Last updated: May 10, 2016
Ooka Island Inc., its affiliates and their successors and assigns (collectively referred to as “Ooka”) are committed to protecting the personal information which they collect by means of this web site (the “Site”) and by means of Ooka’s video game clients (the “Game”).
This document is a supplement to the general Privacy & Legal Policy available here: https://lighthouse.ookaisland.com/privacy-legal/
Ooka will collect the minimum personal information required to satisfy the business and educational functions of the company, in particular the minimum personal information of minors. When personal information on minors may be collected, we will provide suggestions for internal controls to mitigate the risk to the Educators and Students from intentional or accidental disclosure.
Ooka may include requests for Educators to volunteer information required for the successful delivery of Ooka’s products and services.
Data is collected from Educators, Students, and their physical device(s) during the course of access to the Site and the Game.
Ooka provides a personalized learning path through the Game based in part on the personal data volunteered and collected by other means from the Educator and Student.
Ooka may share personal information which it has collected with its employees, agents, and other representatives who need to use that information in connection with one or more of the purposes for which that personal information was collected.
All members of the Ooka team are physically located in Canada, and may access and/or store personal information onto their local workstation.
Ooka may access and disclose any personal information which it has collected if required or permitted to do so by law (for example, in order to comply with a legal requirement, including, but not limited to, one imposed by a warrant, subpoena, court order or like instrument served on Ooka or in an emergency to protect the life, health or security of any person).
Ooka may disclose the personal information of the users of this Site to any successor or any assignee of Ooka’s assets relating to this Site and Game.
Ooka engages service providers to provide certain limited services such as shipping products, hosting this Site, or processing financial transactions. Ooka will only provide those service providers with the personal information they need to deliver the service for which they were retained.
Ooka will also require those companies, through contractual means, to safeguard such information, maintain its confidentiality and not to use that information for any purpose other than providing the services for which they were retained. Please note that such services providers may be located outside of Canada.
|Provider||Territorial jurisdiction||Information disclosed|
Amazon Web Services
Primary internet host
|United States||All data collected by Ooka, the Site, and the Game.|
Other: web session data. Data accessible in aggregate only.
Other: Educator email addresses and names, email subject and body content.
Efforts are made to not send transactional email containing personal information.
User engagement tracking
Other: Site and Game usage data.
Application log monitoring
|United States||During the course of error logging, some personal information may be exposed to this error logging provider. Reasonable efforts are made to obscure personal data.|
Ooka uses multiple security measures to safeguard and help prevent unauthorized access to your information, maintain data security, and correctly use the information we collect. These measures include, but are not limited to, the use of encryption, mandatory password requirements, firewalls, and information access controls.
Additionally, your account is protected by the password you use to access your online account, and we urge you to take steps to keep your username and password safe. Educators are responsible for maintaining the confidentiality of their usernames and passwords, including student usernames and passwords.
Please be aware that, despite our best efforts, no security measures are perfect or impenetrable and that no data transmissions over the internet can be guaranteed to be 100% secure.
Ooka has implemented information security procedures to provide security for School, Educator and Student data, and provides best practices to Schools, and Educators to protect their information while engaging with the Game. In the instance of a breach, Ooka will conduct an investigation. The objectives of the investigation are to:
In the event of a security breach, Ooka has established a notification protocol, which includes the following steps:
Additional steps for Clients:
It is the School’s responsibility to protect the privacy rights of minors, their guardians, and staff. With the exception of student game play data, Ooka collects and retains personal information only as volunteered by the Educator. Student game play data only becomes personal in the context of Student personal identifiers linking them to their game play data. At any time, Educators may use internal controls to provide an additional layer of protection for personal information.
For example Educators should always use strong passwords for their Ooka login; Educators should always logout of the Ooka program when finished using the program, and Educators should never share their Ooka login credentials with anyone.
If consent to disclose personal information to Ooka has not been obtained from Student legal guardians, Educators should consult their privacy officers to determine how to balance the benefits of disclosing personal identifiers (e.g. the convenience of identifying Student profiles by full Student names) with the relative risks.
Since Ooka only requires Student player profile usernames be unique per Teacher account, Ooka recommends Educators provide the minimum amount of personal information to distinctly identify each Student. For example, first name plus their initial(s), a unique identifier, or internal codes. It is strongly recommended that the Student’s education number is never used.
Ooka Island Inc.
119 Kent St, Suite 155
Charlottetown, Prince Edward Island, C1A 1N3
Attention: Privacy Officer
1 Student usernames are considered personally identifiable only when real full names are used. See also: Best practices and suggested internal controls below.