Data Privacy Policy

HmmBee^TM — Data Privacy Policy

How we look after the personal data of children, parents, schools and teachers using HmmBee^TM.

1. Introduction

At HmmBee™, protecting children’s privacy is one of our top priorities. We are committed to safeguarding the personal information of our young users and the families and schools who support them.

This Privacy Policy explains how we collect, use, store, and protect personal data — whether HmmBee^TM is being used by a child at home with their parent or guardian, or in a classroom or learning setting under the supervision of a teacher.

We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the ICO’s Age Appropriate Design Code (the “Children’s Code”).

2. Who We Are

HmmBee™ is operated by Learnie World Ltd, a company registered in the United Kingdom.

• Registered Address: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ.
• Contact Email: contact@hmmbee.com

For any questions about this policy, or to exercise your data rights, please contact us at the email above.

3. Who This Policy Applies To

This policy applies to everyone who interacts with HmmBee^TM, including:

• Children (aged 3–10) using the Platform at home or at school.
• Parents and guardians who register and supervise a child’s use of HmmBee^TM at home (“Home Users”).
• Schools, nurseries and early-years settings (“School Users”) that have registered to use HmmBee^TM with their pupils.
• Teachers and other school staff using HmmBee in the course of their teaching duties.

4. Our Role: Controller and Processor

Under UK GDPR, the role we play depends on how HmmBee^TM is being used:

4.1 Home use

When a parent or guardian registers their child and uses HmmBee^TM at home, Learnie World Ltd is the data controller for that child’s personal data. The parent or guardian gives consent on behalf of the child, and we are responsible for how that data is handled.

4.2 School use

When HmmBee^TM is used through a school, nursery or early-years setting, the school is the data controller for personal data of its pupils that is processed through the Platform in connection with their education. Learnie World Ltd acts as the school’s data processor and only processes that data on the school’s instructions, in line with this policy and any separate data processing agreement entered into with the school.

In addition, Learnie World Ltd remains the controller for limited operational data, including teacher contact details, school administrator account information, and platform-level technical and security logs.

5. Lawful Basis for Processing

We rely on the following lawful bases under UK GDPR:

• Consent — for Home Users, the parent or guardian provides verifiable consent before any data about their child is collected.
• Public task or legitimate interests — for School Users, the school typically relies on its own lawful basis (for example, public task for state schools, or legitimate interests for independent schools) to use HmmBee^TM as part of its educational provision. The school is responsible for confirming and, where necessary, communicating that basis to parents.
• Contract — to provide the Platform to the registered Home User or School User in line with our Terms and Conditions.
• Legitimate interests — to keep HmmBee^TM secure, prevent misuse, and improve the Platform using minimal, anonymised analytics.
• Legal obligation — where we are required by law to retain or disclose certain information.

6. What Data We Collect

We collect only the minimum personal data needed to deliver a safe, educational, and age-appropriate experience.

6.1 From children

• First name or nickname (full names are not required)
• Month and year of birth (to make content age-appropriate)
• Progress and activity logs within the Platform
• Device and usage data (kept non-personally identifiable wherever possible)

We do not require, and try to avoid collecting, sensitive data such as precise location, biometric or facial recognition data, or full home addresses from children.

6.2 From parents and guardians (Home Users)

• Name and contact email
• Login credentials (passwords are stored in encrypted form)
• Communication preferences
• Any messages or feedback you send us

6.3 From schools and teachers (School Users)

• School name and address, and the name and contact details of the school’s authorised representative
• Teacher names, work email addresses, and (where provided by the school) the class or year group they teach
• Login credentials for school administrators and teachers
• Class or pupil identifiers provided by the school to set up access (we encourage schools to use first name or nickname only, and not full names)
• Activity and progress data linked to a class or pupil identifier

Schools decide what pupil data to enter into HmmBee^TM and are responsible for ensuring that the data they share with us is appropriate and lawful.

7. How We Use This Information

We use personal data only for specific, clearly stated purposes, including:

• delivering age-appropriate content to children;
• recording learning progress so that children, parents, and (where applicable) teachers can see how they are getting on;
• personalising activity recommendations within the Platform;
• communicating with parents/guardians (for Home Users) or with the school and authorised teachers (for School Users) about the service;
• providing customer support and responding to questions and feedback;
• keeping the Platform safe, secure and reliable; and
• improving HmmBee^TM using aggregated and anonymised usage analytics.

We never use children’s data for targeted advertising. We do not sell or share children’s data with third parties for their own commercial purposes.

8. Parental Consent and School Authorisation

8.1 Home Users

Before collecting any data from a child at home, we obtain verifiable parental or guardian consent. Parents and guardians can:

• review, edit, or delete their child’s data at any time;
• manage their child’s profile settings and data visibility; and
• withdraw consent at any time, after which their child’s account and associated data will be closed and deleted in line with this policy.

8.2 School Users

Where HmmBee^TM is used through a school, the school is responsible for:

• deciding whether HmmBee^TM is appropriate for use with its pupils;
• informing parents and guardians about its use of HmmBee^TM, in line with the school’s own privacy notice and applicable law; and
• handling any objections, concerns, or rights requests from parents and guardians in the first instance.

We will support schools in responding to such requests, but we do not normally communicate directly with parents about pupils whose data we process on behalf of a school.

9. How We Store and Protect Data

We take the security of children’s data seriously. Our measures include:

• encryption of data in transit and at rest;
• strict access controls so that only authorised staff can access personal data, and only when necessary;
• secure hosting with reputable providers based in the UK or EEA;
• regular security testing, audits, and reviews; and
• staff training on data protection and child safeguarding.

We retain personal data only for as long as necessary to provide our services or meet legal obligations. In particular:

• Home User accounts and associated child data are kept while the account is active and for a short period afterwards, then securely deleted.
• School User data, including pupil activity data, is retained in line with the school’s instructions and any data processing agreement we have with the school. On termination, the school can ask us to return or delete the data.
• Some limited information (such as billing or audit records, where applicable) may be kept longer where required by law.

10. Third Parties and Sub-Processors

Some parts of the service (such as hosting, email delivery, and basic analytics) are provided by carefully selected third-party processors. We ensure that:

• they are bound by written contracts with strict data protection terms;
• they only use personal data to provide services to us, never for their own purposes;
• they meet appropriate security standards; and
• any transfer of personal data outside the UK or EEA is protected by appropriate safeguards (such as the UK International Data Transfer Agreement or the EU Standard Contractual Clauses).

A current list of our key sub-processors is available on request, and — for School Users — will normally be included as part of any data processing agreement.

11. Data Breaches

We have processes in place to detect, report, and investigate personal data breaches. If a breach occurs that is likely to affect the rights of children, parents, schools, or teachers:

• we will notify the Information Commissioner’s Office (ICO) where required, within 72 hours of becoming aware of the breach;
• for Home Users, we will notify affected parents/guardians without undue delay where the breach is likely to result in a high risk to them or their child; and
• for School Users, we will notify the affected school promptly so that the school, as data controller, can fulfil its own notification obligations.

12. Children’s and Adults’ Data Rights

Subject to applicable law, individuals (or their parents/guardians, where appropriate) have the right to:

• access the personal data we hold about them;
• ask us to correct inaccurate or incomplete data;
• ask us to delete their data;
• object to or restrict certain types of processing;
• ask us to provide their data in a portable format; and
• withdraw consent at any time, where consent is the basis for processing.

12.1 Where HmmBee^TM is used at home

Requests can be sent directly to us at contact@hmmbee.com and we will respond in line with UK GDPR (normally within one month).

12.2 Where HmmBee^TM is used through a school

Requests relating to pupil data should normally be made to the school in the first instance, as the school is the data controller. We will support the school in responding to any such request.

13. Cookies and Tracking Technologies

We use only essential and minimal performance cookies that are necessary for the Platform to function and for us to understand basic usage trends. We do not use tracking cookies for behavioural advertising and we do not allow third-party advertising trackers on HmmBee^TM.

A cookie banner is displayed for all users, and parents/guardians and school administrators can manage cookie preferences. On school-managed devices, schools may also apply their own technical controls.

14. Children’s Online Safety

HmmBee^TM is designed with the Children’s Code in mind. This means we:

• default to the highest privacy settings for child accounts;
• present information in a child-friendly way where children may see it;
• avoid using “nudge” techniques that encourage children to share more data than necessary;
• do not profile children for marketing purposes; and
• regularly review the Platform to ensure it remains appropriate for the age groups we serve.

15. Changes to This Policy

We may update this policy from time to time, particularly as HmmBee^TM evolves and as we move from a free trial to a wider service. Any significant changes will be communicated by email or through the Platform, and — for School Users — to the school’s authorised representative. The date of the latest revision will always be shown at the top of this policy.

16. Complaints

If you have a concern about how we handle personal data, please contact us first at contact@hmmbee.com so we can try to put things right.

You also have the right to make a complaint to the UK Information Commissioner’s Office (ICO):

• Website: ico.org.uk
• Helpline: 0303 123 1113

For pupil data processed through a school, you may also wish to contact the school’s Data Protection Officer or designated contact in the first instance.