Data Privacy Agreement (Privacy Policy)
We are pleased that you have shown interest in babypenguin (“babypenguin”, “we”, “us”, “our”). The protection of personal data is a high priority for babypenguin’s management. In many cases, you can use our website without providing personal data. However, when you use certain services (for example, creating an account, subscribing to communications, submitting forms, purchasing services, or interacting with embedded third-party features), the processing of personal data may become necessary. Where processing requires consent and no other lawful basis applies, we obtain consent from the data subject.
We process personal data such as name, address, email address, telephone number, payment details, online identifiers, and similar information in accordance with the General Data Protection Regulation (“GDPR”) and applicable local data protection laws. This Privacy Policy explains the nature, scope, and purpose of the personal data we collect and process, as well as the rights available to data subjects.
babypenguin implements appropriate technical and organizational measures to protect personal data processed through our website and services. Nevertheless, internet-based data transmissions can have security gaps, so absolute protection cannot be guaranteed.
1. Definitions
This Privacy Policy is based on terms used by the European legislator in the GDPR. It is intended to be understandable to the public, our customers, and business partners. The following definitions apply:
Personal data means any information relating to an identified or identifiable natural person (“data subject”). A person is identifiable if they can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier, or factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity.
A data subject is any identified or identifiable natural person whose personal data is processed.
Processing means any operation performed on personal data, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, restriction, erasure, or destruction.
Restriction of processing means marking stored personal data to limit its processing in the future.
Profiling means automated processing of personal data to evaluate personal aspects relating to a person, including analyzing or predicting aspects such as preferences, interests, reliability, behavior, location, or movements.
Pseudonymisation means processing personal data so it can no longer be attributed to a specific data subject without additional information, provided that additional information is kept separately and protected by technical and organizational measures.
A controller is the person or entity that determines the purposes and means of processing personal data.
A processor is a person or entity that processes personal data on behalf of the controller.
A recipient is a person or entity to whom personal data is disclosed, whether a third party or not. Public authorities receiving personal data in the context of an inquiry are not considered recipients where they process the data under applicable law.
A third party is a person or entity other than the data subject, controller, processor, or persons authorized to process data under the direct authority of the controller or processor.
Consent means a freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they agree to processing of personal data by a statement or clear affirmative action.
2. Cookies
babypenguin uses cookies. Cookies are text files stored on your device through your internet browser. Many websites and servers use cookies. Cookies frequently contain a cookie ID, which is a unique identifier consisting of a character string. This allows websites and servers to distinguish the specific browser in which the cookie was stored from other browsers containing different cookies. A browser can be recognized and identified using the cookie ID.
Cookies help us provide services and features that would not be possible without them. Cookies can enable recognition of returning users and can simplify the use of our website, for example by remembering settings and preferences.
You can prevent the setting of cookies at any time through your browser settings and can delete existing cookies via your browser or other software. If you disable cookies, certain features of our website may not function fully.
3. Collection of general data and information (server logs)
When you access babypenguin’s website, we collect general data and information which may be stored in server log files. This may include:
- browser type and version
- operating system
- referring website (referrer)
- sub-pages visited
- date and time of access
- IP address
- internet service provider
- similar data used to protect our systems
We do not use this information to draw direct conclusions about the data subject in ordinary operation. This information is processed for the purposes of:
- correctly delivering website content
- improving our website and its performance
- ensuring the stability and security of our systems
- enabling investigation and legal response in case of misuse or attacks
Server log data is stored separately from other personal data provided by data subjects.
4. Registration on our website
Data subjects may register an account on our website. The personal data transmitted is determined by the input form used for registration. Data entered during registration is collected and stored for the purpose of providing account functionality and access to services. When registration occurs, we may also store the IP address assigned by the ISP, and the date and time of registration. This is processed to prevent misuse and to support investigation of unauthorized use. Registered users may update their personal data or request deletion of the account data, subject to legal retention obligations.
5. Subscription to communications
babypenguin provides the opportunity to subscribe to updates or newsletters. The input form determines what data is transmitted. Subscription requires a valid email address. For legal reasons and to protect against misuse, we may use a confirmation process and record the time of subscription and the IP address used at subscription. This information supports proof of subscription and investigation of misuse. Personal data collected for subscriptions is used to deliver communications and related operational notices. Subscription can be terminated at any time.
6. Newsletter tracking
Communications sent by babypenguin may contain tracking technologies such as tracking pixels. A tracking pixel is a small graphic embedded in HTML emails that enables analysis of whether an email was opened and whether links were clicked. Data collected through such tracking is used to evaluate and improve communications and to better align content with recipient interests. Such data is not sold. Where required by law, consent is collected and can be withdrawn at any time, after which tracking data associated with the withdrawal is deleted or no longer used for that purpose.
7. Contact through the website
Our website contains features that allow you to contact us electronically. If you contact babypenguin via contact forms or other electronic methods, the information submitted is stored in order to process your request and respond. Personal data submitted voluntarily for contact purposes is not sold and is used only for communication and support, as well as internal recordkeeping.
8. Comments and subscriptions to blog comments
Where babypenguin offers blog or comment features, users may subscribe to comment threads. Subscription may involve a confirmation step. Comment subscriptions can be terminated at any time.
9. Routine erasure and blocking of personal data
babypenguin processes and stores personal data only for as long as necessary to achieve the purpose of storage, or as required by law. When the storage purpose no longer applies, or legally required retention periods expire, personal data is deleted, anonymized, or restricted from further processing in accordance with legal requirements.
10. Rights of the data subject
Under the GDPR, data subjects have the following rights, subject to legal limitations:
You may request confirmation as to whether personal data concerning you is being processed.
You may request access to personal data stored about you and obtain a copy. You also have the right to information about processing purposes, data categories, recipients, retention periods, rights to rectification/erasure/restriction/objection, complaint rights, data sources (where not collected from you), and the existence of automated decision-making including profiling.
You may request correction of inaccurate personal data and completion of incomplete data.
You may request deletion of personal data where one of the legal grounds applies, including where data is no longer needed, consent is withdrawn and no other lawful basis applies, you object and there are no overriding legitimate grounds, or processing is unlawful, or deletion is required by law. If babypenguin has made personal data public and is obliged to erase it, we take reasonable steps to inform other controllers processing that data to erase links, copies, or replications, where required and feasible.
You may request restriction where the accuracy of data is contested, processing is unlawful but you oppose erasure, data is no longer needed by us but required for legal claims, or you have objected pending verification.
You may receive personal data you provided in a structured, commonly used, machine-readable format and transmit it to another controller where processing is based on consent or contract and carried out by automated means.
You may object to processing based on legitimate interests or public interest grounds, including profiling. Where you object, babypenguin will stop processing unless we demonstrate compelling legitimate grounds overriding your interests or processing is needed for legal claims. You may also object to processing for direct marketing.
You have the right not to be subject to a decision based solely on automated processing, including profiling, producing legal effects or similarly significantly affecting you, except where permitted by law (for contract necessity, legal authorization with safeguards, or explicit consent), and subject to safeguards including human intervention.
Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
11. Subprocessors and third-party services
babypenguin uses external services that may process personal data in connection with website delivery, analytics, advertising, media, payments, and service functionality. These providers may receive device identifiers, IP address, usage data, and other information necessary to provide their services.
11a. Facebook
Our website may include Facebook components. When pages containing Facebook components are accessed, your browser may connect to Facebook and transmit technical data and usage information. If you are logged into Facebook, Facebook can associate the visit with your account. Facebook may receive information about your visit even if you do not interact with the component. To reduce association with your account, log out of Facebook before visiting our website.
11c. Google AdSense
Our website may use Google AdSense. AdSense may set cookies and use tracking pixels to measure ad delivery and performance. This may include collection of IP address and usage data for advertising and reporting.
11d. Google Analytics
Our website may use Google Analytics to analyze website traffic and usage patterns. Analytics may set cookies and process data such as IP address and device information. Where configured, IP anonymization may be used to reduce identifiability. Users can prevent analytics processing by blocking cookies via browser settings or by using browser tools designed to opt out of tracking.
11e. Google Remarketing
Our website may use Google Remarketing to display ads based on prior visits. Google may set cookies and process usage data for interest-based advertising and measurement.
11f. Google Ads
Our website may use Google Ads conversion tracking. Google may set cookies to measure whether actions occur after ad interactions and to provide reporting and optimization.
11g. X (Twitter)
Our website may include components from X (Twitter). When a page with such components loads, your browser may connect to X and transmit information about the visit. If you are logged into X, the visit may be associated with your account.
11h. YouTube
Our website may embed YouTube videos. Loading pages that contain YouTube components can result in data transmission to YouTube/Google. If you are logged in to YouTube, the visit may be associated with your account.
11i. Google Fonts
Our website may use Google Fonts. When Google Fonts are loaded, a connection to Google servers can occur, which may transmit technical data such as IP address and page access information.
11j. OpenAI
babypenguin may use AI services to process user-submitted content and generate outputs. Where users submit content for AI functionality, that content may be transmitted to an AI provider for processing. Such processing can include prompts, uploaded content, and technical metadata required to deliver the feature.
12. Payment processing (Stripe)
babypenguin uses Stripe for payment processing. When a purchase is made, personal data required to complete the transaction is transmitted to Stripe. This can include name, address, email address, IP address, and other data necessary for payment processing and fraud prevention. Stripe may process personal data for payment processing, fraud detection, dispute management, and compliance purposes. Stripe may involve affiliated companies and service providers where necessary to provide payment services. Revoking consent directed to Stripe does not affect processing that is necessary to complete a transaction or comply with legal obligations.
13. Legal basis for processing
Where the GDPR applies, babypenguin processes personal data on the following legal bases:
- Art. 6(1)(a) consent (where required)
- Art. 6(1)(b) performance of a contract or pre-contractual measures
- Art. 6(1)(c) compliance with a legal obligation
- Art. 6(1)(d) protection of vital interests
- Art. 6(1)(f) legitimate interests, unless overridden by the data subject’s interests or fundamental rights and freedoms
Legitimate interests include operating, maintaining, securing, and improving babypenguin services, preventing fraud and abuse, and ensuring reliable service delivery.
14. Period for which personal data is stored
Personal data is stored only for as long as necessary to fulfill the purposes described in this Privacy Policy and to comply with legal obligations. Storage duration is determined by statutory retention requirements and operational necessity. After the applicable retention period ends, personal data is deleted, anonymized, or restricted.
15. Provision of personal data and consequences of non-provision
Providing personal data may be required by law (for example, tax rules) or required to enter into or perform a contract. In some cases, providing personal data is necessary to create an account, deliver services, process payments, or provide support. If required personal data is not provided, babypenguin may be unable to deliver certain services or complete transactions.
16. Children
babypenguin services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors.