Dibber Personal Data Notice
Contents
1. Introduction
Dibber®’s purpose is to develop lifelong learners with a heart for the world™ with state-of-the-science and state-of-the-art education services. For us to fulfil this purpose it is essential for us to collect and otherwise process personal data of children, Caregivers, Additional Caregivers, employees, Users of our Dibber app™ as well as all other persons who are somehow involved in the world’s most important job (capitalized words you find explained in section 2 if not defined elsewhere). We are uncompromisingly committed to collect and otherwise process and protect personal data in the appropriate way. We collect personal data directly when people enquire about, show interest in, apply for and agree to admission to Dibber, receive education services from us, use the Dibber app, use our websites, are involved in marketing or marketing-related events, such as the distribution of newsletters, surveys or receiving offerings; request guidance or submit complaints or apply for a position with us. We may also collect information indirectly in different situations, such as when a complaint or non-conformity report contains information about people, we are involved in a transaction or when a Caregiver appoints an Additional Caregiver. We promise to do our outmost to ensure your right to privacy, including to keep your personal data safe and secure. We have prepared this statement about our processing of personal data and data protection to explain our processing and protection of personal data and to inform you which rights you have in this relation (our "Personal Data Notice").
"Dibber", "we", "our" and "us" may refer to, as determined by the context, the limited liability company Dibber AS, a Norwegian private limited liability company, having the organisation number 998 831 067; the Dibber Group; the Dibber Extended Dibber Group and any Dibber Education Services Provider.
The Dibber Group and the Extended Dibber Group spans numerous Dibber Education Services Providers and Dibber Education Units around the world, delivering state-of-the-science and state-of-the-art education services under or associated with trademarks such as CreaKids, Creation, Children’s International School (CIS), Dibber Play School, Dibber International Preschool, Dibber International Preschools, Himpelchen und Pimpelchen, Læringsverkstedet, Pilke, Pilke päiväkodit (Pilke Kindergartens), Pilke perhepalvelut (Pilke Family Services), Pilke lastenhoito (Pilke Childcare) and Pilke iltapäiväkerhot (Pilke Afternoon Clubs). Dibber AS is the ultimate parent company and owner, operator and licensor of the Dibber app and all other Intellectual Property in the Dibber Group and the Intellectual Property being licensed in the Extended Dibber Group. Importantly, with respect to personal data, Dibber AS is also the data controller for all our processing of personal data and have the responsibility to ensure that all processing of personal data takes place in accordance with Applicable Data Protection Law.
We often refer to the GDPR in our Personal Data Notice, which is an EU/EEA-particular regulation. You may have accessed this Personal Data Notice from outside the EU/EEA and be subject to other Applicable Data Protection Law. You are, however, still the target audience of this Personal Data Notice. GDPR is by many considered the 'gold standard' of regulation of personal data and the protection of such data. In response to the extreme surge of electronic data available online, EU regulators adopted the GDPR to ensure control data processing, ensure a high protection of personal data and to prevent security breaches across all member states of the EU/EEA. As we strive to ensure appropriate processing personal data and privacy for all our employees, Users, Additional Caregivers and other data subjects, we have decided to use the GDPR as a baseline globally. Differences because of differences in national law exist both within the EU/EEA and outside the EU/EEA.
Our Personal Data Notice has five sections in addition to this introduction. In section 2 you will find definitions for terms not defined elsewhere. General information with respect to our processing of personal data across the globe are in section 3, while the country-specific particulars just mentioned are described in section 4. If you have an inquiry or complaint, please go to section 5, where you find our contact information. We may make changes to our Personal Data Notice from time to time and this is elaborated on in section 6.
2. Definitions
In addition to other definitions made in this statement, these apply (singular and plural as applicable):
"Additional Caregiver" means any caregiver or contact person for a child additional to a Caregiver, as appointed by a Caregiver.
"Applicable Data Protection Law" means the applicable legislation protecting individual’s right to data protection and privacy with regard to the processing of personal data under this Dibber Personal Data Notice.
"Caregiver" means a guardian or other legally designated caregiver, natural or legal, of a child (including a parent) receiving education services from a Dibber Education Services Provider.
"Dibber app" means the software(-as-a-service) provided by Dibber and a Dibber Education Services Provider delivered through browsers or dedicated applications developed for Android OS, iOS, macOS and Microsoft Windows and any other means to the User.
"Dibber Education Services Provider" means the legal entity in the Dibber Group or, as applicable the Extended Dibber Group, that is the provider of education services to a caregiver through a Dibber Education Unit in the individual instance.
"Dibber Education Unit" means the unit through which the Dibber Education Services Provider is providing its education services in the individual instance (for example a kindergarten or school).
"Dibber Group" means Dibber AS and the entities that are directly or indirectly controlled (including jointly controlled) by Dibber AS or self-owned but incorporated by the former group of entities to serve its purpose.
"education services" means all types of education services, such as for early childhood development those operated under the labels kindergarten, nursery, daycare, childcare centre, creche, pre-school and pre-primary school, play school and before-and-after programmes and other services and for later childhood development those provided under the labels school and before-and-after programmes and other services and other services as well as associated services.
“EU/EEA” means the European Economic Area, namely the European Union Member States along with Iceland, Liechtenstein and Norway.
"Extended Dibber Group" means the Dibber Group together with Dibber Education Services Providers that are not part of the Dibber Group but associated with the Dibber Group by way of a collaboration or cooperation, such as in a joint-venture or franchise.
"GDPR" means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
"Intellectual Property" means any and all intellectual property and intellectual property rights (and any right to apply for the registration of such rights and all renewals and extensions), throughout the world, whether industrial or copyright or other, existing now, registered or registerable, and includes but is not limited to the property and rights in respect of or associated with: company and other entity names; trade names; logos; characters; trademarks; service names; service marks; domain names; innovations; patents; industrial designs and other designs; trade secrets (comprising, inter alia, such as strategy, tactics, systems, documentation, policies and codes of conducts, manuals knowledge, know-how, skills, practices, processes, concepts, developments, methodologies, improvements and confidential information in general); software, computer programs, applications, source code, object code; copyrights (including future copyrights and rights in the nature of or analogous to copyright) and goodwill.
"User" means a Caregiver, any Additional Caregiver, employees of Dibber and any other Dibber Education Services Provider or any other user of the Dibber app.
"User Data" means information uploaded onto the Dibber app by any User, including information about a child or a User, and such information in another way collected by Dibber or a Dibber Education Services Provider.
Data protection and privacy terms such as “personal data”, “processing”, “restriction of processing”, “profiling”, “pseudonymization”, “filing system”, “controller”, “processor”, “recipient”, “third party”, “consent”, “personal data breach”, “genetic data”, “biometric data”, “data concerning health”, “main establishment”, “representative”, “enterprise”, “group of undertakings”, “binding corporate rules”, “supervisory authority”, “cross-border processing”, “relevant and reasoned objection”, “information society service”, and “international organization”, shall have the meaning as defined in the GDPR, unless Applicable Data Protection Law requires otherwise.
3. Global
3.1. Introduction
We process personal data for various purposes which you will find described in section 3.2. We provide you information about our information security to protect personal data in section 3.3. We use sub-processors in order for us to provide the best possible services, and you will find information regarding this in section 3.4. Information pertaining to transfers of personal data outside of the EU/EEA is providedin section 3.5. In section 3.6 you will find a summary of your rights with respect to our processing of personal data.
Note that we often refer to the GDPR, which is an EU/EEA particular regulation, in this Global section 3. You may have accessed this Data Protection Statement from outside the EU/EEA and you may be subject to other Applicable Data Protection Laws. You are, however, still the target audience for this Data Protection Statement. Our reason for generally referring to the GDPR is that this regulation is by many considered the ‘gold standard’ of data protection and privacy regulations. In response to the explosion of online data, EU regulators adopted the GDPR to ensure a high protection of personal data, prevent security breaches and control data processing across all member states of the EU/EEA. As we strive to ensure the data protection and privacy for all our employees, Users, Additional Caretakers and other data subjects, we have decided to use the GDPR as a global baseline. Note, however, that differences due to national law may apply. You will find such differences in section 4. Note that differences may also apply to different EU member states, as the laws are not entirely harmonized. Such differences may also be listed in section 4.
3.2. Our processing of personal data
3.2.1. Introduction
We process personal data to provide education services from our Dibber Education Units. This is explained in section 3.2.2. A particular matter is our use of our Dibber app, and our processing with respect to this is described in section 3.2.3. An account with respect to Additional Caregivers and processing of personal data is provided in section 3.2.4. Our processing of personal data for the purpose of recruiting is described in section 3.2.5. How we process personal data as to employees, external staff and guests is described in section 3.2.6. We also process personal data for other purposes, which is described in section 3.2.7.
Unless something else is specified, we process the personal data for as long as it is necessary to achieve the purpose described in our Personal Data Notice.
3.2.2. Processing of personal data to provide education services
3.2.2.1. Introduction
Our processing of personal data to provide services from our Dibber Education Units is made on various legal bases as described in section 3.2.2.2 to Feil! Fant ikke referansekilden.
3.2.2.2. Performance of the contract or pre-contractual requests
In order to prepare for and perform agreements with respect to admissions in our education units we process the following categories of personal data about the Caregiver of the child, the child itself and siblings as well as employees and other resources at Dibber (processing of information about siblings is only relevant when both the child and the sibling are admitted to or are to be admitted to the same Dibber Education Unit):
Data Subject | Categories of personal data | Personal Data |
|---|---|---|
Communication data | Start/end of communication, message size, context, etc. | |
Dibber employees | Work related information | Role/position, organization, and relevant work related contact information, photography, videos and audio, social security numbers, bank details, union membership, age, sex, etc. |
Personal contact information | Name, e-mail address, address, telephone number, etc. | |
Sibling | Family relation information | Name, Caregiver(s) and/or Additional Caregiver(s) name, sibling name, birthdate |
Child | Child information | Name, Caregiver(s) and/or Additional Caregiver(s) name, sibling name, sibling relations, sex, birthdate, social security number, nationality, sleep cycles, eating levels, pedagogic level data, absence and absence reasons, personal weight and height, medical conditions relevant for daycare operations, photography, video and audio |
Other | Usage of rebate schemes and government grants, photography, video and audio, etc. | |
Communication data | Start/end of communication, message size, context, etc. | |
Caregiver | Personal contact information | Name, e-mail address, address, telephone number, etc. |
The legal basis for this processing is the GDPR Article 6 no 1 (b). For countries outside the EU/EEA please see section 4.
Unless there is another legal basis for processing, we only process these personal data for as long as necessary to perform the agreements.
3.2.2.3. Legal obligation
In order to comply with legal obligations applicable to us, for instance an obligation to provide a safe and satisfactory educations services, we process these ordinary categories of personal data and special categories of personal data as to the daily activities in our education units:
The legal basis for the processing of the ordinary personal data is the GDPR Article 6 no 1 (c) and for the special categories of personal data it is the GDPR Article 9 no 2 (g) cf Article 6 no 1 (c). Some jurisdictions may have Applicable Data Protection Law that serve as a legal basis for such processing. For such local particularities please confer with section 4.
Unless there is another legal basis for processing, we only process these personal data for as long as necessary to perform the agreements.
3.2.2.4. Legitimate interest
We may process personal data of data subjects who may act as an Additional Caregiver as follows
Data subject | Personal data | Special categories |
|---|---|---|
Additional Caretaker | Name, e-mail address, address, telephone number, relation to the child or Caregivers, photography, video and audio | N/A in EU/EEA areas. For other areas this may be defined in section 4. |
An Additional Caregiver is, for example, a relative or someone with a close relationship with the child or the Caregiver, such as friends of Caregivers, a babysitter or an au pair. The legal basis for the processing of personal data of an Additional Caregiver is legitimate interest, cf GDPR Article 6 no 1 (f). For countries outside the EU/EEA please see section 4. We have a legitimate interest to ensure that the person delivering or picking up a child is appointed by a Caregiver to take the responsibility for the child. Further, if we are unable to reach the respective Caregiver, it may be necessary to notify someone else if something urgent or important occurs. We retain and process personal data regarding Additional Caregivers as long as it is necessary to achieve the purpose.
Generally, we may also process personal data of data subjects involved in the performance of our education services for archiving purposes for up to three years after the performance of the services. Data sometimes must be stored for archiving purposes for the public interest or where similar legitimate interests apply. The data will be archived safely, masked, and will only be used for other processing activities than archiving after an independent assessment whether there are legitimate interests for further processing.
Unless there is another legal basis for processing, we only process these personal data for as long as necessary to fulfil a legitimate interest.
3.2.2.5. Picture, video and audio and associated information
Photography, video and audio are important in almost every aspect of society, also in early childhood development and for education services specifically. We want to record and share events and the good experiences children, our employees and other trusted persons have within our organisation and with Caregivers, Additional Caregivers and society also when we may not rely on the other legal bases for processing. We therefore collect what we refer to as internal purposes and external purposes consents for us and trusted partners and other third-parties globally to record children, Caregivers, Additional Caregivers, employees and other trusted persons with photography, video and audio and use these media as follows
Consent | Content of consent | Detailed description if relevant |
|---|---|---|
Use photography, video and audio in press coverage and similar | Press and similar institutions are interested in what people are up to, also the children and employees of our Dibber Education Units. Occasionally they visit one or more of our Dibber Education Units to find out what is hot or not. We are important to society and open to those who seek information about us and what we do, which is the purpose of this processing. | |
External purposes consents | Use photography, video and audio for our and trusted partners’ websites, newsletters and social networks and other channels | We want to share the good experiences the children and our employees have not only within Dibber and with Caregivers and Additional Caregivers but also with society. A Dibber Education Unit may want to advert a child’s birthday in the local newspaper. We want to show others how good times we are having in a local, national, regional or global marketing campaign. One purpose of this processing is to enable us to provide the best possible basis for wellbeing for children, Caregivers and Additional Caregivers as well as our organisation and to provide the best possible education services. Another purpose, as we believe we have something special to deliver in our state-of-the-art education services and want to develop as many lifelong learners with a heart for the world as possible, is that we want to share what we do with society and market our education services. |
Share photography, video and audio in closed groups in other online and offline networks and the like | Sometimes social media (other than the social media functionality in the Dibber app) are used to facilitate communication with and among Caregivers and Additional Caregivers and us. The purpose of this processing is to enable us to provide the best possible basis for wellbeing for children, Caregivers and Additional Caregivers as well as our organisation and to provide the best possible education services. | |
Share photography, video and audio in the Dibber app (or another app used for our provision of education services) | Photography, video and audio can be uploaded to the Dibber app, shared and made available for downloading among Caregivers, Additional Caregivers and children and us. We may, for instance, show the children play tag in one of our daily summaries. The purpose of this processing is to enable us to provide the best possible basis for wellbeing for children, Caregivers and Additional Caregivers as well as our organisation and to provide the best possible education services. | |
Internal purposes consents | Use photography, video and audio in or in association with the provision of our education services in general | Children at Dibber are encouraged to develop and use creativity and craftmanship, and this often involves photography, video and audio. What they and our employees make is often put up on the wall or brought home and elsewhere. Installations with photography, names and birthdays are common in our Dibber Education Units, important information for many children to make known. Employees at Dibber may want to document an event with children and Additional Caregivers to show to Caregivers or to our organisation otherwise (also the Extended Dibber Group). A photography of children and employees may be used in an annual plan for Dibber. Some Dibber Education Units keep "class photos", graduation binders and similar in memory of the children that have moved on to new ventures. Observation with recording of children, employees, students or researchers with photography, video and audio is important for knowledge about early childhood development and the quality of education services. A professional photographer takes portrait and group pictures of the children Caregivers can buy. A Christmas card of the department in a Dibber Education Unit is sent to all Caregivers, Additional Caregivers and perhaps within our organisation. The purpose of this processing is to enable us to provide the best possible basis for wellbeing for children, Caregivers and Additional Caregivers as well as our organisation and to provide the best possible education services. |
Record with photography, video and audio | The main motive can be your child, Caregivers, Additional Caregivers or employees, such as when a child is wearing a birthday hat, blowing out the candles on the cake or someone is singing the birthday song (a "portrait recording"); or a situation, indoors or outdoors, such as when a group of boys and girls enjoy a good game of soccer or play tag (a "situation recording"). The purpose of this processing is to enable the processing described otherwise in this table. |
As you may gather, internal purposes consents refer to consents where the processing of photography, video and audio is limited to the confines of Dibber, its trusted partners and children, Caregivers and Additional Caregivers; and external consents refer to processing involving the public space. The legal basis for this processing is GDPR Article 6 no 1 (a). For countries outside the EU/EEA please confer section 4. Please note, as mentioned, that the use of photography, video and audio may be permitted on other legal bases than these consents. We may also collect specific consents in addition to those described in this notice.
Unless there is another legal basis for processing, we only process these personal data as long as necessary for the provided consent. You can always choose to withdraw or adjust consents you have provided. You can do this in the Dibber app or, if not possible in the Dibber app, by contacting us at consentmanagement@dibberfamily.com. After withdrawal we shall no longer process the relevant data and delete them to the extent within our control, unless something else is required by law or another legal obligation.
3.2.3. Processing of personal data in the Dibber app or similar apps
3.2.3.1. Introduction
We use the Dibber app or similar apps (referred to only as the Dibber app below for ease of communication) to enable Caregivers and Additional Caregivers to communicate with us in an easy manner.
3.2.3.2. Processing of personal data regarding Users
When Users create an account on the Dibber app, we collect the following categories of personal data from the User, our customer relationship management system or a person appointing another person as contact person:
Personal data | Purpose | Legal basis |
|---|---|---|
Name, phone number, email address, address, photography, video and audio, IP-address, username, relation, place of work, preferred language | Provide access to the app, identify the correct User, provide the Dibber app services | GDPR article 6 no 1 (b) |
Dibber also processes User Data.
3.2.3.3. Processing of personal data regarding children
For children with admitted to one of our education units we may collect the following personal data from the Caregiver, User, Additional Caregiver, the child or our customer relationship management system:
Personal data | Purpose | Legal basis |
|---|---|---|
Special categories of personal data: Health information, e.g. allergies, medicines, vaccination status, physical and/or mental difficulties, sleep cycles, eating levels, pedagogic level data, absence and absence reasons, personal weight and height, medical conditions relevant for daycare operations | Provide a safe and satisfactory kindergarten experience in accordance with a legal obligation. Provide communication with Caregiver or Additional Caregivers regarding Child health information and other information to secure a safe and satisfactory kindergarten. | If in EU/EEA, GDPR Article 9 no 2 (g), cf, Article 6 no 1 (b), cf. the Applicable Data Protection Law if described in section 4 |
Ordinary personal data: Name, date of birth, photography, video and audio, address, nationality, Caregiver and/or Additional Caregiver | Provide a safe and satisfactory kindergarten experience in accordance with a legal obligation. | If in EU/EEA, GDPR Article 6 no 1 (b), cf. the Applicable Data Protection Law if described in section 4 |
3.2.4. Processing of personal data regarding an Additional Caregiver
The data mentioned in relation to Additional Caregiver may be processed in the Dibber app.
3.2.5. Processing of personal data for recruiting
We may collect the following categories of personal data in connection with recruiting:
Data subject | Personal data (including special categories, if applicable) |
|---|---|
Applicants and candidates | Name, age, sex, e-mail addresses, phone numbers, education, previous employers, criminal record certificate, trade union membership, social security number |
The legal basis for this processing is the GDPR Article 6 no 1 (b). If your application contains special categories of personal data, our basis for this processing is the GDPR Article 9 no 2 (a) cf the GDPR Article 6 no 1 (b). For countries outside the EU/EEA please see section 4.
All applications that have not been considered are stored in our electronic archive for up to six months before being deleted. You can withdraw your job application at any time, and we will delete the information you have provided in connection with this application. If we consider your application but do not give you an offer, we will only store the information you have provided in the recruitment process if you have given your consent that this information may be stored. You may withdraw your consent at any time. The legal basis for this processing is the GDPR Article 6 no 1 (a). For countries outside the EU/EEA please see section 4.
3.2.6. Processing of personal data concerning employees, external resources and guests
We collect, use, store and otherwise process personal data about our employees, external resources and guests in the operation of our business. External resources refers here to workers who are not employed by Dibber but who may have access to Dibber’s facilities and information systems as consultants or similar. Guests refers here to trusted individuals granted temporary permission to Dibber’s facilities and information systems. We process personal data about these data subject primarily for managing our employment relationship or engagement with them and to facilitate them with workplace facilities and access to information systems. We may collect these categories of personal data about them:
We process employee and external resources’ personal data primarily to administer the employment agreement, engagement agreement or similar arrangement we have made. The legal basis for processing is the GDPR Article 6 no 1 (b).
We may also process employee, external resources or guest personal data for other legitimate business purposes, such as general business management and operations, disclosures for auditing and reporting purposes or for due diligence in mergers and acquisitions. We may also use business data and workplace, device and content data for organisational and individual analytics and data insight purposes to improve our operations and the experience of employees, external resources and guests. We may also process your personal data to investigate potential violations of law or violations of our policies. The legal basis for the processing of personal data for these purposes is our legitimate interest, cf the GDPR Article 6 no 1 (f). For countries outside the EU/EEA please confer with section 4.
We may also process your personal data when necessary to comply with laws and regulations, including collecting and disclosing personal data as required by law (such as labour laws, health and safety laws, anti-discrimination laws, global migration laws, whistleblowing procedures and data subject rights), under judicial authorisation or to exercise or defend our legal rights. The legal basis for the processing of ordinary personal data is the GDPR Article 6 no 1 (c), and for the special categories of personal data it is the GDPR Article 9 no 2 (g) cf Article 6 no 1 (c). For countries outside the EU/EEA please see section 4.
Dibber will only share your personal data with those who have a legitimate need for it. Your personal data may be shared within the Dibber Group, within the Extended Dibber Group and with other third parties, including service providers, for the abovementioned purposes. Third parties are only permitted access to your personal data as outlined in this Personal Data Notice and in compliance with our internal data handling guidelines and Applicable Data Protection Law. For countries outside the EU/EEA please see section 4.
If not specified otherwise, we retain and process personal data as long as it is necessary to achieve the purpose described in this section.
3.2.7. Processing of personal data for other purposes
3.2.7.1. Introduction
We process personal data for the purposes described in section 3.2.7.2 and section 3.2.7.3. If we receive other personal data than the aforementioned, we will make a concrete assessment to determine the legal basis for processing that personal data. We retain and process these personal data as long as it is necessary to achieve the purpose described in this section if not something else is specified.
3.2.7.2. Marketing, including surveys
We perform marketing, including the distribution of newsletters, surveys, offerings and other forms of individual communication by such as e-mail and text messaging, to those that have registered the relevant information and provided the required consent. You can always choose to withdraw or adjust consents you have provided. After withdrawal we shall no longer process the relevant data and delete them to the extent within our control, unless something else is required by law or another legal obligation.
When we conduct surveys, we will always inform about its purpose and whether it is anonymous or not. We will not share the data with others or use the data for purposes other than those specified. If the survey is anonymous, we will not collect any information that can be linked to you. If the survey is not anonymous, we may identify those who have answered the survey.
The legal basis for this processing is consent, cf the GDPR Article 6 no 1 (a). For countries outside the EU/EEA please see section 4.
3.2.7.3. Use of cookies and other tracking technologies
We use cookies and other tracking technologies (together “cookies”) to ensure that you get the best user experience. When you use one or more of our resources, such as our webpages and the Dibber app, we assume you accept our use of cookies. Please see the Dibber Cookie Statement available at www.dibber.com for more information about how we use cookies. Note that cookies are regulated differently in different countries. You may find country-specific information in section 4 on local particulars.
3.3. Our information security
We have robust routines and comprehensive measures to ensure that unauthorized persons do not gain access to your personal data and that processing of personal data is made in accordance with requirements of applicable law. Important such measures are risk assessments; implementation of technical, organisational and physical measures, such as access control, encryption and archiving and archiving routines as well as other routines for handling personal data and following up requests regarding the right of access, correction, and deletion. There are routines in place for notification in accordance with Applicable Data Protection Law in the event of a breach of data security or suspicions of this.
We may use the data we collect about you when we have reason to believe that it is necessary to identify, contact or take legal action against individuals or companies that may harm you, us or others. We may also disclose your information when we believe the law requires it.
3.4. Who we share personal data with
Introduction
We will not share your personal data with third parties unless there are circumstances where such sharing is necessary for supporting our business operations, to provide our services to you or to support you. We may share your data with the following categories of recipients:
The Dibber Group
We may transfer your personal data within the Dibber Group or as relevant the Extended Dibber Group. The relevant entities will act as a sub-processor to Dibber AS and the processing will be subject to a data processing agreement.
Third parties
We only use authorized third parties (sub-processors) for assistance in the development, operation, and delivery of our IT-systems. Our sub-processors are committed through data processing agreements to comply with Applicable Data Protection Law, and have the necessary technical, organizational, and physical measures to safeguard personal data.
We may provide other Users, Caregiver and Additional Caregivers, trusted partners and other third parties, such as municipalities, health institutions and welfare institutions, with personal data when necessary for the daily operations of our education services, provided that there is a legal basis for such processing.
3.5. Transfer of personal data outside the EU/EEA
Transfer to third countries outside the EU/EEA will only take place if there is a legally valid transfer mechanism under the GDPR. For the transfer of personal data to or from countries outside the EU/EEA, where the GDPR is not the Applicable Data Protection Law, please also see section 4. For any questions concerning the transfer of your personal data outside the EU/EEA or to obtain more information about the safeguards that we use for such transfers, please see section 5.
3.6. Your rights with respect to our processing of personal data
3.6.1. Introduction
You have the following rights when we are processing your data:
-
Right to information
-
Right to access personal data
-
Right to rectification of personal data
-
Right to erasure of personal data
-
Right to restriction of processing of personal data
-
Right to object to the processing of personal data
-
Right to data portability
-
Right to withdraw your consent if our processing is based on consent
-
Right to lodge a complaint to your local data protection supervisory authority
3.6.2. Access to your own data
You may request a copy of all the information we process about you. The data will then be disclosed to you in a secure manner. Unless you request otherwise, the information shall be provided in a commonly used electronic format and encrypted.
3.6.3. Rectification of personal data
You may ask us to correct or supplement data that is incorrect or misleading.
3.6.4. Erasure of personal data
You may ask us to delete data about yourself. It is possible that we are obliged to retain the data in accordance with applicable law or other obligations.
3.6.5. Restriction of processing of personal data
You may also ask us to restrict the processing of data about you. It is possible that we are obliged not to restrict our data processing in accordance with applicable law.
3.6.6. Object to processing of personal data
If we process data about you on the basis of our tasks or on the basis of a balance of interests, you have the right to object to our processing of data about you.
3.6.7. Data portability
If we process data about you on the basis of consent or contract, you can ask us to transfer data about you to you or another data controller or processor. If it is technically possible, we may send this data directly to a new data controller or processor. If not, we will send the data to you. The information is provided in a regular electronic format and encrypted.
4. Local particulars
4.1. Introduction
We have presence in different countries across the globe. Many of these countries have country-specific law, that is relevant to you and not others. In this section you can find information with respect to this.
4.2. Finland
Not in use
4.3. Germany
4.3.1. Introduction
In this section 4.3 you will find specific information concerning Germany which may not be relevant for other countries we are present in.
4.3.2. Legal obligation
Regarding the processing of special categories of personal data described in section 3.2.2.3 the legal basis is also Section 22 no.1 of the German Federal Data Protection Law (in German Bundesdatenschutzgesetz (BDSG) in conjunction with Section 22 of Book Eight of the German Social Code (in German 8. Sozialgesetzbuch (SGB VIII)).
4.3.3. Consent
Regarding the processing of personal data described in section Feil! Fant ikke referansekilden. the legal basis is also Section 26 no.1 and no.2 of the German Federal Data Protection Law (in German Bundesdatenschutzgesetz (BDSG).
4.4. India
4.4.1 Introduction
In this section 4.4 you will find specific information concerning India which may not be relevant for other countries we are present in.
4.4.2 Our processing of personal data
Our processing of personal data is insofar as India concerned based on various consents provided by or for the various data subjects.
4.4.3Security measures
Our information security, as described in section 3.3, satisfy the requirements for reasonable security practices and procedures under the Indian Information Technology Act, 2000.
4.4.4Grievance officer
If you have any grievances with respect to our data processing, you may contact our grievance officer, who is one of our data protections officers, as guided in section 5.
4.5. Latvia
Not in use
4.6. Norway
4.6.1. Introduction
In this section 4.6 you will find local specific information concerning Norway which may not be relevant for other countries Dibber is present in.
4.6.2. Dibber Education Units
In the Dibber Education Units located in Norway the vast majority of personal data will be used, stored and otherwise processed in order to carry out tasks pursuant to the Kindergarten Act (barnehageloven) and the Education Act (opplæringslova). It follows from § 47a of the Kindergarten Act that the municipality and kindergartens may process personal data when it is necessary to perform tasks pursuant to the law. We may also process personal data in accordance with the regulations on a framework plan for the content and tasks of kindergartens.
4.6.3. Use of cookies on Norwegian Dibber websites
When visiting our Norwegian websites consent may be regulated in accordance with the Electronic Communications Act (ekomloven) section 2-7 b), which implements the rules of the EU directive 2009/136/EC regarding the use of cookies, in addition to the GDPR when applicable.
If you do not want cookies to be stored, you may change your browser setting. You may also delete existing cookies. You should note that you may experience reduced functionality on our websites by deleting or by not accepting cookies, such as user preferences.
4.6.4. Subscribing to newsletters and similar
The legal basis of processing your e-mail address in connection with our newsletter is consent, cf the GDPR Article 6 no 1 (a). Note that the provided consent will also serve as a consent in accordance with the Norwegian Marketing Act (markedsføringsloven) section 15.
4.7. Poland
Not in use
4.8. South Africa
Not in use
4.9. Sweden
Not in use
4.10. UAE
Not in use
5. Information or complaints about our processing of personal data
If you wish to exercise any of your rights under the Applicable Data Protection Law or seek more information about how we process your personal data, you may contact our data protection officers at: dpo@dibberfamily.com. If you wish to adjust or withdraw your consent for any data processing activities and are unable to do so from the Dibber app, you may manage your consents by contacting our dedicated team at consentmanagement@dibberfamily.com.
You are entitled to an answer without undue delay and no later than 30 days.
You may also lodge a complaint about our processing of personal data concerning you or a child to your local data protection supervisory authority. Please include the Dibber Education Unit in question in the inquiry, where applicable. A list of data protection authorities in the various EU/EEA countries on the date of this version of our Personal Data Notice may be found here.
If your country is not on the list, please check the country-specific information in section 4.
6. Changes to our Personal Data Notice
Our Personal Data Notice is intended to reflect our continuously evolving business. Hence, we may change or update our Personal Data Notice from time to time. All changes are effective from the date they are published. We encourage you to review our Personal Data Notice regularly, insofar as relevant. If we make substantial amendments, we may send you an email if your email address has been registered with us. The current version of our Personal Data Notice at any time can always be found on www.dibber.com.
* * *
The date of this version of our Data Protection Statement is 11 April 2024.