tinyBee: Privacy Policy
Last updated: March 2024.
This Privacy Policy is also part of the Terms of Service. If you don’t agree with this Privacy Policy or the Terms of Service, you should not use our Services. If you have any questions please contact us at dpo@magikbee.com.
This Privacy Policy explains how MAGIKBEE, LDA (“Company”, “we” “us” or “our”) collects, uses, discloses, and safeguards your information when you visit our websites tinybee.kidsbeetv.com and magikbee.com, use our mobile application tinyBee (“App”), and other online services that link to this Policy (collectively the “Services”).
Please notice that our Website is meant for parents and legal guardians (although it is safe to be used by kids under parents’ or legal guardians’ supervision), while our App is designed especially for kids. Our Services don’t require the child or the guardian to disclose any more information than is reasonably necessary to use them. We take privacy and security issues very seriously and that is why we tried to present our Privacy Policy in a simple and clear speech, divided into categorized sections, so you can understand what information we collect and how we use it.
We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the “Last Updated” date of this Privacy Policy.
DEFINITIONS
.
OUR WEBSITES
.
OUR MOBILE APPLICATION (“APP”)
tinyBee.
OUR SERVICES
OUR WEBSITES, OUR MOBILE APPLICATION and other online services that link to this Policy.
PERSONAL DATA
Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
PROCESSING
Any operation or set of operations that are performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
RESTRICTION OF PROCESSING
The marking of stored personal data with the aim of limiting their processing in the future;
CONTROLLER
The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
PROCESSOR
A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller;
CONSENT OF THE DATA SUBJECT
Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
.
.
1. About Us
1.1. Owner and Data Controller Identification
All the data provided by you when using our Services will be processed by MAGIKBEE, LDA., a company with the VAT number PT513575820, whose registered address is 18A, 1º Frente, Rua de São Victor, Braga, Portugal.
1.2. Contact details
We take data protection very seriously and would be glad to reply to any questions you may have. You may email us at dpo [at] magikbee.com.
.
.
2. Types of Data Collect and Purposes
We collect two basic types of information – personal information and anonymous information – and we may use personal and anonymous information to create a third type of information, aggregate information.
We may collect information whether or not you are logged in or registered, and may associate this tracking data with your registration account (if you have one), in which case we will treat it as personal information. Service providers that collect tracking data on our behalf (see the section “Disclosure to Third-Parties”) may provide an opportunity for you to choose not to be tracked online.
2.1. About the information you provide
We collect information, including Personal Data, when users:
– register or log in to our Services;
– use our Services;
– contact us via email, social media, website form, or by any other available means.
2.1.1. About the information provided on the registration process and account creation
Through the registration process, you may provide us with:
- nickname;
- age group of the child;
- password;
- e-mail address.
Nickname is used to greet the user.
The age group of the child is required to adequate the content and app features to the child’s age.
Email is required to access your account in the App. A password may also be required in some cases. We will use your email to send our newsletter, and marketing emails or contact you in the context of product research activities (e.g. surveys) if you give us your consent, either at the moment of the registration or later. You can withdraw your consent at any time by sending us an email to dpo [at] magikbee.com or by following the opt-out link with the text “Unsubscribe” that we provide at the bottom of every email we send (please notice that support emails in reply to a request of yours are an exception and do not have an “unsubscribe” option as they are not related to your communications subscription).
Please note that all processing of financial data is carried out by the payment provider chosen by you (Apple, Google Play, Amazon, Stripe); therefore, we do not collect that data. We encourage you to review their privacy policies and contact them directly for responses to your questions.
.
2.2. About Activity Data, Cookies, and Similar Technologies
Activity Data is collected automatically when using the Services.
The Services may track Users by storing a unique identifier of their device, for analytics purposes or for storing Users’ preferences.
We may use cookies, web beacons, tracking pixels, and other tracking technologies to help customize the Services and improve your experience. When you access the Services, your personal information is not collected through the use of tracking technology. Most browsers are set to accept cookies by default. You can remove or reject cookies, but be aware that such action could affect the availability and functionality of the Services. You may not decline web beacons. However, they can be rendered ineffective by declining all cookies or by modifying your web browser’s settings to notify you each time a cookie is tendered, permitting you to accept or decline cookies on an individual basis.
You should be aware that getting a new computer, installing a new browser, upgrading an existing browser, or erasing or otherwise altering your browser’s cookies files may also clear certain opt-out cookies, plug-ins, or settings.
We do not combine this information with any personally identifiable information you may have submitted when signing up for a newsletter for example. Our systems do not recognize browser “Do Not Track” signals; but, you can opt-out of Google Analytics by visiting: https://tools.google.com/dlpage/gaoptout.
Identifiers that can be used to recognize a user over time and across Services (“Persistent Identifiers”) are collected on or through our Services solely for the purpose of supporting our internal operations and providing the Services.
Unless specified otherwise, all Data requested by our Services is mandatory and failure to provide this Data may make it impossible to provide them.
We do record the following data:
2.2.1. Usage Patterns
- Clicks / Taps
- Mouse movements
- Scrolling
- Typing
- Save favorites
2.2.2. Tech Specs
- Browser
- Device type
- Device manufacturer
- Operating system
- Screen resolution
- Unique device identifier
- Script errors
- IP address
2.2.3. Navigation
- Pages visited
- Shows, episodes, and time watched
- Games played
- Session duration
2.2.4. Learning Activity
- Session progress
- Game level progress
- Answers
2.2.5. Location Data
Once you register for our Services, we may collect and process information about your location based on your IP address. We only get your city name and never your exact location or accurate address.
We use your location data to block and unblock content because some of our shows have geographical restrictions on distribution and are not available in all countries. We may also use your location data to optimize our Services and develop new products, services, or features.
2.2.6. Customer Support Data
We collect all information that you provide to us, including any Personal Information when you contact us for customer support purposes, to resolve disputes, or troubleshoot problems.
2.2.7. Additional situations
We may collect and process the information you provide when you publish about us publicly, for instance, a testimonial about our Services on an App Store. We may also collect personal and other information you voluntarily provide us when entering contests or giveaways and/or responding to surveys.
2.3. Push Notifications
We can send push notifications to your mobile device to provide updates and other relevant messages if consent to receive them has been given. You can manage push notifications on your mobile device settings.
.
.
3. Children’s Privacy
Our Websites are meant for parents and legal guardians (although safe to be used by kids under parents’ or legal guardians’ supervision), while our Apps are designed especially for kids.
We are committed to protecting the privacy of children who use our Services.
This section of our Privacy Policy explains our information collection, disclosure, and parental consent practices with respect to the information provided by or from children under the age of 13 (“child” or “children” or “child users”). This policy is compliant with the U.S. Children’s Online Privacy Protection Act (“COPPA”). For more information about COPPA and general tips about protecting children’s online privacy, please visit FTC’s website.
The only personal information we collect about child users is their month and year of birth to adequate our app’s content to their age. Information collected from child users is never used to market to Child Users or is shared with independent third parties for marketing purposes.
At any time, parents or legal guardians can refuse to permit us to collect further information from their children in association with a particular account and can delete from our records the personal information we have collected in connection with that account through the parents’ area on the mobile app. Please keep in mind that a request to delete records leads to a termination of an account or services.
3.1. About the information provided about children
Our Services don’t require the child to disclose any more information than is reasonably necessary to use them. We strongly advise you to never provide any personal information in children’s nicknames, such as a screen or user name used as an online contact information. The personal information we collect about child users is the age group to adequate our app’s content to their age and it is not shared with third parties. The age group is only asked to adult users during the onboarding process and can only be modified by adult users in the age-gated Parents Area.
3.2. About the children’s information collected automatically
We may also collect automatically information on:
- the child user’s performance in our educational games to adapt the experience to their needs or to provide progress reports to parents and legal guardians;
- the duration and content the child watches or adds to “Favorites” to customize the experience.
For more information about our automatic information collection practices, see the Activity Data, Cookies, and Similar Technologies section in this Privacy Policy.
We may use the data collected automatically on kids’ activity on apps to generate anonymous reporting with the purpose of improving our Services.
.
.
4. Disclosure to Third-Parties
We collect minimal personal data, and some nonpersonal data for internal use only or in conjunction with third parties to help us operate, analyze, and improve our Services. Some of our external third parties are based outside the European Union. Whenever we transfer your personal data out of the European Union, we make sure that our partners comply with the same levels of privacy protection we comply with and that they respect the principles in this Privacy Policy.
In addition, we may disclose your personal or non-personal information to additional parties if we believe we are required to by law, by a judicial proceeding, to protect our rights and properties, or to investigate fraud, intellectual property infringement, and any other conduct that might be illegal or expose us or a user of our Services to legal liability.
4.1. Third-parties identification
We may share your data with the third parties and for the purposes explained below.
4.1.1. Cloud infrastructure providers
We use Amazon, Digital Ocean, and Google to store the data we manage. All are based outside the EU.
4.1.2. Video Hosting service
We use Vimeo to store, manage and share our video content. Vimeo is based outside the EU.
4.1.3. Analytics and event tracking providers
We use Adobe Analytics, Contentsquare, Clicky, Cloudfare, Crazy Egg, Flurry Analytics, Heap Analytics, Inspectlet, Kissmetrics, Matomo, MixPanel, Google Analytics, and Firebase, all based outside the EU, to allow tracking technologies and remarketing services on the Website through the use of first-party cookies and third-party cookies, to, among other things, analyze and track users’ use of the Website, determine the popularity of certain content and better understand online activity. We do not transfer personal information to these third-party vendors. However, if you do not want any information to be collected and used by tracking technologies, you can visit the third-party vendor or the Network Advertising Initiative Opt-Out Tool or Digital Advertising Alliance Opt-Out Tool.
4.1.4. Email providers
We use Brevo to manage our marketing and transactional email communications.
4.1.5. Mobile framework and hosted web service
We use RevenueCat to manage in-app subscriptions. RevenueCat is based outside the EU.
4.1.6. Mobile Advertising Platforms
Only in the case you choose to use an ad-based version of our Apps, we may also share your information with the mobile advertising platform AdMob, based outside the EU.
You are encouraged to review all third-parties privacy policies and contact them directly for responses to your questions.
There’s also a possibility of disclosing data with third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may acquire or merge with other businesses. If a change happens to our business, then the new owners shall use your personal data in the same way as set out in this Privacy Policy.
We do not rent, sell, or share your Personal Information with other people or companies for their marketing purposes.
4.1.7. Third-party websites
Our websites may contain links to third-party websites and applications of interest, including external services, that are not affiliated with us. Once you have used these links to leave the website, any information you provide to these third parties is not covered by this Privacy Policy, and we cannot guarantee the safety and privacy of your information. Before visiting and providing any information to any third-party websites, you should inform yourself of the privacy policies and practices (if any) of the third party responsible for that website, and should take those steps necessary to, at your discretion, protect the privacy of your information. We are not responsible for the content or privacy and security practices and policies of any third parties, including other sites, services, or applications that may be linked to or from the Site.
4.2. Do Not Track
Most web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.
5. Your Rights
The people who provide us with any personal data, hereinafter “Data Subjects” have the right to access their personal data, to change it, to limit its processing, to portate and to erase the data. To ask for anything related to personal data, please contact dpo@magikbee.com
5.1. Right of access
The data subjects have the right to know the personal information about them that we collect and process as well as the right to access that information.
5.2. Right to withdraw consent previously given
The data subjects have the right to withdraw their consent to the processing of personal data that is mandatory for providing our Services (e.g.: marketing communications).
5.3. Right to rectification of information
The data subjects have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning them.
5.4. Right to erasure (to be forgotten)
The data subjects have the right to obtain from us the erasure of personal data concerning them without undue delay and we have the obligation to erase personal data without undue delay, except when there is a legal obligation to keep the data.
5.5. Right to restriction of processing
The data subjects have the right to obtain from us restriction of processing where one of the following applies:
- a) the data subject contests the accuracy of their personal data for a period enabling us to verify the accuracy of the personal data;
- b) the processing is unlawful and the data subject opposes the erasure of their personal data and requests the restriction of the use instead;
- c) we no longer need the data subject’s personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims.
5.6. Right to data portability
When the data subject asks for data portability, if technically feasible, they can receive the personal data which they have provided us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. Data portability is not equivalent to data erasure.
5.7. Right to object
The data subjects have the right to object to the processing of their personal data. An objection may be in relation to all of the personal data we hold about them or only to certain information.
5.8. California Privacy Rights
Residents of California have the right to receive once a year from us:
- information identifying any third-party companies to whom we may have disclosed (within the previous calendar year) their Personal Information for those companies’ direct marketing purposes; and
- a description of the categories of Personal Information disclosed.
If you are a California resident and wish to obtain such information, please send an email to dpo [at] magikbee.com.
.
.
6. Retention time
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for. Therefore:
- Personal Data collected for purposes related to the performance of a contract between us and the Data Subject shall be retained until such contract has been fully performed.
- Personal Data collected for the purposes of our legitimate interests shall be retained as long as needed to fulfill such purposes. Data subjects may find specific information regarding the legitimate interests pursued by us within the relevant sections of this document or by contacting us.
We may be allowed to retain Personal Data for a longer period whenever the data subject has given consent to such processing, as long as such consent is not withdrawn. Furthermore, we may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification, and the right to data portability cannot be enforced after the expiration of the retention period.
.
.
7. Data Security
We have put in place technical, administrative, and physical security measures that are designed to protect information from unauthorized access, disclosure, use, and modification. limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We regularly review our security procedures to consider appropriate new technology and methods. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
.
.
Contact us
If you have any questions about this information you may email us at support [at] magikbee.com with the subject line Privacy Policy.