may be done after logging in to the User Account.
g) The User from European Union has the right to complaint to the Personal Data Protection Office https://www.uodo.gov.pl/pl/p/kontakt
What are the conditions of safety?
15. The Administrator shall use the most secure mechanisms for transferring data (personal information and information on the mode of payment) available on the market. The transmission protocol used by the Administrator, which ensures safe transfer of data via the internet shall be the SSL protocol (Secure Socket Layer v3). It is a type of protection which consists in coding data before they are sent from the User’s browser and decoding them after they are safely received to the Product server. The information sent from the server to the User is also coded, and decoded after it reaches its destination.
16. SSL encrypts, verifies, and ensures integrity of messages. Upon establishing a connection with a safe (SSL protected) website, encryption keys are exchanged, which are then used for transferring data between the browser on the User’s computer and the Product server. Both the key exchange and the transmission are very difficult to decode. After connecting to a safe website, the User is informed of that fact in the following ways:
a) in Internet Explorer, on the right side of the status bar a padlock is displayed. When clicked, the website’s security certificate (digital signature) is shown;
b) in Google Chrome, Mozilla Firefox, and Opera the padlock is shown on the address bar. Clicking on it displays the website’s security certificate.
17. In SSL, identity certificates are used in order to verify the servers’ and users’ authorisations. These certificates are issued and signed by one of the trusted certificates issuer.
18. When entering a server holding a certificate issued by one of the renown CA, users may be sure that the server is really the one it purports to be – the server’s identity is automatically verified and confirmed upon connection. Another element ensuring safety of transferred information is the organization of personal and payment mode data storage, including credit card data. They are stored on a server to which there is no access from the internet – on an individual account with controlled access for a limited number of people.
19. For their own safety, the User should remember to log out from the Website upon finishing the session. To that end, the User should click the “Logout” button located in the top right corner. Closing the browser is not the same as ending a session.