Privacy Policy
This webpage contains two copies of our Privacy Policy – one for children, and one for grown-ups. So, keep reading for the kid-friendly version, or scroll on down for the grown-up version.
For Kids!
Who we are
Creature Media Ltd trading as Creature & Co is the publisher of National Geographic Kids magazine UK and Ireland and National Geographic Little Kids UK and Creature Media Australia Pty Limited trading as Creature & Co is the publisher of National Geographic Kids Australia and New Zealand. We also publish a digital edition of National Geographic Kids and National Geographic Little Kids via an IOS app and Google Play app. Digital issues can also be accessed on our website www.natgeokids.com. There are also downloadable teaching resources for schools that subscribe to National Geographic Kids and Little Kids in the UK, Ireland, Australia, and New Zealand.What is personal data?
Any information that we can use to identify you is personal data. This includes things such as your full name, your date of birth or your test answer sheets.How to Contact Us
We have someone here called our Data Protection Officer, and their job is to ensure we follow all the rules when using your personal data. This means they make sure we are following all the rules, and that your data is safe. If they see something wrong, they tell us how we can fix it. If you have any concerns you can contact our Data Protection Officer by post at our main business address: Creature Media Ltd c/o Creature & Co FAO: HEAD OF DATA PROTECTION Address: 76 Marylebone High Street, London, W1U 5JU. Creature Media Australia Pty Limited c/o Creature & Co FAO: HEAD OF DATA PROTECTION Address: Level 6, 77 Castlereagh Street, Sydney, NSW 2000 Australia Our Data Protection Officer can also be contacted by email at the following address privacy@ngkids.co.ukWhy do we need personal data?
The main reason we need personal data is to know who you are. If you are logged in to one of our apps or on the website, we use your personal data to make sure your account works and process any requests you might have. We also use your personal data to provide your parents with information about things we create, contacting your parents about the things they have bought and sending out information about products, services, activities, promotions, or anything else that we feel might be of interest or use to you. We sometimes also use your personal data because of an event you take part in, or a competition we organise, to make sure if you win that you get your prize. If you want to know more about why we need your personal data, you can ask an adult to read the full Privacy Policy with you to help you understand the details.How we obtain your data
Your personal data is provided to us by your parents or by yourself when you sign up on our websites or applications.Who can see my data?
Your personal data is seen by our staff. Sometimes we need to share your personal data with the staff of third parties that we work with to allow us to do our work. We are very careful about how we do this, which means there are even more rules and whatever they do, it will be done lawfully and safely. Some examples of people who might see this information include: our website operators and IT support providers
What do we do with your data?
We are only allowed to keep your personal data for as long as we need it. Depending on the circumstances, this period can vary.How do we look after your data?
We use security measures to protect your information against any unlawful use or unauthorised access.Do I have a say in what happens to my data?
Yes, you do. You have a range of rights when we use your data. These rights are:- A right to request a copy of your data that we have
- A right to request a correction of errors or inaccuracies in the data that we hold relating to you
- A right to object to processing and to “opt-out” of having your data processed by us on the basis of consent, our legitimate interests or a public interest basis unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
- A right to request us to delete your personal data in certain specified circumstances. This right does not apply where we are processing data for compliance with a legal obligation, for reasons of public interest in relation to public health, for archiving purposes for historical or scientific research, or where necessary to establish or defend legal claims (Article 17)
- A right to restrict processing in certain circumstances (Article 18)
Is there somewhere I can complain if I am worried about how we use your personal data?
Yes. There is also a government agency whose job it is to make sure companies like us follow the rules and correct us if we do things wrong. You can also email or write to them. Their contact information can be found online at the following links: Ireland: Data Protection Commission: https://dataprotection.ie/en/contact/how-contact-us United Kingdom: Information Commissioners Office: New Zealand: Australia:For Adults
Who we are
Creature Media Ltd trading as Creature & Co is the publisher of National Geographic Kids magazine UK and Ireland and National Geographic Little Kids UK and Creature Media Australia Pty Limited trading as Creature & Co is the publisher of National Geographic Kids Australia and New Zealand. We also publish a digital edition of National Geographic Kids and National Geographic Little Kids via an IOS app and Google Play app. Digital issues can also be accessed on our website www.natgeokids.com. There are also downloadable teaching resources for schools that subscribe to National Geographic Kids and Little Kids in the UK, Ireland, Australia, and New Zealand.How to Contact Us
You can contact us at our main business address: Creature Media Ltd c/o Creature & Co FAO: HEAD OF DATA PROTECTION Address: 76 Marylebone High Street, London, W1U 5JU. Creature Media Australia Pty Limited c/o Creature & Co FAO: HEAD OF DATA PROTECTION Address: Level 6, 77 Castlereagh Street, Sydney, NSW 2000 Australia Our Data Protection Officer can also be contacted by email at the following address privacy@ngkids.co.ukWhy do we need personal data?
The main reason we need personal data is to know who you are. If you are logged in to one of our apps or on the website, we use your personal data to make sure your account works and process any requests you might have. We also use your personal data to provide your parents with information about things we create, contacting your parents about the things they have bought and sending out information about products, services, activities, promotions, or anything else that we feel might be of interest or use to you. We sometimes also use your personal data because of an event you take part in, or a competition we organise, to make sure if you win that you get your prize. If you want to know more about why we need your personal data, you can ask an adult to read the full Privacy Policy with you to help you understand the details.How we obtain your data
Your personal data is provided to us by your parents or by yourself when you sign up on our websites or applications.Who can see my data?
Your personal data is seen by our staff. Sometimes we need to share your personal data with the staff of third parties that we work with to allow us to do our work. We are very careful about how we do this, which means there are even more rules and whatever they do, it will be done lawfully and safely. Some examples of people who might see this information include: our website operators and IT support providers
What do we do with your data?
We are only allowed to keep your personal data for as long as we need it. Depending on the circumstances, this period can vary.How do we look after your data?
We use security measures to protect your information against any unlawful use or unauthorised access.Do I have a say in what happens to my data?
Yes, you do. You have a range of rights when we use your data. These rights are:- A right to request a copy of your data that we have
- A right to request a correction of errors or inaccuracies in the data that we hold relating to you
- A right to object to processing and to “opt-out” of having your data processed by us on the basis of consent, our legitimate interests or a public interest basis unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
- A right to request us to delete your personal data in certain specified circumstances. This right does not apply where we are processing data for compliance with a legal obligation, for reasons of public interest in relation to public health, for archiving purposes for historical or scientific research, or where necessary to establish or defend legal claims (Article 17)
- A right to restrict processing in certain circumstances (Article 18)
Is there somewhere I can complain if I am worried about how we use your personal data?
Yes. There is also a government agency whose job it is to make sure companies like us follow the rules and correct us if we do things wrong. You can also email or write to them. Their contact information can be found online at the following links:Ireland: Data Protection Commission: https://dataprotection.ie/en/contact/how-contact-us United Kingdom: Information Commissioners Office: New Zealand: Australia:
Why we use personal data?
We process (use) personal data to help us run our business, deliver projects, and run events.We process data about people for the following purposes:
- Sales and Marketing
- Managing subscriptions
- Supporting teaching, (either directly or through partners)
- General office administration and accounting
- Organising and running events
- HR administration, including payroll and recruitment
- Management of sub-contractors
What data do we use?
We use a variety of categories of personal data depending on our purposes. In all cases, we aim to capture and process the minimum necessary to deliver our services and meet our obligations.We process the following categories of personal data for the purposes set out. We provide general information on the lawful grounds we rely on for processing in each context. The specific basis relied on will depend on the context of processing.
Processing Purpose | Category of Information Processed | Lawful Basis for Processing |
---|---|---|
Sales and Marketing |
|
Legitimate Interest Consent As we operate B2B, Regulation 13(2) of SI336/2011 will apply to some of our marketing activities. |
Managing Subscriptions |
|
Legitimate Interests Contractual Necessity |
Supporting Teaching |
|
Legitimate Interests Contractual Necessity |
Organising and running events |
|
Legitimate Interests |
General Office Administration and Accounting |
|
Legitimate Interests, Contractual Necessity, Statutory Obligations |
HR Administration and Management of Sub Contractors |
|
Legitimate Interests, Contractual Necessity |
Health and Safety |
|
Statutory Obligation |
Website Performance Management and Security |
|
Legitimate Interests |
Data Processors
We use several different categories of data processors to help us deliver our services.The categories of suppliers used include:
- Telephones & Comms
- Office productivity
- HR Management
- Accounting
- Payment Processing
Data Processor | Purpose for Processing | Cross Border Transfer? |
---|---|---|
Microsoft – Office | Office administration, email, video conferencing, document storage (Sharepoint) | EU Data Centres selected |
Abacus Media | Customer Relationship Management Software | |
Dot Digital | Email Marketing | |
PFMS | Magazine sorting and distribution | |
Royal Mail | Magazine distribution | |
Are Media | Magazine distribution in Australia and New Zealand | |
National Geographic |
Third-Party Recipients
In the course of our business, we are required to disclose data to third parties who are not data processors on our behalf. For many of our processing activities, we are required to disclose data to third parties who are not data processors acting on our behalf or data controllers on whose behalf we are working. Categories of recipients include:- Tax authorities
- Law enforcement (where required for the investigation, detection, or prosecution of criminal offences)
- Collections agencies in respect of outstanding or delinquent invoices
How Long Do We Keep Your Data?
We retain data for as little time as possible. Our retention periods are based on:- Statutory Obligations
- Contractual Requirements
- Quality Assurance
- Prudent risk management
- Statutory Obligations
- Contractual obligations
- Quality assurance standard obligations provided by our training partners or accrediting bodies.
- For reasonable periods after the conclusion of engagements for QA and risk management purposes.
Cross-border Data Transfers
Some of our service providers or partners are based outside the UK/EU/EEA. We make sure to only use providers who are processing data outside the EU on a valid basis. Creature and Co will, from time to time, make use of services provided by 3rd parties for the delivery of our services which may necessitate the transfer of personal data outside the UK/EU/EEA. For example, we use a variety of cloud-based tools such as Office365, and similar tools. Where data needs to be transferred or processed outside the UK/ EU/EEA, we chose providers who process data on the basis of- Model Contract Clauses/ UK IDTA
- An Adequacy Decision from the European Commission or the UK.
- Appropriate additional technical safeguards, including but not limited to the use of encryption, including own-key encryption.
Keeping your data safe and secure
We place great importance on the security of all personal data associated with our clients. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal information under our control. Periodic reviews of our security standards are carried out to identify any new risks. However, with any electronic transmission and storage of data comes risks and we cannot guarantee that our databases, or those of our third-party affiliates, will be 100% secure. There is also a risk of data being intercepted while being transferred over the internet. In the event of a breach of data security, Pieta will:- Where we are acting as a Data Controller, notify without undue delay the relevant Supervisory Authority where we identify that there is a risk to the fundamental rights and freedoms of people using our services.
- Where we are acting as a Data Controller, and we identify a high risk to your rights and freedoms, notify you of the incident without undue delay.
Automated decision making and profiling
Your Rights under GDPR
You have a range of rights under EU Data Protection law. These rights are:- For processing activities for which we rely on consent as a basis for processing your data, you have the right to withdraw your consent at any time.
- For processing activities which are based on a statutory or contractual requirement, you may request your data not be processed for that purpose. However, this is not an absolute right and may be overridden by our statutory obligations. In other cases, requesting that data should not be processed for a particular reason may prevent us from executing a contract or delivering a service to you.
- You have the right to request: ◦A copy of data we hold about you. (Right of Access) ◦ That any error in data we hold about you is corrected. (Right of Rectification) ◦ That data we hold about you be erased, unless we have a countervailing interest or legal obligation to retain it. (Right of Erasure) ◦ That we refrain from processing data for a specific purpose. (Right to Restrict processing)
Right to Complain to the Data Protection Commission
You have the right to file a complaint United Kingdom: Information Commissioner’s Office https://ico.org.uk/ Ireland: The Data Protection Commission. https://dataprotection.ie/en/contact/how-contact-usThis Privacy Notice was updated: July 2024