Privacy Policy

Our Privacy Policy

Welcome to our privacy policy! This policy will give you information about how we look after your personal data when you visit our website or use our services. The policy also tells you about your privacy rights and how the law protects you.

Curiosity Learning Ltd produces the website www.gocuriosity.com and associated websites including www.gocuriosity.education and www.timelinechallenge.com. These provide downloadable and online accessible teaching and learning resources for the UK and overseas. Curiosity Learning Ltd also use social media to enhance the educational experience

This policy applies to the processing of your information by Curiosity Learning Ltd as the manager of data (MOD). The MOD decides how your information is used and protected. We take your privacy and our responsibility to protect your information seriously and will take care in use and handling of your personal data.  

Who we are

Curiosity Learning Ltd is a company registered in England under the company number 10041971 with our registered address as set out below.

You can contact us:

FAO:                HEAD OF DATA PROTECTION
Address:        The Black Barn, Wickhurst Farm, Leigh, Kent TN11 8PS

Email: privacy@gocuriosity.com

What information we collect about you

Information you provide

During your interaction with us, whether via our websites, by email, through completion of surveys, or by any other means, you may provide information to us which might include [as example] your name, address, gender, email address, phone number, birthday, your online username, the type of device you use to connect to the internet, and the subjects you are interested in, in order to provide you with information or reply to your queries. If you are ordering products or services from us, you will provide your payment details. Your information includes anything which identifies you so if you contribute to a blog or provide other user generated content to us it may include personal information.

We rely upon information being provided within the law, accurately and with the full permission and authority of the owner of the information.

We will never ask for ‘sensitive’ information such as ethnic origin, sexuality, religious belief or political opinion and it is the responsibility of the user to ensure that none is submitted.

Adults and Schools

We collect your information when you:

  • Register a child or school on our website (e.g. your email address)
  • Apply for a free or example materials
  • Make a secure payment via our website (e.g. postal address, credit or debit card number)
  • Apply for customer support via our help desk
  • Interact or correspond with us by letter, phone, SMS, email or via our website
  • Complete one of our surveys.

Children age 16 and under

No Child age below 16 may register directly for our services; the submission must be made by an adult or school on behalf of the child. We may then collect a child’s information when:

  • A child is registered on our website (e.g. child’s full name, child’s date of birth)
  • Work is uploaded to our website or placed on social media

Protection of Personal Data

You are responsible for ensuring that personal data is transferred to us securely.  Once we have received data we will take all reasonable precautions to ensure that all the personal data for use as above remains secure. We have procedures to protect the storage and disclosure of personal data. You must ensure passwords or login usernames are not shared and are kept securely.

Cookies and how you use our website

We also collect certain information about how you use our website and the device that you use to access them. This includes your IP address, geographical location, device information (such as your hardware model, mobile network information, unique device identifiers) browser type, length of visit to the website, number of pages visited and similar information. We use Google Analytics for this purpose and you may choose to opt out of the process by selecting to opt out on the Google website.

Please read our Cookie Policy below for more information, including information about how to delete cookies placed on your device and how to prevent them from being put there in the first place.

Be mindful that if you do enable a prevent cookies functionality on your device, some of our services and functionalities on the site will no longer work.

Our Cookie Policy

Cookies are small data files that your browser places on your computer or device. A cookie itself does not contain or collect information. However, when it is read by a server via a web browser it can help a website deliver a more user-friendly service – for example, remembering your details from a previous visit in order to provide a faster web experience.

Like most websites, we collect some information. This information won’t be linked to any other information we collect about you unless you have given your consent that we may do this. For further details see our full Cookie policy.

Please ensure that you are familiar with the privacy policy of any other website you visit as a result of your visit to our website; we are not responsible for any external links or third party activity.

How we use your information

We use your information lawfully. We do not sell your information to third parties. However, we may share your information as set out in the section “When we share your information”. Details of how we use your information and the legal bases for our use are set out below:

We may use such personal data collected to:

  • process your request, for example, to purchase products or access services and to administer your account.
  • communicate with you and provide information about our products and services.
  • place material onto a social media platform once it has been anonymised.
  • send you marketing communications about products, services, activities, promotions or other matters that we feel may be of interest or use to you.
  • contact you about products you have bought or services you have subscribed to.
  • analyse your use of our websites and response to our communications and improve the services we offer, including personalising our communications with you.

When we have your consent to contact you, we may use your information to:

  • keep in contact with you and provide you with marketing communications about news, resources or products from Curiosity Learning Ltd;
  • tell you about new website features or services;
  • send you newsletters.

In the following circumstances we will use your information to carry out our contract with you:

  • to process your requests to purchase our products from our website
  • to facilitate use of the services offered
  • to provide customer service and support.

Sometimes we will use your information on the basis of our ‘legitimate business interests’ (legitimate interests). This means our legitimate interests in conducting and managing our business and our relationship with you.

Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you, particularly where we process children’s personal data.  Our legitimate interests don’t automatically override yours and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing, you have rights and choices which include the right to object (please see the section headed “Your rights and choices”).

We may use your information for the purposes listed below on the basis of our legitimate interests:

  • to contact you about products you bought from us;
  • to contact you about submissions you or a child made;
  • to respond to your queries and correspondence;
  • to collect and store accurate data of our customers;
  • to administer your account with us;
  • to deal with enquiries or complaints as necessary to provide customer support in providing the correct products and services to our website users;
  • to carry out aggregated and anonymised research about general engagement with our website in providing the right kinds of products and services to our website users;
  • to measure or understand the effectiveness of advertising;
  • to deliver relevant advertising and make relevant recommendations and suggestions to you about our products and services;
  • to analyse your use of our websites and your responses to our communications;
  • to personalise, enhance, modify or otherwise improve the services and/or communications that we provide to you;
  • to detect and prevent fraud and unauthorised access or illegal activity;
  • to improve security and optimisation of our network sites and services including trouble shooting, testing and software development and support;
  • to operate a safe and lawful business or where we have a legal obligation;
  • to enable us to comply with our policies and procedures and enforce our legal rights, or to protect the rights, property or safety of our employees;

Who can see your information?

Your information may be processed by our staff or by the staff of third parties we work with to deliver our business. Processing can mean any activity that involves the use of information about someone that can identify them. All uses, for example, obtaining, recording, storing, disclosing, organising, retrieving, deleting and destroying are types of data processing. We take measures to ensure that third parties processing your information on our behalf are acting lawfully in accordance with our instructions and are subject to appropriate confidentiality requirements. We also have adequate technical and organisational safeguards in place in our company and with third party processors to protect your information. Third party processors of your information include:

  • our website hosts and operators, IT support providers, database operators, site analytics providers and software developers;
  • our customer support team;
  • our marketing or publicity services providers;
  • our financial services;
  • our delivery service providers;
  • our auditors, technical consultants and legal advisors;
  • our fraud detection services.

When we share your information

We sometimes share your information within Curiosity Learning Ltd and with our partner third party companies (see How we use your information/Who can see your information). Where we share your information outside our company you will be asked to consent to a third party sharing your information and if you choose to give your permission any interaction you have with a third party is governed by their privacy terms. The third party becomes a joint data controller of your information with us. This means that the third party can make decisions about how to use your information. Before we share your information, we require third parties to enter into a data sharing agreement which stipulates that they must maintain appropriate security to protect your information from unauthorised access, processing or use.

We will share your information with the following third parties:

  • Caspio who manage our database
  • Go Daddy who host our websites
  • Royal Mail Plc and courier companies who despatch materials to our users
  • any other third parties (including legal or other advisors, regulatory authorities, courts and government agencies) where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law or where we have a legal obligation to do so.

How we look after your information

We look for opportunities to minimise the amount of personal information we hold about you.  Where appropriate we anonymise and pseudonymise your information. We use appropriate technological and operational security measures to protect your information against any unauthorised access or unlawful use, such as:

  • ensuring the physical security of our offices and other sites;
  • ensuring the physical and digital security of our equipment and devices by using appropriate password protection and encryption;
  • maintaining a data protection policy for, and delivering data protection training to, our employees;
  • limiting access to your personal information to those in our company who need to use it in the course of their work and ensure it is kept behind a user password verification system.

You are responsible for ensuring that any passwords provided to access information on our website are not shared and are kept securely.

How long we keep it for

We will retain your information for as long as is necessary to provide you with the services that you have requested from us or for as long as we reasonably require to retain the information for our legitimate interests, such as for the purposes of exercising our legal rights. We operate a data retention policy and look to find ways to reduce the amount of information we hold about you and the length of time that we need to keep it. For example:

  • we archive our email and paper correspondence regularly and destroy unnecessary information;
  • We operate a best practice email retention policy requiring password protected folders and departmental shared drives to provide restricted access to information;
  • We conduct regular access reviews to keep access profiles and policies up to date;
  • We conduct periodic review and purge cycles of documents in accordance with our document retention policy;
  • we retain information relating to orders, refunds and customer queries for approximately 6 years;
  • we retain information relating to commercial contracts for approximately 6 years after expiration or termination whichever is the sooner;
  • we maintain a suppression list of email addresses of individuals who no longer wish to be contacted by us. So that we can comply with their wishes we must store this information permanently;

International Transfers of your information

Our company is located in the UK.

Whenever we transfer your personal information out of the European Economic Area (EEA) we will take all steps necessary to ensure that it is adequately protected and processed in accordance with this Privacy Notice by using all appropriate cross-border transfer safeguards such as:

  • by entering into the European Commission’s Standard Contractual Clauses with the provider which give personal data the same protection it has in the EEA; and
  • where the provider is in the US, the EU-US Privacy Shield if the provider is part of the EU-US Privacy Shield Framework.

Please contact us if you would like additional information on the specific means used by us when transferring your personal data outside of the EEA.

Your rights and choices

Your Right to Object

You have the right to object to our using your information for direct marketing and on the basis of our legitimate interests (refer to “How we use your information” above to see when we are relying on our legitimate interests). If you want to do this, you can contact us using the details in the section “Who we are”.

Your Right to Withdraw Consent

You have the right to withdraw your consent for our use of your information in reliance of your consent, which you can do by contacting us using any of the details in the section “Who we are”. Withdrawl of consent may not require cancellation of a commercial contract

Your Other Rights and Choices

You also have other choices and rights in respect of the information that we hold about you, including:

  • the right to request access to the information that we hold about you to check that we are acting lawfully;
  • the right to receive a copy of any information we hold about you in a structured, commonly-used, machine readable format or in another format of your choice;
  • the right to request that we transfer your information to another service provider in a structured, commonly used, machine-readable format;
  • the right to ask us to correct information we hold about you if it is inaccurate or incomplete;
  • the right to ask us, in certain circumstances, to delete information we hold about you;
  • the right to ask us, in certain circumstances, to restrict processing of your information.

You may exercise your rights and choices by contacting us using the details above “Who we are”. Exercising some of these rights may incur a small administration charge.

You can also prevent processing for marketing activities by checking certain boxes on forms that we use to collect your data to tell us that you don’t want to be involved in marketing.

Your Right to Complain

Please contact us if you have any questions or are unhappy about the way your information is used. We hope we will be able to resolve any problems or issues you may have.

You also have the right to lodge a complaint about us and our use of your information to the UK Information Commissioner’s Office (https://ico.org.uk/) or the relevant authority in your country of work or residence.

Children

Curiosity Learning Ltd websites and platforms are directed at schools, adults and children for education purposes only. We will ensure that the required consent has been obtained from schools or adults acting on behalf of children under the age of 16 for us to handle the child’s information.

When children upload work and videos

Uploaded content is an integral part of the Curiosity programme. On registering it will be necessary to give adult or school consent to the sharing of your childrens work within the Curiosity environment.

Videos and work submitted may be uploaded to our websites or social media. Personal identifiers will be removed and only a first name will be associated with any submission. We encourage users not to use full names or display any address or other identifiers within any submission.

It is the responsibility of the consenting adult or school to ensure that any content submitted falls within the generally agreed norms for acceptability. In particular, care must be taken with images including children.

We may choose to withhold any videos, images, work or any other submission that we deem to be breaching accepted values and may report and deliver the same to the appropriate authorities along with all relevant detail held by Curiosity Learning Ltd

When children receive feedback from us

Following the submission of information by or on behalf of the child, the submitter may receive feedback from us. We will never ask for a child’s email address or other contact detail other than that submitted at the time of signing on to use the services of Curiosity Learning Ltd. Any communication is only through a Curiosity portal which may include closed social media groups. When a school or adult signs a child up for Curiosity they are giving permission for us to communicate with the child in this way.

When and how we obtain verifiable adult or school consent

When an adult or school registers a child by purchasing a Curiosity education package, they will be asked during the registration process to give their consent:

  1. to sharing of the child’s work, videos and submissions with the Curiosity Team
  2. to possible/occasional sharing of the child’s work, videos or submissions on our website, in social media or on a similar education based platform.

The ticking of the appropriate box(es) and/or the provision of credit card or bank details to complete the purchase of the package constitutes the verification process for “verifiable parental consent”.

Sharing information we have consent to share with others

If we’ve received “verifiable parental consent” to access a child’s information, we may also share the information with our service provides or legal authorities. We may share information with our service providers including software solution companies, online security partners and customer services. Our contracts with these companies make sure they only use personal data for the agreed purpose.

We may share personal information to meet legal processes or if disclosure is required by law. As allowed by relevant laws, we may also share personal information collected from children to:

  • Comply with a request from to a law enforcement or public agency (including schools or children services) or to avoid liability
  • Make a disclosure that we believe may stop a crime being committed
  • Help an investigation related to public safety
  • Protect the safety of a child who’s using our service
  • Protect the technology of our service providers or security of our online channels themselves

Should you notice any flaws or concerns in our security, please contact our team as soon as possible: privacy@gocuriosity.com

If we ever experience a data breach in which customer information is at risk of being misused, we’ll contact customers according to legal requirements. If necessary, we’ll also contact data protection authorities.

Changes to this Privacy Notice

We may make changes to this Privacy Notice from time to time. We will post any changes to our website.

This Privacy Notice was updated on 1February 2019.