Gingersnap is owned by Gingersnap Studios Limited, a social enterprise operating out of the UK, and this privacy notice specifically addresses the measures we take to comply with the UK Data Protection Act 1998 (“DPA”).
Our approach to privacy
Gingersnap is committed to creating a safe digital environment for the whole family and at the same time strives to protect the privacy of any personal information collected or received during the use of the service, from grandparents, parents and children (especially those under 13). Our philosophy is based on ensuring all data is stored securely and appropriately and there are sufficient safeguards to protect children against the 4Cs.
- Inappropriate contact
- Inappropriate conduct
- Inappropriate content
- Inappropriate commercial pressures
Who are we?
Gingersnap Studios Limited is registered in the United Kingdom under company number 08548885 and whose registered office is at Network House, Thorn Office Centre, Hereford, HR2 6JT, United Kingdom. Our trading address is 10-14 Crown Street, London W3 8SB, United Kingdom.
How do we ensure children are protected?
As all information is held locally until a purchase is processed, children are blocked from sharing their own personal data without first getting parental permission. The app itself requires the user to have a valid Apple iTunes account before it can be downloaded and we also impose a ‘parental gate’ before allowing anyone through to the payments centre. Apple also has its own controls to retrict children inadvertantly using the in-app payment method without permission, and only those children who have been explicitly set up on Family Sharing, with their own Apple ID and ‘Ask to buy’ disabled, have the ability to pay direct. As an extra security measure, we also only ever ask for the child’s first name so their full identity is protected.
In line with the Apple children’s category guidelines we also block links to any third party sites or social networks from within the app. The children’s artworks and creative endeavours are not published outside of the app and the only way pictures from the toolkit can be sent on is by using the device owner’s own email client which is at their own discretion and subject to the terms of that email service provider.
We are also keen to keep the app and website free of banner advertising so parents can be sure their children don’t encounter any unnecessary pressure to buy other products without their approval. We will review this notice regularly to gauge parental opinion and assess when it is appropriate to offer secondary products on related themes if it helps satiate a child’s curiosity to learn more. For example, books, associated days out etc.
Our legal obligations
As Gingersnap operates out of the UK, our privacy and data policies are specifically designed to comply with DPA, but we are constantly looking to incorporate best practice from across the world and pay particular attention to local regulations such as the Children’s Online Privacy Protection Act (“COPPA”) in the US, which has its own detailed requirements on when informed parental consent is and is not deemed necessary.
We follow the UK ICO code of practice
This document follows the UK code of practice on privacy notices set out by Information Commissioner’s Office (“ICO”) in 2010. In accordance with ICO guidelines, below we set out the legal obligations under the DPA and some of the other measures we have adopted to ensure we collect and use personal information of our users fairly and transparently.
We commit to sharing with you the purpose or purposes for which your details are gathered, how long we intend to hold that information and whether these are a voluntary or an essential part of signing-up. Wherever possible, we will also detail where your data is held and when, if necessary, it is transferred overseas. In addition, we use this privacy notice to outline some of the high-level security measures we take to ensure the safety of your data.
What information we ask from the person creating the story
To customise a story the ‘creator’ needs to provide the following:
- First name of the recipient – so we can personalise the intro to the story
- Gender of the recipient – so we can refer to them as ‘him’ or ‘her’ in the story
- Sender’s relationship to the recipient – Grandparent, parent, godparent, teacher etc
- The salutation they’d like to be incorporated into the story – Gran, Nan, Nanny, Grandma etc.
- The costume they want to use – a choice of male or female
- A photo of their face – captured through the app
This information is held locally on the device until the user confirms they are an adult (or an adult is supervising in which case parental consent is assumed when the adult succesfully completes the ‘parental’ gate multiple choce question) and then inputs their Apple ID and password to iTunes.
Once payment is complete this informationis then passed to our secure data servers and held anonymously, and attributed a unique code that is passed back to the user.
The user then decides how to share this code either using their own email client or on a physcial postcard
To send a postcard, the user has to add the address where they wish the card to be sent. This again is held anonymously against the story code.
To do this we require the following:
- Recipient’s guardian or parent name in a ‘Care Of’ field – optional
- First and second lines of the address
- Postcode or zipcode
If the user then wish to create a secure Gingersnap account, they then need to provide a valid email and password using the same device so that their story codes and and anoomised account information can joined together.
We will retain that account information for as long as your account is active or as needed to provide services. If you wish to cancel the account or request that we no longer use the information to provide services contact us at the email address listed above. We will retain and use the information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
If you wish to request removal of yours or your child’s personal information from these areas of the website or app, please contact us at firstname.lastname@example.org. We make reasonable endeavours to respond to such requests with minimal delay and will remove all such data as soon as possible within normal business operations. In some exceptional cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
What other anonymous information we collect
Gingersnap also collects anonymised information for both the website and app so we can continuously monitor and improve the Gingersnap service as a whole.
We collect this ‘passively’ using cookies (alphanumeric identifiers) to track traffic to the web site and in-app analytics to monitor app usage and performance. Gingersnap may also collect users’ IP addresses to prevent and monitor fraud, diagnose technical problems, and estimate demographic data. We do not link the information we store in cookies to any personal information you submit while on our site or in the app. Here is an overview of the different tracking and analytics tools we use (for more information about cookies visit www.cookiecentral.com).
- Our website includes tracking ‘cookies’ so we can determine where you were referred from and whether you’ve been on the site before, and remember how far you progressed through the site. This information is only used to help tailor the pages to your own particular journey and for us to understand how we can improve the performance of the website in the future.
- We also use third party tracking utility services which collect behavioural data on what actions a user takes within the app, what areas they access, device types, IP address, country specific geo-location data (based on the IP address), and operating system data.
- If you don’t want your data reported by Google Analytics, you can install the Google Analytics Opt-out Browser Add-on. (https://tools.google.com/
- To disable the use of Flurry please see their opt-out process here (https://dev.flurry.com/
- Gingersnap occasionally works with third party affiliate partners to reach new users. If you were referred to us by an affiliate, we will employ the use of a cookie for up to 6 months from your first visit to ensure our affiliate gets credit for the referral.
- We collect IP address solely to support internal operations. Other than that, none of these services collect any personally identifying information.
- We gather certain information automatically and store it in log files. This information may include Internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We do not link this automatically.
Third party technology partners
- Google Analytics – IP Address, user agent string – Web Analytics –http://www.google.com/intl/
- Amazon Web Services – IP Address, user agent string – Service provider – http://aws.amazon.com/privacy/
- Flurry – IP Address, user agent string – App analytics – http://www.flurry.com/legal-
- Mailchimp – Email address – Newsletter – http://mailchimp.com/legal/
- Sendgrid – Email address – Customer Support http://sendgrid.com/privacy
- Cloudinary – Image uploaded by user – Image Storage – http://cloudinary.com/privacy
- Heroku – IP Address – Performance feedback form within the app – https://policy.heroku.com/
- User Voice – Email address and other personal information/ device specifics as required to address the user’s queries – Support and feedback to individual user questions â€“ both privately and in public FAQshttps://www.uservoice.com/
If you have any enquiries regarding our partners’ privacy practices or how they use your child’s personal information, please contact us directly at email@example.com.
WILL WE EVER SHARE YOUR DATA WITH THIRD PARTY SITES, SPONSORS OR OTHER INSTITUTIONS?
Gingersnap does not rent, sell, or share personal information about you collected in connection with your use of the service with third parties. Gingersnap may, however, make enquiries, either directly or through third parties, to validate the registration information provided by parents or other relatives in order to prevent misrepresentation and fraud on the site.
We may provide your personal information to companies that provide services to help us with our business activities such as shipping your order or offering customer service. These companies are authorised to use your personal information only as necessary to provide these services to us.
We may also disclose your personal information as required by law, such as to comply with a subpoena, or similar legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
CHANGES TO PRIVACY NOTICE
We may update this privacy notice to reflect changes to our information practices. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on our website and in the FAQs in the app, prior to the change becoming effective. We encourage you to periodically review these pages for the latest information on our privacy practices.
If we make material changes to how we use your personal information collected from children under age 13, we will notify all parents by email in order to obtain verifiable parental consent for the new uses of the child’s Personal Information.
If you have questions or suggestions, please email us at firstname.lastname@example.org or mail us at
10-14 Crown Street