Privacy Policy

This Privacy Policy has been updated as of  24 May 2018

Preface

QATC Europe Ltd, 12 Eldon Way, Hockley, Essex, SS5 4AD, United Kingdom ("QATC", "we", "us" or "our") is committed to protecting the privacy of users of:

a)    any of our Websites, meaning any website or URL of ours that we have linked to this Privacy Policy, including features and content, that are operated by us or affiliates and made available thereon;

b)    any of our Software, any digital software applications and/or platforms made available to you via mobile telecommunications platforms and/or through social networking platforms or app stores and that we have linked to this Privacy Policy. Including those offered and provided through our partner Websites, Learning Lodge and Kid Connect/Kidi Connect (“KC”), and LeapFrog Connect  platform, LeapFrog Academy;

c)    any of our Hardware Products, meaning any Software compatible electronics learning products that we have linked to this Privacy Policy;

d)    Support, meaning any support services or information provided on or in connection with the abovementioned Websites,  Software or Hardware Product.

To help us achieve our goal of providing the highest quality products and services, we use information from our interaction with you and other customers. We attach considerable importance to protecting your privacy and data supplied by you. Because we respect your privacy, we have procedures to ensure that your personal information is handled in a respectable manner.

We believe that it is important to inform you about our procedures regarding our processing of your personal information. This privacy policy (“Privacy Policy”), together with such other terms presented to you in relation to your use of the Websites, Hardware Product or Support (referred to collectively as the "Services"), explains how information is collected, used or disclosed (on behalf of itself and its group companies) in connection with the Services and applies to your use of those services.

This Privacy Policy also governs your use of our Websites and Software. If you do not agree to this Privacy Policy, our Terms and Conditions of Web Site Use, and/or all terms related to our Software, as applicable, then please refrain from using our Websites and Software.

Who is QATC?
The QATC is a multi-national organization with legal entities, business processes, management structures and technical systems that cross border. The part of the company responsible for collecting, processing and using your personal data on or in relation to the Services is:

QATC (Europe) Ltd

12 Eldon Way

Hockley, Essex,

SS5 4AD

United Kingdom

 

Does QATC process personal data of Children (individuals under the age of 16)?

The Software, Hardware Products and services are mainly developed to be used by children, consequently will indeed process personal data of children, though we will not process children’s personal data without parent´s prior acknowledgement.

A special note to children:

If you are under 16 and would like to access or use certain parts of our Services, you must get your parent's or guardian's permission before providing us with any personal information, including but not limited to providing game play result, text message, photo message and voice message when using our Services.

Therefore, please ask your parent or guardian for guidance when using any of our Services. Your parent or guardian will need to know that use of our Services may result in your personal information being transferred to and processed to countries where laws may not provide the same protection as the country where you live.  Children without this acknowledgement from parent are not allowed to provide us with personal information.

A special note for parents and/or guardians:

We want you and your family to have fun surfing our Websites and using our Services and urge you and your family to follow common sense whenever disclosing personal information  on our Website, via other Services or anywhere else on the Internet.

How do we obtain your personal data?

Our operations include granting licenses for end users to install and use e-books, games and related (downloadable) software. For these purposes we may process your personal data.

  1. Information you provide to us - In order to purchase and/or use the downloadable products provided by us you need to register. Using your email address and a password of your choice, you may access your account online at any time to add delete or change some of the information retained in your account. The alternative to having a registered account is being a “non-registered user”. As a non-registered user, you do not have the benefit of ordering our (downloadable) products via the Internet. We receive and store any information you transmit to us during registration via the Services or give us in any other way. Do not submit information which you do not want us to access. Please note, however, that if you do not submit the information required for registration, you may not be granted permission to use certain Services and/or to download the software made available through the Services.  When using our Services certain information, including but not limited to text message, voice message, or photo may be sent by you or your child to the intended recipient and we need to process and store the information.
  2. Data collected automatically – We may use certain tools that allow us to collect, store and analyse information about your use of our Websites and our other Services each time you visit the public areas of any of our Services.
  3. Sensitive personal data – Unless actively provided by you, we do not and will not actively collect sensitive personal data concerning a person’s religion or philosophical beliefs, race, political persuasion, health and sexual life or personal data concerning trade union membership.
  4. Bank account details - QATC does not process or store bank account details. Payments will be processed by third parties, not QATC, so QATC will not collect, process or use payment details (such as credit card numbers or PayPal data). To complete a payment transaction within the Services users will be directed to third party websites. QATC does not own, control or operate such sites, and is not responsible for the privacy policies or practices of such sites. The personal data you choose to provide to or that is collected by these third parties (such as credit card or PayPal information) is not covered by this Privacy Policy. Privacy policies and practices for such linked sites may differ from our privacy policy and practices. We urge you to read the privacy policies of such linked sites before disclosing your personal information on such sites. 

With whom may we share personal data of your personal data?

QATC may share and/or disclose personal data with other recipients, e.g. to be able to provide the Services or conduct our business operations as described below. When we share personal information, we do so in accordance with data privacy and security requirements. We may occasionally share non-personal, anonymized, and statistical data with third parties. Below are the type of recipients with whom we may share personal data with as well as the reasons why we do this. Your data may be passed on to:

Within the QATC Group: Our businesses around the world are supported by a variety of teams and functions, and personal data will be made available to them if necessary for the provision of the Services, account administration, sales and marketing, customer and technical support, and business and product development, for instance. All of our employees and contractors are required to follow our data privacy and security policies when handling personal data. The location processing personal data may include Hong Kong, China, and the US as well as the EU.

Our third-party service providers: We partner with and are supported by service providers around the world. Personal data may be made available to these parties only when necessary to fulfil the services they provide to us, such as software, system, and platform support; direct marketing services; cloud hosting services; advertising; data analytics; and order fulfilment and delivery. Our third-party service providers are not permitted to share or use personal information we make available to them for any other purpose than to provide services to us.

Third parties for legal reasons: We will share your personal information with certified third parties as required by law.  This includes, but is not limited to the following situations:

  • For compliance with legal obligations when required by government agencies, including law enforcement and other public authorities.  This which may include such authorities outside your country of residence.  For such purpose we may also share your personal data with our legal advisers.
  • In the event of a merger, sale, restructure, acquisition, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).  Under such events, we will exercise our best effort to maintain the protection of your personal information under the appropriate privacy policy.

How does QATC use your personal data?

We provide in this Section the purposes for which QATC may retain and process your personal data.  Specifically, we provide:

1)    what data QATC retains and processes, and for which specific purpose;

2)    on what legal basis QATC will processes this data;

3)    for how long the data is stored by us; and

4)    with whom your data is being shared.

This information is grouped by type of data stream. Please note that some Personal Data categories listed may also include personal data of children.

Sales, customer management and financial administration
Purpose: To complete the sales transaction of Software and/or Hardware Products, including Website sales (e-commerce)

Data: First name, Last name, Home address, E-mail address, Telephone number, Account number, Client ID, Login Data, Connection data, Order number, Products purchased.

Basis: performance of a contract

Retention period: As long as the data subject operate an account in our services or within 2 weeks upon the data subject request for deletion.

 

Purpose: Handling complaints, after sales
Data: Name, E-mail address, Telephone number, Order number, Content of the complaint, Order and/or Payment status, Copy of bank statement
Basis: performance of a contract, legal obligation
Retention period: 3 years after completion of the services or within 2 weeks upon the data subject request for deletion.

 

Purpose: Financial administration and invoicing
Data: Customer name, Invoice address, payment record , VAT number, Telephone number, E-mail address
Basis: legitimate interest
Relevant interest: Compliance interest
Retention period: As long as necessary for the compliance interest include compliance of tax or accounting regulations.

Third Party recipients: bank and payment gateway and auditor

 

Purpose: Customer Relationship Management (CRM)
Data: Name, User name, E-mail address, Location, Order history, Social media, Browser, OS, User ID, Phone number, Year of Birth, Delivery date & notion of connected device
Basis: performance of a contract
Retention period: 3 years after completion of the services or within 2 weeks upon the data subject request for deletion.

 

 

Purpose: Services and order fulfilment
Data: Name and address details, E-mail address, Data required to provide the service, Data generated during the service, ID card or passport copy
Basis: performance of a contract
Retention period: As long as the data subject operate an account in our services or within 2 weeks upon the data subject request for deletion.

 

 

Marketing
Purpose: Direct marketing
Data: Name, address, E-mail address, country, language, Year of Birth for child,  Delivery date & notion of connected device, opt-in (yes/no)
Basis: legitimate interest, Consent
(Relevant interest: Commercial interest)
Retention period: As long as necessary for serving appropriate product information to users who have opted in or within 2 weeks upon the data subject request for deletion.

 

Purpose: Loyalty program
Data: User ID / Username, E-mail address, Order History, Name, address, year of birth, Delivery date
Basis: legitimate interest
Relevant interest: Commercial interest
Retention period: As long as the user stays in the Loyalty program or within 1 month upon the data subject request for deletion.

 

 

 

Management of Software and Websites

 

Purpose: Platform analytics and monitoring
Data: Technical and statistical data meaning the IP address, time of visit, user agent string, browser type, monitor size, surfing behavior, Location, browser type and language, IP address of the computer issuing the request, location, date and time of access, name and URL of the requested file, the website through which access is granted (referrer URL), the operating system of the computer issuing the request and access provider information
Basis: legitimate interest
(Relevant interest: Commercial interest)
Retention period: As long as necessary for the commercial interest or within 2 weeks upon the data subject request for deletion.

analytics service providers

 

Purpose: Offer an account to use a Service and the management of said accounts
Data: Name, Country, E-mail address, Username, Login data, Profile picture, Gender, Year of birth.
Basis: performance of a contract
Retention period: As long as the data subject operate an account in our services or within 2 weeks upon the data subject request for deletion.

 

Purpose: Chat function offered within the Service
Data: User ID, E-mail address, Name, Content of the chat message (text, photo, voice message)Chat log history, Chat analytics (time of chat, counters, participants, result, active/non-active times, etc.)
Basis: performance of a contract
Retention period: As long as necessary the data subject operate an account in our services or within 2 weeks upon the data subject request for deletion.  Under normal service, content of chat message (photo, voice, and undelivered text) will be deleted after 1 month.

 

 

Security and fraud prevention


Purpose: Identity verification and data security
Data: Email address, Name, User ID, Password, Passport, ID card
Basis: legitimate interest

(Relevant legitimate interest: Compliance interest)
Retention period: As long as necessary for the compliance interest or within 2 weeks upon the data subject request for deletion

 

 

Research & Development relating to our Services
Purpose: Market research
Data: Age, Gender, Surfing behavior
Basis: legitimate interest
(Relevant legitimate interest: Commercial interest)
Retention period: As long as necessary for the commercial interest or within 2 weeks upon the data subject request for deletion

 

 

Mail functionality
Purpose: Sending emails
Data: Name, E-mail address, Data required to provide the service, Data generated during the service
Basis: performance of a contract
Retention period: As long as the data subject operate an account in our services or within 2 weeks upon the data subject request for deletion

Third Party recipients: email services agency

 

What are your rights?

Under the European General Data Protection Regulation you have a number of rights with regard to your data and their processing:

Right of access

You have the right to request a copy of the information that we hold about you and to check that we are lawfully processing it.

Right to rectification

You have the right to ask us to correct any incomplete or inaccurate information we hold about you.

Right to erasure

We will erase your personal data if you request so and there are no legal requirement for retaining it.

Right to restriction of processing

You may ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it.  Upon such request we will take practical measure and find the resolution to end the suspension.

Right to object

You may object to us processing your information if there is something about your particular situation which makes you want to object. We shall no longer process your personal data unless we demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Right to data portability

You have the right to obtain your personal data from QATC. QATC will, under a practical way, provide these in a structured, commonly used and machine-readable format, which can easily be opened in other common digital systems. This way you can also transfer your data to another provider.

Right to withdraw consent

Whenever the basis for a particular data processing activity is your consent, you have the right to revoke that permission. This has no consequences for the past, but does mean that we will no longer be allowed to process this data. Consequently, it is possible that QATC can no longer provide you with certain services.  You also have the right to opt-in/opt-out from our direct marketing services.

Response from QATC

Any request can be sent to information@QATC.co.uk. QATC will comply with your request as soon as possible and in any case no later than one (1) month after QATC has received such a request. If QATC rejects your request we will indicate in our reply why the request is rejected.

How does QATC secure your personal data?

We use appropriate technical and administrative security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction, or unauthorised third-party access.  Our security measures are being continuously improved in accordance with technological developments. This includes, but is not limited to:

Policies and procedures

  • We have measures in place to protect against accidental loss and unauthorized access, use, destruction, or disclosure of data
  • We place appropriate restrictions on access to personal information
  • We implement appropriate measures and controls, including monitoring and physical measures, to store and transfer data securely
  • We conduct periodic Privacy Impact Assessments in accordance with legal requirements and our business policies

Measures for employees

  • We require privacy, information security, and other applicable training on a regular basis for our employees who have access to personal information and other sensitive data
  • We ensure that our employees and contractors operate in accordance with our information security policies and procedures and as well as any applicable contractual conditions

Does QATC apply automated individual decision-making tools, including profiling tools?

QATC may apply automated individual decision-making tools. Please remember though that you have the right not to be subject to a decision based solely on automated processing including profiling, which produces legal or similarly significantly affects relevant to you.

Do we transfer your personal data outside he European Economic Area?

For (for example) technical and operational reasons, it may be necessary for your (personal) data to be transferred to companies affiliated with QATC outside the European Economic Area. Because the privacy protection regulations there may not provide the same protection as within the European Economic Area, QATC will use the Privacy Shield or the EU Model Clauses to protect your privacy as much as possible. If that is not possible, QATC will ask you for permission to pass on your (personal) data to countries without an adequate level of protection. You can withdraw this permission at any time.

How does QATC handle children’s personal data?

We encourage parents and guardians to spend time with their children using the QATC Services and to be familiar with the different features the Services have to offer. The Websites are not directed to children under the age of 16. If you are under the age of 16 you should review the Privacy Policy with your parent/guardian to make sure you and your parent/guardian understand it.  We take appropriate measure in protection of children’s personal data.  The personal information from children being collected and processed in our Services is under the strict control by parents and guardians.

What are cookies and how does QATC use them?

Cookies are small pieces of (text) information that are sent to your browser when you visit our Websites and then saved on the hard disk or in the memory of your computer, tablet or mobile phone (hereinafter: "Device"). The cookies that are placed via our Websites cannot damage your Device or the files stored on it. When we talk about 'cookies', we mean not only these small pieces of (text) information, but also other data collections tools that allow us to monitor the use of some of the Services, such as our Websites, including device fingerprinting and "pixel tags"(also known as "tracking pixels" or "web beacons") which are small graphic files. Please be refer to our cookie policy published in our Websites for further information on how we use cookies and similar technologies.

May this Privacy Policy be altered?

This Privacy Policy can be changed. We therefore advise you to regularly read the Privacy Policy for any changes. If the law so requires we will also notify you in other ways from time to time about the processing of your personal information.

Where can you go with complaints and questions?
Please contact our Data Protection Officer with any requests or complaint about this Privacy Policy and/or related to your personal information. We will do our utmost to resolve the matter for you within a reasonable time frame.  However, if despite our effort you feel the matter is not addressed to your satisfaction, you can also always contact the government authority of your country in the field of privacy protection. In the United Kingdom this is the Information Commissioners Office (ICO).