Last updated: 1 December 2020
Last updated: 1 December 2020
We know how important security and privacy is to you. They are at the heart of Storypark and as such we strive to make things as safe and clear as possible for everyone involved.
a) “Account Holders” means together Authorised Viewers, Early Childhood Providers, and Primary Account Holders.
b) “Data Protection Laws” means the data protection and privacy laws applicable to the processing on Personal Data that we are committed to comply with, including:
d) “process” or “processing” means any operation or set of operations which is performed on Personal Data, such as collection, recording, organisation, structuring, storage, adaptation, use, disclosure, combination, restriction, or erasure.
e) “Security Incident” means any unauthorised or unlawful breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to Personal Data.
f) “Sensitive Data” means Personal Information relating to a person’s physical or mental health, race or religion.
If you have any questions or comments, or want to access, update, or delete the Personal Data we hold about you, or have a privacy concern please write to us at:
The Privacy Officer
PO Box 27239
or by email to: firstname.lastname@example.org
Please provide sufficient detail about the information in question to help us locate it. We will respond to any privacy request in compliance with the applicable Data Protection Law.
We may collect the following categories of Personal Data in in the following situations:
In these situations any such Account Holder is a joint data-controller along with us in respect of such Personal Data. We have no direct relationship with any person other than you, and for that reason, you are responsible for making sure you have the appropriate permission for us to collect and process information about any such person (including where Sensitive Data relating to a Child is collected and stored in the relevant Child Profile). Please see Part B (section 15) below which outlines your obligations in this regard.
We process Personal Data for the following purposes:
Performance of a contract: You acknowledge and agree that the processing identified below is necessary for the performance of a contract to which the data subject is party (being the Agreement):
You have the right to object to the way we processes your Personal Data where the processing is based on legitimate interests. For more information see “Your Rights” section below.
Data Processor: In respect of Personal Data uploaded and transferred to the Service by Account Holders we are a joint data-controller alongside the relevant Account Holder. However, the relevant Account Holder is responsible for determining the legal basis upon which that Personal Data is processed. Please see Part B (section 15) below which outlines the Account Holder’s obligations in this regard.
All those with whom we interact have the option to opt-out of receiving direct marketing communications from us. If you do not wish to continue to receive direct marketing communications from us and/or selected third parties you should opt-out by clicking on the “unsubscribe” link in any email communications that we might send you.
Please note that some features of the Service may involve us providing, through the functionality within the Service, recommendations or suggestions for goods, services or benefits that we offer.
We will retain your Personal Data for as long as the Account associated with you is active, or as long as needed to provide you with our Service.
We take steps to regularly destroy Personal Data, however we may:
a) in some cases, retain a copy of your Personal Data to comply with our legal obligations, resolve disputes, enforce our agreements and to comply with our trust and safety obligations. Personal Data retained for this purposes will be archived and stored in a secure manner after your Account has been closed, and will not be accessed unless required for any of these reasons; and
b) retain Personal Data in an aggregated, de-identified or otherwise anonymous form, such that there is no reliable way of identifying you from the information.
We will not sell Personal Data to anyone.
We share Personal Data with third parties for limited purposes, such as to help us run our business and provide the Website and Service. Those third parties can be categorised as follows:
We have no direct relationship with any person other than you, and for that reason, you are responsible for making sure you have the appropriate permission for us to disclose any Content (which may contain Personal Data) in the manner you direct through the Service. Please see Part B (section 15) below which outlines your obligations in this regard.
If you no longer want to be contacted by one of our Account Holders, please contact the Account Holder directly.
We limit the information we provide to third parties to the information they need to help us provide or facilitate the provision of goods and services and associated purposes. We deal with third parties that are required to meet the privacy standards required by law in handling your Personal Data, and use your Personal Data only for the purposes that we give it to them.
Storypark’s head office is located in New Zealand, so some limited information about adult individuals (including customers) is transferred and /or stored there. In respect of our responsibilities under the GDPR, the appropriate safeguard in place for such a transfer is the existence of an adequacy decision under Article 45 of the GDPR.
The vast majority of Personal Data we handle is stored and hosted in Australia. All Personal Data relating to Children on Storypark is hosted in Australia.
Some limited Personal Data may be provided to companies located in the USA who offer software as a service products that process content for inclusion on the Service (for example, conversion of images and videos to make them suitable for viewing online/ through a web browser). Those third parties located overseas are not permitted to (and are contractually obligated to not) access or use the Personal Data provided except for those limited purposes. We only choose reputable service providers and have agreements with such third parties that prevent them from using or disclosing to others the Personal Data we share with them, other than as is necessary to assist us.
While the information resides outside of the territory where you reside, it may be accessible to the local courts, law enforcement and national security authorities in a foreign jurisdiction.
We take all reasonable steps to protect Personal Data, including through internal and external security, restricting access to Personal Data to those who have a need to know, maintaining +technological products to prevent unauthorised computer access and regularly reviewing our technology to maintain security. We choose technology partners based on their security and privacy policies and practices.
Personal Data stored in our system is protected by electronic and procedural safeguards. We take reasonable precautions to protect Personal Data (and other content) from accidental loss and theft by storing it in secure data centres with off-site backups. Communication between Account Holders and our servers is encrypted via industry-standard secure sockets layer (SSL).
The Service is protected by a secure and encrypted password that each Account Holder must choose themselves. Account Holders should never share their passwords. Storypark is not responsible for any loss of data or breach of privacy if an Account Holder shares their password with someone else. We do not store your password on our servers.
Because internet transmissions cannot be guaranteed to be 100% secure, you acknowledge and agree that you use the Service at your own risk.
In case of a Security incident or any other breach of security safeguards, such as the loss of, unauthorised access to or unauthorised disclosure of Personal Data under Storypark’s control, we will respond in accordance with applicable Data Protection Laws.
Please note that where we are not, or are no longer, in a position to identify you within the information we hold (including because of any de-identification techniques we may have employed), then your rights as described above shall not apply.
We will respond to any request made in respect of the above in accordance with the applicable Data Protection Laws where you are resident.
We will respond to any request made in respect of the above without delay, but in any case within one (1) month of a request, or two (2) months where the requests are complex or numerous (in which case, we will inform you of such delay).
If your Storypark Account terminates (for whatever reason), the Personal Data associated with it may no longer be accessible to you. Any Content you have posted from your Account may still be available to other Account Holders that the Content has been associated with. There may continue to be residual copies of such Content due to ongoing data back-up and archiving.
You acknowledge and agree that, in respect of other people’s Personal Data (including the Personal Data of Children) that you upload and transfer within the Service, you are acting as a joint data-controller along with Storypark in respect of such Personal Data.
By accessing and using the Service to upload and transfer other people’s Personal Data, you agree that you: