Privacy Policy

Privacy Policy Notice


Squishysaurus takes your privacy very seriously. This privacy policy is designed to assist you in understanding how we collect and use the personal information you provide to us and to assist you in making informed decisions when using our site and our products and services. The content of Squishysaurus.co.uk are the service offerings of Havivah Limited, a limited liability company registered in England and Wales as with company number 06895543. The registered address of the company is 7 St John's Rd, Harrow HA1 2EY. Squishysaurus and associated companies, and references in this document to “us,” “our,” and “we” refer to Squishysaurus, Havivah Limited and Squishysaurus.com. All references to Havivah Limited also refer to Squishysaurus and vice versa.
This Privacy Policy addresses all the requirements set out in the GDPR. The General Data Protection Regulation (EU) 2016/679 (“GDPR”) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. Please review this Privacy Policy before you use the Website or any of the services or features offered on or through the Site or any Squishysaurus App. By using the Website and its services and features, you agree to be bound by this Privacy Policy. If you do not agree to this Privacy Policy, please do not use the Site or its services and features.

1. Information Collected

Squishysaurus may collect certain personal information from you when you register to use the Website or its services and features. We may also collect additional personal information, including your physical address, in order to deliver products. We may also collect certain non-personally identifiable information from users of our site, such as their Internet protocol address, the type of browser and operating system they use, the domain name of your Internet service provider, and the web pages, content and advertisements you may have visited, viewed or clicked on. We collect this information in several ways, including the following:
• Cookies: Cookies are text files placed in your computer’s browser to store your preferences. Cookies do not contain personal information, but if you choose to furnish us with personal information, this information may be linked to the data stored in the cookie. We may use “cookies” to maintain a record of your visits and to improve the content and services on our site.
• Web Server Logs: Information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent at this site, and the websites visited just before and just after our site.
• IP Addresses: Our system may also collect your IP address, which is a numerical address that is used to identify a computer connected to the Internet. We may use your IP address to help diagnose problems with our server, to administer our site, to deliver web pages to you upon request, to tailor our site to the interests of our users, and to measure traffic within our site.
• Public Posting: If you post in the comments of a blog post on the Website (or anywhere on social media), you should be aware that any information you share is visible to other users. Personally identifiable information you submit to one of these forums can be read, collected, or used by other individuals to send you unsolicited messages. Squishysaurus is not responsible for the personally identifiable information you choose to submit in these forums. For example, if you choose to make information, which was previously non-public, available by enabling certain user features, (such as blog comments) Squishysaurus will collect that information from your interaction and the information will become publicly available.

2. Information from Minors

Squishysaurus does not knowingly collect information from children under the age of 13. Nor do we collect information from any individual under the age of 13 without the consent of a parent or guardian. If you believe that your child has registered on our site or that we have collected information from your child, please contact us immediately so that we can remove that information from our database.
We take many special precautions to protect the privacy of children at Squishysaurus Services directed to children. Some Sister Sites or areas of Squishysaurus Sites with content for children can be identified by “kids” or “play” in the domain or subdomain. Content intended for adults may be available at such Squishysaurus Sites, accessible through a “parents” link. If you have a question about whether a particular Squishysaurus Service is directed to children, please contact us at info@squishysaurus.com.
We may sometimes need a child’s email address, your email address, or both. We may ask a child for your email address, so we can notify you of your child’s interest in Squishysaurus Services. In the limited circumstances where we might collect your child’s email address without getting your consent first (see more below), if we need more than just your child’s first name (or screen name) and email address for your child to participate in a particular Squishysaurus Services, we will ask your child for your email or mailing address so that we can notify you of your child’s request and get your permission. When we ask for your permission, we will tell you what we will do with the information you or your child provides us, and how you can review your child’s information and ask us to delete the information. With your consent, we may collect other personal information from your child such as a last name or home address when the information is necessary for a particular activity.
We don’t keep your (or your child’s) email address unless you tell us it is okay. If social networking opportunities are available through Squishysaurus Services, they are structured so that no personal information is shared between visitors unless parental consent is obtained.
Squishysaurus might collect an email address and first name (or screen name) from your child without your consent, but only in the following special cases: If a child sends a request to us, we keep their email address for long enough to respond to them. In the case of “send a friend” emails, we do not ask for your child’s email address and only use the friends’ email address to send the message, after which the friends’ email addresses are deleted.
We may offer enhanced Squishysaurus Services, including subscription-based Squishysaurus Services, which require a parent to register and establish the appropriate permission level for the child. Content and activities available may vary depending on the Service. Parents will be provided with information on the type of content and activities their child may access at the time they register and are always in charge of their child’s account. Subscription fees may apply for some Services.
We may ask for certain information that is not personally identifiable, like city and state, birth month and day, gender, hobbies, etc., to help us understand our visitors and improve our products. We also use technology and work with third-party technology partners to facilitate the ability to play games, to recognize returning visitors, for research, and for other purposes, including to screen under-age visitors from certain features or areas intended for older visitors, and to get certain automatically collected information automatically. We ask our advertising agency service partners under contract with us to comply with self-regulatory guidelines on targeted advertising.
Squishysaurus does recognize that parents, guardians, or other adults may purchase our products for family use, including use by minors. We do not knowingly collect personal information from children under 13 for marketing purposes, but because some information is collected electronically, it can appear to be the personal information of the purchaser of the product, and will be treated as such by this privacy policy.

3. Access to the App

 
Apps must typically be downloaded from an app store. Your computer or mobile device may enable you to restrict your child’s ability to visit other areas on the internet and to make purchases online or through apps. We provide information on features available through our child-directed connected products to inform parents about how the product connects to the internet.
App stores generally require an adult mobile device owner to register to download or make purchases. Some apps may offer options to visit an online store to make a product purchase. We encourage you to spend time with your children when they are online or using any mobile device or connected product so you understand the features of the Service and the activities they allow, and to adopt available device and browser controls that reflect your preferences about your children’s ability to access the internet or make purchases online.

Types of Data collected

Among the types of Personal Data that this Application collects, by itself or through third parties, there are: Contacts permission; Camera permission; Microphone permission; Social media accounts permission; Approximate location permission (continuous); Cookies; Usage Data; email address; password; unique device identifiers for advertising (Google Advertiser ID or IDFA, for example).

Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Data collection.

Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Application.

Unless specified otherwise, all Data requested by this Application is mandatory and failure to provide this Data may make it impossible for this Application to provide its services. In cases where this Application specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service.

Users who are uncertain about which Personal Data is mandatory are welcome to contact the Owner.

Any use of Cookies – or of other tracking tools – by this Application or by the owners of third-party services used by this Application serves the purpose of providing the Service required by the User, in addition to any other purposes described in the present document and in the Cookie Policy, if available.

Users are responsible for any third-party Personal Data obtained, published or shared through this Application and confirm that they have the third party's consent to provide the Data to the Owner.

Mode and place of processing the Data

Methods of processing

The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.

The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this Application (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Owner at any time.

Legal basis of processing

The Owner may process Personal Data relating to Users if one of the following applies:

  • Users have given their consent for one or more specific purposes. Note: Under some legislations the Owner may be allowed to process Personal Data until the User objects to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases. This, however, does not apply, whenever the processing of Personal Data is subject to European data protection law;
  • provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
  • processing is necessary for compliance with a legal obligation to which the Owner is subject;
  • processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Owner;
  • processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party.

In any case, the Owner will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Place

The Data is processed at the Owner's operating offices and in any other places where the parties involved in the processing are located.

 

Depending on the User's location, data transfers may involve transferring the User's Data to a country other than their own. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.

Users are also entitled to learn about the legal basis of Data transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Owner to safeguard their Data.

 

If any such transfer takes place, Users can find out more by checking the relevant sections of this document or inquire with the Owner using the information provided in the contact section.

Retention time

 

Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.

Therefore:

  • Personal Data collected for purposes related to the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed.
  • Personal Data collected for the purposes of the Owner’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by the Owner within the relevant sections of this document or by contacting the Owner.

The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.

 

Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

The purposes of processing

The Data concerning the User is collected to allow the Owner to provide its Service, comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its Users or third parties), detect any malicious or fraudulent activity, as well as the following: Device permissions for Personal Data access, Analytics, Registration and authentication, Access to third-party accounts, Registration and authentication provided directly by this Application and Advertising.

For specific information about the Personal Data used for each purpose, the User may refer to the section “Detailed information on the processing of Personal Data”.

Facebook permissions asked by this Application

This Application may ask for some Facebook permissions allowing it to perform actions with the User's Facebook account and to retrieve information, including Personal Data, from it. This service allows this Application to connect with the User's account on the Facebook social network, provided by Facebook Inc.

For more information about the following permissions, refer to the Facebook permissions documentation and to the Facebook privacy policy.

The permissions asked are the following:

Basic information

By default, this includes certain User’s Data such as id, name, picture, gender, and their locale. Certain connections of the User, such as the Friends, are also available. If the User has made more of their Data public, more information will be available.

Email

Provides access to the User's primary email address.

Device permissions for Personal Data access

Depending on the User's specific device, this Application may request certain permissions that allow it to access the User's device Data as described below.

By default, these permissions must be granted by the User before the respective information can be accessed. Once the permission has been given, it can be revoked by the User at any time. In order to revoke these permissions, Users may refer to the device settings or contact the Owner for support at the contact details provided in the present document.

The exact procedure for controlling app permissions may be dependent on the User's device and software.

Please note that the revoking of such permissions might impact the proper functioning of this Application.

If User grants any of the permissions listed below, the respective Personal Data may be processed (i.e accessed to, modified or removed) by this Application.

Approximate location permission (continuous)

Used for accessing the User's approximate device location. This Application may collect, use, and share User location Data in order to provide location-based services.

Camera permission

Used for accessing the camera or capturing images and video from the device.

Contacts permission

Used for accessing contacts and profiles on the User's device, including the changing of entries.

Microphone permission

Allows accessing and recording microphone audio from the User's device.

Social media accounts permission

Used for accessing the User's social media account profiles, such as Facebook and Twitter.

 

The rights of Users

 

Users may exercise certain rights regarding their Data processed by the Owner.

In particular, Users have the right to do the following:

  • Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
  • Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
  • Access their Data. Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
  • Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
  • Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.
  • Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Owner.
  • Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User's consent, on a contract which the User is part of or on pre-contractual obligations thereof.
  • Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

 

 

Details about the right to object to processing

 

Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.

Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn, whether the Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.

How to exercise these rights

 

Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Owner as early as possible and always within one month.

Additional information about Data collection and processing

Legal action

The User's Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from improper use of this Application or the related Services.

The User declares to be aware that the Owner may be required to reveal personal data upon request of public authorities.

Additional information about User's Personal Data

In addition to the information contained in this privacy policy, this Application may provide the User with additional and contextual information concerning particular Services or the collection and processing of Personal Data upon request.

System logs and maintenance

For operation and maintenance purposes, this Application and any third-party services may collect files that record interaction with this Application (System logs) use other Personal Data (such as the IP Address) for this purpose.

Information not contained in this policy

More details concerning the collection or processing of Personal Data may be requested from the Owner at any time. Please see the contact information at the beginning of this document.

How “Do Not Track” requests are handled

This Application does not support “Do Not Track” requests.

To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.

4. Information You Share

 
When you communicate with us
When you consult with our customer service team, send us an email, post on our blog, or communicate with us in any way, you are choosing to share information with us. That information may include your name, physical address, email address, IP address, phone number, gender, location, purchase history, or other demographic information. By giving us this information, you consent to this information being collected, used, disclosed, transferred to the United Kingdom and stored by us as described in this Privacy Policy.
When you join our mailing lists
If you join one of our mailing lists, you choose to provide us with personal data such as your name and email address. We will always link to this Privacy Policy and explain how we would like to communicate with you. We only ever use your data to communicate with you in this way.
You can manage your preferences or unsubscribe at any time by following the links in emails we send you.
5. Information We Collect
 
Emails
If you join one of our mailing lists, we track how you interact with emails we send you. This helps us to understand what is important to you and improve the content we provide. We track whether you open our emails, which links you follow, and when you do so. You can manage your preferences or unsubscribe at any time by following the links in emails we send you.
Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users. Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.
Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences, you can also unsubscribe from all MailChimp lists, by following this link, otherwise contact the EMS provider.
Our EMS provider is; Actionetics. We hold the following information about you within our EMS system;
Email address
I.P address
Subscription time & date
6. Information We Share
 
External Processing
We use third parties to provide services to us, such as: 
o Managing mailing lists and delivering email
o Hosting our websites
o Helping us analyze the use of these services
These companies process personal data on our behalf. We only provide these companies with the information needed to deliver the service. We enter into written contracts to ensure that use of this data is consistent with this Privacy Policy.
Legal Disclosure, Safety and Security
We may preserve, use, or disclose your personal data if we believe it is reasonably necessary to:
o Comply with a law, regulation, legal process, or governmental request
o Protect the safety of any person
o Protect the integrity of our platform, including to help prevent spam or abuse
o Address fraud, security, or technical issues
o Protect our rights or property or the rights or property of those who use our services

7. Managing Your Data

 
Understanding your rights
It is important that you understand your legal rights around your personal data and how we may use it. If you would like to discuss or exercise any of these rights, please contact our Data Controller at info@squishysaurus.co.uk
Right to be informed
This Privacy Policy aims to inform you about how we process your personal data. You might also see specific messages when we collect personal data from you that explain why we ask for it.
Right of access
You have the right to access a copy of your personal data and receive certain information about what the data is and how and why we are processing it. We will ask you to prove your identity before we can disclose any information.
Right to rectification
You have the right to request a correction to your data if you believe that any information we hold is incorrect.
Right to erasure
You have the right to request that we delete your data.
There are some circumstances where we may need to keep your details, for example, if we are legally obliged to do so. If this is the case, we will explain and discuss these circumstances with you.
Right to restrict processing
You can request that we restrict processing of your data, as an alternative to deleting it – this means that we will keep the data but stop processing for most purposes. You may want to exercise this right if you feel that the data is inaccurate, that our processing of it is unlawful, whilst we progress a request from you to object to processing, or if we have no further need of the data, but you require us to keep it in relation to the establishment, exercise or defence of a legal claim.
Right to data portability
You have the right to request a copy of your data, in readable form, and have us transfer it to another organization. There are some circumstances where these rights may not apply, but where this is the case we will always explain this to you.
Right to object
You have the right to object to the processing of your data.
Rights related to automated decision making
You have the right to avoid being subject to decisions based solely on automated processing (including profiling) which has a significant effect on you. We do not carry out any such processing.

8. Data Retention

We keep records of your communications with us for six years in case we have to refer to a conversation or enquiry. This could be because it relates to our legitimate business interests, you are still in communication with us, or for legal reasons.
We keep your contact information on any mailing lists you chose to join unless you tell us otherwise. If you haven’t opened one of our emails for some time, we may contact you to ask if you still want to hear from us. If you unsubscribe from a mailing list, we retain some basic information to ensure we don’t contact you again in the future.

9. Third-Party Websites and Links

 
Squishysaurus may link to websites, products and services operated by third parties. Squishysaurus is not responsible for and does not endorse or accept any responsibility for the availability, contents, products, services or use of any Third Party Website, any website accessed from a Third Party Site, or any changes or updates to such sites.
These linked websites are only for your convenience and therefore you access them at your own risk. You acknowledge that you bear all risks associated with access to and use of content provided on a Third Party Site and agree that Squishysaurus and associated companies are not responsible for any loss or damage of any sort you may incur from dealing with a third party. You should contact the website administrator for the applicable Third Party Site if you have any concerns regarding such links or the content located on any such Third Party Site.

10. Changes To This Privacy Policy

We may change this Privacy Policy from time to time. If we make a material change to this policy, we will publicize these changes on our website.

11. Contacting Us

If you have any questions about this Privacy Policy, please contact us by sending e-mail to info@squishysaurus.com. Please note that information you submit through e-mail may not be secure; so please do not include credit card information or other sensitive information in your messages to us.

12. Klarna

In order to be able to offer you Klarna’s payment options, we will pass to Klarna certain aspects of your personal information, such as contact and order details, in order for Klarna to assess whether you qualify for their payment options and to tailor the payment options for you. General information on Klarna you can find here. Your personal data is handled in accordance with applicable data protection law and in accordance with the information in Klarnas privacy statement.

Billpay’s/Klarna’s payment options In order to be able to offer you Klarna’s payment options and to assess whether you qualify for their payment options and to tailor the payment options for you, we will pass to Klarna certain aspects of your personal information. General information on Klarna you can find here and on BillPay here. Your personal data is handled in accordance with applicable data protection law and in accordance with the information in Klarna’s and BillPay’s privacy notices.

For Direct bank transfer, your personal data such as contact and order details, will be processed by Klarna.

For Pay Now (SOFORT Direct Banking) Your personal data such as contact and order details, will be processed by Klarna.