Parent Consent Form

Welcome to Chickitik!

Chickitik is a safe educational platform for children where they can read and listen to fairy tales, stories, and fables.

Why this form is important:

We take children's privacy and safety seriously. This form explains what data we collect about your child and how we use it.

Legal requirements:

In accordance with COPPA (Children's Online Privacy Protection Act) and GDPR Article 8, we are required to obtain your consent before collecting, using, or disclosing personal information of children under 13 years old (COPPA) or 16 years old (GDPR).

What you need to know:

This form contains important information about:

• What data we collect about your child

• How we use this data

• Your rights as a parent or guardian

• How you can manage your child's data

Important: Please read this form carefully before providing consent.

User age:

Chickitik is intended for children aged 2 to 16 years. Parent or legal guardian consent is required for children under 16.

Parent consent is necessary to protect your child's privacy and safety online.

Legal requirements:

COPPA (USA):

• Protects children under 13 years old

• Requires explicit parental consent for data collection

• Gives parents control over children's information

GDPR Article 8 (EU):

• Protects children under 16 years old (can be lowered to 13 in some countries)

• Requires parental consent for data processing

• Provides special protection for children's data

Finnish legislation:

• Digital consent age: 13 years

• Parental consent required for children under 13

• Additional protection for children's personal data

Chickitik follows the strictest standards:

We require parental consent for all users under 16, following the strictest GDPR requirements.

What consent gives you:

Control:

• You decide what data we can collect

• You can withdraw consent at any time

• You can request data deletion

Transparency:

• You know what information is collected

• You understand how data is used

• You receive notifications about changes

Security:

• Data protected with modern encryption technologies

• Minimal data collection (only necessary)

• No advertising or tracking for children

Important: Without your consent, we cannot provide access to Chickitik for your child.

We collect only the minimum necessary data for Chickitik to function. We do not collect your child's first name, last name, address, or phone number.

Data we collect:

1. Parent's email address:

• Used only for system login

• For sending verification codes

• For security-related communication

• Important: Email belongs to the parent, not the child

2. Child's date of birth:

• To determine age-appropriate content category

• To comply with COPPA and GDPR requirements

• To recommend age-appropriate works

• Important: Child's name is optional and can be anything (nickname, alias)

3. Technical information (automatic):

• IP address (for security)

• Device type (for interface optimization)

• Operating system version

• Browser type

• Important: This data does not identify individuals

4. Reading data:

• Which books the child reads

• Reading progress

• Favorite books

• Interface settings (font size, theme)

• Important: Used only to improve experience

5. Payment data:

• Subscription information

• Payment history

• iOS app: Payments are processed exclusively by Apple In-App Purchases (Apple Inc.), we do not store card data

• Website: Card payment data is processed by the payment system, we do not store it

Data we DO NOT collect:

❌ Child's last name (first name is optional)

❌ Home address

❌ Phone number

❌ School or place of study

❌ Child's photos

❌ Geolocation (precise location)

❌ Social media data

❌ Friends' contacts

❌ Voice or video recordings

Data minimization principle:

We collect only data that is absolutely necessary for Chickitik to function. If data is not needed — we do not collect it.

Security from day one:

Chickitik is designed to maximize children's privacy protection. We do not collect data "just in case" or "for future use".

We use your child's data exclusively to provide and improve Chickitik services. We never sell or share data for advertising or marketing.

Main purposes of use:

1. Service provision:

• System login and user identification

• Saving reading progress

• Synchronization between devices

• Account access recovery

2. Content personalization:

• Selecting age-appropriate books

• Recommendations based on reading

• Saving favorite books

• Interface settings (font size, theme)

3. Service improvement:

• Analysis of technical problems

• Application performance optimization

• Understanding which books are popular

• Improving navigation and interface

4. Security:

• Detection and prevention of fraud

• Protection against unauthorized access

• Monitoring unusual activity

• Ensuring compliance with terms of use

5. Communication:

• Sending verification codes for login

• Important security notifications

• Information about policy changes

• Responses to support requests

What we DO NOT do with data:

❌ Do not sell data to third parties

❌ Do not use for targeted advertising

❌ Do not create profiles for marketing

❌ Do not share with advertising networks

❌ Do not use for internet tracking

❌ Do not share for third-party analytics

❌ Do not use for automated decision-making

Purpose limitation principle:

We use data only for the purposes for which you have given consent. If we want to use data for a new purpose — we will request your additional consent.

We minimize data sharing. We do not sell or share your child's data for advertising.

Only cases:

1. Hosting (THE.Hosting):

• Virtual server (VPS)

• Location: Netherlands (EU)

• No access to user data

2. Payment system (iOS — Apple In-App Purchases):

• Apple Inc. processes payments for iOS app subscriptions

• We only receive subscription status (active/inactive)

What we DO NOT do:

❌ Do not sell data

❌ Do not share for advertising

Data transfer outside EU:

All servers in EU. No transfers outside EU/EEA.

As a parent or legal guardian, you have full control over your child's data. We respect and protect your rights.

Your main rights:

1. Right of access:

• View all collected data

• Get copy in structured format

How: Email info@itcoti.fi "Data Access Request"

Time: 30 days

2. Right to rectification:

• Correct inaccurate data

3. Right to erasure:

• Delete account

4. Right to complaint:

• File complaint

Finnish Ombudsman:

• https://tietosuoja.fi/en/

• tietosuoja@om.fi

We take your child's data security with utmost seriousness. We have implemented technical and organizational measures to protect data.

Technical security measures:

1. Encryption:

• HTTPS/TLS: All data encrypted in transit

• Database Encryption: Data encrypted at rest

• Email Encryption: Verification codes sent via secure channels

2. Authentication:

• Passwordless authentication via email

• 6-digit verification codes

• Codes valid for 24 hours only

• Brute force protection

3. Infrastructure protection:

• Regular security updates

• Suspicious activity monitoring

• Regular backups

• DDoS protection

4. Data access:

• Only authorized personnel

• All actions logged

• Principle of least privilege

Organizational measures:

1. Staff training:

• Regular data protection training

• GDPR and COPPA awareness

• Threat detection training

2. Security policies:

• Privacy policy

• Password policy

• Data access policy

3. Response procedures:

• Incident response plan

• Breach notification procedure

• Post-incident recovery

Threat protection:

What we do:

• Regular security checks

• Unauthorized access attempt monitoring

• SQL injection protection

• XSS attack protection

• Regular code audits

In case of data breach:

If a security breach occurs:

1. Immediate notification:

• We notify you within 72 hours

• We notify supervisory authority

2. Incident information:

• What happened

• What data affected

• What measures taken

3. Recommendations:

• What you need to do

• How to protect yourself

Our guarantees:

• We store data on EU servers (Netherlands)

• We use only vetted sub-processors

• We regularly update security systems

• We don't share data with third parties without your consent

To use Chickitik, you need to provide explicit consent for processing your child's data. The process is simple and transparent.

Consent process:

Step 1: Parent registration

• Sign in to Chickitik via email

• Enter your email address

• Receive verification code via email

• Enter code to sign in

Important: Email belongs to parent, not child

Step 2: Review documents

Before creating child profile, you will be presented with:

• Privacy Policy

• Children's Privacy Policy

• This Parent Consent Form

• Terms of Service

You need to:

• Carefully read all documents

• Understand what data is collected

• Understand how data is used

• Understand your rights

Step 3: Create child profile

After reviewing documents:

• Enter child's date of birth (required)

• Enter child's name (optional, can be alias)

• Confirm you read documents

• Click "Create Profile"

Step 4: Confirm consent

• You will see final consent window

• You will see checkbox "I consent to processing my child's data"

• You must actively check the box

• Click "Confirm Consent"

Important: Consent must be an active action. Silence or inaction does not mean consent.

What your consent means:

By giving consent, you confirm that:

• You are the parent or legal guardian

• You have read and understood all documents

• You understand what data is collected

• You understand how data is used

• You agree to data processing terms

• You know your rights

• You can withdraw consent at any time

Age verification:

We verify that consent is given by parent, not child:

• Require email address (children usually don't have their own)

• Require verification via email code

• Use language understandable by adults

Consent validity:

• Consent is valid indefinitely until withdrawn

• You can withdraw at any time

• Upon withdrawal, account will be deleted

Consent changes:

If we plan to change data processing:

• We will notify you in advance (minimum 30 days)

• We will request new consent

• You can refuse and delete account

Consent record:

We keep record of your consent:

• Date and time of consent

• Version of documents you agreed to

• IP address (for security)

• Consent text

Access to consent:

You can always:

• View what you consented to

• Get copy of your consent

• Request consent information

How to request: Email info@itcoti.fi

Multiple children:

• You can create up to 5 child profiles

• Each child requires separate consent

• Each consent can be withdrawn separately

Important: If you are not the parent or legal guardian, you have no right to consent to processing the child's data.

You have the right to withdraw your consent to process your child's data at any time. Withdrawing consent is as simple as providing it.

Your right to withdraw:

• You can withdraw consent at any time

• Without explanation

• Without negative consequences

• Free of charge

Important: Withdrawal does not affect lawfulness of processing before withdrawal.

Ways to withdraw consent:

Method 1: Through account

• Sign in to your account

• Go to "Children" section

• Select child profile

• Click "Delete Profile"

• Confirm deletion

Method 2: By email

• Email info@itcoti.fi

• Subject: "Withdrawal of Consent"

• Specify your email

• Specify which child (date of birth)

• Confirm you are the parent

What happens after withdrawal:

Immediately:

• Child profile becomes inactive

• Access to app stops

• Further data collection stops

Within 30 days:

• All child data deleted from database

• Backups deleted

• Data deleted from sub-processors

What is deleted:

• Child profile (DOB, name)

• Reading history

• Favorite books

• Interface settings

• Reading progress

• Technical data (IP, device)

• Consent record

What is NOT deleted:

• Your parent account (email)

• Other children profiles (if any)

• Payment history (required for accounting)

Withdrawal confirmation:

After processing withdrawal, we send confirmation:

• Email to your address

• Data deletion confirmation

• Date and time of deletion

Partial withdrawal:

If you have multiple children:

• You can withdraw for one child

• Other profiles remain active

• Your parent account remains active

Full withdrawal:

If you want to delete all data:

• Delete all child profiles

• Delete your parent account

• Email info@itcoti.fi for complete deletion

Consequences of withdrawal:

What you lose:

• Access to Chickitik library

• Saved reading progress

• Favorite books

• Interface settings

• Reading history

What you keep:

• Right to re-register

• Ability to create new profile

Re-consent:

After withdrawal:

• You can register again

• You need to give new consent

• Old data is not restored

• You start from scratch

Important notes:

1. Irreversibility:

Data deletion is irreversible. We cannot restore:

• Reading history

• Progress

• Favorites

2. Technical limitations:

• Deletion may take up to 30 days

• Backups deleted last

• Some data may remain in logs (IP, access time) up to 90 days for security

3. Legal requirements:

We must retain some data by law:

• Payment history (7 years for accounting)

• Consent and withdrawal records (3 years for GDPR compliance proof)

Help and support:

If you have questions about withdrawal:

• Email: info@itcoti.fi

• Subject: "Consent Withdrawal Question"

• We respond within 2-3 business days

Alternatives to deletion:

If unsure about complete deletion:

1. Temporary deactivation:

• Simply stop using the app

• Data remains but not processed

• You can return anytime

2. Processing restriction:

• Request processing restriction (see "Your Rights")

• Data retained but not used

Remember: Withdrawal is your right. We respect your decision and process it quickly and efficiently.

Your consent to process your child's data is valid indefinitely until withdrawal or until child turns 16.

Indefinite validity:

• Consent has no expiration date

• Valid until you withdraw it

• Or until child turns 16

Automatic termination:

Consent automatically ends when:

1. Child turns 16:

• Per GDPR Article 8, at 16 child can consent themselves

• Profile automatically transfers to user control

• You no longer have access

• Child gains control over their data

2. You withdraw consent:

• At any time at your discretion

• Profile is deleted

• Data deleted within 30 days

3. Your parent account is deleted:

• When parent account deleted

• All child profiles also deleted

• All data deleted

Consent renewal:

• Consent does not require renewal

• It is valid indefinitely

• You do not need to do anything to renew

Terms changes:

If we change data processing terms:

• We notify you in advance (minimum 30 days)

• We request new consent

• If you do not give new consent, old remains valid

• Or you can withdraw and delete profile

Consent verification:

We may periodically ask you to confirm that:

• You still want to use Chickitik

• You are familiar with current terms

• Your contact information is up to date

Important: This does not mean consent expired. We just want to ensure you are aware of current terms.

Consent retention:

We retain record of your consent:

• Throughout profile lifetime

• Plus 3 years after profile deletion (for GDPR compliance proof)

• Date and time of consent

• Document version

• IP address (for security)

We may make changes to this consent form as our service evolves or legislation changes. We commit to notifying you of all significant changes.

Change notification:

When changing this consent form we:

1. Notify you in advance:

• Minimum 30 days before changes take effect

• Email to your registered address

• In-app notification upon sign-in

2. State what changed:

• Full description of changes

• Reasons for changes

• How it affects your child's data processing

3. Request new consent:

• If changes are material

• You must explicitly give new consent

• Silence does not mean consent

Non-material changes:

Minor changes do not require new consent:

• Typo corrections

• Clarifications without meaning change

• Contact information updates

• Technical improvements without data processing change

For such changes:

• We update "Last Updated" date

• Notify you via email

• Your current consent remains valid

Material changes:

Require new consent:

• Change in data processing purposes

• Collection of new data types

• Data sharing with new third parties

• Change in security measures

• Change in data retention periods

For such changes:

• Detailed notice 30 days in advance

• Request for new explicit consent

• Option to refuse and delete profile

• Old consent stops after deadline

Your options when changes occur:

1. Accept changes:

• Give new consent

• Continue using Chickitik

• Under new terms

2. Refuse:

• Do not give new consent

• Withdraw current consent

• Delete child profile

• Export data before deletion

Transition period:

After change notification:

• You have 30 days to decide

• Service works under old terms

• After 30 days without new consent, profile freezes

• You can give consent or delete profile

Change history:

We maintain history of all changes:

• Change date

• Change description

• Reasons for changes

• Available upon request info@itcoti.fi

Current version:

• Version: 1.0

• Date: 2025-10-31

Important: We strive to minimize changes and always act in the interest of protecting your child's data.

By creating a child profile in Chickitik, I confirm that:

I declare and confirm:

✓ I am the parent or legal guardian of the child

✓ I have read and understood all information in this consent form

✓ I have read and understood the Children's Privacy Policy

✓ I have read and understood the Terms of Service

✓ I understand what data is collected about my child

✓ I understand how my child's data is used

✓ I understand my rights and my child's rights

✓ I understand how to withdraw my consent

✓ I understand I can withdraw consent at any time

✓ I give voluntary and explicit consent to process my child's data

I agree that:

• ITcoti Oy will collect and process my child's personal data

• Data will be used to provide Chickitik services

• Data may be transferred to sub-processors (hosting provider)

• Data will be stored on EU servers (Netherlands)

• ITcoti Oy has implemented appropriate security measures

I understand that:

• Consent is voluntary

• Refusal to consent means inability to use Chickitik

• I can withdraw consent at any time

• Upon withdrawal, my child's data will be deleted

• Data deletion is irreversible

Contact information:

• Parent email: [Specified during registration]

• Child date of birth: [Specified when creating profile]

• Child name: [Optional, can be alias]

Consent date:

Date and time of consent are automatically recorded when creating child profile.

Document version:

• Consent form version: 1.0

• Date: 2025-10-31

Confirmation:

By clicking "I Consent" button when creating child profile, I confirm that I have read and understood this consent form and voluntarily give my consent to process my child's data according to the specified terms.

If you have questions, suggestions, or requests regarding parental consent, processing of your child's data, or exercising your rights, contact us:

Contact information:

• Email: info@itcoti.fi

• Phone: +358 40 258 2158

• Working hours: Monday - Friday, 9:00 AM - 5:00 PM (EET/EEST)

Company:

• Name: ITcoti Oy

• Y-tunnus: 3489603-6

• Address: Neuvoksenkatu 24 A, 38700 Kankaanpää, Finland

Types of requests:

1. Consent questions:

• How consent works

• What my consent means

• Can I change consent

2. Rights exercise requests:

• Data access (what you store about my child)

• Data rectification

• Data erasure (right to be forgotten)

• Processing restriction

• Data export (portability)

3. Consent withdrawal:

• How to withdraw consent

• What happens to data

• Data export before deletion

4. Complaints and issues:

• Privacy concerns

• Suspected security breach

• Data processing complaints

5. General questions:

• How Chickitik works

• Child safety

• Technical questions

How we respond:

• Email requests: Response within 48 hours (business days)

• Phone requests: During working hours

• Data access requests: Within 30 days

• Deletion requests: Within 30 days

• Urgent security issues: Within 24 hours

Supervisory authority:

If you believe we violate your child's rights, you can contact the supervisory authority:

Office of the Data Protection Ombudsman (Finland):

• Website: https://tietosuoja.fi

• Email: tietosuoja@om.fi

• Phone: +358 29 566 6700

• Address: P.O. Box 800, 00521 Helsinki, Finland

Important: You can contact the supervisory authority at any time, even if you have already contacted us. We are always ready to cooperate with supervisory authorities.

Communication language:

We accept requests in the following languages:

• Русский (ru)

• English (en)

• Suomi (fi)

• Українська (uk)

• Ελληνικά (el)

• עברית (he)

Identity verification:

To protect your child's data, we may ask you to verify your identity before providing data access or making changes. Usually, sending a request from your registered email is sufficient.