Privacy Policy - Bablr Early Learning 0-3 Years

Bablr Privacy Policy

Updated 19th May 2022

Bablr Ltd. (“us”, “we”, or “Bablr”) is the worldwide operator of the internet resource Bablr Early Learning System (Bablr Platform or Platform) which includes Bablr website www.gobablr.com (“Website” or “Bablr Website” or “Bablr WebApp”), Bablr mobile apps on Android and iOS Platforms (Mobile Apps), Bablr tablzet apps on Android and iOS Platforms (Tablet Apps) as well as the software, databases and applications provided by Bablr, Other content provided to you in all other formats by Bablr using third party platforms such as but not limited to Zoom, Instagram etc. (collectively referred to as the “Services”) (except our operation in India which is managed by Neosap India Private Limited and is subject to Privacy Policy available on www.gobablr.com/en-in).

This privacy policy (“Privacy Policy”) explains how we collect, use, share, disclose and protect Personal information about the Platform Users and Product Users of the Bablr Platform and Bablr Product (as defined in the Bablr Terms and Conditions of Use (ToS) and the any other visitors of the website and Platform (jointly and severally referred to as “you” and all its grammatical forms or “Users” and all grammatical forms in this Privacy Policy). We have created this Privacy Policy to demonstrate our commitment to the protection of your privacy and your personal information. Your use and/or access to the Platform and/or Product and/or Services is subject to this Privacy Policy and Bablr ToS. By using the services or by otherwise giving us your information, you will be deemed to have read, understood and agreed to the practices and policies outlined in this Privacy Policy and you agree to be bound by the same. By providing us with your personal data, you accept that our collection, use and sharing, disclosure of your information will be carried out by us as described in this Privacy Policy.

We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share any information relating to you (your personal data) in connection with your use of our website and Platform. It also explains your rights in relation to your personal data and how to contact us or a relevant regulator in the event you have a complaint.

We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR). We are also subject to the EU General Data Protection Regulation (EU GDPR) in relation to goods and services we offer to individuals and our wider operations in the European Economic Area (EEA). We are also subject to the Indian Information Technology Act 2000 and other applicable guidelines and regulations in India in relation to the goods and services that we offer to the users located in India.

We do not directly process data of anyone under 13 years old. If you are a parent/guardian and provide information about someone under the age of 13, you are confirming the authorization of sharing such data by giving permission to do so by submitting such personal data via the Services. If you are aware that any personal data of anyone under 13 years old has been shared, without permission from a parent/guardian, with our Platform, please let us know so that we can delete that personal data.

This privacy policy is divided into the following sections:

What this policy applies to
Personal data we collect about you
How your personal data is collected
How and why we use your personal data
Marketing
Who we share your personal data with
How long your personal data will be kept
Transferring your personal data out of the UK and EEA
Cookies and other tracking technologies
Your rights
Keeping your personal data secure
How to complain
Changes to this privacy policy
How to contact us

What this policy applies to
This privacy policy relates to your use of Bablr Platform and/or Product and/or Services.

Throughout our Platform we may link to other websites owned and operated by certain trusted third parties to make additional products and services available to you. Those third party websites or tools may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to those third party websites or tools, please consult their privacy policies as appropriate.

Personal data we collect about you
The personal data we collect about Users depends on the particular activities carried out through Bablr Platform. We will collect and use the following personal data about you:

name, address and contact information, including email address and telephone and/or mobile number
information to check and verify your identity and age, e.g. date of birth
gender, if you choose to give this to us
demographic data (such as your or of child/ren that you represent- name, gender), if you choose to give this to us
your baby’s date of birth
information regarding your baby’s premature birth status
location data, if you choose to give this to us
your billing information, transaction and payment card or other payment method information
bank account and/or other payment details as may be required to process the commercial transaction between you and us.
details of any information, feedback or other matters you give us by phone, email, post or via social media
your account details, such as username and login details
your activities on, and use of, our Platform
your personal interests
information about the services we provide to you
your contact history, purchase history and saved items
information about how you use our Platform and technology systems
your responses to surveys, competitions and promotions
Bablr passwords, one-time passwords
IP addresses;
domain servers;
types of computers and devices used by you to access the Platform;
types of web browsers used by you to access the Platform;
referring source which may have sent you to the Platform; and
other information associated with the interaction of your device/browser and the platform
other information that you voluntarily choose to provide to us (such as information shared by you with us through emails or letters.

If you do not provide personal data we ask for where it is required at the point of collection it may delay or prevent us from providing products and services to you.

We collect and use this personal data for the purposes described in the section ‘How and why we use your personal data’ below.

How your personal data is collected
We collect personal data from you:

directly, when you enter or send us information, such as when you register with us, contact us (including via email), send us feedback, purchase products or services via our Platform, post material to our Platform and complete customer surveys or participate in competitions via our Platform, and
indirectly, such as your browsing activity while on our Platform; we will usually collect information indirectly using the technologies explain in the section on ‘Cookies and other tracking technologies’ below

How and why we use your personal data
Under data protection law, we can only use your personal data if we have a proper reason, e.g.:

where you have given consent
to comply with our legal and regulatory obligations
for the performance of a contract with you or to take steps at your request before entering into a contract, or
for our legitimate interests or those of a third party

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own. You can obtain details of this assessment by contacting us (see ‘How to contact us’ below).

The table below explains what we use your personal data for and why.

What we use your personal data for	Our reasons
Create and manage your account with us	For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service to you at the best price and To perform our contract with you or to take steps at your request before entering into a contract
Providing products and services to you	To perform our contract with you or to take steps at your request before entering into a contract
Conducting checks to identify you and verify your identity or to help prevent and detect fraud against you or us	To comply with our legal and regulatory obligations and For our legitimate interests or those of a third party, i.e. to minimise fraud that could be damaging for you and/or us
To enforce legal rights or defend or undertake legal proceedings	Depending on the circumstances: – to comply with our legal and regulatory obligations – in other cases, for our legitimate interests or those of a third party, i.e. to protect our business, interests and rights or those of others
Customise our Platform and its content to your particular preferences based on a record of your selected preferences or on your use of our Platform	Depending on the circumstances: – your consent as gathered via the consent tool on our Platform – see ‘Cookies and other tracking technologies’ below – where we are not required to obtain your consent and do not do so, for our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service to you at the best price If you have provided such a consent you may withdraw it at any time by changing the settings on the cookies tool (that will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn).
Retaining and evaluating information on your recent visits to our Platform and how you move around different sections of our Platform for analytics purposes. This helps us to understand how people use our Platform so that we can make it more intuitive or to check our Platform is working as intended	Depending on the circumstances: – your consent as gathered via our cookies tool on our Platform – see ‘Cookies and other tracking technologies’ below – where we are not required to obtain your consent and do not do so, for our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service to you at the best price If you have provided such a consent you may withdraw it at any time by changing the settings on the cookies tool (that will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn).
Communications with you not related to marketing, including about changes to our terms or policies or changes to the products and services or other important notices	Depending on the circumstances: – to comply with our legal and regulatory obligations – in other cases, for our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service to you at the best price
Protecting the security of systems and data	To comply with our legal and regulatory obligations We may also use your personal data to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for our legitimate interests or those of a third party, i.e. to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us
Statistical analysis to help us manage our business, e.g. in relation to our financial performance, customer base, product range or other efficiency measures	For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service to you at the best price
Updating and enhancing customer records	Depending on the circumstances: – to perform our contract with you or to take steps at your request before entering into a contract – to comply with our legal and regulatory obligations – where neither of the above apply, for our legitimate interests or those of a third party, e.g. making sure that we can keep in touch with our customers about existing orders and new products
Disclosures and other activities necessary to comply with legal and regulatory obligations that apply to our business, eg to record and demonstrate evidence of your consents where relevant	To comply with our legal and regulatory obligations
Marketing our services to existing and former customers	For our legitimate interests or those of a third party, i.e. to promote our business to existing and former customers See ‘Marketing’ below for further information
External audits and quality checks, e.g. for the audit of our accounts	For our legitimate interests or a those of a third party, i.e. to maintain our accreditations so we can demonstrate we operate at the highest standards
To share your personal data with members of our group and third parties in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency In such cases information will be anonymised where possible and only shared where necessary	Depending on the circumstances: – to comply with our legal and regulatory obligations – in other cases, for our legitimate interests or those of a third party, i.e. to protect, realise or grow the value in our business and assets

Sensitive Data

Certain personal data we collect is treated as a special category data – also known as Sensitive Data to which additional protections apply under data protection law. Such Sensitive Data includes personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, as well as genetic data, biometric data when used to uniquely identify an individual and data concerning health, sex life or sexual orientation.

Where we process such Sensitive Data, we will also ensure we are permitted to do so under data protection laws or will only do so on the basis of your consent (or the consent of a User’s parent or legal guardian).

See ‘Who we share your personal data with’ for further information on the steps we will take to protect your personal data where we need to share it with others.

Anonymous and Aggregated Data

We will use the personal information we hold about you (as well as anonymised information generated from your personal information) to carry out analysis and research as we see fit. Such data is no longer personal data for the purposes of the UK and EU GDPR or as no individual can be personally identified. Such anonymous and aggregated data is outside the scope of this privacy policy.

Marketing

We may use your personal data to send you updates (by email, text message, telephone or post) about our products AND/OR services, including exclusive offers, promotions or new products or services.

We have a legitimate interest in using your personal data for marketing purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you marketing information. However, where consent is needed, we will ask for this separately and clearly.

You have the right to opt out of receiving marketing communications at any time by:

Using the Contact details provided here.
Using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts.

We may ask you to confirm or update your marketing preferences if you ask us to provide further products or services in the future, or if there are changes in the law, regulation, or the structure of our business.

We will always treat your personal data with the utmost respect and never sell it with other organisations outside our business for marketing purposes.

For more information on your right to object at any time to your personal data being used for marketing purposes, see ‘Your rights’ below.

Who we share your personal data with

We routinely share personal data with:

third parties we use to help deliver our products or services to you, eg payment service providers, and delivery companies
other third parties we use to help us run our business, eg marketing agencies or sales support partners or Platform hosts and Platform analytics providers or materials suppliers etc.
our banks

We only allow those organisations to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on them to ensure they can only use your personal data to provide services to us and to you.

We or the third parties mentioned above may occasionally also need to share personal data with:

external auditors, eg in relation to the audit of our accounts, in which case the recipient of the information will be bound by confidentiality obligations
professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations
law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations
other parties in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, information will be anonymised but this may not always be possible, however, the recipient of the information will be bound by confidentiality obligations

If you would like more information about who we share our data with and why, please contact us (see ‘How to contact us’ below).

Where is your personal data stored

As far as Bablr Early Learning System is concerned, we have created infrastructure to store your personal data at the following locations

Users in the United Kingdom – Personal Data is stored in the servers physically located in the UK
Non UK Users in the EEA – Personal Data is stored in the servers physically located in Ireland
Users in India – Personal Data is stored in the servers physically located in India
Users in all other countries – Personal Data is stored in the servers physically located in Ireland

We also use reputed third party software-as-a-service tools such as HubSpot to support Sales, marketing and customer service activities or Wix to support Bablr Parenting Academy Activities. In such cases, the data submitted to us is stored on the servers of these service providers. These reputed companies have their own GDPR compliance frameworks to protect the data of the users of their clients.

How long your personal data will be kept

We will not keep your personal data for longer than we need it for the purpose for which it is used. For example, providing our services to you, managing your account and subscription and keeping information for our own legal requirements such as for tax purposes or in the defence or pursuit of legal claims.

Following the end of the of the relevant retention period, we will delete or anonymise your personal data.

Transferring your personal data out of storage location

It is sometimes necessary for us to share your personal data to countries outside the above mentioned storage location. In those cases, we will comply with applicable UK, EEA, Indian laws designed to ensure the privacy of your personal data.

The EEA, UK and other countries outside the EEA and the UK have differing data protection laws, some of which may provide lower or higher or differing levels of protection of privacy.

For example, our servers are based in the UK and in Ireland (EEA), but we will transfer your personal data to our service providers located outside the UK and EEA (such as to our customer service and technical teams in India or data of customers in India to marketing agency in EEA).

We will also ensure all protections required by applicable UK and EEA and Indian laws are in place before transferring personal data to any organisation or body (or its subordinate bodies) governed by public international law or set up by, or on the basis of, an agreement between two or more countries (international organisations).

In the event that, Bablr sells any of its business or assets to any third party, it may disclose your personal data to the prospective buyer of such business or assets. The same shall also be applicable if Bablr or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.

Under data protection laws, we can only transfer your personal data to a country outside the UK/EEA where:

in the case of transfers subject to UK data protection law, the UK government has decided the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy regulation’) further to Article 45 of the UK GDPR. A list of countries the UK currently has adequacy regulations in relation to is available here.
• in the case of transfers subject to EEA data protection laws, the European Commission has decided that the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy decision’) further to Article 45 of the EU GDPR. A list of countries the European Commission has currently made adequacy decisions in relation to is available here.
• there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you, or
• a specific exception applies under relevant data protection law

Where we transfer your personal data outside the UK we do so on the basis of an adequacy regulation or (where such is not available) on the basis of legally-approved standard data protection clauses recognised or issued further to Article 46(2) of the UK GDPR. In the event we cannot or choose not to continue to rely on either of those mechanisms at any time we will not transfer your personal data outside the UK unless we can do so on the basis of an alternative mechanism or exception provided by UK data protection law.

Where we transfer your personal data outside the EEA we do so on the basis of an adequacy decision or (where such is not available) on the basis of legally-approved standard data protection clauses issued further to Article 46(2) of the EU GDPR. In the event we cannot or choose not to continue to rely on either of those mechanisms at any time we will not transfer your personal data outside the EEA unless we can do so on the basis of an alternative mechanism or exception provided by applicable data protection law.

Any changes to the destinations to which we send personal data or in the transfer mechanisms we use to transfer personal data internationally will be notified to you in accordance with the section on ‘Change to this privacy policy’ below.

For further information about such transfers and the safeguards we employ, including to obtain a copy of the standard data protection clauses we use, please contact us by clicking here.

Cookies and other tracking technologies

A cookie is a small text file which is placed onto your device (eg computer, smartphone or other electronic device) when you use our Platform. We use cookies and other similar technologies, eg web beacons, action tags, and analytics on our Platform. These help us recognise you and your device and store some information about your preferences or past actions.

For further information on cookies our use of and other similar technologies, e.g. web beacons, action tags, and analytics on our Platform, when we will request your consent before placing them and how to disable them, please see our Cookie Policy.

Your rights
Countries outside the UK and the EEA have differing data protection laws, some of which may provide lower levels of protection of privacy. Whilst the UK GDPR and the EU GDPR is not applicable to you if you usually reside outside of these regions, as a commitment to quality and for the respect of the privacy of our Users, we endeavor to apply the GDPR standard across our global operations.

If you are based in the UK or EEA, you generally have the following rights, which you can usually exercise free of charge:

Access to a copy of your personal data	The right to be provided with a copy of your personal data
Correction (also known as rectification)	The right to require us to correct any mistakes in your personal data
Erasure (also known as the right to be forgotten)	The right to require us to delete your personal data – in certain situations
Restriction of use	The right to require us to restrict use of your personal data in certain circumstances, e.g. if you contest the accuracy of the data
Data portability	The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party – in certain situations
To object to use	The right to object: – at any time to your personal data being used for direct marketing (including profiling) – in certain other situations to our continued use of your personal data, e.g. where we use your personal data for our legitimate interests.
Not to be subject to decisions without human involvement	The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you We do not make any such decisions based on data collected by our Platform.
The right to withdraw consents	If you have provided us with a consent to use your personal data, you have a right to withdraw that consent easily at any time. You may withdraw consents by changing the settings via our Platform or by contacting us. Withdrawing a consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn.

For further information on each of those rights, including the circumstances in which they do and do not apply, please contact us (see ‘How to contact us’ below). You may also find it helpful to refer to the guidance from the UK’s Information Commissioner on your rights under the UK GDPR.

If you would like to exercise any of your rights, please contact us (see ‘How to contact us’ below) and we will revert to you promptly.

When contacting us please:

provide enough information to identify yourself (e. g. your full name, address and customer or matter reference number) and any additional identity information we may reasonably request from you, and
let us know which right(s) you want to exercise and the information to which your request relates

Keeping your personal data secure

We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

How to complain

Please contact us here if you have any queries or concerns about our use of your information. We hope we will be able to resolve any issues you may have.

You also have the right to lodge a complaint with:

the Information Commissioner in the UK, and
a relevant data protection supervisory authority in the EEA state of your habitual residence, place of work or of an alleged infringement of data protection laws in the EEA

The UK’s Information Commissioner may be contacted at https://ico.org.uk/make-a-complaint or by telephone: 0303 123 1113.
For a list of EEA data protection supervisory authorities and their contact details see here.

Changes to this Privacy Policy

We may change this privacy policy from time to time – when we make significant changes we will take steps to inform you, for example by providing you with a notification, via email, and asking you to reaccept our terms.

How to contact us

All users can contact us regarding their GDPR and Data Protection queries and advice by accessing the contact information on this link.