This webpage contains two copies of our Privacy Policy – one for children, and one for grown-ups. So, keep reading for the kid-friendly version, or scroll on down for the grown-up version.

For Kids!

Who we are

Creature Media Ltd trading as Creature & Co is the publisher of National Geographic Kids magazine UK and Ireland and National Geographic Little Kids UK and Creature Media Australia Pty Limited trading as Creature & Co is the publisher of National Geographic Kids Australia and New Zealand. We also publish a digital edition of National Geographic Kids and National Geographic Little Kids via an IOS app and Google Play app. Digital issues can also be accessed on our website www.natgeokids.com. There are also downloadable teaching resources for schools that subscribe to National Geographic Kids and Little Kids in the UK, Ireland, Australia, and New Zealand.  

What is personal data?

Any information that we can use to identify you is personal data. This includes things such as your full name, your date of birth or your test answer sheets.  

How to Contact Us

We have someone here called our Data Protection Officer, and their job is to ensure we follow all the rules when using your personal data. This means they make sure we are following all the rules, and that your data is safe. If they see something wrong, they tell us how we can fix it. If you have any concerns you can contact our Data Protection Officer by post at our main business address: Creature Media Ltd c/o Creature & Co FAO: HEAD OF DATA PROTECTION Address: 76 Marylebone High Street, London, W1U 5JU. Creature Media Australia Pty Limited c/o Creature & Co FAO: HEAD OF DATA PROTECTION Address: Level 6, 77 Castlereagh Street, Sydney, NSW 2000 Australia Our Data Protection Officer can also be contacted by email at the following address [email protected]  

Why do we need personal data?

The main reason we need personal data is to know who you are. If you are logged in to one of our apps or on the website, we use your personal data to make sure your account works and process any requests you might have. We also use your personal data to provide your parents with information about things we create, contacting your parents about the things they have bought and sending out information about products, services, activities, promotions, or anything else that we feel might be of interest or use to you. We sometimes also use your personal data because of an event you take part in, or a competition we organise, to make sure if you win that you get your prize. If you want to know more about why we need your personal data, you can ask an adult to read the full Privacy Policy with you to help you understand the details.  

How we obtain your data

Your personal data is provided to us by your parents or by yourself when you sign up on our websites or applications.  

Who can see my data?

Your personal data is seen by our staff. Sometimes we need to share your personal data with the staff of third parties that we work with to allow us to do our work. We are very careful about how we do this, which means there are even more rules and whatever they do, it will be done lawfully and safely. Some examples of people who might see this information include: our website operators and IT support providers

 

What do we do with your data?

We are only allowed to keep your personal data for as long as we need it. Depending on the circumstances, this period can vary.  

How do we look after your data?

We use security measures to protect your information against any unlawful use or unauthorised access.  

Do I have a say in what happens to my data?

Yes, you do. You have a range of rights when we use your data. These rights are:

• A right to request a copy of your data that we have
• A right to request a correction of errors or inaccuracies in the data that we hold relating to you
• A right to object to processing and to “opt-out” of having your data processed by us on the basis of consent, our legitimate interests or a public interest basis unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
• A right to request us to delete your personal data in certain specified circumstances. This right does not apply where we are processing data for compliance with a legal obligation, for reasons of public interest in relation to public health, for archiving purposes for historical or scientific research, or where necessary to establish or defend legal claims (Article 17)
• A right to restrict processing in certain circumstances (Article 18)

If you want to know more about how you can exercise these rights, you can ask an adult to read the full Privacy Policy with you to help you understand the details.  

Is there somewhere I can complain if I am worried about how we use your personal data?

Yes. There is also a government agency whose job it is to make sure companies like us follow the rules and correct us if we do things wrong. You can also email or write to them. Their contact information can be found online at the following links: Ireland: Data Protection Commission: https://dataprotection.ie/en/contact/how-contact-us United Kingdom: Information Commissioners Office: New Zealand: Australia:

For Adults

Who we are

Creature Media Ltd trading as Creature & Co is the publisher of National Geographic Kids magazine UK and Ireland and National Geographic Little Kids UK and Creature Media Australia Pty Limited trading as Creature & Co is the publisher of National Geographic Kids Australia and New Zealand. We also publish a digital edition of National Geographic Kids and National Geographic Little Kids via an IOS app and Google Play app. Digital issues can also be accessed on our website www.natgeokids.com. There are also downloadable teaching resources for schools that subscribe to National Geographic Kids and Little Kids in the UK, Ireland, Australia, and New Zealand.  

How to Contact Us

You can contact us at our main business address: Creature Media Ltd c/o Creature & Co FAO: HEAD OF DATA PROTECTION Address: 76 Marylebone High Street, London, W1U 5JU. Creature Media Australia Pty Limited c/o Creature & Co FAO: HEAD OF DATA PROTECTION Address: Level 6, 77 Castlereagh Street, Sydney, NSW 2000 Australia Our Data Protection Officer can also be contacted by email at the following address [email protected]  

Why do we need personal data?

The main reason we need personal data is to know who you are. If you are logged in to one of our apps or on the website, we use your personal data to make sure your account works and process any requests you might have. We also use your personal data to provide your parents with information about things we create, contacting your parents about the things they have bought and sending out information about products, services, activities, promotions, or anything else that we feel might be of interest or use to you. We sometimes also use your personal data because of an event you take part in, or a competition we organise, to make sure if you win that you get your prize. If you want to know more about why we need your personal data, you can ask an adult to read the full Privacy Policy with you to help you understand the details.  

How we obtain your data

Your personal data is provided to us by your parents or by yourself when you sign up on our websites or applications.  

Who can see my data?

Your personal data is seen by our staff. Sometimes we need to share your personal data with the staff of third parties that we work with to allow us to do our work. We are very careful about how we do this, which means there are even more rules and whatever they do, it will be done lawfully and safely. Some examples of people who might see this information include: our website operators and IT support providers

 

What do we do with your data?

We are only allowed to keep your personal data for as long as we need it. Depending on the circumstances, this period can vary.

How do we look after your data?

We use security measures to protect your information against any unlawful use or unauthorised access.

Do I have a say in what happens to my data?

Yes, you do. You have a range of rights when we use your data. These rights are:

• A right to request a copy of your data that we have
• A right to request a correction of errors or inaccuracies in the data that we hold relating to you
• A right to object to processing and to “opt-out” of having your data processed by us on the basis of consent, our legitimate interests or a public interest basis unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
• A right to request us to delete your personal data in certain specified circumstances. This right does not apply where we are processing data for compliance with a legal obligation, for reasons of public interest in relation to public health, for archiving purposes for historical or scientific research, or where necessary to establish or defend legal claims (Article 17)
• A right to restrict processing in certain circumstances (Article 18)

If you want to know more about how you can exercise these rights, you can ask an adult to read the full Privacy Policy with you to help you understand the details.

Is there somewhere I can complain if I am worried about how we use your personal data?

Yes. There is also a government agency whose job it is to make sure companies like us follow the rules and correct us if we do things wrong. You can also email or write to them. Their contact information can be found online at the following links:

Ireland: Data Protection Commission: https://dataprotection.ie/en/contact/how-contact-us United Kingdom: Information Commissioners Office: New Zealand: Australia:  

Why we use personal data?

We process (use) personal data to help us run our business, deliver projects, and run events.

We process data about people for the following purposes:

• Sales and Marketing
• Managing subscriptions
• Supporting teaching, (either directly or through partners)
• General office administration and accounting
• Organising and running events
• HR administration, including payroll and recruitment
• Management of sub-contractors

What data do we use?

We use a variety of categories of personal data depending on our purposes. In all cases, we aim to capture and process the minimum necessary to deliver our services and meet our obligations.

We process the following categories of personal data for the purposes set out. We provide general information on the lawful grounds we rely on for processing in each context. The specific basis relied on will depend on the context of processing.    

Data Processors

We use several different categories of data processors to help us deliver our services.

The categories of suppliers used include:

• Telephones & Comms
• Office productivity
• HR Management
• Accounting
• Payment Processing

Third-Party Recipients

In the course of our business, we are required to disclose data to third parties who are not data processors on our behalf. For many of our processing activities, we are required to disclose data to third parties who are not data processors acting on our behalf or data controllers on whose behalf we are working. Categories of recipients include:

• Tax authorities
• Law enforcement (where required for the investigation, detection, or prosecution of criminal offences)
• Collections agencies in respect of outstanding or delinquent invoices

 

How Long Do We Keep Your Data?

We retain data for as little time as possible. Our retention periods are based on:

• Statutory Obligations
• Contractual Requirements
• Quality Assurance
• Prudent risk management

Creature and Co. retains personal data about individuals for a range of periods. The basis for our retention periods is based on:

• Statutory Obligations
• Contractual obligations
• Quality assurance standard obligations provided by our training partners or accrediting bodies.
• For reasonable periods after the conclusion of engagements for QA and risk management purposes.

On a case-by-case basis, records may be retained for longer where required for actual or potential legal actions or the management or mitigation of operational or strategic risks to the organisation. Where records are subject to this kind of “hold” process, the ongoing retention will be reviewed on an annual basis.  

Cross-border Data Transfers

Some of our service providers or partners are based outside the UK/EU/EEA. We make sure to only use providers who are processing data outside the EU on a valid basis. Creature and Co will, from time to time, make use of services provided by 3rd parties for the delivery of our services which may necessitate the transfer of personal data outside the UK/EU/EEA. For example, we use a variety of cloud-based tools such as Office365, and similar tools. Where data needs to be transferred or processed outside the UK/ EU/EEA, we chose providers who process data on the basis of

• Model Contract Clauses/ UK IDTA
• An Adequacy Decision from the European Commission or the UK.
• Appropriate additional technical safeguards, including but not limited to the use of encryption, including own-key encryption.

In exceptional circumstances, we will rely on the consent of the data subject or the necessity of the processing for the performance of or conclusion/performance of a contract that the Data Subject has entered into (e.g. transferring data to a USbased accrediting body for certifications so that a client can receive their accreditation). On a case-by-case basis, we may rely on other grounds for transfer, including processing that is necessary for the establishment, exercise, or defence of legal claims.  

Keeping your data safe and secure

We place great importance on the security of all personal data associated with our clients. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal information under our control. Periodic reviews of our security standards are carried out to identify any new risks. However, with any electronic transmission and storage of data comes risks and we cannot guarantee that our databases, or those of our third-party affiliates, will be 100% secure. There is also a risk of data being intercepted while being transferred over the internet. In the event of a breach of data security, Pieta will:

• Where we are acting as a Data Controller, notify without undue delay the relevant Supervisory Authority where we identify that there is a risk to the fundamental rights and freedoms of people using our services.
• Where we are acting as a Data Controller, and we identify a high risk to your rights and freedoms, notify you of the incident without undue delay.

Automated decision making and profiling

 

Your Rights under GDPR

You have a range of rights under EU Data Protection law. These rights are:

• For processing activities for which we rely on consent as a basis for processing your data, you have the right to withdraw your consent at any time.
• For processing activities which are based on a statutory or contractual requirement, you may request your data not be processed for that purpose. However, this is not an absolute right and may be overridden by our statutory obligations. In other cases, requesting that data should not be processed for a particular reason may prevent us from executing a contract or delivering a service to you.
• You have the right to request: ◦A copy of data we hold about you. (Right of Access) ◦ That any error in data we hold about you is corrected. (Right of Rectification) ◦ That data we hold about you be erased, unless we have a countervailing interest or legal obligation to retain it. (Right of Erasure) ◦ That we refrain from processing data for a specific purpose. (Right to Restrict processing)

 

Right to Complain to the Data Protection Commission

You have the right to file a complaint United Kingdom: Information Commissioner’s Office https://ico.org.uk/ Ireland: The Data Protection Commission. https://dataprotection.ie/en/contact/how-contact-us

This Privacy Notice was updated: July 2024