Privacy statement KidsKonnectKidsKonnect respects your privacy. In order to be able to carry out our work quickly and efficiently and to optimize our services to you, we process personal data. Ensuring the security and privacy of your personal data is not only in your interest but also in our interest. Kidskonnect follows the relevant laws and regulations, which set requirements for the use of privacy-sensitive information.
KidsKonnect monitors the quality, confidentiality, accuracy and completeness of the personal information it processes. We use adequate technical and management procedures to keep information accurate, current and complete. If you indicate that certain information may not be used as a basis for further contact, we will respect that. This guarantees your privacy.
KidsKonnect Holding includes the following subsidiaries: KidsKonnect, Van Madelief, Joorz Communication Solutions, HHB Hardware-Software-Brainware, Tecsoft, KidsVision, Doenkids, Atane Software.
Our use of collected dataSite visit data via Google analytics. KidsKonnect collects non-personal (anonymous) information such as the type of web browser, language preferences, site origin and date and time of the site visit. KidsKonnect does this to better understand usage patterns and optimize where necessary.
Provider: Google Analytics
Goal: Website statistics
Retention period: 1 minute
Name: _gaGoogle Analytics
Provider: Google Analytics
Goal: Website statistics
Retention period: 2 years
Name: _gidGoogle Analytics
Provider: Google Analytics
Goal: Website statistics
Storage period: 1 day
Personal data that we process on the websitePersonal data is all data that can be traced back to a person. Examples of this are your name, address, telephone number and account number, but also photos and biometric data are personal data.
Personal data that we process can be divided into categories for convenience. We use the following categories of personal data from you:
|Category of personal data||Explanation|
|First and last name||So we know who to address|
|Function||So that we send the right information to|
the right contact
|Phone number||To be able to call|
|e-mail address||To be able to e-mail|
Processing PurposeWe use the aforementioned personal data for the purposes stated below:
- To enable use of the service
- To provide the communication functions and administrative functions to users
- To provide support to users of the service
- To maintain the service and to be able to further develop the service
|Agreement||KidsKonnect uses an agreement for its services. Before this agreement is concluded, a customer is created in the CRM system, this is regarded as the pre-contractual phase. The legal basis agreement also applies to the pre-contractual phase.|
|Legal obligation||KidsKonnect also collects personal data in order to comply with its legal obligations.|
Mandatory provision of personal dataSometimes we are legally obliged to keep or provide certain personal data about you.
In many cases it is necessary to use a number of personal data from you in order to be able to offer you the service or product that you purchase from us. In that case, the use of your data is necessary for the agreement or the pre-contractual phase.
In these cases you are obliged to provide us with data because otherwise we cannot meet our legal and/or contractual obligations.
Third partiesKidsKonnect does not collect data from third parties.
We receive the only data that we process from the controller itself.
We do not provide the (personal) data provided by you to other parties, unless this is necessary in the context of the execution of the agreement or to comply with a legal obligation.
Security personal dataBecause the security of personal data is very important, KidsKonnect ensures that we take appropriate various technical and organizational measures to ensure that the personal data cannot be misused or otherwise end up in the hands of the wrong person. We ensure that, if we forward your personal data to other organizations such as the processors, these organizations apply the same standards.
Retention periodsPersonal data is kept in accordance with the laws and regulations and for as long as is necessary for the purposes for which this data was collected.
KidsKonnect believes it is important that you can properly exercise your rights under the law.
You can exercise the following rights:
- The right of access: you have the right to inspect which personal data we process about you.
- The right of correction: if the personal data that we process about you is incorrect, you have the right to have it corrected.
- The right to erasure: if we no longer need your personal data for the purpose for which we obtained it, you have the right to ask us to delete it. There are a number of exceptions to this, such as our obligation to keep certain data for the tax authorities, for example.
- The right to restriction: during the period that we are in the process of determining whether your data should be rectified, determining the (un)lawfulness of data processing, determining whether data should be deleted or you have objected to the processing, you have you have the right to request the restriction of processing.
- The right to data portability: at your request, we must transfer all personal data that we have about you to you or another organization of your choice. You can only exercise this right if the data is processed on the basis of permission or an agreement.
- The right to object: if we process data on the basis of legitimate interest or public interest, it is possible to object, after which a weighing of interests will follow. In the case of direct marketing, you always have the right to object.
Report data breachIf you have found a data breach, you can report this to us using the contact details below.
CookiesOur website uses both functional cookies and cookies for analytical purposes. You can find more information about this in our Cookie Statement.
Changes to this privacy statement
We reserve the right to change this privacy statement if required by law and regulation. Because of the above, you are requested to regularly read the privacy statement so that you are kept informed of the current content.
Contact Privacy Officer/FGKidsKonnect considers your privacy important and that is why we have appointed a Privacy Officer and a Data Protection Officer. The Data Protection Officer ensures that we adhere to the privacy rules. The Privacy Officer and Data Protection Officer can be reached via firstname.lastname@example.org
Submit a complaint to the competent authority: Dutch Data Protection AuthorityKidsKonnect believes it is important to have satisfied customers. Even though we do everything we can to achieve this, it is possible that you are not satisfied. It is possible to submit a complaint to the Dutch Data Protection Authority if it concerns the protection of personal data. This can be done via:
Terms and Conditions
Netherlands ICT ConditionsWe use the Nederland ICT Conditions from KidsKonnect. Short explanation story about the conditions and perhaps a number of highlighted topics.
@work appFlexkids provides a platform for childcare organizations with which they can realize childcare in the most effective and efficient way. As part of this platform, Flexkids provides an application for employees of childcare organizations that gives them access to their own data. This statement makes clear what kind of data is processed and why. If you still have questions after reading this statement, please contact us. Which data is additionally processed?
In order to be able to give you access to your data at your employer, we process some extra data. Below you will find a list of the data that we process:
- Username and password
- Device identifier
- Data that becomes available when communicating over the web:
- IP address
- Details about the used device and operating system versions
(HTTP user agent)
- Activity on the platform During and after authentication, data is temporarily recorded on your device in order to realize access to the data. This data is periodically refreshed and automatically deleted when you log out.
The Flexkids mobile applications do not use third-party or tracking cookies. What do we do with this data? This data is used exclusively for the following purposes:
- Making the service available
- Monitoring the platform
- Platform security
- Anonymized stats
This data is not shared with third parties. Access to data by third parties
The data resulting from the use of the Flexkids applications will not be shared with third parties. It is possible that your employer has made links with external parties available with which you can use external services with your Flexkids login. When you give this permission, you will see which data is involved. You can decide at any time that you no longer want to allow this access and revoke the access. From that moment on, the external party no longer has access to your data.
Konnect offers a communication platform to organizations in childcare, care and education to share information with their customers. These organizations are responsible in the context of data processing. Konnect is a Processor of personal data on behalf of these organizations. Users of the service are employees of the organization and the parents who are customers of the organization. Within this privacy statement, the following terms are used for the various data subjects:
Konnect: The supplier of the communication service and in this context processor of data on behalf of the Controller.
Client: the organization that purchases the service from Konnect and is responsible for the processing of personal data. The controller offers this service to its Users.
User: the employee of Client and customers (parents) of Client. The user is also addressed directly in this privacy statement (you).
Konnect is committed to protecting personal data and the privacy of our customers and users. We adhere to the rules set by the General Data Protection Regulation (GDPR) and other privacy laws and regulations.
In this privacy statement you can read everything about the way in which your personal data is collected and how we handle it. This explains which personal data is recorded and for what purpose the data is used. In addition, you will also find all your rights with regard to your data and how you can use those rights.
Processed personal dataKonnect processes personal data on behalf of the Client. Konnect only processes information to provide our services and products, to provide customer service, to improve the user-friendliness of our services or to develop extensions to our services.
When processing data, Konnect makes a distinction between data from our customers (the Client), its users and the data subjects (parents/guardians, children and employees).
From our customer: Company details (company name, place of business, address Chamber of Commerce number, VAT number), contact persons (name, position, e-mail address, (business) telephone number), subscription details and payment agreements, bank and invoicing details (such as IBAN, name, BIC code), childminders including contact details.
From users of our service: First and last names, email address, user roles, mobile devices used, audit information (such as successful and unsuccessful login attempts, date/time of changes, device used, IP address).
In addition, we make a distinction between three data subjects whose personal data is processed within Konnect. These are children, parents/guardians and employees of the Client. Below is indicated which data of the data subjects are processed.
Children: First names, first name, last name, Date of birth, gender, Social Security number (is not shown or stored in Konnect, this will only be sent to the administrative package of the Client when changing), Parents/guardians (see parents/guardians), School, Emergency numbers, Child notes (such as: diet, allergies, learning development, medical, other, child characteristics, mentors, participation in the national vaccination program, health insurer), Consents, Planning information and changes thereto, Presence information, Photos, videos, Daily reports (including daily rhythm), Development data (Observations, Observation forms, transfer ), Participation in activities, Credits.
Parents/guardians: First name, last name, Debtor number, Citizen Service Number (BSN) (is not shown or stored in Konnect, this will only be sent to the administrative package of the Client if there is a change), Email address, Photos, Address details, telephone numbers, Audit information (such as successful and unsuccessful login attempts , date/time of changes, device used, IP address), System preferences (Preferred language, notification settings), Sent notifications and e-mails, Communication information (newsletters / messages), Invoices, annual statements and documents (including contracts), Participation in activities.
Employee: First names, last name, email address, Job title and proposal text, Linked locations/groups.
For many of our customers, Konnect is linked to the administrative package in which the child planning is kept. For many data (such as name and address, email address, debtor number, telephone numbers, school and planning information), the source of the data obtained is the administrative package of our customer. In addition, the data is added by employees of our customer and the parents / guardians. Konnect collects and processes this data on the basis of the agreement we have with the Client. In addition, the processing of specific child data (photos, videos and daily reports) requires explicit permission from the parent/guardian. The parent/guardian can withdraw this permission just as easily as it is given, via “My permissions” in the web portal or by passing this on to the employees of the Client. Withdrawal of consent is not retroactive. The withdrawal of consent therefore has no consequences for previously collected data during the time that consent was given.
Purpose of the data processingKonnect only processes personal data on behalf of the Client in the context of the following purposes: To enable use of the Service: Konnect processes personal data of the organization and its users, namely: persons under its authority, such as personnel and/or hired external employees and parents, so that these users can log in to the service and therefore work with the service.
To provide the communication functions and administrative functions to users: Konnect processes personal data of data subjects and the organization and its employees in order to use the communication functions and administrative functions available within the service.
To provide support to users of the Service: Konnect processes personal data of data subjects and the organization and its employees, in order to provide support with questions or problems.
In order to maintain Konnect services and to be able to continue developing Konnect: In addition, Konnect is further developed and maintained by us. During this work we may come into contact with the Personal Data.
To guarantee continuity and availability of the service and personal data processed within it: Konnect processes personal data of data subjects and the organization and its employees, in order to guarantee the continuity and availability of the services.
No personal data is analyzed on the basis of which (automated) decisions are made. As stated in the GDPR/AVG, there is therefore no 'profiling' within Konnect's systems.
Duration of data processingKonnect uses the following retention periods for the processed personal data:
- Customers: Up to 8 years after the end of the agreement (accounting retention period)
- Users: Up to 1 year after the end of the agreement
- Children: Up to 1 year after the end of the agreement
- Parents/guardians: Up to 1 year after the end of the agreement
- Employees: Up to 1 year after the end of the agreement
In addition, different retention periods apply to the following categories of data:
- Planning information: Maximum 1 year after the end of the agreement
- Presence information: Up to 3 years
- Audit log information: Up to 1 year after recording
- Sent notifications and emails: Up to 1 year after sending
Recipients of collected personal data
Konnect has automated links with different packages. Depending on the packages with which the Client works, personal data is exchanged with these packages. The packages with which Konnect links with which personal data is exchanged can be divided into the following categories:
- Child planning
- Employee planning
- Business Intelligence
Konnect only transfers personal data to these packages on behalf of the Client and within the framework of the Client's processes.
We do not provide any personal data to other parties (third parties), unless this is necessary to report criminal offences.
Location of processing of personal dataThe processing of personal data within Konnect's own communication platform takes place entirely within the Netherlands. To provide support, support software is used by our internal organization. Helpdesk tickets with questions or reports are processed in the United States within systems that have committed to the agreements of the EU-US Privacy Shield. Clear agreements have been made within the EU-US Privacy Shield to deal adequately with the personal data of European citizens. Together with our customers, we strive to make personal data within helpdesk tickets illegible as much as possible. We do this, for example, by only communicating internal identification numbers and making names and photos unreadable in screenshots. However, it can sometimes happen that personal data is communicated via Helpdesk tickets.
Data securityWe apply technical and organizational security measures throughout the company to protect your personal data and guarantee your privacy. We do everything we can to take appropriate measures, given the state of the art. We periodically check whether our measures are still adequate. This is done through risk analyses, internal controls and independent audits. For example, our technical platform is periodically tested by an external party for possible vulnerabilities via a PEN test. We then make every effort to ensure that vulnerabilities found are remedied. Our employees are obliged to maintain secrecy and are periodically screened for their behaviour. You can expect us to do everything that is reasonably expected of us to guarantee your privacy.
Below you will find some of our most important security measures that we have taken:
- Infrastructural security measures: Konnect uses firewalls, port forwarding and management access via VPN.
- Secure connection via TLS (formerly SSL): Personal data (and all other data) is sent via an encrypted connection.
- Secure data storage: Photos and videos are stored encrypted, where the encryption takes place with a unique key per client;
- Access security and role-based authorization: Access is granted based on username and a strong password (minimum 10 characters). Mechanisms have been applied to prevent (brute force) unauthorized access. System functions and data are assigned to users through role-based authorization. The user's role in the system determines which functionality and data are available.
- Recording audit trails: Important user actions, such as (failed) login attempts, logging out and sent notifications are recorded in an audit trail. This can be traced back to the user and the IP address. For example, abuse of an individual user or abuse from a specific IP address can be detected.
- Periodic security test (PEN test): Our software is checked regularly, but at least every two years, for security vulnerabilities by an external reputable security expert
Security inextricably integrated within the Konnect organization: Konnect has provided its processes, business environment and internal systems with security measures, based on a risk-driven information security process. Information security is included as an integral part of the periodic evaluation and management processes.
Security incident or data breachWhen there is a security incident, such as theft of a laptop or a hack in our systems, we respond immediately. We investigate whether it concerns a security breach (weakness in our security) or a data breach (loss or unlawful processing of your data). We will close security and data breaches as soon as possible. In the event of a data breach, we will inform the Client within 24 hours, so that they can inform the Dutch Data Protection Authority within 72 hours, unless it is unlikely that the data breach poses a risk to your privacy. We support the Client in reporting the data breach. Is it a data breach with a high risk to your privacy (for example, if a lot of or sensitive data has been leaked)? Then the Client is also obliged to report the leak to you (the data subject). If you have found a security incident or data breach at Konnect, please send an email to email@example.com immediately or report it to our Data Protection Officer.
Responsible disclosureAt Konnect, we attach great importance to the security of our systems. Despite our concern for the security of our platform, it is possible that there is a weak spot in our security measures. In our Client disclosure we describe how we deal with the handling of vulnerabilities found in our security.
So-called technical cookies (also called session cookie) are used. These are cookies that have the sole purpose of relating a request sent by a user to the information stored for that user on the server (in the session). No use is made of third-party cookies or tracking cookies (from Facebook or Google, for example).
Your rightsOn the basis of the law, you can exercise certain rights with regard to your personal data. You have the right to inspect and correct your personal data. You also have the right, in certain cases, to request the Client to have certain personal data (such as photos, videos and daily reports of your children) removed or to limit the processing thereof. Finally, you can object to the processing referred to above, insofar as this provides for your specific situation.
You can direct a request for inspection, correction or deletion of data to the Client. They will further assist you in handling your request. There will be a response within 4 weeks at the latest.
You also always have the right to submit a complaint in connection with the processing of personal data by Konnect. You can submit this complaint to Konnect, so that we can respond to it. It is also possible to submit your complaint directly to the Dutch Data Protection Authority. The contact details of the Dutch Data Protection Authority can be found here. We prefer to be informed first in the event of a complaint, so that we can see what we can do to resolve your complaint.
Data Protection Officer
For questions or complaints about your data, data processing and the protection of your privacy, you can contact our Data Protection Officer (also referred to as Data Protection Officer or DPO):
Tappersweg 14 unit 39
2031 EV Haarlem
IntroductionAt KidsKonnect we attach great importance to the security of our systems. Despite our concern for the security of our platforms, it is possible that there is a weak spot in our security measures. If you have found a weak spot in one of our systems, we would like to hear about it so that we can take measures as quickly as possible. This allows us to better protect our customers and systems.
We ask you
- Email your findings to firstname.lastname@example.org.
- Not to abuse the problem by, for example, downloading more data than is necessary to demonstrate the leak or to view, delete or modify data from third parties,
- Do not share the issue with others until it is resolved and erase all confidential data obtained through the vulnerability immediately after the vulnerability is closed,
- Not to use attacks on physical security, social engineering, distributed denial of service, spam or third party applications, and
- Provide sufficient information to reproduce the problem so that we can resolve it as quickly as possible. Usually, the IP address or URL of the affected system and a description of the vulnerability will suffice, but more complex vulnerabilities may require more.
What we promise
- We will respond to your report within 3 business days with our assessment of the report and an expected resolution date,
- If you have complied with the above conditions, we will not take legal action against you regarding the report,
- We will treat your report confidentially and will not share your personal information with third parties without your permission, unless this is necessary to comply with a legal obligation. Reporting under a pseudonym is possible,
- We will keep you informed of the progress of solving the problem,
- In reporting the reported issue, we will list your name as the discoverer if you wish, and
- As a thank you for your help, we offer a reward for every report of a security problem unknown to us. We determine the size of the reward based on the seriousness of the leak and the quality of the report, with a minimum of a voucher of €50.
- We aim to resolve all issues as quickly as possible and would be happy to be involved in any publication of the issue after it has been resolved.