Privacy Policy
Data Controller
Kids Ascension Academy is operated by Kids Ascension Association, a registered non-profit under Austrian law.
Association Details
Kids Ascension Academy
Wirtschaftspark 2/5B
7032 Sigleß
Austria
ZVR Number
1741964130
Contact
Supervisory Authority
Austrian Data Protection Authority (Datenschutzbehörde)
Barichgasse 40-42, 1030 Vienna, Austria
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: www.dsb.gv.at
Definitions
“Personal Data” means any information relating to an identified or identifiable individual. “Processing” means any operation performed on Personal Data such as collection, storage, use, disclosure, or deletion.
Personal Data
We collect the following personal data when you use our website or mobile app:
- Name
- Email address
- Password (encrypted)
Usage Data
We collect data about how you interact with our services, such as:
- Visited pages and viewed content
- Clicks and navigation paths
- Time spent on pages
Device Information
We collect information about the devices you use to access our services, including:
- IP address
- Browser type and version
- Operating system
- Device type and model
- Unique device identifiers (e.g. device ID, advertising ID)
Location Data
If you allow location access in your device settings, we may collect approximate location data to provide relevant content or technical support.
App Data (Mobile Application)
When using our mobile app, we additionally collect:
- App usage statistics
- Crash reports (via Firebase Crashlytics)
- Push notification tokens
Legal Basis for Processing
We process your data based on:
- Consent (Art. 6 (1) a GDPR), e.g. for newsletters or location access
- Contract performance (Art. 6 (1) b GDPR), to provide our services
- Legitimate interests (Art. 6 (1) f GDPR), e.g. ensuring security, preventing fraud, and improving user experience
Purpose of Processing
We process your personal data for the following purposes:
Account Creation and Management
To allow you to create and manage your user account on our website and mobile app.Service Provision
To provide access to our learning content, courses, and interactive features.Communication
To send you service-related notifications, confirmations, and updates. If you have subscribed to our newsletter, to send you news and inspirational content via GetResponse.App Functionality and Improvements
To ensure the technical functionality of our website and app, perform troubleshooting, analyze usage, and continuously improve our services and user experience.Security and Fraud Prevention
To detect, prevent, and address technical issues, misuse, or fraudulent activities.Legal Compliance
To fulfill legal obligations, such as responding to requests from authorities.
Legal Basis
The processing of your data is based on:
Contract performance (Art. 6 (1) b GDPR)
For providing our services, managing your account, and fulfilling user agreements.Consent (Art. 6 (1) a GDPR)
For sending newsletters, processing special categories of data if applicable, or accessing device location if you enable it.Legitimate interests (Art. 6 (1) f GDPR)
For ensuring IT security, improving services, and preventing fraud or misuse.Legal obligations (Art. 6 (1) c GDPR)
When processing is necessary to comply with Austrian or EU law.
Overview
We use trusted third-party service providers to support the operation of our website and mobile app. These providers process personal data on our behalf in accordance with data protection laws and only to the extent necessary to provide their services.
Amazon Web Services (AWS)
Purpose: Hosting and server infrastructure for our website and app backend.
Provider: Amazon Web Services EMEA SARL, Luxembourg
Data processed: All data stored and processed on our servers (e.g. account data, usage data).
Location of processing: European data centers. In some cases, data may be accessed from other AWS locations with appropriate safeguards in place.
Firebase (Google)
Purpose: Authentication, real-time database, cloud storage, push notifications, analytics, and crash reports.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Services used:
Firebase Authentication
Firestore Database
Firebase Cloud Messaging
Firebase Analytics
Firebase Crashlytics
Data processed: Login data, device data, app usage data, crash diagnostics, push tokens.
Location of processing: EU data centers where available. Data may be transferred to the USA under Standard Contractual Clauses.
GetResponse
Purpose: Email marketing and newsletter distribution.
Provider: GetResponse S.A., Gdansk, Poland
Data processed: Name, email address, subscription preferences.
Location of processing: EU servers.
Google Analytics
Purpose: Analysis of website traffic and user behavior to improve our services.
Provider: Google Ireland Limited
Data processed: IP address (anonymized), device and browser data, usage data.
Location of processing: EU and USA with Standard Contractual Clauses in place.
Other Recipients
We do not share personal data with third parties for commercial purposes.
Data may be disclosed to authorities if legally required.
Data Transfer Outside the EU/EEA
Some of our service providers may process your personal data in countries outside the European Union (EU) or the European Economic Area (EEA), such as the United States.
Safeguards
Whenever we transfer data to a country without an adequacy decision by the European Commission, we ensure appropriate safeguards are in place to protect your personal data, including:
Standard Contractual Clauses (SCC) approved by the European Commission
Additional security measures where required, such as data encryption and strict access controls
Examples of International Transfers
Firebase (Google): Data may be processed in the USA under Standard Contractual Clauses.
Amazon Web Services (AWS): Primarily processed within EU data centers; access from other AWS regions may occur under strict safeguards.
Your Rights Regarding Data Transfers
You have the right to request a copy of the safeguards used for international data transfers. For inquiries, please contact us at info@kids-ascension.org.
Retention Period
We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
Specific Retention Periods
Account Data: Retained for as long as your user account is active. If you delete your account, your personal data will be deleted within 30 days unless legal obligations require longer retention.
Communication Data (Emails, Support Requests): Retained for up to 3 years to respond to any follow-up inquiries and for documentation purposes.
Newsletter Data: Retained until you unsubscribe from the newsletter or withdraw your consent.
Usage and Analytics Data: Retained for up to 26 months for analysis and service improvement purposes.
Legal Obligations: Data required under tax, association, or other legal obligations may be retained for the duration of the mandatory retention periods (typically 7 years under Austrian law).
Deletion Procedures
Personal data is deleted or anonymised once the retention period expires, unless further storage is required for legal claims or compliance reasons.
Use of Cookies
Our website and mobile app use cookies and similar tracking technologies to provide essential functions, improve user experience, and analyze usage.
What are Cookies?
Cookies are small text files stored on your device by your browser or app. They help us recognise your device and store preferences or actions over time.
Types of Cookies and Tracking Technologies
Necessary Cookies: Required for the basic functionality of our website and app, such as authentication and security features.
Functional Cookies: Remember your preferences and settings to enhance usability.
Analytics Cookies: Collect information on how users interact with our website and app (e.g. Google Analytics, Firebase Analytics) to improve our services.
Push Notification Tokens: Used to send push notifications via Firebase Cloud Messaging in our app.
Managing Cookies and Tracking
You can control or delete cookies through your browser settings. In mobile apps, you can manage permissions and tracking preferences in your device settings. Please note that disabling certain cookies may affect functionality.
Consent for Cookies
Where required by law, we ask for your consent before using non-essential cookies or analytics tools.
Protection of Children’s Data
Our services are specifically designed for children and teenagers under the supervision and consent of their parents or legal guardians.
Minimum Age Requirements
In accordance with GDPR and Austrian law, children under the age of 14 require parental consent to use our services. We do not knowingly collect personal data from children under 14 without such consent.
Parental Consent
Parents or legal guardians must provide consent for the collection and processing of their child’s data. They can review, update, or request deletion of their child’s data at any time by contacting us at info@kids-ascension.org.
COPPA Compliance (USA Users)
If our services become available in the United States, we will comply with the Children’s Online Privacy Protection Act (COPPA), including obtaining verifiable parental consent before collecting personal data from children under 13.
What Data is Collected from Children?
We collect only the necessary personal data to provide our educational services, such as:
Account information (name, email, password under parental registration)
Usage data to personalise learning experiences
Parental Rights
Parents have the right to:
Review their child’s personal data
Request deletion of their child’s data
Withdraw consent at any time
To exercise these rights, please contact info@kids-ascension.org.
Your Rights Under GDPR
As a data subject under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:
Right of Access (Art. 15 GDPR)
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to that personal data and information about its processing.Right to Rectification (Art. 16 GDPR)
You have the right to request the correction of inaccurate personal data concerning you and to have incomplete data completed.Right to Erasure (Art. 17 GDPR)
You have the right to request the deletion of your personal data where certain grounds apply, such as when data is no longer necessary for the purposes for which it was collected.Right to Restriction of Processing (Art. 18 GDPR)
You have the right to request restriction of processing under certain circumstances, for example if you contest the accuracy of the data.Right to Data Portability (Art. 20 GDPR)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit those data to another controller.Right to Object (Art. 21 GDPR)
You have the right to object to the processing of your personal data where processing is based on legitimate interests, including profiling.Right to Withdraw Consent
Where processing is based on your consent, you may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.
How to Exercise Your Rights
Mobile App Permissions
Our mobile app may request access to the following device permissions to provide full functionality:
Internet Access: Required to connect to our servers and provide content.
Push Notifications: To send you updates, reminders, and inspirational messages (Firebase Cloud Messaging).
Device Storage: To temporarily store cached content for smoother performance.
Approximate Location (optional): If enabled by you, to tailor content or for technical support purposes.
Firebase Services Used in the App
Data Collected via the App
Account details (name, email, encrypted password)
Device information (model, operating system, unique identifiers)
App usage data (visited content, interactions)
Crash reports (technical error details)
Push notification tokens
Google Play Data Safety Requirements
In compliance with Google Play requirements, we disclose the above data types collected by our app. This information is visible in the Play Store under “Data Safety”.
Apple App Store Privacy Details
Similarly, data types collected by the app are listed in the App Store under “App Privacy” to ensure transparency and compliance with Apple’s guidelines.
Policy Updates
We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or data processing practices.
Notification of Changes
If we make significant changes, we will notify you by:
Posting an updated version on our website and app
Updating the “Last updated” date at the top of this Privacy Policy
Sending you a notification via email or within the app, where appropriate
Your Continued Use
Your continued use of our services after the publication of changes constitutes your acceptance of the updated Privacy Policy.
Contact for Data Privacy Inquiries
If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us at:
Kids Ascension Academy
Wirtschaftspark 2/5B
7032 Sigleß
Austria
Email: info@kids-ascension.org
Supervisory Authority
You also have the right to lodge a complaint with the competent data protection supervisory authority:
Austrian Data Protection Authority (Datenschutzbehörde)
Barichgasse 40-42
1030 Vienna
Austria
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: www.dsb.gv.at
