Privacy Policy

Last updated: 1 September 2022
Blue documents pattern vectorBlue documents pattern vector

This Privacy Policy describes how Storypark Limited (“Storypark”, “we”, “our”,us”) collects, uses, discloses and processes your personal information, and that of your minor child, as well as our privacy and security practices. This Privacy Policy applies to the personal information we collect through your use of our website located at, the Storypark Application (as defined below), the associated services and through our interactions with you.  

We know how important security and privacy is to you. We use this Privacy Policy to clearly disclose to you how we collect, use, store, transfer and share (i.e. “process”) your personal information, that of your child, and our privacy and security practices in a manner that is easy to understand.

Please take a moment to read this Privacy Policy so you understand how we process Personal Data.

Summary of Privacy Policy

What personal information do we collect?

How do we use personal information?

How do we share personal information?

Storypark shares information with Service Providers who support us to provide our Services and operate our business. Specifically, we use:

Your choices with respect to your personal information.

How to contact us:

For more information about this Policy, our privacy practices or to obtain access to or correction of your personal information or that of your minor child, please contact us at


By accessing our Service, or by providing Personal Data directly to us, you consent to our processing your Personal Data, and if applicable, that of your minor child, in the manner and for the purposes set out in this Privacy Policy. If relevant to the Purposes set out in this Privacy Policy, Personal Data may at times include Sensitive Data. Note: You may not provide us with the Personal Data of a child of whom you are not the parent or legal guardian, unless you have the consent of that child’s parent or legal guardian.

1. Definitions

Capitalised terms not defined in this Privacy Policy have the meaning ascribed to them in Storypark’s Terms of Use. In addition, the following capitalised terms have the following meanings:

  • a) “Account” means (depending on the context) either a Centre Account (facilitating the access to one or more Child Profiles and Educator Portfolios) or an account controlled by a Primary Account Holder pertaining to one or more Children.
  • b) “Account Holders” means together Authorised Viewers, Early Childhood Providers, and Primary Account Holders.
  • c) “Application” means the early childhood e-portfolio service and, as applicable, any CCMS Service, provided by Storypark, including that available on and through the Website, and unless the context requires otherwise includes all such applications we provide (including, without limitation the family version of our device application).
  • d) “Authorised Viewer” means a person who is authorised by a Primary Account Holder to view and/or access a Child Profile, being typically but not exclusively limited to that Child’s parents/guardians and family members, specialists, and the Child’s Early Childhood Providers
  • e) “CCMS Service” means any childcare application and management service offered by Storypark to Centres.
  • f) “Centre” means an organisation or enterprise providing early childhood education and/or childcare and/or services for children.
  • g) “Child” means a child whose Child Profile exists within the Application and “Children” has a corresponding meaning.
  • h) “Child Content” means Content about, depicting or pertaining to a particular Child.
  • i) “Child Profile” means the profile page(s) appearing on the Application pertaining to a given Child and any other Content pertaining to that Child that is accessible via the profile page, including stories, notes, plans and routines.
  • j) “Content” means any content or materials including (but not limited to) still or moving images, videos, sound recordings or other audiovisual materials, artistic works, written works, Centre administration data and Personal Data posted to the Service by a User.
  • k) “Data Protection Laws” means the data protection and privacy laws applicable to the processing on Personal Data that we are committed to comply with, including:
  • the Personal Information Protection and Electronic Documents Act, SC 2000, c5 (federal, Canada);
  • the Personal Information Protection Act (Alberta, Canada);
  • the Personal Information Protection Act (British Columbia, Canada);
  • Act Respecting the Protection of Personal Information in the Private Sector (Quebec, Canada); and
  • any other applicable privacy legislation. 

l) “Early Childhood Provider” means, as the context dictates:

  • a Centre who has registered to use the Application;
  • an individual authorised by a Centre to use the Application, typically being a childcare provider/educator/administrator of a Centre; or
  • another professional care provider such as a nanny, au pair or babysitter who has registered to use the Application.

m) “Personal Data” means any information relating to an identified or identifiable individual. This includes, but is not limited to names, physical addresses, email address, IP addresses, behavioural data, location data (e.g. city, province/territory and country- please note we do not collect real time location information, such as GPS), and financial information.

n) “Primary Account Holder” means a Child’s parent or guardian or a person expressly authorised by the Child’s parent or guardian to administer and control a Child Profile.

o) “process” or “processing” means any operation or set of operations which is performed on Personal Data, such as collection, recording, organisation, structuring, storage, adaptation, use, disclosure, combination, restriction, or erasure.

p) “Service” or “Services” means the Application and the Website, collectively and separately and where the context permits includes any related services.

q) “Sensitive Data” means Personal Data relating to a person’s health, financial, , race or religion.

r) “User” or “you” means the person or organisation who uses the Application and/or the Website, whether as the holder of an Account or otherwise.

s) “Website” means the website at, including parts or features of that website that can be used or accessed without requiring registration or logging into the Application.

Part A: Privacy Policy

2. Application

This Privacy Policy applies to all Personal Data processed by Storypark, including, but not limited to Personal Data submitted by Account Holders through the Service.

3. Changes

From time to time we will review our Privacy Policy to keep pace with changes in our Service and any Data Protection Laws. This document is our most recently updated Privacy Policy. We encourage you to read it carefully.

4. Questions and concerns

If you have any questions or comments, or want to access, update, or correct the Personal Data we hold about you or your minor child, or have a privacy concern please write to us at:
The Privacy Officer
Storypark Limited
PO Box 27239
Te Aro
Wellington 6141
or by email to:
Please provide sufficient detail about the information in question to help us locate it. For your protection, we may need you to verify your identify before allowing access to Personal Data. We will respond to any privacy request in compliance with the applicable Data Protection Law.

5. Collection of Personal Data

We may collect the following categories of Personal Data in in the following situations:

a) Personal Data you voluntarily provide to us:  When you give us your Personal Data directly (whether face-to-face, by telephone, email, post, through social media or by communicating with us in any way), when we meet with an organisation wishing to do business with us and an individual from that organisation provides Personal Data about themselves, when you apply for a job with us, or when you sign up or register to become an Account Holder, or when you enter into a transaction with us you are voluntarily giving us the Personal Data that we collect.

  • Categories of Personal Data:  The Personal Data we may collect includes your name, physical address, email address, login for the Services, feedback and suggestions for the Services, IP address, phone number, billing information in accordance with our Terms of Use, occupation, employer, job title, area of responsibilities, employment history, and educational qualifications.

b) Our email marketing list:  When you become an Account Holder, or where you elect to sign up to our email marketing list, we may collect your name, email address, and email marketing preferences.

c) Personal Data and other information we collect automatically:  When you use our Service or browse our Website, we may collect information about your usage and web browsing. We may collect Personal Data and other information as log files, or through cookies or other tracking technologies (see the “Cookies and tracking” below for more information), store it against the associated Account, and link it to the other Personal Data we hold about an Account.

  • Categories of Personal Data:  The information we may collect automatically includes your IP address, your operating system, your browser ID, time, date, your browsing activity, your interaction with the Service (including any Content, comments, and location). Regarding location information we geolocate and store data on city, state/province/territory, and country directly for language and initial content settings, and similar information is passed onto our information technology service provider.

d) Personal Data uploaded and transferred to the Service by Account Holders:  We collect Personal Data about persons (including Children) indirectly when Account Holders use the Service, such as when an Account Holder:

  • creates a Child Profile or Educator Portfolio, or invites another person to become an Account Holder (including an invitation to become a Primary Account Holder or Authorised Viewer);
  • uploads and transfers Content that contains Personal Data (including photographs or videos of another person including Children, or uploads and transfers materials created by another person including Children); or
  • posts a comment or tags Content on the Service that contains Personal Data of another person.
  • In these situations, any such Account Holder is a joint data-controller along with us in respect of such Personal Data. Where you provide Personal Data about any person or Child to us through the Service, you are responsible for making sure you have the appropriate permission and consent for us to collect and process information about any such person whose information you provide (including where Sensitive Data relating to a Child is collected and stored in the relevant Child Profile).  Please see Section 27 of our Terms of Use which outlines your obligations in this regard.

e) Statistical information:  We may collect statistical information about your use of the Website and the Service to improve the features and overall user experience. This may include statistical information such as pages accessed on the Website and the Service, search terms, links that are clicked on, Website and Service visit times, browsers and operating systems, IP address, and cookies.

f) Cookies and tracking:  We may use various technologies to collect and store information when you use our Service, and this may include using cookies and similar tracking technologies, such as pixels and web beacons. You may control the use of cookies at the individual browser level, however your use of the Website and Service may be affected.

  • We use essential cookies on our Website where they are required for particular features to work – for example, if you are a logged in user, to allow you to remain logged in while you complete certain tasks. These cookies are required for you to use Storypark as intended. We also use Google Tag Manager to manage the tags or scripts that we use to operate our website (
  • We also use non-essential cookies that perform other functions. We have grouped these into cookies for performance and functionality, analytics and customisation, and advertising. These cookies process your personal data through trackers and usage data. 
  • Usage data is information collected automatically through this Website (or third-party services employed in this Website), which can include: the IP addresses or domain names of the computers utilised by the users who use this Website, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the user, the various time details per visit (e.g., the time spent on each page within the Website) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the user's IT environment.
  • We use functionality and experience enhancement cookies that are used to improve the performance and functionality of our Website and Service but are non-essential for the Website or Service to operate as intended. However, without these cookies, certain functionality may become unavailable or you would be required to re-enter your login details each time you visit our Website. These are non-essential cookies that you can manage at any time through “Cookie Settings” on the footer of, or block through your browser settings,, noting that blocking or rejecting cookies may affect your experience of the Website and Service. Specifically, these are cookies from 
  • Storypark (To identify your timezone and allow you to stay logged in across multiple browser sessions)
  • Growsurf (enabling our customer referral programme -
  • ShareThis (allowing you to interact with social networks -
  • Vimeo (enabling you to view video content we host on Vimeo -
  • YouTube (enabling you to view video content we host on YouTube -
  • We use measurement cookies to monitor and analyse web traffic, and track user behaviour, and help us understand how effective our marketing campaigns are.. These cookies connect data from advertising networks with actions performed on our website. These are non-essential cookies that you can manage at any time through “Cookie Settings” on the footer of, or block through your browser settings.
  • Google Analytics ( to analyse non-identifiable web traffic data to improve our services. If you prefer, you can opt out of the Google Analytics tracking cookies we use without affecting your ability to use our Website. You can opt-out of Google Analytics by installing the Google Analytics opt-out browser add-on For information about how to opt out of Google Analytics, visit:
  • Facebook (
  • Intercom (
  • Hubspot ( 
  • LinkedIn (
  • Microsoft (
  • Hotjar ( is a session recording and heat mapping service provided by Hotjar Ltd. Hotjar honours generic “Do Not Track” headers. This means the browser can tell its script not to collect any of the User's data. This is a setting that is available in all major browsers. Heat mapping services are used to display the areas of this Application that Users interact with most frequently. This shows where the points of interest are. These services make it possible to monitor and analyse web traffic and keep track of User behaviour. Some of these services may record sessions and make them available for a later visual playback. Hotjar has an opt-out on their site (
  • We use targeting & advertising cookies to collect information over time about your online activity on our Website and other online services to make our online advertisements more relevant to you, possibly based on your interests. These are non-essential cookies that are set if you opt-in to use these cookies in “Cookie Settings” in the footer of You may also choose to block these cookies through your browser settings. The advertising cookies we set are for:
  1. Bing (
  2. Facebook (
  3. Google ( You can opt-out of his on Google’s website (
  4. LinkedIn (
  • You may set your browser to block any or all of these cookies.  Please note that if you disable cookies, you may be unable to access some features of our Website, however disabling cookies will not prevent you from transacting with us.
  • Personal Data may be collected as log files that record changes users instruct us to make, or through cookies or other tracking technologies, stored against associated Accounts, and linked to the other Personal Data we hold about associated Accounts.

6. Use of Personal Data

  • We process Personal Data for the following purposes:

a) to administer Accounts.

b) to enable the features of the Services to be utilised and enjoyed, subject always to our Terms of Use. This may, for example, entail incidental posting of photographs/videos of a Child on another Child’s Profile. Those posts may remain viewable even once a Child no longer attends a Centre as long as the relevant Child Profile is retained.

c) to analyse User behaviour (in respect of the Website) and Account Holder behaviour (in respect of the Service) for the purposes of:

  • determining Service developments;
  • Inviting Users or Account Holders to explore other features within the Website or Service, and otherwise to generally promote our Service, for example, by suggesting the use of features they have not yet used;
  • helping ensure the security of the Website and the Service; and
  • Combating and preventing breaches of our Terms of Use, other user agreements, this Privacy Policy and our other policies;

d) to respond to enquiries, feedback or complaints received from you;

e) to perform authorised financial transactions with you and to help us to manage our accounts and administrative services;

f) to verify your identity;

g) for directly marketing to you (including by email, post, other means, or through functionality within the Service) with information about our Service, and subject to your preference settings;

h) on an aggregated non-identifiable basis, to:

  • help Storypark understand its market position;
  • assist with marketing our Services to others, including in respect of any online advertising; and
  • deliver a statistical result to help with general Storypark announcements;

i) incidentally, where educators at Centres and their educational mentors, for their further professional development, may view, some Content of an Account to which an Early Childhood Provider has lawful access for the purposes of assessing performance and compliance with professional obligations;

j) to protect our legal interests and fulfil our regulatory obligations, including any notification or reporting obligations and any access directions, imposed on us by any Government agency (if and to the extent necessary); 

k) for helping ensure the trust and safety of any Child and Users of the Service; 

l) for other additional uses which we have obtained consent from you; and

m) in other circumstances, provided we comply with applicable Data Protection Laws.

7. Consent

We will obtain your consent before, or when, we collect, use, store, transfer and/or share your Personal Data or that of you minor child. By using and accessing our Service, by registering an Account or creating a profile, or otherwise signalling your acceptance or interacting with us, you consent to the collection, use, storage, transfer and sharing of your Personal Data and that of your minor child in accordance with the terms of and for the purposes set out in this Privacy Policy, as they may be amended from time to time. Otherwise, we will obtain your consent to collect, use, store, transfer or share your Personal Data for any new or additional purpose as required by applicable law. We obtain the explicit consent of the Primary Account Holder in respect of all Sensitive Data relating to a Child where such information is uploaded into a Child Profile. At any time, subject to legal and contractual restrictions, you may withdraw your consent to our use of your Personal Data or that of your minor child.

You agree that you will not share with Storypark any content, photos, videos or stories that include or have been created by children other than your own, without the permission of those children’s parents or guardians.

8. Direct marketing

All those with whom we interact have the option to opt-out of receiving direct marketing communications from us. If you do not wish to continue to receive direct marketing communications from us and/or selected third parties you should opt-out by clicking on the “unsubscribe” link in any commercial email communications that we might send you.

Please note that some features of the Service may involve us providing, through the functionality within the Service, recommendations or suggestions for goods, services or benefits that we offer.

9. Retention and deletion of Personal Data

We will retain your Personal Data for as long as the Account associated with you is active, and as long as necessary to fulfil the purpose(s) for which we collected it and to comply with applicable laws.

We take steps to regularly destroy Personal Data, however we may: 

a) in some cases, retain a copy of your Personal Data to comply with our legal obligations, resolve disputes, enforce our agreements and to comply with our trust and safety obligations. Personal Data retained for this purposes will be archived and stored in a secure manner after your Account has been closed, and will not be accessed unless required for any of these reasons; and

b) retain information in an aggregated, de-identified or otherwise anonymous form, such that there is no reliable way of identifying you or your minor child from the information.

10. Disclosure of Personal Data

We will not sell Personal Data to anyone.

We share Personal Data with third parties for limited purposes, such as to help us run our business and provide the Website and Service. Those third parties can be categorised as follows:

a) Account Holders:  At the direction of an Account Holder (through the Service) Storypark shall disclose Content (which may contain Personal Data) to other Account Holders. For example:

  • The family version of the Service enables Account Holders to tag posts and Content in a way as to identify particular interests of a Child or features of a Child’s development or progress. Storypark may be directed by the Account Holder to disclose this Personal Data to an Authorised Viewer (such as an educator), to facilitate their understanding of the Child’s progress, development, interests etc.
  • the Service will enable an Authorised Viewer to access (and upload) Sensitive Data relating to a Child, solely for the purpose of their understanding of the Child’s progress, development, interests, etc.  
  • Educators may share stories from a Child Profile with Authorised Viewers (including any person invited by the Primary Account Holder to have accsess to that Child’s stories).
  • Stories from a Child Profile (which may include Sensitive Data of a Child) may also be shared by Authorised Viewers with other family members of a Child’s Storypark community who have been approved as Authorized Viewers by the Primary Account Holder. However, Authorised Viewer’s cannot disclose notes, routines or plans from a Child’s Profile with any other family members of a Child's Storypark community or any other parents or families.
  • Educators may share group stories (which may include Sensitive information of a Child) relating to two or more Children with family members from the Storypark community for the relevant Children. 
  • Educators may share group plans (which may include Sensitive information of a Child) with the Primary Account Holders for all Children included in the group plan. 
  • Storypark may be directed to allow a Centre (or a network that operates a Centre) to access an Educator Portfolio and its associated Personal Data (where that Centre maintains the Centre Account to which your Educator Portfolio relates).
  • Where you provide Personal Data about any person or Child to us through the Service, you are responsible for making sure you have the appropriate permission and consent for us to disclose any Content (which may contain Personal Data) in the manner you direct through the Service. Please see Section 27 of our Terms of Use which outlines your obligations in this regard. 
  • If you no longer want to be contacted by one of our Account Holders, please contact the Account Holder directly.

b) Service providers:  We share your Personal Data with our third party service providers, who help us provide and support our Service. For example:

  • Client relationship management services from Salesforce
  • Payment processing services from PayPal and Stripe
  • Subscription management and billing from Chargebee
  • Cloud server hosting services from Amazon Web Services and Microsoft Azure
  • Content delivery services from Sendgrid, Transloadit, Brightcove
  • Customer support and communication services from Intercom and Survey MonkeyFrench language customer support services and billing for those Users who request such support in French by L’Association francophone à l’éducation des services à l’enfance de l’Ontario (AFÉSEO).  
  • Marketing services from Mixmax and Autopilot
  • IT services from Google Workspace
  • Bookkeeping services from Xero

We strive limit the information we provide to third parties to the information they need to help us provide or facilitate the provision of goods and services and associated purposes. We deal with third parties that are required to meet the privacy standards required by law in handling your Personal Data, and use your Personal Data only for the purposes that we give it to them. 

c) Sale, merger, consolidation, liquidation, reorganisation, or acquisition: If Storypark or substantially all of its assets were acquired by a third party, Personal Data which we hold may be one of the transferred assets (subject to the same constraints on use and disclosure as under this policy).

d) Law Enforcement and Legal Obligations: We may disclose Personal Data to third parties without your consent for any of the following reasons: (i) to comply with any law, regulation or order of a court, administrative agency or government tribunal; (ii) to cooperate with Government investigations; (iii) to help prevent fraud or to enforce or protect the rights of Provider or its subsidiaries and to pursue available remedies or limit any damages that we may sustain; or (iv) where it is necessary to protect the rights, privacy, safety or property of an identifiable person or group.

e) Other Third Parties: We may disclose Personal Data to other third parties without your consent where required or permitted by law, including where: (i) the information is public as permitted by law; (ii) it is reasonable for the purposes of investigating a breach of an agreement, or actual or suspected illegal activity; or (iii) it is necessary to identify an individual who is injured, ill or deceased, or (iv) due to an emergency that threatens the life, health or security of an individual.

11. Trans-border Personal Data flows

Storypark’s head office is located in Wellington, New Zealand, so some limited information about adult individuals (including customers) is transferred and /or stored there. 

The vast majority of Personal Data we handle is stored and hosted in Sydney, Australia. All Personal Data relating to Children on Storypark is hosted in Australia.

Some limited Personal Data may be provided to companies located in the USA who offer software as a service products that process content for inclusion on the Service (for example, conversion of images and videos to make them suitable for viewing online/ through a web browser). Some Personal Data of people who work in Centres is stored in our client relationship management tool, Salesforce, hosted in Tokyo, Japan. Those third parties located overseas are not permitted to (and are contractually obligated to not) access or use the Personal Data provided except for those limited purposes. We have agreements with such third parties that prevent them from using or disclosing to others the Personal Data we share with them, other than as is necessary to assist us.

In respect of the transfer of Personal Data to Australia, the USA and other countries, we will use reasonable efforts to obtain assurances from any third parties that they will safeguard personal information consistent with this Privacy Policy and all applicable Data Protection Laws. However, in providing your consent to such trans-border transfers, you acknowledge that the Data Protection Laws existing in some jurisdictions may not contain safeguards that are comparable to those contained in the privacy laws in the jurisdiction in which you live.

While the information resides outside of the territory where you reside, it may be accessible to the local courts, law enforcement and national security authorities in a foreign jurisdiction.

12. Security of Personal Data

We take reasonable steps to protect Personal Data, including through internal and external security, restricting access to Personal Data to those who have a need to know, maintaining technological products to help prevent unauthorised computer access and regularly reviewing our technology to maintain security. We choose technology partners based on factors including their security and privacy policies and practices.

Personal Data stored in our system is protected by administrative, electronic and procedural safeguards. We take reasonable precautions to protect Personal Data (and other content) from accidental loss and theft by storing it in secure data centres with off-site backups. Communication over the web between Account Holders and our servers are encrypted via industry-standard transport layer security (TLS). Please note email is not an encrypted means of communication. 

The Service is protected by a secure and encrypted password that each Account Holder must choose themselves. Account Holders should never share their passwords. Storypark is not responsible for any loss of data or breach of privacy if an Account Holder shares their password with someone else. We protect your passwords before they are stored on our servers with a cryptographic hashing measure. This makes it incredibly difficult for anyone to determine your password in the unlikely event that a malicious party were to gain access to our servers.

Because internet transmissions cannot be guaranteed to be 100% secure and no security measures can provide absolute protection, you acknowledge and agree that you use the Service at your own risk.

In case of a security incident or any other breach of security safeguards, such as the loss of, unauthorised access to or unauthorised disclosure of Personal Data under Storypark’s control, we will respond in accordance with applicable Data Protection Laws.

13. Your Rights

You have the right to, subject to applicable laws and certain exceptions to your rights:

a) access and correct your Personal Data that is under our control at any time.  

b) request the erasure of any or all of your Personal Data;

c) restrict or object to the processing of any or all of your Personal Data;

d) request the porting of any or all your Personal Data to another organisation;

e) withdraw any consent to processing that you have previously given in respect of any or all of your Personal Data;  

f) opt out of the processing of your Personal Data for secondary marketing purposes without affecting your use of the Service; and

g) lodge a complaint regarding our data processing activities as they relate to your Personal Data with us or the supervisory authority in your country/state of residence.

Requests for such access and correction requirements can be made to the contact details in section 4 of this Privacy Policy. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Data or that of your minor child. To designate an authorized agent, email us at and we will provide you with a form to make a designated agent request. Please do not send us any Sensitive Data using email. Email transmissions are not secure.

We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you or your minor child. We will only use Personal Data provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Please note that where we are not, or are no longer, in a position to identify you within the information we hold (including because of any de-identification techniques we may have employed), then your rights as described above shall not apply.

We will respond to any request made in respect of the above in accordance with the applicable Data Protection Laws where you are resident.

We will respond to any request made in respect of the above within thirty (30) calendar days of a request. In the event we are unable to respond within the initial 30 day period, and subject to applicable law, we will inform you of any delay and the reasons for such delay.).

We will work with you to resolve any concerns you have about this Privacy Policy or our privacy practices. If we are unable to resolve your privacy concerns and you reside in Canada, you have the right to complain to the Office of the Privacy Commissioner of Canada or direct your inquiry/complaint to the relevant Information and Privacy Commissioner in your province/ territory of residence.

14. Cancelling your Account

If your Storypark Account terminates (for whatever reason), the Personal Data associated with it may no longer be accessible to you. Any Content you have posted from your Account may still be available to other Account Holders that the Content has been associated with. There may continue to be residual copies of such Content due to ongoing data back-up and archiving.

Part B: Your Responsibilities

15. Uploading and transferring other people’s Personal Data through the Service

You acknowledge and agree that, in respect of other people’s Personal Data (including the Personal Data of Children) that you upload and transfer within the Service, you are acting as a joint data-controller along with Storypark in respect of such Personal Data.

By accessing and using the Service to upload and transfer other people’s Personal Data, you agree that you:

a) Comply with all Data Protection Laws: will comply with your obligations under all applicable Data Protection Laws;

b) Obtain consent: have obtained (or shall obtain) all consents necessary under Data Protection Laws, for Storypark to lawfully process the Personal Data through the Service as you direct, and that such consent is obtained from the correct person.  If you are a Primary Account Holder, you must provide Explicit Consent to enable such information regarding a Child to be lawfully uploaded into the relevant Child Profile.

Storypark may, but shall not be required to, offer through the functionality of the Service a pop-up or embedded form to allow Account Holders to give their consent, retrospectively, to the processing of their Personal Data (or the Personal Data of a Child that they are the parent or guardian of)through the Service. However, you shall not rely on any such functionality, and it is your responsibility to ensure that you obtain consent from the appropriate person(s).

c) Withdrawn consent or objection to processing: must notify us (and remove the relevant Personal Data from the Service) without undue delay if any Account Holder fails to provide consent, withdraws their consent, or any part of their consent, or objects to any processing of Personal Data through the Service. This shall include any withdrawal of consent, or objection received by you from a Child to whom the Personal Data relates;

d) Accuracy of Personal Data: will make sure that you are frequently updating any Personal Data stored within your Account that relates to another person when requested to do so by that person;

e) Security breach: upon becoming aware of a Security Incident, or any other breach, or suspected breach, of your security safeguards, must notify us without undue delay and shall provide timely information relating to the security incident a sit becomes known or as is reasonably requested by us;

f) Sensitive data: if required by Data Protection Laws, will only upload or transfer Sensitive Data to the Service if Explicit Consent has been obtained from the Primary Account Holder;

g) Secure use of the Service: are responsible for your secure use of the Service, including securing your Account authentication credentials, protecting the security of Personal Data when in transit to and from the Service, taking any appropriate steps to securely encrypt or backup any Personal Data uploaded to the Service and ensuring that Personal Data is protected in a manner comparable to (or no less stringent than) the safeguards contained in the New Zealand Privacy Act 2020;

h) Evaluation of the Service: are responsible for reviewing the information made available by Storypark relating to data security and making an independent determination as to whether the Service meet your requirements and legal obligations under Data Protection Laws.

i) Updates to Terms of Use and Privacy Policy:  acknowledge that the Service is subject to technical progress and development and that Storypark may update or modify its Terms of Use and this Privacy Policy from time to time, and you agree to review the latest version of the Terms of Use and Privacy Policy from time to time.