Kiddy

Privacy Statement

We are committed to safeguarding your privacy. You can feel confident that we process your personal data securely. All processing of personal data takes place in accordance with the EU's Personal Data Protection Regulation (GDPR) and the Personal Data Act.

Personal data is information that can be linked to you as a person, for example name, place of residence, telephone number, e-mail address, IP address, while sensitive personal data can say something about your state of health. We do not collect sensitive personal data through KIDDY or our websites.

Data processor and data controller

Daxap AS has primary responsibility as data processor for the processing of personal data, but in some situations we are also responsible for processing. To provide a better understanding of the concepts and roles, we will explain what it means to be a data processor and a data controller, as well as give examples of situations where we hold these roles.

A data processor is a natural or legal person, public authority, institution or any other body that processes personal data on behalf of the controller. As a data processor, we are responsible for handling personal information that is processed in the Kiddy app. Your institution as data controller owns this information, and our responsibility as data processor is regulated by the data processor agreement.

A data controller is the person who determines the purpose of the processing of personal data, and which aids are to be used. We are both data controller and data processor for information we receive on our websites for e.g. customer support.

Purpose and legal basis

The purpose of the processing of personal data in the Kiddy app is that your institution and you as a user should be able to use it Kiddy service to communicate, while the purpose of processing personal data on websites is to provide you with technical support for the service.

The basis for processing in both cases is that the processing is necessary to fulfill the agreement cf. the Personal Data Protection Regulation Article 6 no. 1 letter b.

Information that is collected and why it is processed

Kiddy app (Both application and online tool)

To register an Account either as an employee or guardian, you must provide the following information:

- E-mail address

- Used to provide login credentials for your Account. We take your security seriously, which is why we have chosen to use this type of authentication.

- Name

- Used to connect you with the right child.

Children (not using):

- Sex

- Used to follow up relevant activities at the institution.

- Date of birth of the child

- Used to follow up relevant activities at the institution.

- First name of the child

In addition, it is optional:

- Profile picture

- Phone number

- Address

If you want to be visible to others in

- the system

Websites (kiddyapp.no)

In addition, it is optional:

- Name

- E-mail address

- Your city

- Your institution

- Your role

Disclosure of personal data to others

We will not pass on your personal information to third parties unless there is a legal basis for doing so, such as an agreement with you or a law that requires us to release the information.

We may share personal data with technical subcontractors or public authorities where it is legislated to do so. In such situations, we have entered into agreements to ensure that information security is safeguarded during the entire processing process.

All processing of personal data that we carry out takes place within the EU/EEA area.

Storage period and deletion

We store your personal data with us for as long as is necessary to fulfill the purpose for which it was collected. We delete personal data when the purpose of the individual processing has been fulfilled, unless the legislation requires us to or can keep the data beyond this.

This means, for example, that personal data that we process based on your consent will be deleted if you withdraw your consent.

Your rights

When we collect information about you, you have a number of basic rights in the GDPR that you can exercise.You can read more about your rights here.

Right to access

You have the right to ask us to inform you about how we process your information and to ask to know what information we have stored about you.

Right to rectification

If you discover that the information processed about you by us is not correct after exercising the right of access, you can demand that we correct it in accordance with Article 16 of the Personal Data Protection Regulation. You must be able to prove that the information is incorrect and what is correct. We undertake to make the change without unnecessary delay and normally within one month.

Right to deletion

If you decide to delete your account, you can do so at any time by reaching out to us at contact information below. Alternatively, you can delete your account by logging into your account and accessing the account settings page through our mobile app or website.

When you delete your account, we will remove your profile information and any content you have provided in your profile (such as your name, password, email address, and profile photos), as well as information collected through mobile permissions based on your user category.

Please note that information you have shared with others, information others have shared about you, or content that other users may have copied and stored, is not considered part of your account and may not be deleted when you delete your account.

(For Norwegian users: You can read about these cases and any exceptions here.)

For more details, please refer to Kiddy Help Center.

Right to limitation

In some situations, you can ask us to restrict how we use your personal data. In such cases, we may still store your personal data, but not use it for any purpose.

Right to protest

Sometimes you have the right to express your objection to us using your personal data.

Right to prevent automated decisions

You have the right not to be subject to automated decisions with legal or similar consequences (for example, automatic credit assessment). At this time, we do not use automated decisions.

Right to data portability

The right to data portability is a right that gives you greater control over your own personal data. This gives you the opportunity to be given personal information about yourself and use it across various systems and services as you wish.

Right to information

We have an obligation to process personal data in an open manner. This means, among other things, that you have the right to receive brief and comprehensible information about how we process the personal data.

Changes

Changes to our services or regulations for the processing of personal data may lead to changes in the information provided here. If we have your contact details, we will notify you of significant changes. Otherwise, updated information will always be available on our website.

Contact information

Address: Kuhaugen 4A, 7224 Melhus

E-mail: [email protected]

Company No.: 926 789 414

If you have questions related to the processing of your personal data at DAXAP, or you have general questions about privacy and security at DAXAP, you can contact us at [email protected]. Mark the message with Privacy.