Novabods Privacy and Data Policy

Being an online organisation and with digital technology at the heart of everything we do, online safety for our customers is paramount. Novabods complies with the Data Protection Act 1998.

 

Data Collection and Use
Novabods provides a personalised experience for its users. Account information for Novabods users are password-protected so that only the user has access to their account.
 
We strongly recommend that you do not divulge your password to anyone. Novabods will never ask you for your password in an unsolicited phone call or in an unsolicited email. Novabods automatically signs users out of the ‘Manage Account’ area after one hour of inactivity and one month after inactivity on the ‘Launchpad’. If you have finished using the game or you are in Manage Account, we recommend that you log out. This is to ensure that others cannot access your Novabods account if you share a computer with someone else or are using a computer in a public place like a library.
 
Novabods collects the following data and stores it securely:
Parent Contact Details
To create a Novabods account, parents need to fill in their email address.
 
Passwords that parents create cannot be viewed by the Novabods Team. All passwords for Novabods accounts need to contain upper and lower case letters as well as numbers to make the password as secure as possible.
 
Payment details are not stored by Novabods.
 
At all times, within the definition of the Data Protection Act 1998 (DPA), the user retains the status of Data Controller for the educational content user data stored on our cloud service. Novabods shall be the Data Processor for the purposes of the DPA in this respect.
 
Child Details
When creating a new child account we require a first name, display name and the year of that child’s birth.
 
We store scores from missions and games in order to unlock levels once the threshold has been met. Children’s scores are only kept for this purpose and are deleted along with the account if the membership remains inactive. See ‘How Long Does Novabods Keep Data?’ for more information.
 
Updating Your Information
You can update your account information by going to ‘Manage Account’ in Novabods.
 
How Long Does Novabods Keep Data?

Why We Delete Data
Novabods stores data for its users. To ensure that Novabods does not hold user information in perpetuity, it has set criteria for the deletion of unused data.
 
Product Data: Users
Novabods holds users and score data. If these accounts are left inactive for one year they will be deleted. The definition of inactive is if the user has not logged in (via any route) for two years.

Sharing Data
Novabods has a strict policy of not sharing any information about our users with anyone outside the organisation. Please note that any email addresses that are used to log in with and passwords are controlled by the users themselves and may not be well-chosen, securely stored and may be shared with other people; we are not in control of this sharing and strongly discourage such behaviours.
 
Novabods will not share or sell data with third parties.
 
Security and Protection of Your Information
All remote access via the Novabods web application is conducted over HTTPS, an encrypted web link secured using Secure Sockets Layer (SSL). This is the same method used by banks and commercial entities to secure sensitive data from interception.
 
External Data Storage
Novabods stores data on our secure database servers. The servers are housed in secure data centres, trusted and used by many leading organisations. Physical access to our servers is strictly limited to data centre staff, our own IT staff and accompanied external contractors when needed, in order to maintain the servers. Access to the servers in the data centre requires proof of identify (photo ID) and is controlled by magnetic card readers and keys to both the cages and individual cabinets that surround the server racks, all of which are monitored by the data centre security staff using CCTV. Remote access to the data is limited to the tools needed by the IT support staff to maintain and operate the servers and is restricted to known users (identified by usernames and secure keys) connecting from known locations (IP addresses).
 
Transfer of Data Outside of the European Economic Area
All data entered and saved on the Novabods product is stored and backed up on secure database servers within the UK. Any email communication with us will go through our email system (Microsoft Office 365) which is held on Safe Harbor compliant servers held in the USA – the US Safe Harbour policy is available to view on request.
 
Access to Information

The Data Protection Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a small handling fee towards our costs in providing you with details of the information we hold about you.
 
Payment Details
Please refer to clause 15.3 in our Terms and Conditions.
 
Within the definition of the Data Protection Act 1998 (DPA), Novabods shall be the Data Controller in regard to the data we process to take payment from you and set up your financial account.
 
Novabods Employees
Novabods employees do not have any access to individual accounts. Novabods do not hold any information regarding payment details.  
 
Novabods and Cookies
A cookie (also called a HTTP cookie, web cookie or browser cookie) is a small piece of data sent from a website and stored in a user's web browser while the user is browsing that website, which is subsequently sent back to the website by the browser. To function, a cookie asks permission to be placed on your computer's hard drive. Once you agree, the file is added and will subsequently recognise you when you return to Novabods and help us analyse our web traffic.

Novabods uses cookies to provide you with the best possible experience on our website and to identify critical details such as account and user. In addition to this, we use cookies from Google Analytics, Hotjar and New Relic to record your usage of the website anonymously. This helps us analyse data about webpage traffic and improve how we tailor our site to customer needs. We use this information for statistical analysis purposes only to influence our development plans. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

Visiting Novabods could result in one or several of the following types of cookie being set: Google Analytics, New Relic and Hotjar Cookies.

Each and every time a user navigates around the Novabods website, Google Analytics and Hotjar set anonymous analytics cookies to record information about the pages he/she has viewed. These cookies give us an insight into how the website is being used, give us information about whether a visitor is a first-time user or not, tell us where they found us from and where they spent their time on the website, all of which can help us improve our site over time.

THIRD PARTY COOKIES WE USE
 
Name Description/Purpose
_ga Used to distinguish users.
_gat Used to manage request rate.
__utma This cookie is typically written to the browser upon the first visit to this site. If the cookie has been deleted by the browser operator, and the browser subsequently visits this site, a new __utma cookie is written with a different unique ID. This cookie is used to determine unique visitors to this site and it is updated with each page view. Additionally, this cookie is provided with a unique ID that Google Analytics uses to ensure both the validity and accessibility of the cookie as an extra security measure. This cookie usually has an expiry date set to two years from the first visit.
__utmb This cookie is used to establish and continue a user session with this site. When a user views a page on this site, the Google Analytics code attempts to update this cookie. If it does not find the cookie, a new one is written and a new session is established. This cookie expires when a user pauses on a page on the site for longer than 30 minutes.
__utmc [and _utmb] The B and C cookies are brothers, working together to calculate how long a visit takes. __utmb takes a timestamp of the exact moment in time when a visitor enters this site, while __utmc takes a timestamp of the exact moment in time when a visitor leaves a site. __utmb expires at the end of the session. __utmc waits 30 minutes, and then it expires.
__utmz This cookie stores the type of referral used by a visitor to reach this site, whether via a direct method, a referring link, a website search, or a campaign such as an advertising or an email link. It is used to calculate search engine traffic, advertising campaigns and page navigation within this site. The cookie is updated with each page view to this site.
 

In addition to the cookies listed above, Novabods also uses third-party cookies on its website from:

a) New Relic and Hotjar domains. Much like Google Analytics, these are used to anonymously collect usage and performance data for the platform.
b) Marketo’s marketing platform. These tracking cookies are set upon the user interacting with emails from Novabods and collect de-anonymised data when users log in having followed links in certain emails.


Should you wish to control the cookies that are set, stop them being used or delete them altogether, you can do but restricting or preventing any cookies may negatively affect your experience of the site. This is usually within the Settings section of the browser menu but accurate information for each browser can be found by clicking on the links below:


To find out more about cookies and their various uses on the Internet, click here.
 
Changes to the Privacy Policy
We may change our privacy policy in accordance to any new updates to our products or regulatory requirements. If the policy is ever changed, we will notify our customers where legally required to do so.