A. THE BASICS
1.1.- ABOUT US
tinychanterstribe.com is an online platform owned and operated by Pablo Caballero («we», «us», and «our»). We create, publish and sell EFL/ESL teaching resources, materials and activities (e.g. songs, videos, flashcards, labels, worksheets, coloring pages, music scores…) for teachers, parents and children all over the world (the «Service»). Our mission is to make English learning fun and meaningful.
1.2.- KEY TERMS
1.3.- DATA PROTECTION LAWS COMPLIANCE
This Website is compliant with the European and Spanish legal requirements regarding Personal Data protection:
· Law 34/2002 of July 11 on Information Society Services and Electronic Commerce (LSSICE or LSSI).
B. PRIVACY POR VISITORS AND SUBSCRIBERS
2.1.- CATEGORY OF THE COLLECTED PERSONAL DATA (WHAT DATA DO WE COLLECT?)
The Personal Data we collect falls into the following categories:
· Information you provide to us: you may provide certain Personal Information to us when you use one of our Forms to download our freebies, send us message, or subscribe to our newsletter. This information includes basic contact information:
– Your name.
– Your email.
Service Usage Data may include:
– Usage data: we collect usage data about you whenever you interact with our Service, which may include the dates and times you access the Service and your browsing activities (such as what portions of the Service you used). We also collect information regarding the performance of the Service, including metrics related to the deliverability of emails and other communications you send through the Service.
2.2.- PURPOSE (HOW DO WE USE YOUR DATA?)
We collect the aforementioned Personal Data in order to:
· Cooperate with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of Personal Data to protect our rights or is necessary for our legitimate interest in protecting against misuse or abuse of our Website and Service, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes, or responding to lawful requests.
We treat your Personal Data in a lawful, loyal and transparent manner. The use we make of them is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
2.3.- HOW WE SHARE INFORMATION (WHO PROCESSES YOUR PERSONAL DATA?)
· Service providers: we share your information with some of our third-party service providers working on our behalf.
· Other Visitors: we make your username public to other Visitors so they can identify you when you make comments in our blog.
· Any competent law enforcement body, regulatory body, government agency, court or other third party where we believe disclosure is necessary as a matter of applicable law or regulation, to exercise, establish, or defend our legal rights, or to protect your vital interests or those of any other person.
2.3.1.- DATA PROCESSOR
The Email subscription and campaign management services are provided by The Rocket Science Group LLC d/b/a MailChimp, a company headquartered in the State of Georgia in the United States.
· Other Mailchimp’s legal documents: https://mailchimp.com/legal/
2.3.2.- OTHER THIRD-PARTY SERVICE PROVIDERS THAT PROCESS YOUR DATA
· Other Siteground’s legal documents: https://www.siteground.com/terms.htm
The web analysis services are provided by Google Inc. Google Analytics is a web analysis service provided by Google Inc., a company headquartered at 1600 Amphitheatre Parkway, Mountain View (California), CA 94043, United States of America. The information tracked by this cookie will be directly transfered and archived by Google in their servers in United States of America.
2.3.3.- OTHER THIRD PARTY SERVICE PROVIDERS THAT DO NOT PROCESS YOUR DATA
· Whitesquare GmbH’s terms: https://thrivethemes.com/terms/
· createIT’s legal documents: https://www.createit.com/privacy-policy-website-terms/
2.3.4.- PUBLIC INFORMATION AND THIRD-PARTY WEBSITES
· Social media platforms and widgets: we maintain presences on Facebook and Youtube. Any information, communications, or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms, including the embedded videos present in this Website, are governed by the privacy policies of the companies that provide them.
2.4.- LEGAL BASIS AND DATA PROCESSING AGREEMENT (HOW DO WE COLLECT YOUR DATA?)
If you are located in the EEA or UK, our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it. However, where required by law, we will collect Personal Data only where we have your consent to do so.
You directly provide us with the Personal Data we collect, and we collect this data in several ways. First. we collect and process your Personal Data with a double opt-in method consisting in three steps:
· Step 3: That Visitor receives an email to confirm their subscription. By completing these steps, a Visitor becomes a Subscriber.
After this, the new Subscriber’s Personal Data is added to our Subscribers List, along with important information like their IP address and when they filled out the aforementioned Forms and confirmed their subscription.
· Be internationally transfered due to the physical location of the facilities of the service providers and other data processors.
Second, our third-party partners Google and Mailchimp may use various technologies to collect and store Service Usage Data when you use our Service (as discussed above), and this may include using cookies and similar tracking technologies, such as pixels, web beacons, and if you use Mailchimp’s Mobile Apps, through their SDKs deployed on your mobile device.
When our Visitors use the Website for the first time, they will see a cookie use notice that informs about the usage of cookies and their purpose. This consent pop-up has four buttons:
· Decline button (X): enables Visitors right to object to the storage of analytics and targeting cookies.
Your consent allows us to collect and process your Personal Data this way. Giving your consent is an indispensable condition to have analytics and targeting cookies installed in your computer. You can withdraw your consent anytime as detailed in the Cookies Policy.
2.5.- ACCURACY AND TRUTHFULNESS OF DATA
Subscribers are solely responsible for the accuracy, validity, and authenticity of the Personal Data provided, exonerating us of any responsibility in this respect. Subscribers also undertake to keep the data provided properly updated.
2.6.- SPECIFIC RULES FOR CHILDREN REGARDING THE LEGAL BASIS AND THE DATA PROCESSING AGREEMENT
Visitors over the age of 14 are allowed to use any functionality where Personal Data is requested without the prior consent of their parents or guardians. In the case of children under 14 years of age, the consent of the parents or guardians is required for the processing of their Personal Data. If you are under 14 years old and have accessed this Website without notifying your parents you must not share any Personal Data.
2.7.- DATA RETENTION PERIOD (HOW LONG DO WE RETAIN YOUR DATA?)
We will retain your Personal Data as long as we have an ongoing legitimate business or legal need to do so. We will continue storing your Personal Data under this basis until:
· You withdraw your consent.
When we have no ongoing legitimate business need to process your Personal Data will be eliminated with adequate security measures to guarantee its total destruction. If this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.
2.8.- DATA PROTECTION RIGHTS
We would like to make sure you are fully aware of all of your data protection rights and how to exercise them.
2.8.1.- WHAT ARE YOUR DATA PROTECTION RIGHTS?
You are entitled to the following:
· The right to complain to a data protection authority about the collection and use of Personal Data. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA and UK are available here and Switzerland are available here.
2.8.2.- HOW TO EXERCISE YOUR DATA PROTECTION RIGHTS
2.9.- DATA SECURITY AND PROTECTION
We take appropriate and reasonable technical and organizational measures designed to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the Personal Data. Likewise, it is also guaranteed that the treatment and registration in files, programs, systems or equipment, premises, and centers comply with the requirements and conditions of integrity and security as established in the current regulations.
We have installed an SSL Certificate onto our web server to secure data transfer. SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser. We use SSL to secure data transfer. However, we are not able to guarantee the absolute security of the Internet nor, consequently, that the Personal Data in our possession is invulnerable to fraudulent third-party access.
Should a security incident happens, we will notify and provide you with all the relevant information as soon as we notice the problem and when you request information about it.
We do not transfer Personal Data to third parties, except by legal obligation. However, in the case of being transferred to a third party, information would be prior obtained by the Subscriber requesting the express consent for such assignment. The Data Processor, that is responsible for the Subscribers List, as well as those that intervene in any phase of the treatment, and/or the entities to which they have been notified (in any case always with the corresponding authorization granted by the user), are obligated to observe professional secrecy, the adoption of protection levels, as well as technical and organizational measures necessary to ensure the security of Personal Data, avoiding, as far as possible, unauthorized access, illegal modifications, subtractions and/or loss of data, in order to ensure the corresponding level of security of our files, according to the nature and sensitivity of the data provided by the users of this Website.
2.10.- ACCEPTANCE AND CONSENT
2.13.- COMMERCIAL MAIL
We do not perform SPAM practices, which means that we do not send e-mails that have not been previously requested or authorized by our Subscribers. Visitors must give their express consent to receive our newsletter, independently of the information punctually requested. Express consent is given by confirming subscription by email after filling in the Content Locker Form and the Newsletter Form.
Subscribers can opt out of receiving our newsletter anytime by clicking here or the «Unsuscribe» button available at the bottom of our emails.
For all purposes, the relations between the Data Controller and the Visitors and Subscribers, present on this Website, are subject to the Spanish legislation and jurisdiction to which the parties expressly submit, being competent for the resolution of all disputes arising or related to their use the Courts of Valencia.
2.15.- CONTACT INFORMATION
Updated November 1, 2019