Children's Online Privacy Policy
Last updated: September 30, 2020
MOAC Mall Holdings LLC, CanAm Theatres MOA, LLC and MOA Entertainment Company LLC ( “MOA” shall mean any of the foregoing entities), including any entity that controls MOA, is controlled by MOA or is under common control with MOA (each an “Affiliate”), are committed to protecting the privacy of children who use Sites of Apps (as defined in MOA’s Privacy Policy). This Children’s Online Privacy Policy (the “Children’s Privacy Policy”) explains our information collection, disclosure, and parental consent practices with respect to information provided by children under the age of 13 (each, a“Child,” and, collectively, the “Children”), and uses terms that are defined in our general Privacy Policy. This Children’s Privacy Policy is in accordance with the U.S. Children’s Online Privacy Protection Act (“COPPA”), and outlines our practices regarding Children’s Personal Information. For more information about COPPA and general tips about protecting Children’s online privacy, please visit OnGuard Online.
This Children’s Privacy Policy contains the following sections:
- The Information MOA Collects From Children, How MOA Uses It, and How and When MOA Communicates with Parents
- Availability to Others of Information Collected From Children
- Parental Choices and Controls
1. The Information MOA Collects From Children, How MOA Uses It, and How and When MOA Communicates With Parents
MOA offers to its users a range of sites, applications and services, some of which are primarily targeted at Children, and others that are intended for users of all ages and their families. Our websites and applications offer a variety of activities, including activities that may now or in the future collect information from Children. Below we summarize potential instances of collection and outline how and when we will provide parental notice and/or seek parental consent. If we collect Personal Information from a Child, we will retain that information only so long as reasonably necessary to fulfill the activity request or allow the Child to continue to participate in the activity, and ensure the security of our users and our services, or as required by law. In the event we discover we have collected information from a Child in a manner inconsistent with COPPA’s requirements, we will either delete the information or immediately seek the parent’s consent for that collection.
Registration. In certain instances Children may be able register with our Site and Apps to view content, play games, participate in contests, and engage in special features, among other things. During the registration process, we may ask the Child to provide certain information for notification and security purposes, including a parent or guardian’s email address, the Child’s first name and gender, the Child’s member or account username, and password. We also may ask for birth dates from Children to validate their ages. Nevertheless, MOA cannot prevent certain users, including children, from fraudulently representing their age in order to gain access to the Site or an App. To reduce the risk of such fraud, we may implement measures to prevent Children from misrepresenting their ages, such as by disabling back-buttoning. As a consequence of these measures, attempts to change a birth date or age, even if the birth date or age was originally entered by mistake, may disable certain functionality on Sites and Apps.
We strongly advise that Children never provide any Personal Information in their usernames. Please note that Children can choose whether to share their information with us, but certain features cannot function without it. As a result, Children may not be able to access certain features if required information has not been provided. We will not require a Child to provide more information than is reasonably necessary in order to participate in an online activity.
Collection of a Parent’s Email Address. Consistent with the requirements of COPPA, on any Site or Application targeting a Child, or in any instance where we ask for age and determine the user is age 12 or under, we will ask for a parent or guardian email address before we collect any Personal Information from the Child. If you believe your Child is participating in an activity that collects Personal Information and you or another parent/guardian have NOT received an email providing notice or seeking your consent, please feel free to contact us at privacy@MallOfAmerica.com. We will not use parent emails provided for parental consent purposes to market to the parent, unless the parent has expressly opted in to email marketing or has separately participated in an activity that allows for such email contact.
Content Generated by a Child. Certain activities on our Sites and Apps may allow Children to create or manipulate content and save it with MOA. Some of these activities do not require Children to provide any Personal Information and therefore may not result in notice to the parent or require parental consent. If an activity potentially allows a Child to insert Personal Information in their created content, we will either pre-screen the submission to delete any Personal Information, or we will seek verifiable parental consent by email for the collection. Examples of created content that may include Personal Information are stories or other open-text fields, and drawings that allow text or free-hand entry of information. If, in addition to collecting content that includes Personal Information, MOA also plans to post the content publicly or share it with a third party for the third party’s own use, we will obtain a higher level of parental consent.
Verifiable Parental Consent.
- Email Consent. If MOA wishes to collect Personal Information from a Child, we may first seek a parent or guardian’s consent by email. In the email we will explain what information we are collecting, how we plan to use it, how the parent can provide consent, and how the parent can revoke consent. If we do not receive parental consent within a reasonable time, we will delete the parent contact information and any other information collected from the Child in connection with that activity.
- High-Level Consent. If MOA collects Personal Information from a Child that will be posted publicly, we will seek a higher level of consent than email consent. Such “high-level” methods of consent include, but are not limited to, asking for a credit card or other payment method for verification (with a nominal charge involved), speaking to a trained customer service representative by telephone or video chat, or requiring a signed consent form by mail, email attachment, or fax. After providing high-level consent, a parent may have the opportunity to use a pin or password in future communications as a way to confirm the parent’s identity.
- Teacher consent in lieu of a parent. With regard to school-based activities, COPPA allows teachers and school administrators to act in the stead of parents to provide consent for the collection of Personal Information from Children. Schools should always notify parents about these activities. For more information on parental rights with respect to a Child’s educational record under the Family Educational Rights and Privacy Act (FERPA), please visit the FERPA site.
Chat. Certain games and activities that are directed to Children may allow users to communicate directly with other users by means of a chat system. In most cases, these chat systems employ filters that are intended to prevent the communication of both Personal Information and age-inappropriate words and phrases. In addition to filters, we may employ live moderation and/or encourage other users to flag inappropriate communications. We strongly encourage Children who use these interactive features on our Sites and Apps never to provide Personal Information about themselves or any third party, and certainly never to attempt to circumvent our filters or moderation. We also recommend that parents carefully supervise their Children when the Children participate in online activities. Should MOA employ a chat system that does not filter all or nearly all Personal Information, we will first seek high-level consent from the parent.
Contests and Sweepstakes. For contests and sweepstakes, we would only require the information necessary for a Child to participate, such as first name (to distinguish among family members) and parent email address (to notify the parent where required by law). We only contact the parent for more personalized information for prize-fulfillment purposes when the Child wins the contest or sweepstakes.
Of course, some contests and sweepstakes may ask the Child to submit their own created content along with the Child’s entry. In those instances, we may require parental consent prior to submission.
Email Contact with a Child. If MOA receives a question or request from a Child, MOA may need to ask for the Child’s online contact information, such as an email address. MOA will delete this information immediately after responding to the question or request.
In connection with certain activities or services, we may collect a Child’s online contact information, such as an email address, in order to communicate with the Child more than once. In such instances we will retain the Child’s online contact information to honor the request and for no other purpose such as marketing. One example would be a newsletter that provides occasional updates about a site, game/activity, personality/character or activity. Whenever we collect a Child’s online contact information for ongoing communications, we will simultaneously require a parent email address in order to notify the parent about the collection and use of the Child’s information, as well as to provide the parent an opportunity to prevent further contact with the Child. On some occasions a Child may be engaged in more than one ongoing communication, and a parent may be required to “opt-out” of each communication individually.
Push Notifications. Push notifications are notifications on mobile and other devices that are typically associated with downloaded applications, and which can communicate to the device holder even when the application is not in use. We will require a Child to provide a parent email address before the Child can receive push notifications from our Child-directed applications that collect a device identifier. We will then provide the parent with notice of our contact with the Child and will provide the parent the opportunity to prevent further notifications. Finally, we will not associate the device identifier with other Personal Information without contacting the parent to get consent.
Geolocation Data. If a Child-directed Site or App collects geolocation information that is specific enough to equate to the collection of a street address, we will first seek parental consent via email.
Persistent Identifiers. When Children interact with us, certain information may automatically be collected, both to make Sites and Apps more interesting and useful to Children and for various purposes related to our business. Examples include the type of computer operating system, the Child’s IP address or mobile device identifier, the web browser, the frequency with which the Child visits various parts of our sites or applications, and information regarding the online or mobile service provider. This information is collected using technologies such as Cookies, Flash Cookies, Web Beacons, and other unique identifiers (which we define in the “Online Tracking and Advertising” section of our general Privacy Policy). This information may be collected by MOA or by a third party. This data is principally used for internal purposes only, in order to:
- Provide Children with access to features and activities on Sites and Apps;
- Customize content and improve Sites and Apps;
- Conduct research and analysis to address the performance of Sites and Apps; and
- Generate anonymous reporting for use by MOA
If MOA collects (or allow others to collect) such information from Children on Sites and Apps for other purposes, MOA will notify parents and obtain consent prior to such collection.
Please contact us at the mailing address, email, or phone number below with questions about the operators’ privacy policies and collection and use practices:
Mall of America
Attention: Privacy Policy Coordinator
Management Office
60 East Broadway
Bloomington, MN 55425
Phone: 952.883.8810
Emai: privacy@MallOfAmerica.com
2. Availability to Others of Information Collected From Children
In addition to those instances in which a Child’s Personal Information may be posted publicly (after receiving high-level parental consent), we also may share or disclose Personal Information collected from Children in a limited number of instances, including the following:
- We may share information with our service providers if necessary for them to perform a business, professional, or technology support function for us.
- We may disclose Personal Information if permitted or required by law, for example, in response to a court order or a subpoena. To the extent permitted by applicable law, we also may disclose Personal Information collected from Children (i) in response to a law enforcement or public agency’s (including schools or services for Children) request; (ii) if we believe disclosure may prevent the instigation of a crime, facilitate an investigation related to public safety or protect the safety of a Child using our sites or applications; (iii) to protect the security or integrity of our sites, applications, and other technology, as well as the technology of our service providers; or (iv) enable us to take precautions against liability.
3. Parental Choices and Controls
At any time, parents can refuse to permit MOA to collect further Personal Information from their Children in association with a particular account, and can request that MOA delete from its records the Personal Information MOA has collected in connection with that account. MOA reserves the rights to terminate an account, membership, or other service following a request to delete records.
If a Child has registered for an account or signed up for a newsletter, MOA will provide several methods by which parents may access, change, or delete the personally identifiable information that have been collected from their Children:
- Parents will be able to request access to and delete their Child’s Personal Information by logging on to the Child’s account. Parents will need their Child’s username and password.
- Parents contact MOA to request access to, change or delete their Child’s Personal Information by sending an email to MOA at privacy@mallofamerica.com or the following postal address:
Mall of America
Attention: Privacy Policy Coordinator
Management Office
60 East Broadway
Bloomington, MN 55425
Phone: 952.883.8810
Email: privacy@mallofamerica.com
Please include the Child’s username and the parent’s email address and telephone number in any correspondence such as e-mail or mail. To protect the privacy and security of Children, MOA will take reasonable steps to help verify a parent’s identity before granting access to any Personal Information.