Community guidelines | Privacy FAQ | Privacy Policy | Cookie Policy | Children's Privacy Policy | General Terms of Use | Teen Terms of Use | UK Digital Citizenship Terms of Service| Survey Privacy Policy | Subprocessor List
Updated June 23, 2021, to reflect removal of user comment functionality
Last updated: June 23, 2021
COMMON SENSE MEDIA'S CHILDREN'S PRIVACY POLICY
Common Sense Media, Inc. ("we" or "us") is concerned about children's privacy. The websites ("Sites") that we operate provide a forum for all family members, including children, to express their views about movies, books, TV, games, websites, apps and music. While we encourage children to participate appropriately in our Sites, their privacy is extremely important to us.
This Children's Privacy Policy explains our information practices in connection with information provided by all children under the age of 13 and certain slightly older teenagers in the European Economic Area and the UK ("EEA+") whose parent’s consent we require for certain uses of their information ("Child" or "Children") on Sites that link to this Children's Privacy Policy.
The Sites are controlled and operated by us from the United States.
We support the Children's Online Privacy Protection Act (“COPPA”) and other frameworks like the General Data Protection Regulation and the so-called UK GDPR (together, the "GDPR"). Our goal is to minimize the information gathered from and disseminated about Children while permitting them active participation in the trustworthy information, education and independent voice for which we are known.
Users in the EEA+ – there is a specific section of this Children's Privacy Policy which applies particularly to EEA+ Children (see Section G).
A. How We Collect and Use Information from Children
Children can explore the Sites, and can view and print reviews, ratings and other content while providing only the limited personal information set out below:
Account set-up and Maintenance. If a Child wants to register to become a member of our Sites, we require the Child to submit the following information:
- Username (the Child is advised not to use his or her real name);
- Password;
- Birth month and year; and
- Their parent’s email, which we use to ask for that parent’s consent (see Section D of this Children's Privacy Policy).
We may use information collected from Children during the registration process and in account configuration in the following manner:
- To create and maintain the Child's account;
- To determine the Child's current age and post it next to any reviews posted by the Child. We do not post the username of any Child who is under 13 or any personal information in or alongside their reviews
Using the Site. We also automatically collect "persistent identifiers" about devices from visitors. We do not collect this analytics information for logged in Children.
Use of anonymous information. If the information collected from a Child does not identify or allow contact with him or her or his or her device (including, for example, aggregated information), we may use and disclose it for any purpose, to the extent permitted by applicable law.
No advertisements! We do not display advertising based on information collected from Children.
No newsletters! Our email newsletters are for adults only – they are not designed for, or targeted at, Children. Children should not attempt to sign up for our email newsletters. We encourage parents to discuss with their Children the importance of not signing up to receive our email newsletters.
Reviews and Other Site Activities. A Child may choose to write and post reviews on the Sites, such as reviews of movies, games, websites, TV, books, and apps. We moderate all postings by Children who are under 13 to remove personal information, and we encourage parents to discuss with their Children why they should NEVER include personal information in reviews posted to the Site. Children may also participate in other online activities, such as polls. As discussed in our Privacy Policy, all members, including Children, have the ability to delete their postings to the Sites. Members can delete their postings by logging into their accounts, viewing the review or comment, and clicking the"delete" button. Or, a member can send an email requesting deletion to [email protected], noting username, date of the review or comment, and title of media type reviewed. (Parents may also delete Children's postings or other information, as described in Section E.) It is possible that deleted reviews will remain in our system (such as in backups of our data), but they will not be visible through the Sites. Please note that your request or deletion does not ensure complete or comprehensive removal of the content or information, as, for example, some of your content may have been reposted by another user.
Persistent Identifiers. When visitors interact with the Sites, certain technical information may automatically be collected, to make our Sites more interesting and useful, to track analytics, to keep them free of spam, and for various internal purposes related to our business. Examples of information that is automatically collected include: the type of computer operating system, the device's IP address or mobile device identifier, the web browser, the frequency with which the user visits various parts of our Sites, and information regarding the online or mobile service provider — however, we do not collect any of this information from or about logged-in Children. Our Cookie Policy provides a list of third party service providers who may collect persistent identifiers or use cookies, including describing Necessary Cookies which are enabled for logged-in kids and needed for the site to function. Analytics and Personalization Cookies are turned off for logged-in children. Please note non-Necessary cookies are also disabled by default for users in the EEA+.
This information is collected using technologies such as cookies, flash cookies, web beacons, and other unique identifiers (which we describe in more detail in our Cookie Policy). This information may be collected by us or by a third party. Persistent identifier information is used by Common Sense Media for the sole purpose of providing support for our internal operations, including in order to:
- Ensure that the Sites function properly;
- Enable us to conduct research and analysis to understand, address and improve the use and performance of the Sites; and
- Diagnose and respond to problems.
B. What Information Submitted By Children Is Viewable On the Site?
We strictly limit the personal information that is publicly viewable about a member who is known by us to be a Child. When a Child posts a review or comment on the Sites, only the Child's age is posted, along with the content of the Child's posting. Usernames of Children who are under 13 are not posted with this submitted content on our Sites. Although the Child may create a Profile for his or her account (which includes only a username, password, birth month and year, and parent's email address), no portion of the Child's Profile other than the Child's age is publicly viewable.
C. What Information About Children Is Shared?
We do not disclose to third parties any Children's personal information that we collect other than as follows, consistent with applicable law: (a) with a parent's permission, (b) as required by any applicable law, (c) to third-party service providers who help us operate or manage the Sites, (d) as part of aggregated data shared with third-party service providers, our Board of Directors, funders and other partners, as described in the Privacy Policy, (e) to comply with legal process, (f) to respond to governmental requests, (g) to enforce our Terms of Service, (h) to protect our operations, (i) for assistance in fraud detection and prevention; (j) to protect the rights, privacy, safety or property of Common Sense Media, your Child or others, (k) to permit us to pursue available remedies or limit the damages that we may sustain, and (l) in connection with a disposition of all or a substantial portion of our business, assets or stock, such as a sale, merger, consolidation, reorganization, joint venture, assignment, or bankruptcy or similar proceedings.
D. How do we get parental consent when we are required to do so?
If parental consent is required in respect of our use of a Child’s personal information, when setting up an account, the Child must provide their parent’s email address. We use that email address to contact the Child’s parent to ask for their consent as required – we also explain to the parent:
- what personal information we collect about their Child;
- how we use it and why; and
- how the parent can revoke their consent and/or ask that we delete their Child’s account and personal information.
If at this stage, the parent gives us their consent, we will carry out the activity for which that consent was required. If not, we won’t.
E. How May Parents Access, Change or Delete Information About Their Children?
Deleting your Children’s information and their account.
If you are a parent, and we need your consent to certain processing of your Children’s personal information, if you:
- wish us to cease further collection of personal information from your Children;
- believe your Children are participating in an activity on the Site that uses their personal information without the parental consent required by law;
- wish us to make no further use of, or delete, the personal information we have collected online from your Children; and/or
- no longer wish for your Children to participate as members of the Site,
we will delete your Child’s Profile, and any parental contact information we may hold, on request.
Parents of EEA+ Children can exercise these rights through our Privacy Requests Portal.
Parents of non-EEA+ Children can exercise these rights by contacting us at [email protected].
Accessing or changing your Children’s account and any personal information we have collected online.
Parents may at any time:
- access or make changes to their Children’s account; or
- make changes to the personal information that we have collected online from their children,
by clicking on their Child's "My Account" link, by contacting us at [email protected], or by writing to us at the address provided below.
For your Child's protection, we may need to verify your identity before implementing any request described in this Section E. We will try to comply with your request as soon as reasonably practicable.
F. How May Parents Raise Other Questions or Concerns?
If a parent has any questions or concerns about his or her Child's use of the Sites, we encourage the parent to contact us at [email protected] or:
Privacy Department
Common Sense Media
699 8th Street, Suite C150
San Francisco, CA 94103
415-863-0600
G. EEA+ Privacy Matters
Who does this Section G apply to? It applies to Children based in the EEA+. All references to "Child or "Children" in this Section G are references to such EEA+ Children only. References to such EEA+ Children’s "parents" should be understood in the same light.
Why do we have an EEA+-specific Section of this Children’s Privacy Policy? Applicable data protection laws, including the EU General Data Protection Regulation and the so-called ‘UK GDPR’ (together, the "GDPR"), require us to provide information about our data processing practices and the rights available to relevant EEA+ Users
Our representatives.
- Our EU representative appointed under the EU GDPR is Verasafe. You can contact them as shown below:
- By using our EU representative web form, available here.
- By mail: VeraSafe Ireland Ltd., North Point Business Park, New Mallow Road, Cork T23AT2P, Ireland
- Our UK representative appointed under the UK GDPR is Common Sense Media, a registered charity and company in England and Wales ("Common Sense Media UK”).
- By using our UK representative web form, available here.
- By mail: 1 Paternoster Square, London, EC4M 7DX, UK, with mail sent “FAO Common Sense Media: UK Representative”
What do we mean by “Personal Data”? Under the GDPR, “Personal Data” refers to information about an identified or identifiable natural person. For EEA+ Children, references to "personal information" or “information” elsewhere in this Children’s Privacy Policy should be read as including reference to their Personal Data.
EU-specific rights. Under certain circumstances, Children may have certain rights – including those set out below:
- Access. Request access to their Personal Data.
- Correction. Request correction of inaccurate or incomplete Personal Data that we hold about them.
- Erasure. Request erasure of their Personal Data.
- Objection. Object to our reliance on our Legitimate Interests (see below) as the legal basis of processing of their Personal Data
- Restriction. Request the restriction of processing of their Personal Data until we address their request establish its accuracy or our reasons for processing it.
- Portability. Request the transfer of their Personal Data in a portable format.
- Withdraw consent. Withdraw their consent to any Processing that relies on it as a legal basis (see below). Their parent’s have the same right to withdraw any parental consents that we have been given.
How to exercise these rights? These rights can be exercised by using our Privacy Requests Portal. Typically, there is no fee for this. However, we may charge a reasonable fee if the request is clearly unfounded, repetitive or excessive – or, in these circumstances, we may refuse to comply with the request. We may need to ask for information in relation to any request to help us confirm the identity of the person making it and to speed up our response.
The right to complain. We would love to be able to resolve all questions, requests and complaints about Personal Data directly. However, if a Child or their parent feels we have not been able to satisfactorily resolve an issue, they may contact their local data protection supervisory authority.
- For the contact information of the Data Protection Authorities for each Member State of the European Economic Area, please visit: https://edpb.europa.eu/about-edpb/board/members_en
- The UK's Data Protection Authority's details are below:
The Information Commissioner's Office
Water Lane, Wycliffe House
Wilmslow - Cheshire SK9 5AF
Tel. +44 303 123 1113
Website: https://ico.org.uk/make-a-complaint/
What Personal Data do we use? The Personal Data that we use is set out in Section A of this Children’s Privacy Policy.
Our “Legal Bases” for using Personal Data. The GDPR requires us to have a “legal basis” for each way that we use Personal Data. Most commonly, we will rely on one of the following legal bases:
- Where we need to perform a contract we are about to enter into or have entered into with a Child (“Contractual Necessity”).
- Where it is necessary for our legitimate interests and the Child’s interests and fundamental rights do not override those interests (“Legitimate Interests”).
- Where we need to comply with a legal or regulatory obligation (“Compliance with Law”).
- Where we have specific consent to carry out the processing for the Purpose in question (“Consent”), in these cases we would need to get a Child’s parent’s consent.
Purposes for Processing. We have set out below, in a table format, the legal bases we rely on in respect of the relevant Purposes for which we use Children’s Personal Data:
Purpose |
Examples of how we use relevant Personal Data for a Purpose |
Our legal basis for this use of data |
Account set-up and Maintenance |
To register a Child’s account on the Sites, and to populate their profile. To provide the core elements of the Sites. |
Contractual Necessity. |
Security |
We might use the Personal Data we collect to keep our Sites and associated systems operational and secure. |
Compliance with Law.
Legitimate Interests.
|
Troubleshooting and Service improvement |
We might use the information associated with the Persistent Identifiers above to track issues that might be occurring on our Sites and systems, or to test and improve them. Important note: |
Legitimate Interests. It is in our legitimate interests that we are able to monitor and ensure the proper operation of our Sites and associated systems and services. |
Anonymised Data creation |
We may create ‘Anonymous Data’ – this might include aggregated data such as statistical or demographic data. Anonymous Data may be created or derived from any of the Personal Data we collect, but once in anonymous / aggregated form it will not directly or indirectly reveal a Child’s identity (i.e., it’s no longer Personal Data). We may use or disclose Anonymous Data for any purpose permitted by law, and do not require a legal basis to do so. |
Legitimate Interests. It is in our legitimate interests that we are able to ensure that our Sites and how we use information about our users is as un-privacy intrusive as possible. |
User submitted content |
As part of the Sites, we post the reviews and other content submitted to the Sites by Children – although we recommend that it is not included, these may contain certain Personal Data. Important notes: We encourage parents to discuss with their Children why they should NEVER include Personal Data in reviews posted to the Site. For all Children who are under 13:
|
Contractual Necessity in respect of posting reviews and other submitted content. Legitimate Interests in respect monitoring the content of Children who are under 13 to remove any Personal Data – we consider this practice to be in the interests of the Children themselves, their parents, and ourselves. |
Purpose limitation. We will only use Children’s Personal Data for the purposes for which we collected it as listed above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use Children’s Personal Data for an unrelated purpose, we will update this Privacy Policy. Please note that we may process Children’s Personal Data without their or their Parent’s knowledge or consent, in compliance with the above rules, where this is required or permitted by law (including the GDPR).
What happens when you do not provide necessary Personal Data or you withdraw consent? Where we need to process a Child’s Personal Data either to comply with law, or to perform the terms of a contract we have with them and they fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into. Similarly, if we rely on Consent to process Children’s Personal Data, they or their parent may withdraw that Consent, but if this happens, we may not be able to provide certain services or features.
International transfers. We are headquartered in the United States. The Personal Data that we collect from and about Children will be stored and processed in the United States and may be stored and processed in other countries outside of the EEA+. However, it is our policy to ensure that adequate contractual or other safeguards are applied to Personal Data transferred outside of the EEA+ where required by the GDPR. If you have questions about the safeguards applied to Children’s Personal Data, you may contact us at [email protected].
Data security and retention. Our data security and retention practices are described in our general Privacy Policy – please see:
- Data Security – VI. Important Disclosures, Practices and Contact Information
- Retention – V. How Long We Keep Your Personal Information
Personal Data from Third Party Sources. We do not collect any Personal Data about Children from any third parties or publicly-available sources, other than from their parents (where they choose to give it to us).