Contact me

Privacy policy

Updated 3 June 2020.

Welcome to NovaKid! We care a lot about your child’s online privacy and safety. NovaKid will handle children’s personal information as described in this Children’s Privacy Policy. We take children’s privacy seriously, and we encourage parents to take an active role in protecting their children’s privacy and online experience at all times. NovaKid can be contacted at:

  • NovaKid Inc.
  • US 548 Market St 8291
  • San Francisco, CA 94104-5401
  • support@novakidschool.com
I. Objectives and grounds for the processing of personal data

In order to provide services according to your business profile, Novakid processes your personal data — for various purposes but always in accordance with the law. Below you shall find detailed purposes for the processing of personal data along with the legal grounds

In order to be able to contact us through the contact form, we process personal data, such as:

  • full name (if given),
  • e-mail address,
  • telephone number.

The legal basis for such data processing shall be Article 6 section 1 (b) of the GDPR, which allows the processing of personal data if it is necessary for the performance of a contract or to take steps to conclude a contract; if you decide to provide your name as well, we consider that you have given your consent to the processing of your name as well — then the legal basis for such processing is Article 6 section 1 (a) of the GDPR, which allows the processing of personal data on the basis of voluntary consent;

In order to conclude a contract and perform a service (paid and free), we process personal data, such as:

  • full name (if given),
  • e-mail address,
  • telephone number,
  • name of the child,
  • age of the child.

The legal basis for such data processing shall be Article 6 section 1 (b) of the GDPR, which allows the processing of personal data if it is necessary for the performance of a contract or to take steps to conclude a contract; if you decide to provide your name as well, we consider that you have given your consent to the processing of your name as well — then the legal basis for such processing is Article 6 section 1 (a) of the GDPR, which allows the processing of personal data on the basis of voluntary consent; as well as:

  • image of a parent,
  • image of a child.

The legal basis for such data processing shall be Article 9 section 2 (a) of the GDPR, which allows the processing of personal data that could reveal racial or ethnic origin if you have expressed an explicit consent to the processing for a specific purpose. The aforementioned consent is given when setting up an account on the website: www.novakidschool.com.

In order to handle complaints, we process personal data, such as:

  • full name (if given),
  • e-mail address,
  • alternatively, an address of residence — if money is refunded,
  • alternatively, a bank account number — if money is refunded.

The legal basis for such data processing shall be Article 6 section 1 (b) of the GDPR, which allows the processing of personal data if it is necessary for the performance of a contract or to take steps to conclude a contract; if you decide to provide your name as well, we consider that you have given your consent to the processing of your name as well — then the legal basis for such processing is Article 6 section 1 (a) of the GDPR, which allows the processing of personal data on the basis of voluntary consent; as well as:

  • image of a parent,
  • image of a child.

The legal basis for such data processing shall be Article 9 section 2 (a) of the GDPR, which allows the processing of personal data that could reveal racial or ethnic origin if the data subject has expressed an explicit consent to the data processing.

In order to send e-mail and text message notifications about messages in the customer panel we process personal data, such as:

  • e-mail address,
  • telephone number.

The legal basis for such data processing shall be Article 6 section 1 (f) of the GDPR, which allows the processing of personal data, if that way the Personal Data Controller pursues its legitimate interest (in this case, the interest of Novakid is to inform the customer about activities related to the performance of the service in order to increase the user-friendliness of the website);

In order to contact us by phone in matters related to the performance of the service, we process personal data, such as:

  • telephone number,
  • name.

The legal basis for such data processing shall be Article 6 section 1 (f) of the GDPR, which allows the processing of personal data, if that way the Personal Data Controller pursues its legitimate interest (in this case, the interest of Novakid is to inform the customer about activities related to the performance of the service in order to increase the user-friendliness of the website);

In order to issue an invoice and to fulfill other obligations under tax law, such as keeping accounting records, we process personal data, such as:

  • full name,
  • name of the company,
  • address of residence or company's registered office,
  • TIN number.

The legal basis for such data processing shall be Article 6 section 1 (c) of the GDPR, which allows the processing of personal data, if such processing is necessary for the fulfillment of the obligations arising from the law by the Personal Data Controller;

In order to conduct a customer satisfaction survey related to the services offered, we process personal data, such as:

  • name,
  • e-mail address,
  • telephone number.

The legal basis for such data processing shall be Article 6 section 1 (f) of the GDPR, which allows the processing of personal data, if that way the Personal Data Controller pursues its legitimate interest (in this case, the interest of Novakid is to get to know the opinions of customers regarding the services provided, in order to adjust them to the needs and expectations of interested parties);

In order to create registers and records related to the GDPR, including for example the record of customers who have objected in accordance with the GDPR, we process personal data, such as:

  • name,
  • e-mail address.

As the GDPR regulations impose upon us certain obligations concerning documentation processing to demonstrate compliance and accountability,

The legal basis for such data processing shall be Article 6 section 1 (c) of the GDPR, which allows the processing of personal data, if such processing is necessary for the fulfillment of the obligations arising from the law by the Personal Data Controller;

In order to establish, pursue or defend against claims, we process personal data, such as:

  • full name (if the name was given) or alternatively the name of the company,
  • name of the child,
  • address of residence (if given),
  • PESEL number or TIN number (if given),
  • e-mail address,
  • alternatively, the address of residence — if money was refunded as part of handling of a complaint,
  • alternatively, bank account number — if money was refunded as part of handling of a complaint.

The legal basis for such data processing shall be Article 6 section 1 (f) of the GDPR, which allows the processing of personal data, if that way the Personal Data Controller pursues its legitimate interest (in this case, the interest of Novakid is to obtain personal data which allows to establish, pursue or defend against claims, including the personal data of clients and third parties); as well as:

  • image of a child,
  • image of a parent.

The legal basis for such data processing shall be Article 9 section 2 (f) of the GDPR, which allows the processing of personal data that could reveal racial or ethnic origin if it is necessary in order to establish, pursue or defend against claims or to exercise legal authority by courts of law.

For archiving and evidentiary purposes, we process personal data, such as:

  • full name (if given),
  • e-mail address,

— for the purposes of securing information which may serve to demonstrate facts of legal importance. The legal basis for such data processing shall be Article 6 section 1 (f) of the GDPR, which allows the processing of personal data, if that way the Personal Data Controller pursues its legitimate interest (in this case, the interest of Novakid is to obtain personal data which allows to prove the facts related to the performance of the services, for example, upon request of a state authority);

For analytical purposes, i.e. research and analysis of a website activity owned by Novakid, we process personal data, such as:

  • date and time of a visit on the website,
  • type of operating system,
  • approximate location,
  • type of web browser used for the website browsing,
  • gender,
  • age range,
  • time spent on the website,
  • subpages visited,
  • the subpage where the contact form was completed.

The legal basis for such data processing shall be Article 6 section 1 (f) of the GDPR, which allows the processing of personal data, if that way the Personal Data Controller pursues its legitimate interest (in this case, the interest of the Company is to get to know the scope of client activity on the website);

In order to use cookies on the website, we process such text information.

The legal basis for such data processing shall be Article 6 section 1 (a) of the GDPR, which allows the processing of personal data based on the voluntary consent (when you enter the website for the first time, you are asked for permission to use cookies);

In order to manage the website, we process personal data, such as:

  • IP address,
  • server date and time,
  • web browser information,
  • operating system information

— this data is stored automatically in the so-called server logs, every time you use a website that belongs to Novakid. Managing the website without the use of a server and without this sort of automatic storage would not be possible. The legal basis for such data processing shall be Article 6 section 1 (f) of the GDPR, which allows the processing of personal data, if that way the Personal Data Controller pursues its legitimate interest (in this case, the interest of the Company is to manage the website);

II. Cookies

1. On its website, Novakid, like many other entities, uses the so-called cookies, i.e. short text information, stored on your computer, phone, tablet or other device, which belongs to the user. They can be read by our system as well as by systems belonging to other entities whose services we use (e.g. Facebook, Google).

2. Cookies fulfill many functions on the website, most of them are useful, which we will try to describe below (if the information is insufficient, please contact us):

providing security — cookies are used to authenticate users and prevent an unauthorised use of the customer panel. Therefore, they serve to protect your personal data from unauthorised access;

having influence on the processes and efficiency of using the website — cookies are used to make the website work smoothly and to make use of the features available on the website, which is possible, among other things, by remembering the settings between successive visits on the website. It is therefore possible to navigate the website and individual subpages efficiently;

session status — cookies often store information about how visitors use the website, for example, which subpages are displayed most often. They also allow to identify errors displayed on certain subpages. Thus, cookies used for storing the so-called "session status" help to improve services and enhance website browsing experience;

maintenance of session status — if a client logs into his or her panel, cookies enable for a session to be maintained. This means that after switching to a different subpage you do not need to enter your login and password every time, which increases the user-friendliness of the website;

creating statistics — cookies are used to analyse how users use the website (how many of them open the website, how long they stay on it, which content is the most interesting for them, etc.). This allows you to constantly improve the website and adjust its operation to the preferences of the users. In order to track activity and create statistics, we use Google tools, such as Google Analytics; in addition to reporting website usage statistics, Google Analytics can also be used, together with some of the cookies described above, to help you display more relevant content on Google services (for example, in Google Search) and across the internet;

using social functions — on the website we have the so-called Facebook pixel, which allows you to like our fan page on this social network when you use the website. However, for this to be possible, we need to use cookies provided by Facebook.

3. Importantly, many cookies are anonymised for us — without additional information, we are not able to identify your identity based on them.

4. Your web browser allows the use of cookies on your device by default, therefore, please give your consent to the use of cookies on your first visit. However, if you do not wish to use cookies when browsing the website, you can always change the settings in the web browser — you can completely block the automatic operation of cookies or request notification of each time cookies are placed on your device. The settings can be changed at any time.

5. However, while respecting the autonomy of all users of the website, we feel obliged to warn you that disabling or restricting the use of cookies may cause quite serious difficulties in the use of the website, for example, by having to log in on every page, waiting for the website to load much longer, restricting the use of its functionality, limiting the number of liking the Facebook page, etc.

III. Right to withdraw consent

1. If the processing of personal data is conducted on the basis of consent, you can withdraw that consent at your discretion at any time.

2. If you would like to withdraw your consent for the processing of personal data, it is sufficient to send an e-mail directly to Novakid to: support@novakidschool.coml.

3. If the processing of your personal data took place on the basis of your consent, its withdrawal does not make the processing of your personal data Illegal up to that point. In other words, until your consent is withdrawn, we have the right to process your personal data and its cancellation does not affect the legality of your previous processing.

IV. The requirement to provide personal data

1. Providing any personal data is voluntary and depends on your decision. However, in some cases it is necessary to provide certain personal data in order to meet your expectations for the use of Novakid services.

2. To order the service at Novakid, it is necessary to provide the name, phone number, e-mail address, name of the child and age of the child and to give consent to the processing of the image of the child — without these things we are unable to conclude and execute a contract, in particular, without consent to the processing of the image our teachers would not be able to conduct lessons remotely, i.e. using means of distance communication that allow both image and sound to be transmitted simultaneously.

3. In order for you to receive an invoice for the services, it is necessary to provide all the data required by tax law, i.e. your full name or your company name, address of residence or your company's registered office, NIP number — without the aforementioned information we are unable to properly issue an invoice.

4. In order for us to be able to contact you by telephone on matters related to the execution of the service, it is necessary to provide a telephone number — without this we are unable to make a telephone contact.

5. In order for us to be able to contact you via e-mail in matters related to the handling of complaints, it is necessary to provide an e-mail address – without this we are unable to process the complaint.

6. If you wish to receive text message notifications about messages in the customer panel, it is necessary to provide a phone number — without this we are unable to send messages.

V. Automated decision making and profiling

We kindly inform you that we do not use automated decision making, including the one based on profiling.

VI. Recipients of personal data

1. Like most entrepreneurs, we use the help of other entities in our business, which often involves the need to transmit personal data. Therefore, we provide your personal data to our teachers, the lawyers who render the services, the accounting firm, the hosting company, the company responsible for sending text message notifications and providing VoIP phone services , as well as the company that operates our postal system.

2. In addition, it may happen that, for example, on the basis of an appropriate provision of law or a decision of the competent authority, we will also have to transmit your personal data to other entities, whether public or private. That is why it is extremely difficult for us to predict who may come forward with a request for the release of personal data. However, for our part, we ensure that every request for personal data is analysed very carefully and in great depth, so as not to transmit information to an unauthorised person inadvertently.

VII. Transmitting of personal data to third countries

1. Our company operates in the territory of the Republic of Poland but in addition to the organizational unit in the territory of the European Union, our technical and administrative services are also handled by our employees from organizational units in other countries outside of EU. Therefore, in the territory of this country, we also process the personal data entrusted to us. Under the GDPR, this country is treated as a third country.

2. Like most entrepreneurs, we also use a variety of popular services and technologies offered by companies, such as Facebook, Microsoft, Google, Intercom IO. We also work with teachers who reside outside the European Union. When these entities provide services to us, they process your personal data outside the European Union, so they are also treated as third countries under the GDPR.

3. The GDPR puts certain restrictions on the transmitting of personal data to third countries in place because since European regulations do not apply there in principle, the protection of the personal data of the European Union citizens, unfortunately, may be insufficient. Therefore, each Personal Data Controller is obliged to establish the legal basis for such transmission.

4. For our part, we ensure that the processing of your personal data by our employees outside of EU fully complies with the guarantees and requirements of the regulation (EU) 2016/679 of the European Parliament and of the Council of the European Union of 27 April 2016 on the protection of individuals with regard to the observance of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter GDPR). In addition, since the European Commission has not established an adequate level of protection of personal data in respect of this country, we will take measures to compensate for the lack of the data protection by safeguarding your personal data adequately through the standard data protection clauses adopted by the European Commission in its decision of 15 June 2001, no. 2001/497/EC on standard contractual clauses in respect of the transmitting of personal data to third countries pursuant to Directive 95/46/EC of the European Parliament and of the Council of the European Union of 24 October 1995 on the protection of individuals in terms of the processing of personal data and on the free movement of such data (Office Journal of the European Communities EC/L/181/19 of 4 July 2001). These clauses have been incorporated into our Terms and Conditions.

5. When using services and technology, we transmit personal data to entities in the United States, but only to those that have joined the Privacy Shield programme, on the basis of the executive decision of the European Commission of 12 July 2016 — for more information on the matter please refer to the European Commission website at: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_pl. Entities that have joined the Privacy Shield programme ensure that they will comply with the high standards for the protection of personal data, which are in force in the European Union, so the use of their services and technologies offered in the processing of personal data is lawful.

6. Since we cooperate with teachers who reside outside the European Union and the European Commission has not found an adequate level of protection of personal data in relation to these countries, we will take measures to compensate for the lack of protection of your personal data by safeguarding your personal data adequately through the standard data protection clauses adopted by the European Commission in its decision of 5 February 2010, no. 2010/87/EU on standard contractual clauses for the transmitting of personal data to data processors established in third countries pursuant to Directive 95/46/EC of the European Parliament and of the Council of the European Union of 24 October 1995 on the protection of individuals in terms of the processing of personal data and on the free movement of such data (Office Journal of the European Communities EC/L/181/19 of 4 July 2001). These clauses have been incorporated into contracts to entrust the processing of your personal data with the teachers. You may request the exercising of the powers from the controller that he has under the abovementioned agreements with a data processor such as a teacher, as a third party for whom a contract has been concluded. Upon your request, we will make available a copy of these clauses and a summary description of the security measures, as well as a copy of any contract to entrust data processing, which must be concluded in accordance with these clauses (except for the commercial information section). You are also entitled to receive compensation, both from us as a data controller and from the teachers who process your personal data on our behalf, when due to a breach of the obligations arising from the abovementioned agreement to entrust data processing damage has been done.

7. We will provide you with additional explanations regarding the transmitting of your personal data at any time, in particular, where this is of concern to you.

VIII. Period of the processing of personal data

1. In accordance with the applicable law, we do not process your personal data "indefinitely" but for the time that is needed to accomplish the specified purpose. After this period, your personal data will be irreparably deleted or destroyed.

2. If we do not need to perform any other operations on your personal data than to store it (for example, when we store a recording of a lesson or email correspondence for the purpose of defending against claims), we further secure it by pseudonymization, until it is permanently removed or destroyed. Pseudonymization involves such encryption of personal data, or a set of personal data, that it is impossible to read them without an additional key and therefore such information becomes completely useless to an unauthorized person.

3. Regarding respective periods of processing of personal data, we kindly inform you that we process personal data for a period of:

  • contract duration — in relation to personal data processed for the purpose of concluding and executing the contract;
  • 6 years + 1 year — in relation to personal data processed for the purpose of establishing, pursuing or defending against claims;
  • 6 months — in relation to personal data that was collected for the purpose of setting up an account and at the same time, no contract was immediately concluded;
  • until an effective objection is raised or the purpose of processing is accomplished, but not for more than 5 years — in relation to personal data processed on the basis of the legitimate interest of the Personal Data Controller;
  • until it becomes obsolete or no longer useful, but for no more than 3 years — in relation to personal data processed mainly for analytical purposes, the use of cookies and managing the website.

4. We count periods in years, from the end of the year in which we started processing personal data in order to improve the process of deleting or destroying the data. Counting each contract concluded separately would entail significant organisational and technical difficulties as well as significant financial costs, therefore, setting a single date for the deletion or destruction of personal data allows us to manage this process more efficiently. Naturally, in the event that you exercise your right to forget, such situations are considered on a case-by-case basis.

5. The additional year related to the processing of personal data collected for the execution of the contract results from the fact that, in theory, you may advance a claim just before the expiry of the limitation period, the request may be served with significant delay, or you may incorrectly specify the limitation period for your claim.

6. We count periods in years, from the end of the year in which we started processing personal data in order to improve the process of deleting or destroying the data. Counting each event limitation period separately would entail significant organisational and technical difficulties as well as significant financial costs, therefore, setting a single date for the deletion or destruction of personal data allows us to manage this process more efficiently. Naturally, in the event that you exercise your right to forget, such situations are considered on a case-by-case basis.

IX. The rights of data subjects

1. We kindly inform that you have the right to:

  • access your personal data;
  • correct your personal data;
  • delete your personal data;
  • restrict the processing of personal data;
  • object to the processing of personal data;
  • transfer your personal data.

2. We respect your rights under the data protection laws and we try to facilitate their implementation to the greatest extent possible.

3. We indicate that these rights are not absolute and therefore in certain situations we may lawfully refuse to comply with them. However, if we refuse to comply with the request, it is only after performing a careful analysis and only if it is necessary to refuse to comply with a request.

4. With regard to the right to object, we explain that you have the right to object to the processing of personal data at any time on the basis of the legitimate interest of the Personal Data Controller (these are listed in the point III) in connection with your particular situation. However, you must remember that under the rules, we may refuse to take the objection into account if we prove that: there are legitimate grounds for data processing, which are superior to your interests, rights and freedoms, or there are grounds to establish, pursue or defend claims.

5. You can exercise your rights by:

  • sending an email directly to Novakid at: support@novakidschool.com.
X. The right to bring a complaint

If you believe that your personal data is being processed against the applicable law, you may bring a complaint to the President of the Office for Personal Data Protection.

XI. Final provisions

1. To the extent that this Privacy Policy is not regulated, the provisions with regard to the protection of personal data apply.

2. You will be notified of any changes made to this Privacy Policy by electronic means to the email address that you provided.