At Wonky Star Limited ("Night Zookeeper", “Company”) we take privacy seriously and are committed to complying with data protection laws including the UK Data Protection Act, EU General Data Protection Regulation and US Children’s Online Privacy Protection Act.
This policy explains when and why we collect personal information about children, parents/guardians and teachers and other users ("you"), how this information is used, the conditions under which it may be disclosed to others and how it is kept secure.
This policy may change from time to time so please check this page occasionally to ensure that you’re happy with any changes.
This policy was last updated on 1st January 2024.
Night Zookeeper (company number 07706300) is the data controller in relation to the processing activities described below. This means that Night Zookeeper decides why and how your personal information is processed.
Where this policy refers to "we", “our” or “us” below, unless it mentions otherwise, it’s referring to the particular company that is the controller of your personal information.
We may collect and process the following information about you:
This is information about you that you give to us by entering information via our website or mobile application (where applicable) or by corresponding with us by phone, email or otherwise and is provided entirely voluntarily. The information you give us includes your name, address, child’s school name, your username and password, email address, phone number and credit card information.
We may automatically collect the following information: with regard to each of your visits to our website we may automatically collect technical information, including anonymous data collected by the hosting server for statistical purposes, the Internet protocol (IP) address used to connect your computer or device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
We may process a range of personal information about you including the following types of information: contact (such as your name, address, email address), monitoring (information relating to the surveillance or monitoring of your activities), employment (your previous, current or future employment details), cardholder (your payment card details) and correspondence (information contained in our correspondence or other communications with you about our products, services or business).
Any personal information you provide to us is on a voluntary basis. However we will not be able to provide you with our services/products as we require this information to enter into a contract with you.
We may use and process your personal information where we have supplied you (or continue to supply you) with any products or services, where we have arranged for the supply of another company’s products or services to you, or where you are in discussions with us about any new product or service. We will use this information in connection with the contract for the supply of products or services when it is needed to carry out that contract or for you to enter into it. Please see "What type of personal information do we process about you" above for details of the types of personal information we process for these purposes.
We may use and process your personal information where you have consented for us to do so for the following purposes:
You may withdraw your consent for us to use your information in any of these ways at any time. Please see "Withdrawing your consent" for further details.
Where we reasonably believe that you are or may be in breach of any applicable laws, we may disclose your personal information to relevant third parties, including to law enforcement agencies or your internet service provider.
We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business for the following purposes:
We may disclose your information to our providers of analytical services, to help us understand and improve how our products and services are used, to identify how often you use our services and to provide us with performance data and download information. Such third parties may include Google, Amazon, Heroku, Cloudinary, Stripe, ObjectLabs Corporation, Sentry, ZEIT Inc, Cloudflare. All of whom have privacy policies in place. When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
When you purchase any products or services, your credit/debit card payment is processed by a third party payment processor, who specialises in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us using the details at the end of this policy.
We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. We may also transfer your personal information if we’re under a duty to disclose or share it in order to comply with any legal obligation, to detect or report a crime, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our customers.
However, we will always take steps with the aim of ensuring that your privacy rights continue to be protected.
We may share aggregated non-personally identifiable information publicly, including with press and educational administrators in order to demonstrate how Night Zookeeper is used, or with users and potential users.
Night Zookeeper is based in the United Kingdom, which is in the European Economic Area (EEA). All information you provide to us may be transferred to countries outside the EEA. By way of example, this may happen where any of our servers or those of our third party service providers are from time to time located in a country outside of the EEA. These countries may not have similar data protection laws to the UK.
If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy. This steps include imposing contractual obligations on the recipient of your personal information or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection. Please contact us using the details at the end of this policy for more information about the protections that we put in place and to obtain a copy of the relevant documents.
If you use our services whilst you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.
If you register for and use our services from outside the EEA, your information will be transferred into the EEA in order to provide you with those services. If you are based in the United States, we will store your information in accordance with the regulations stated in COPPA.
The security of your personal information is important to us. To prevent unauthorised access, disclosure, or improper use of your information, and to maintain data accuracy, we’ve established physical, technical, and administrative safeguards to protect the personal information we collect. Although we make concerted good faith efforts, including third party PEN testing, to maintain the security of personal information, and we work hard internally to ensure the integrity and security of our systems, no practices are 100% immune, and we can’t guarantee the security of information. Outages, attacks, human error, system failure, unauthorised use or other factors may compromise the security of user information at any time.
If we learn of a security breach, we will attempt to notify adult users of the website electronically (subject to any applicable laws) so that they can take appropriate protective steps; for example, we may post a notice on your dashboard or our homepage (www.nightzookeeper.com) or elsewhere on the site, and may send email to you at the email address you have provided to us. Depending on where you live, you may have a legal right to receive notice of a security breach in writing. Depending on the nature of the breach, our privacy officer will review it and notify relevant local authorities.
If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws.
We do not retain personal information in an identifiable format for longer than is necessary.
We may need your personal information to establish, bring or defend legal claims. For this purpose, we will always retain your personal information for 7 years after the date it is no longer needed by us for any other purposes listed under How we use your personal information.
The only exceptions to this are where:
If you notify us that you wish to close your account, we will include anonymised information in our statistics and we will then delete your personal information.
You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within 30 days after we have received this information or, where no required, after we have received your request.
You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address at the end of this policy. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
The accuracy of your information is important to us and we are working on ways to make it easier for you to review and correct the information that we hold about you.
In the meantime, if you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us in any of the details described at the end of this policy.
Where we rely on your consent as the legal basis for processing your personal information, as set out under How we use your personal information, you may withdraw your consent at any time by writing to us at the address at the end of this policy. If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can do so using our Unsubscribe tool. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
Where we rely on your legitimate business interests as the legal basis for processing your personal information for any purpose(s), as out under How we use your personal information, you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.
You may object to us using your personal information for direct marketing purposes and we will automatically comply with your request. If you would like to do so, please use our Unsubscribe tool.
You may also contest a decision made about you based on automated processing by writing to us at the address at the end of this policy.
In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address at the end of this policy. Provided we do not have any continuing lawful reason to continue processing or holding your personal information, we will make reasonable efforts to comply with your request.
You may also ask us to restrict processing your personal information where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings. We may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with your contract, as set out under How we use your personal information, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file.
You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
You have the right to complain to the Information Commissioners Office (ICO) if you are concerned about the way we have processed your personal information. Please visit the ICO’s website for further details.
Security measures we put in place to protect your personal information
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our website and any transmission is at your own risk. Once we have received your personal information, we put in place reasonable and appropriate controls to ensure that it remains secure against accidental or unlawful destruction, loss, alteration, or unauthorised access.
Where we have given (or where you have chosen) a password which enables you to access an account, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Our website may contain links to other websites run by other organisations. This policy does not apply to those other websites and Apps‚ so we encourage you to read their privacy statements. We cannot be responsible for the privacy policies and practices of other websites and Apps even if you access them using links that we provide.
In addition, if you linked to our website from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.
We may collect your preferences to receive marketing information directly from us in the following ways:
We may contact you with marketing information by post or by telephone or with targeted advertising delivered online through social media and platforms operated by other companies, unless you object.
If you do not complete a purchase and have not indicated that you would prefer otherwise, we may send a reminder to you about your incomplete purchase.
From time to time, we may ask you to refresh your marketing preferences by asking you to confirm that you consent to continue receiving marketing information from us.
You have the right to opt-out of our use of your personal information to provide marketing to you in any of the ways mentioned above. Please see "Withdrawing your consent" and "Objecting to our use of your personal information and automated decisions made about you" above for further details on how you can do this.
Protecting the privacy of children is especially important to us and we recognise the need to take further measures with respect to personal data about children.
This section of the policy is aimed at teachers, parents and guardians and other adults holding parental responsibility over the child/children they permit to use the Night Zookeeper services ("you", “Responsible Adult”). We do not offer services direct to children, other than tools for which no registration is required, and our Terms do not allow children to register for the website.
You have complete control over the information we collect from your child/children and you are required to monitor any content produced by your child/children to ensure that it does not contain any personal information.
Where a child’s username is required, we will allocate to your child/children a name randomly generated by our system. This name may be changed by you, in which case you must ensure that the user-name does not identify the child. Where we collect information that might, when combined with other information, make it possible for your child/children to be identified, we will use security measures to keep this information secure.
Given that the child’s username should be random, we recognise that you will need to identify your child/children, and the system allows you to insert a name in addition to the username. In this case we suggest the use of nicknames to prevent the identification of your child/children. If a real name is used, this should be restricted to the first name. You can edit this information at any time and delete the child/children’s accounts via the online dashboard. During the use of the website, children can to draw pictures, write stories and answer learning questions. These materials will remain on our servers for your review. You will then have the choice to make these materials public, keep them within your account or delete them completely.
Please keep in mind that anything, once shared online, can be ‘screen grabbed’ by others.
Please note that Night Zookeeper shall not be responsible for any content the Responsible Adult chooses to make public.
We actively encourage children using our website not to:
Our principal point of contact for data protection matters is Philip Cole. Please direct any queries about this policy or about the way we process your personal information to our principal point of contact using our contact details below.
Postal address: Wonky Star Limited, Room 307, The Shepherd's Building, Charecroft Way, London, W14 0EE
Our email address for data protection queries is [email protected]