Last Updated: October 16, 2020
Information We Collect from Children and Why
Prior to obtaining Consent (which is further described below), we only collect from Children a first name, last initial, username, password, date of birth and parent’s email address. The Website tells Children not to include their real name in their username. We only collect this information in order to establish whether we are required to obtain Consent, to obtain such consent, and, only after obtaining such Consent, to create an account on the Website.
After we obtain Consent (which is further described below), we collect certain PII from and about Children. Specifically, we collect their name, email address, birthdate, what reading subjects the Child enjoys, what books the Child has read and how much they like them, and a list of books the Child wants to read. We also use a persistent identifier to track Children’s book preferences and make recommendations of books they may like. This identifier and tracking is only done internally, and, as further described below, we do not disclose this information to third parties for purposes of behavioral advertising or retargeting. Except for the Child’s username and parent’s email address, parents provide us with all other Child PII through their Parent Account, or School Personnel (as defined in our Term of Use) do so through their School Account.
The Website currently does not have any features that allow Children to make their PII publicly available (e.g., blog comments or public forums). If we ever decide to include features that will allow this type of disclosure, we will update this Children’s Policy, notify parents, and obtain Consent before allowing a Child to access such features.
We only collect and use information from Children (PII and non-PII) that is reasonably necessary for us to make the Website’s services available to our users, for the internal operations of the Website, and to evaluate and improve our services. For example, we will use Children’s information to enable our Child users to access and utilize the features of the Website (including providing book recommendations and making book wish lists) and to send newsletters with fun information about books and learning.
To Whom We Disclose Children’s Information
We only provide Children’s PII to our trusted service providers who have agreed to maintain the confidentiality of that information, and who assist us with the internal operations of the Website. We currently share Children’s PII with Active Campaign, LLC, which provides email services, Ingram Book Company, which provides book order fulfillment, and OneTouchPoint, our fulfillment center for other goods we offer through the Website. We never sell any Child’s PII to any third party, and we do not use it for behavioral advertising purposes. However, we may offer contextual advertising on our Website.
How We Obtain Consent
We will obtain Consent prior to colleting any PII from a Child (except in certain limited circumstances, as allowed by COPPA). There are two ways in which we may obtain Consent.
We may obtain verifiable parental consent. We currently do this using the “email plus” method, as follows: first, we will collect a username, password, date of birth and parent email address from a Child that wishes to register for an account on the Website. Second, we will send an email to the parent’s email address provided by the Child containing a notice of the information we wish to collect and how we would like to use it, along with a link to provide consent. If the parent affirmatively declines to consent or fails to respond within seven (7) days of when we send the email, we will automatically delete all of the information provided by the Child. Third, if the parent does consent to the creation of the Child’s account and our collection and use of the Child’s PII, we will send the parent to a website where s/he must create a parent account. Through the parent account, the parent can provide as much or as little of the remainder of the information we ask for relating to the Child. The parent account also allows parents to (i) monitor their Child’s activity on the Website; (ii) access, review, change and delete their Child’s PII or even delete the entire account; and (iii) restrict certain of our uses for their Child’s PII. Within a reasonable time after the parent provides this consent, we will send a second confirmatory email from which the parent must indicate consent again. If we do not receive this second consent within seven (7) days of when we send the email, we will delete the Child’s account and all information provided by the Child.
We may also obtain school consent. When we work with schools and classrooms, we permit authorized school personnel to create Bookelicious accounts for the students in the applicable class. We may collect Children’s PII in this way without first obtaining verifiable parental consent. However, we do ask that schools seek parental permission, and we require schools to comply with all applicable laws, including the Family Educational Rights and Privacy Act, which gives parents certain rights with respect to their children’s education records. In order to create Child accounts, authorized school personnel will have to create a School Account, which will have access to all information on a Child account created by the school. When a Child account is created through a School Account, parents will be notified, and have an opportunity to create a parent account linked to the Child account or to link an existing parent account to the new Child account. Through this School Account, School Personnel will have the ability to (i) monitor their Child’s activity on the Website, (ii) access, review, change and delete their Child’s PII or the entire Child account, and (iii) restrict certain of our uses for that information.
Bookelicious takes a range of security measures designed to protect Children’s information and keep it confidential and secure (unless it is non-confidential by nature, for example, publicly-available information) and free from any unauthorized alteration. Children’s PII is contained behind secured networks and is only accessible by a limited number of persons who are required to keep the information confidential. In addition, all Children’s PII is encrypted via Secure Socket Layer (SSL) technology. In addition, we take reasonable step to ensure that our service providers are capable of maintaining the confidentiality, security and integrity of Children’s PII.
However, the internet by its nature is not a secure environment and the nature of security risks is constantly evolving, as are the technical and organizational industry standards relating to management of those risks. While we strive to keep current our security technology and will review, refine and upgrade our security technology as we deem appropriate based on new tools that may become available in the future, the complete security of any information collected, stored or used by us cannot therefore be guaranteed. In the unlikely event that an unauthorized third party compromises Bookelicious’ security measures, Bookelicious will not be responsible for any damages directly or indirectly caused by an unauthorized third party’s ability to view, use or disseminate such information. If you ever discover inaccuracies in our data or your Child’s PII, we urge you to notify us immediately.
Bookelicious is listed as COPPA-compliant by KidSafe. We are therefore entitled to the protections of the safe harbor program established by the Federal Trade Commission.
How to Contact Us
You may contact us using the contact information below any time regarding our collection and use of Children’s PII.
555 Bryant Street, No. 353
Palo Alto, CA 94301
If you have questions about the privacy practices of our trusted vendors, please contact us, and we will provide you with that information or direct you to someone you can.