en EN

Imprint

Information pursuant to § 5 DDG

easychild Proprietor: Micha Lehmann

Klempnerweg 26, 08340 Schwarzenberg/Erzgebirge

Contact:

  • Telephone: +49 3774 187314
  • Email: info@easychild.de

VAT ID:

DE297424988

Business Liability Insurance:

Markel International Insurance Company Limited, German Branch, Sophienstraße 26, 80333 Munich Territorial Scope: Worldwide

EU Dispute Resolution:

Platform of the European Commission: https://ec.europa.eu/consumers/odr

Consumer Dispute Resolution:

We are neither willing nor obliged to participate in dispute resolution proceedings before a consumer arbitration board.

Privacy Policy for the Nursery APP

Preamble

This service (hereinafter “App”) is provided by the data controller Micha Lehmann Easychild, Klempnerweg 26, 08340 Schwarzenberg/Erzgebirge (hereinafter “we” or “us”) as the responsible party within the meaning of the applicable data protection law.

Within the scope of the App, we enable you to access and display the following information:

  • Digital communication between parents and the institution (e.g. chat, messages, announcements, scheduling, pick-up information)
  • Management and display of appointments, absences, and calendar events
  • Exchange of documents and parent letters
  • Photo galleries and media sharing (e.g. group photos, excursions)
  • Management of children’s profiles and contact information
  • Registration for events and activities
  • Important information about the institution and group overviews

When using the App, we process personal data relating to you. Personal data means all information relating to an identified or identifiable natural person as defined in Article 4(1) GDPR. As we place great importance on the protection of your privacy when using the App, we would like to inform you, by way of the following information, about which personal data we process when you use the App and how we handle it. The processing of personal data is only permitted if there is a valid legal basis for such processing; in this regard, we rely on the following legal bases:

  • Article 6(1)(a), (b), (c) and (f) GDPR (consent to data processing, contract fulfilment, compliance with statutory retention periods, logging and implementation of data subject rights)
  • Article 6(1)(a) in conjunction with Article 9(2)(a) GDPR (consent to the processing of particularly sensitive data)

Furthermore, a data processing agreement pursuant to Article 28 GDPR has been concluded with the institution (nursery, after-school club, childminder or any other facility). For security reasons (integrity and confidentiality) and to protect the transmission of confidential content, such as queries you send to us as App operators or communication between App users, this App uses encryption in line with current best practice. This encryption prevents sensitive data about children that you transmit from being read by unauthorised third parties.

You can access this privacy policy at any time under the Legal section within the App.

1. Information on the Processing of Your Data

Certain information is already processed automatically as soon as you use the App. Details of which personal data are processed are outlined below:

1.1 Information Collected During Download

When downloading or installing the App (e.g. as a PWA), generally no personal account data such as your username, email address, customer number or payment details are transmitted to Google, Apple or the browser manufacturer – this information is exclusively held by you and your account. Only meta-information such as the PWA manifest (name, icons), installation timestamp or technical errors may be recorded anonymously by the browser or platform. These insights serve solely to improve functionality and are outside our sphere of influence.

1.2 Information Collected Automatically

In the course of your use of the App, we automatically collect certain data required for the technical operation and security of the App. This includes, in particular, information stored in the so-called access log of the nginx web server:

  • Your IP address
  • Date and time of the request
  • Requested URL or accessed resource
  • HTTP status code of the server response
  • Transferred data volume
  • Referrer URL (previously visited website, if transmitted)
  • Information about the browser and operating system used (user agent)
  • Error or event logs in the error log, where applicable

This data is automatically transmitted to us each time you access the App and is stored for a period of 30 days. Storage takes place especially to detect and defend against malicious or abusive access, for example by blocking suspicious IP addresses. In addition, we use the information to identify technical errors, ensure the stability and security of our systems, and support the functionality and development of the App.

This data processing is justified by the fact that:

  1. the processing is necessary for the performance of the contract between you as the data subject and us in accordance with Article 6(1)(b) GDPR for the use of the App, or
  2. we have a legitimate interest in ensuring the functionality and error-free, secure operation of the App and in providing a market-appropriate and interest-based service, with your rights and interests in the protection of your personal data being adequately considered within the meaning of Article 6(1)(f) GDPR.

1.3 Creating a User Account (Registration) and Login

If you create a user account or log in, we use your login details (email address, password and name) to grant you access to and manage your user account (“required information”). Required information in the registration process is marked with an asterisk and is necessary for the conclusion of the usage contract. If you do not provide this data, you cannot create a user account.

In addition, you may voluntarily provide the following information during registration: telephone number (not visible to the institution or other users), profile photo (avatar) for your parent account as well as profile photos for assigned children.

We use the required information to authenticate you at login and to process requests to reset your password. The data you enter as part of registration or login is processed and used by us:

  1. to verify your entitlement to manage the user account;
  2. to enforce the terms of use of the App and all associated rights and obligations; and
  3. to contact you in order to provide technical or legal notices, updates, security notifications or other messages regarding the management of the user account.

We use voluntary information to provide you with additional features within the App, e.g. convenient contact options or display of profile pictures, and to display this information within the App according to your settings. The telephone number remains confidential and is not visible to other users or the institution. Profile pictures may be displayed to other users of the App depending on your settings.

This data processing is justified by the fact that:

  1. the processing is necessary for the performance of the contract between you as the data subject and us in accordance with Article 6(1)(b) GDPR for the use of the App, or
  2. we have a legitimate interest in ensuring the functionality and fault-free operation of the App, which outweighs your rights and interests in the protection of your personal data within the meaning of Article 6(1)(f) GDPR.

1.4 Use of the App

To provide our services via the App, we require the access rights listed below, which enable us to access certain functions of your device.

  • Internet access: As the entire App is web-based, an internet connection is essential for its use.
  • Camera access: For uploading photos and videos in the messenger. Strictly speaking, the access is not by the easychild App itself but by the operating system, which, after taking the photo or video, provides only that specific photo or video to the easychild App.
  • Access rights to photos and videos: The App does not have general access to photos and videos, only to the files you select for upload.

Access to device functions is necessary to ensure the App’s functionalities. The legal basis for this data processing is our legitimate interest within the meaning of Article 6(1)(f) GDPR, your consent within the meaning of Article 6(1)(a) GDPR.

Within the App, you can enter, manage and edit various information, tasks and activities:

General

When you use our App, we collect the following personal data from you:

  • First and last name (A)
  • Email address and password (A)
  • Time when a message or information from the institution or provider was read and/or answered by you (A, B)
  • IP address, device ID, metadata, accessed resources (E)

Personal data that you may voluntarily enter in the App:

  • Scheduling, pick-up and deregistration information for your child(ren) (D, G)
  • Chat messages in the messenger including attachments (B, G)
  • Responses to information (B, F, G)

The processing of this personal data is necessary to ensure the App’s functionalities. The legal basis for this data processing is our legitimate interest within the meaning of Article 6(1)(f) GDPR, your consent within the meaning of Article 6(1)(a) GDPR.

The data retention periods are as follows:

  • A - Data is deleted when you delete your account with easychild.
  • B - Data is deleted when your INSTITUTION’s contract with easychild ends.
  • C - Data can be deleted by you at any time.
  • D - Data is deleted after 6 years.
  • E - Data is deleted after 30 days.
  • F - Data can be deleted by your INSTITUTION (for example, responses to information are deleted if the information is deleted by the INSTITUTION).
  • G - Data is deleted when the institution deletes the child’s data from easychild (usually after contract end).

Push Notifications

The use of push notifications requires your consent. You give this consent when you activate push notifications and accept the prompt in your browser. Push notifications are technically sent via the interface provided by the browser manufacturer. Push notifications are encrypted in accordance with IETF specifications, and only your browser can decrypt them. The encrypted messages are stored on the server until they are delivered or expire.

When you subscribe, your browser creates a technical identifier (push ID) for the delivery of notifications, which is considered personal data. The legal basis for processing is your voluntary consent (Art. 6(1)(a) GDPR). You can revoke your consent at any time in your browser settings and stop receiving push notifications.

As push notification interfaces differ between browsers and are implemented and operated by different manufacturers, please contact your browser manufacturer for further information.

Translation Function

The translation service in various parts of the App is provided by the Cologne-based provider DeepL SE. The data is only used for translation and then deleted. The data does not flow into the provider’s training data. Further information is available on the DeepL website: https://www.deepl.com/de/pro-data-security

Email Dispatch

Emails are sent via the provider RapidMail, based in Freiburg im Breisgau. Emails are stored in compliance with the GDPR for 5 days and then deleted. Header and subject lines are stored for 10 days and then deleted. Further information can be found on the RapidMail website: https://www.rapidmail.de/datenschutz

Data Analysis

Your data will not be passed on to third parties for analysis purposes.

The processing and use of usage data is solely for the provision of the service. This data processing is justified by the fact that processing is necessary for the performance of the contract between you as the data subject and us in accordance with Article 6(1)(b) GDPR for the use of the App.

2. Disclosure and Transfer of Data

Your personal data will only be disclosed to third parties without your express prior consent in accordance with Article 6(1)(a) GDPR in conjunction with Article 9(2)(a) GDPR in cases other than those explicitly stated in this privacy policy if this is legally permissible or required. This may include, for example, cases where processing is necessary to protect the vital interests of the user or another natural person.

2.1 The data you provide during registration will be used for internal administrative purposes and customer support.

2.2 If it is necessary for the clarification of unlawful or abusive use of the App or for legal prosecution, personal data will be passed on to the law enforcement authorities or other authorities and, where applicable, to injured third parties or legal advisers. However, this only happens if there are indications of unlawful or abusive behaviour. Disclosure may also occur if it serves to enforce terms of use or other legal claims. We are also legally obliged to provide information to certain public authorities on request. These are law enforcement authorities, authorities pursuing administrative offences subject to fines, and tax authorities.

Any potential transfer of personal data is justified by the fact that:

  1. the processing is necessary to comply with a legal obligation to which we are subject in accordance with Article 6(1)(f) GDPR in conjunction with national legal provisions regarding the disclosure of data to law enforcement authorities, or
  2. we have a legitimate interest in passing on the data to the aforementioned third parties if there are indications of abusive behaviour or to enforce our terms of use, other terms or legal claims and your rights and interests in the protection of your personal data do not override this interest within the meaning of Article 6(1)(f) GDPR.

2.3 If we use a service provider for commissioned data processing, we remain responsible for the protection of your data. All processors are contractually obliged to treat your data confidentially and only to process it as part of service provision. The processors commissioned by us receive your data only if they need it to provide their respective services. These include, for example, IT service providers required for the operation and security of our IT systems. Furthermore, your personal data is processed in a certified data centre.

  • Hosting of SaaS solution servers in a reputable data centre: Hetzner Online GmbH, Falkenstein/Vogtland
  • Translation of messages in the App: DeepL SE, Maarweg 165, 50825 Cologne
  • Dispatch of SMS messages (optional): LOX24 GmbH, Seestraße 109, 13353 Berlin
  • Dispatch of emails: rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg im Breisgau

2.4 In the course of developing our business, it may happen that our company structure changes, for example through a change of legal form. Any such change will take place only in compliance with applicable data protection law.

Any potential transfer of personal data is justified by our legitimate interest in adapting our corporate form to economic and legal requirements as necessary, and your rights and interests in the protection of your personal data within the meaning of Article 6(1)(f) GDPR do not override this interest.

3. Data Transfers to Third Countries

We do not process data outside the European Economic Area (“EEA”).

4. Change of Purpose

Processing of your personal data for purposes other than those described only occurs where a legal provision permits or you have consented to the changed purpose. If we intend to process your data for a different purpose than that for which it was originally collected, we will inform you of this other purpose prior to further processing and provide you with all other relevant information.

5. Period of Data Storage

We will delete or anonymise your personal data as soon as it is no longer required for the purposes for which it was collected or used as described above. Generally, we store your personal data for the duration of your usage or contractual relationship with the App plus an additional period of 14 days, during which we keep backup copies after deletion, unless the data is required for criminal prosecution or for the protection, enforcement, or assertion of legal claims for a longer period.

Specific provisions in this privacy policy or legal requirements regarding the retention and deletion of personal data, especially those we must keep for tax purposes, remain unaffected.

6. Your Rights as a Data Subject

6.1 Right to Access

You have the right to obtain information from us at any time, upon request, about the personal data concerning you that we process, in accordance with Article 15 GDPR. To do so, you may submit a request by post or by email to the address listed below.

6.2 Right to Rectification of Incorrect Data

You have the right to demand that we promptly correct any personal data concerning you that is inaccurate. Please contact us at the addresses listed below for this purpose.

6.3 Right to Erasure

You have the right, under the conditions set out in Article 17 GDPR, to request the erasure of personal data concerning you. These conditions in particular provide a right to erasure where the personal data is no longer necessary for the purposes for which it was collected or otherwise processed, in cases of unlawful processing, if an objection exists or if there is an obligation to erase under Union law or the law of the Member State to which we are subject. For information on retention periods, please see section 5 of this privacy policy. To exercise your right to erasure, please contact us at the addresses listed below.

6.4 Right to Restriction of Processing

You have the right to request that we restrict processing in accordance with Article 18 GDPR. This right exists, in particular, where the accuracy of the personal data is contested between the user and us, for the period required to verify the accuracy, as well as in cases where the user, in the presence of a right to erasure, requests restriction of processing instead of erasure; also where the data is no longer required by us but the user needs it for the assertion, exercise or defence of legal claims; and where the successful exercise of an objection between us and the user is still in dispute. To exercise your right to restriction of processing, please contact us at the addresses listed below.

6.5 Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with Article 20 GDPR. To exercise your right to data portability, please contact us at the addresses listed below.

7. Right to Object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you that is carried out, inter alia, on the basis of Article 6(1)(e) or (f) GDPR, pursuant to Article 21 GDPR. We will cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or where processing is for the establishment, exercise or defence of legal claims.

8. Right to Lodge a Complaint

You also have the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority is:

Saxon Data Protection and Transparency Commissioner PO Box 11 01 32 01330 Dresden Telephone: 0351 85471-101 Email: post@sdtb.sachsen.de Web: www.datenschutz.sachsen.de

9. Contact

If you have any questions or comments about our handling of your personal data, or if you wish to exercise the rights set out in sections 6 and 7 as a data subject, please contact Micha Lehmann at +49 3774 187314 or at datenschutz@easychild.de. Our Data Protection Officer, Fabian Fromm, can be reached at fromm@projekt29.de.

For questions or comments regarding the practical use and operation of the App, or for support requests, please contact easychild Monday to Friday from 8.00