Privacy policy Stichting Kika Eindhoven / Veldhoven
Our responsibility and the applicability of this privacy policy
When it comes to the processing of your personal data, we are the so-called 'responsible' within the meaning of the General Data Protection Regulation (GDPR). This means that we decide which personal data is processed, for what purpose and in what way.
We are responsible for ensuring that your personal data is processed properly and carefully in accordance with the GDPR.
This privacy policy applies to all of our camps, sign up and agreement. By using our website or entering into an agreement, you indicate that you accept our privacy policy.
Which personal data do we process?
Personal data is any data that can provide information about an identifiable natural person.
We use and process, among other things, of your child (and you): name, address, telephone number, e-mail address, bank details, date of birth, photos, but also special data such as medical data, dietary requirements and/or proof of insurance or identity. We need this information to contact you, to be able to carry out and comply with the agreements made with you. Special data will be destroyed immediately after it is no longer necessary. This is usually 3 weeks after the relevant camp your child(ren) will be attending.
We can also use the (general) personal data to send you informative or commercial messages related to our camps. If you visit our website, we may be able to monitor your surfing behavior via cookies. More information about this can be found under the next heading.
What do we do with your data?
Execute agreement
We process this data to carefully and responsibly plan, organize and execute the holiday weeks. We provide this information to the camp coordinator and the relevant group management. We require these persons to handle this data carefully and to use it only for the purpose for which we make it available to them.
Nieuwsbrieven
Wij houden onze ouders en leiding en zij die daar toestemming voor hebben gegeven, graag op de hoogte en kunnen de persoonsgegevens ook gebruiken voor het versturen van (elektronisch) nieuwsbrieven.
Cookies
Our website may use (external) cookies. You will be asked if you wish to accept them or you can set your browser to automatically accept or refuse cookies. Cookies are small text files that can be placed on your computer to help us or third parties analyze how visitors use our site. The information generated by the cookies about your use of the website may be transferred to our own servers or those of a third party, such as Google.
Medical information
In some situations it is necessary for the camp leader to be aware of certain medical or health information, such as allergies or medication use. These details are filled in by a parent/guardian on the digital registration form and on the home visit form. These forms are carefully kept in a locked space during a camp and digitally stored securely. The forms are only visible to the camp coordinator and the group leaders of the camp where your child(ren) are registered and will be destroyed 3 weeks after the end of the camp week.
Security of personal data
We also think it is important that your data is safe, which is why we take appropriate technical and organizational measures to prevent the loss, misuse or theft of your personal data. The data is stored, secured with a password and the persons who work with it are bound by confidentiality (declarations).
Retention period of personal data
We do not store your personal data longer than necessary for the purpose of the processing, but this may differ per situation. We use the legal retention and/or prescription periods as a reasonable starting point. Special personal data will be destroyed 3 weeks after a holiday week.
Pictures
During the camps we take pictures of the children. We use this to offer you this digitally after the camp via a link. If you object to this, you can make this known to the relevant camp coordinator before the camp.
You can object to photos to be put on Social Media when registering.
Your rights
You have the right to inspect the personal data that we process, the right to correct this data or to have it removed. You also have the right to request us to transfer the digital data we process to a third party to be specified by you.
If you want to know which personal data we process from you, you can submit a written request for access to us.
You can send your written requests to:
Stichting Kika Eindhoven/Veldhoven
Subject: Privacy rights
Allersma 17
5655CA Eindhoven
Register of processing activities
On the basis of the General Data Protection Regulation (GDPR), the Kika Foundation Eindhoven – Veldhoven keeps a record of why we collect personal data, what data we collect, from whom and who has access to this data.
Verwerkingsverantwoordelijke
Wij zijn de verwerkingsverantwoordelijke in de zin van de AVG. Binnen onze organisaties zijn de kampcoördinatoren verantwoordelijk voor de verwerking van de(ze) persoonsgegevens.
Register
Categories of personal data, sorted by basis:
Agreement data
Purpose of the processing:
• Arranging and executing an agreement (camp week or volunteer agreement, etc.);
• Optimally organizing a camp week;
• Providing aftercare.
Whose data is processed:
Children, parents/carers, interested parties, volunteers/and suppliers.
Which data is processed:
Name, address, place of residence, telephone number(s), email details, bank and insurance details and dates of birth.
Special personal data:
If applicable and relevant to the performance of the agreement:
• VOG (certificate of conduct);
• medical data regarding medication use, allergies and/or behavioral characteristics;
• dietary requirements;
• religion and/or;
• insurance/ID card.
Who works with this:
Camp coordinators and management of children's holidays; they can consult, enter and mutate this data.
Who is data shared with:
No one, in exceptional cases or in the event of incidents with medical care providers and/or third parties, only if necessary for the correct execution of the agreement.
Data for (marketing and) communication purposes – after permission has been given
Purpose of the processing:
Informing and approaching through newsletters, offers and/or other direct marketing purposes.
Whose data is processed:
Children, leadership and interested parties.
Which data is processed:
Name, address, place of residence, telephone number(s), email details and dates of birth.
Special personal data:
None.
Who works with this:
Camp coordinators and/or members of the PR committee. They can consult, enter and mutate this data.
Who is data shared with:
No one, except and insofar as for the stated purpose of processing, use is made of external systems.
Retention periods
We will not store the (personal) data obtained for longer than necessary for the processing purpose and will destroy or archive it after this period. The following principles apply as a starting point with, as a minimum, the legal and/or fiscal (retention) periods:
Details of participants in holiday(s) and their parents/carers:
During the legal archiving period, to be increased by 1 year and a minimum duration of 5 years. Special personal data will be deleted 3 weeks after a holiday week.
Interested:
1 year, unless there are reasons to keep this data longer
Volunteers:
During the legal archiving period, to be increased by 1 year and a minimum duration of 5 years. Special personal data will be deleted 3 weeks after a holiday week.
Suppliers:
During the legal or otherwise contractually agreed warranty or limitation period, to be increased by 1 year from the date on which an agreement was executed, with a minimum duration of 5 years.
Direct marketing:
As long as the data subject has not revoked his consent and/or as agreed in our company's privacy statement.
Other information:
Subject to legal and/or tax terms or otherwise necessary for the processing purpose, 2 years.
Technical and organizational measures we take to secure personal data.
We will take all necessary precautions that can reasonably be expected of us to secure the data we process.
Our organization will limit the group of persons who have access to only those persons who need to have access to this data. The data will be stored on a computer with a valid password that will be changed periodically. The computer will be equipped with updated software and the necessary software to prevent unauthorized access to this data (such as a current virus scanner and firewall), given the current state of the art.
If this data is shared or stored externally (in a Cloud), we will require that this organization at least meets the aforementioned security standard.