Last update: November 2021
The App processes data for the purpose of:
We do not sell or otherwise distribute your personal data to third parties and will not send you any commercial proposals unless expressly authorized to do so. Even when you authorize us to send you our proposals, you are free to opt out at any time. To evaluate the use of our service as well as for statistical purposes, only anonymised data shall be used.
- When processing data for the purpose of operating the service, we rely on Art. 6(1)(b) GDPR – this means that we need to process your personal data in order to perform a service you have requested from us.
- When processing data to send you e-mail with information about game progresses, we also rely on Art. 6(1)(b) GDPR – as above, where you ask us to send you these e-mails within the App, we need to process your personal data to provide you with this service. Please note that you can ask us to send you these e-mails through the preferences you set on the App, and that these services are turned off by default.
- When processing data to send you e-mail newsletters, we rely on your consent, under Art. 6(1)(a) GDPR. This is expressed by the preferences you set on the App, and for marketing promotions it is turned off by default.
- When processing data for the purpose of carrying out research activities, Ferrero typically relies on Art. 6(1)(f) GDPR – in other words, our legitimate interests in carrying out research activities;
- When processing data for the purpose of improving the service, we rely on your consent, under Art. 6(1)(a) GDPR. This is expressed by the preferences you set and those can be toggled on or off at any time in your device’s settings;
- When processing data for the purpose of following up on abuse reports, we will rely on Art. 6(1)(f) GDPR – to meet our legitimate interests in ensuring that abuse reports are correctly addressed;
- When processing data for the purpose of cooperating with law enforcement, we will rely on Art. 6(1)(c) GDPR, as such activities will only be carried out to the extent that we are legally obliged to provide this cooperation.
You can ask us for more information on our assessments concerning our legitimate interests by reaching out to us at email@example.com.
What information does the App obtain and how is it used?
User Provided Information
The App obtains the information you provide when you download and register within the App. No personal information is requested through the registration process as mandatory in order to be able to use the basic features of the App. Further information shall be requested as optional upon registration or after parent verification, in order to allow you to use some of the features offered by the App (such as resuming or saving your game progress and activity). The registration process is currently intended for and directed to parents/grown-ups within the parent section of the App and utilizes Children's Online Privacy Protection Act (COPPA)-compliant procedures to allow for the collection of certain account information from parents with verification of a parent’s year of birth. When you register with us and use the App, you generally provide (a) your year of birth and email address; (b) information you provide us when you contact us for help. We may also use the information you provided us to contact you from time to time to provide you with important information, required notices and, with your prior consent expressed during registration, marketing promotions.
Please note that certain sections of the App will ask for access to parts of your device – namely, the camera, the microphone and the storage. When you access these sections, a pop-up will ask you to allow the App permission to access the relevant parts of your device. You can adjust permissions given within the settings of your device itself. If you deny or remove this access, those sections of the App may not work fully as intended.
Certain sections of the App also allow photographs and videos to be taken, which may capture personal data related to the user of the device, or to third parties. This information is in anyway not disclosed to any third parties.
Automatically Collected Information
In addition, the App may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile unique device ID, the IP address of your mobile device, your mobile operating system and language, the type of mobile Internet browsers you use, and information about the way you use the App (such as information about your game progresses and activity). The App may access certain device information and/or components automatically. This collection is only for the purpose of providing the services within the App you choose to use. This information is not linked to personal information about the user. A push notification token will be used to send push notifications to your mobile device with updates and suggestions upon request (e.g., through scanning QR codes) or automatically (e.g., by means of audio watermarks). These notifications would only be activated from the parent section of the App and directed to parents.
Research Activities – Learning for Families Through Technology
During your use of the App, you may be asked to participate in a research project entitled “Learning for Families through Technology” (“Project”), which is led by The Chancellor Masters and Scholars of the University of Oxford (“University of Oxford”). The Project aims to investigate the use of technology to support children’s learning by using the App as a research tool.
In the context of the Project, Ferrero will share some limited details related to how you/your children use the App (for example, the average time spent on the App, progress made on the App, levels achieved, features used, and so on) with the University of Oxford. Only these details will be associated with a pseudonymized ID number assigned to you as a user, which will not allow the University of Oxford to specifically identify you or your children – this will only allow the University of Oxford to distinguish the details related to you from those related to other App users.
Furthermore, when using the App, you may be asked to carry out specific surveys related to the Project. Taking part in any of these surveys is totally optional – you can also simply ignore these surveys and continue to use the App as normal. However, if you decide to take part, you have to provide an email address where you will receive a link that once clicked will redirect you to a specific website where the surveys -created by the University of Oxford- can be filled. The email address you provided will be deleted once you completed the survey or, in case you will not fill out the survey, after 30 days. The answers which you may provide in these surveys will be shared with the University of Oxford and matched with the pseudonymized ID number assigned to you as a user. This match will not allow the University of Oxford to specifically identify you or your children, but only to distinguish the answers you have given from those given by other App users. Your survey answers may be retained for up to 3 years after publication of the Project’s findings and then deleted.
The Project’s findings (which will also not contain any information identifying you or your children) may be published in academic papers, as well as shared back with Ferrero. We may ultimately use these to further develop the App’s contents and offerings.
Both Ferrero and the University of Oxford act as joint controllers for the processing of personal data related to the Project. The processing of your personal data in the context of the Project is primarily based on:
- Ferrero’s and Oxford’s legitimate interests in carrying out research activities, under Art. 6(1)(f) GDPR, regarding the sharing of limited details related to how you/your children use the App; and
- Your consent, under Art. 6(1)(a) GDPR, regarding the email address you provide to receive the survey link and the sharing of answers you may provide to surveys related to the Project.
If you would like to have more information about the relationship between Ferrero and the University of Oxford, including on the main terms of the agreement we have entered into with the University of Oxford regarding the Project, please contact us at firstname.lastname@example.org.
Does the App collect and track any personal data such as face data through the use of TrueDepthAPI?
The App uses the device’s TrueDepthAPI camera system to track the movement of the face. This allows for a unique user experience embodying your favourite character. In order for this functionality to be possible, the App requires access to your device’s camera. This access can be toggled on or off at any time in your device’s settings. We do not collect, store or share data used by software for depth of facial mapping information, TrueDepthAPI locally or remotely. In addition, we do not disclose this information to any third parties.
Does the App collect precise real time location information of the device?
This App does not collect precise information about the location of your mobile device.
Cookies are small text files that the sites visited send to you and store on your computer or mobile device, and which will be returned to these same sites on each new visit. Thanks to these cookies, a site remembers your actions and preferences (for example connection data, preferred language, font dimensions, other display settings, etc.) so that you do not have to need to specify them again when you return to the site or consult another page on the same site.
These cookies serve to detect if the survey is being answered by a human or by a bot. As such, they are primarily used for security purposes. However, Google may also use these cookies to gather additional information from App users for the purpose of improving its own services and products. Google acts as the sole controller for any personal data collected for these latter purposes – please consult Google’s Privacy Notice for more information on how Google may handle your personal data.
These cookies will be set on your device where you consent to this, by clicking on “Accept” within the cookie banner shown when you access a given survey. This consent can be refused or withdrawn through that same banner, or through the cookie management tools offered on the survey website.
Do third parties see and/or have access to information obtained by the App?
We may disclose User Provided Information and/or User Automatically Collected Information:
- as required by law, such as to comply with a subpoena, or similar legal process;
- when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
- with our trusted services providers who work on our behalf, do not have an independent use of the information we disclose to them, and have agreed to adhere to the rules set forth in this privacy statement;
- with our research partners, including the University of Oxford (in the context of the Project, as explained above).
If Ferrero is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via a prominent notice on our Website of any change in ownership or uses of this information, as well as any choices you may have regarding this information.
Other than the above, limited internal staff at Ferrero may have access to personal data collected via the App, as necessary to perform their duties regarding the operation of the App. These data will only be accessed on a need-to-know basis, and all staff members with access to the data are bound to confidentiality.
We do not have any advertising in our App. At times, we may promote the App via internet advertising. If you click on such an advertisement on an external web site and navigate directly to the iTunes App Store or other platform, with the use of web cookie and similar technologies (You can refer to our Cookies Policy on kinder.com to learn more about opting out of such technologies) or non-identifying information such as your phone's device ID may be sent to the advertising network, so that they and we may track the effectiveness (i.e., conversions) of our advertising. In addition to conversion events, it might also be used for frequency capping, estimating the number of unique users, debugging, or security and fraud detection. When you use the App, a unique ID (which varies by device manufacturer and operating system) is read from or associated with your device to be used as an anonymous identifier for analytics and performance purposes. We don't store the ID, or share the ID or other unique information collected or used by the app with third parties, except for service providers whose analytics product generates this ID to track and analyse the performance and the quality of our App. We do not use information gathered within the App to serve you targeted advertisements.
You can stop all collection of information by the App easily by uninstalling the App. You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace or network. Please note that you may at any time exercise your rights of access, rectification, erasure, opposition, restriction of processing and portability with respect to your personal data by writing to our email address email@example.com. See below for parental rights with respect to children's data.
You can withdraw your consent to receive email newsletters at any time, by adjusting the preferences you set on the App or by clicking on a link available in each communication and newsletter we send you.
You are entitled to file a complaint with the competent supervisory authority, in the event that you deem any aspect of our processing of personal data to be unlawful. For these purposes, you can reach out to:
- The Luxembourg National Data Protection Commission (the supervisory authority within Ferrero’s place of establishment); or
- The competent supervisory authority within your area of residence or place of work, within the EU/EEA.
- Ferrero has chosen Amazon Web Services, Inc. (AWS) as the cloud service provider to store your data. The Article 29 Working Party (the independent advisory board made up of representatives from the data protection authorities of all the EU Member States as well as from the European Commission) has approved the AWS Data Processing Agreement, which includes the Model Clauses. The Article 29 Working Party has found that the AWS Data Processing Agreement meets the requirements of the Directive with respect to Model Clauses. For more detail on the approval of the AWS Data Processing Agreement from the Article 29 Working Party, please visit: https://www.cnpd.public.lu/en/actualites/international/2015/03/AWS.html
- Ferrero has chosen Google Firebase Crashlytics as crash reporting software to collect insights into the nature of stability problems you may face through some Automatically Collected Information. Analytics information is used to support Ferrero analysis and operations, to enable product development and to improve our APP and services.
- Ferrero has chosen Gameloft SE as software developer for maintenance and for the improvement of the APP; it may therefore have access from time to time to some collected data.
Data Retention Policy, Managing Your Information
- When you register on the App, we will send you an e-mail so that you can confirm your registration. If you do not confirm your registration right away, we will keep the User Provided Information you shared with us during your registration for a period of 14 days, before erasing it (unless you confirm your registration in the meantime). After you have confirmed your registration, we will retain User Provided Information for as long as you use the App. If your account remains inactive for a consecutive period of 12 months, we will erase the User Provided Information we have on you (unless further retention is needed to meet our legal obligations, or to address legal claims) – we will send you an e-mail notice of this 1 month before deletion is to take place.
- After you have confirmed your registration on the App, we will generally retain User Provided Information for as long as you continue to use the App.
- Photographs which are taken using the App are stored locally, on the App’s memory of your device – they will be retained until the App is uninstalled. Other images which may be generated using the App (such as drawings or images of QR codes) may be stored on the App’s memory (in which case, the above applies) or on your device’s camera roll – in this case, you can delete those images at any time through your device.
- The backup of your data will be stored on Ferrero’s AWS for as long as you use the App. If your account remains inactive for a consecutive period of 12 months, we will erase the backup of your data.
- We will retain Automatically Collected Information for up to 12 months and thereafter may store it in aggregate form. If you'd like us to delete User Provided Information that you have provided via the App, please contact us at firstname.lastname@example.org.
- Personal data collected in the context of research activities (including User Provided Information, Automatically Collected Information and answers to surveys, for example) will be pseudonymized or aggregated as soon as this is feasible without compromising the goals of the specific research project for which they are collected.
We do not use the App to knowingly solicit data from or market to people aged under 18. No personal information should be submitted by Children and their real name or any information should never be used in the feature of the App (such as the creation of an avatar). If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at email@example.com. We will delete such information from our files within a reasonable time. If we were to collect and store personal information from children under the age of 18 in connection with a feature inside the App, we will first take steps to notify and obtain prior consent from a parent or legal guardian in accordance with applicable laws such as the COPPA, unless an exception to these laws applies. We would also give parents the ability to review their children's personal information, stop the further collection or use of such information, or request its deletion. To learn more about COPPA, you may consult this simple one-page informational guide from the kidSAFE Seal Program: https://www.kidsafeseal.com/knowaboutcoppa.html
Information security is important to Ferrero and we are concerned about safeguarding the confidentiality of your information. We have established physical, electronic, managerial and procedural safeguards to protect the information we collect, process and maintain. These safeguards are regularly reviewed to protect against unauthorized access, disclosure and improper processing of your information, and to maintain the accuracy and integrity of that data. For example, we limit access to this information to authorized employees and contractors who need to know that information in order to operate, develop or improve our App. Please be aware that, although we endeavour to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches. For technical and operational reasons, personal data can be transferred through servers which are located outside the European Union, where the European data protection rules are not applicable. Privacy regulations outside the EU might not provide the same high level of protection.
For privacy related questions
(for US only) at (800) 688-3552 FREE or (732) 764-9300
Ferrero International S.A.
Attn. Group Privacy Officer
16, Route de Trèves