KAIDAP – Privacy Policy

Last Updated: November 2025
Valid for 2026 under EU GDPR, Austrian DSG & TKG 2021

1. INTRODUCTION

This Privacy Policy explains how KAIDAP EU (“KAIDAP”, “we”, “us”) collects, processes, and protects personal data when you visit our website, register for programs, use our services, or communicate with us.

We comply with:

  • GDPR (EU 2016/679)

  • Austrian Data Protection Act (DSG)

  • Telecommunications Act (TKG 2021)

  • ePrivacy rules

We treat your data confidentially, transparently, and with the highest security standards.

2. DATA CONTROLLER

KAIDAP EU
Seitenstettengasse 5
1010 Vienna, Austria

Email: info@kaidap.com
Website: www.kaidap.com

KAIDAP EU is the Data Controller for all data processed via this website and all offered programs.

3. PERSONAL DATA WE COLLECT

3.1 Data You Provide

  • Full name

  • Email address

  • Phone number

  • Address

  • Parent/guardian contact details (for minors)

  • Child’s name, age or date of birth

  • Emergency contact

  • Optional health/safety information

  • Program/camp registration details

  • Payment-related information (processed only by payment providers)

  • Messages submitted via contact forms or email

3.2 Data Collected Automatically

Squarespace + CDN providers automatically collect:

  • IP address (short-term storage)

  • Browser type, version

  • Operating system

  • Device identifiers

  • Date/time of access

  • Pages visited

  • Referring/exit pages

  • Amount of transferred data

  • General location (city-level; no precise GPS)

  • Performance/security logs

3.3 Cookies & Tracking

We use:

  • Necessary cookies (essential)

  • Functional cookies

  • Performance/analytics cookies (Squarespace)

  • Security cookies

No intrusive advertising trackers are used.

4. PURPOSE OF DATA PROCESSING

We process your data for the following purposes:

  • To operate the website

  • To register and manage programs/camps

  • To communicate with parents/guardians

  • To process payments securely

  • To guarantee safety during athletic programs

  • To respond to inquiries

  • To comply with legal obligations

  • To ensure security, fraud prevention, and operational stability

Only strictly necessary data is collected.

5. LEGAL BASIS (GDPR)

  • Art. 6(1)(b) – Contract performance (registrations, bookings, communication)

  • Art. 6(1)(a) – Consent (media usage, optional health info, cookies)

  • Art. 6(1)(c) – Legal obligation (taxes, accounting)

  • Art. 6(1)(f) – Legitimate interests (security, quality of services)

Health data is processed only with explicit consent and only if voluntarily provided.

6. CHILDREN’S DATA

Since KAIDAP provides programs for minors:

  • Processing is only with consent of the parent/guardian

  • Data is used solely for program participation and safety

  • Health data is optional and deleted after program completion

  • No children’s data is shared with third parties for marketing purposes

  • Media usage (photos/videos) requires separate explicit consent

This section is fully compliant with GDPR Art. 8.

7. THIRD-PARTY SERVICE PROVIDERS

7.1 Squarespace (Hosting & CMS)

  • GDPR-ready

  • Uses global infrastructure

  • EU SCCs for international transfers

  • Stores data securely

  • Technical logs for security and analytics

7.2 Akamai CDN

  • Delivers website content

  • Collects minimal, non-identifying technical data

7.3 Payment Providers

(activated depending on your setup)

  • Stripe

  • PayPal

  • Apple Pay

All payment data is processed directly by providers — never stored by KAIDAP.

7.4 Email & Contact Tools

  • Squarespace Email Campaigns

  • Only with explicit opt-in

All providers operate under GDPR-compliant agreements.

8. DATA RETENTION

We retain data only as long as necessary:

  • Registration/program data: 24 months after participation

  • Payment/accounting data: 7 years (legal obligation)

  • Server logs: up to 30 days

  • General inquiries: 12 months

  • Health info: deleted immediately after program end

  • Media consent: until revoked

You may request deletion at any time unless retention is legally required.

9. DATA SECURITY MEASURES

We apply industry-leading protection:

  • SSL/TLS encrypted website

  • Encrypted data storage

  • Multi-layer firewalls

  • Access control & role-based security

  • Continuous monitoring

  • Regular security updates

  • Data minimization principles

  • Secure processing agreements with all service providers

10. DATA SHARING

We do NOT sell, rent, or trade personal data.

Data is shared only with:

  • Contracted service providers (hosting, payments, email tools)

  • Legal authorities when required

  • Safety partners with explicit consent

All third parties are contractually bound to GDPR standards.

11. INTERNATIONAL DATA TRANSFERS

Technical data may be processed outside the EU due to Squarespace’s global infrastructure.

These transfers rely on:

  • EU Standard Contractual Clauses (SCCs)

  • Additional encryption and safeguards

  • Restricted access policies

All sensitive data remains protected.

12. YOUR RIGHTS UNDER GDPR

You may request:

  • Access to your data

  • Correction

  • Deletion / Right to be Forgotten

  • Restriction of processing

  • Objection to legitimate interest processing

  • Data portability

  • Withdrawal of consent (e.g. media permission)

Requests must be sent to: info@kaidap.com

We respond within 30 days.

13. COOKIES & CONSENT MANAGEMENT

You will see a cookie banner on first visit.

You may choose:

  • Accept all

  • Decline non-essential

  • Customize settings

  • Withdraw consent anytime

Essential cookies cannot be disabled.

14. CONTACT FOR GDPR MATTERS

KAIDAP EU
Seitenstettengasse 5
1010 Vienna, Austria

Email: info@kaidap.com

If you believe your rights are violated, you may contact:

Austrian Data Protection Authority (DSB)
https://www.dsb.gv.at/

15. POLICY UPDATES

We may update this Privacy Policy due to:

  • legal changes

  • new features or services

  • security improvements

The newest version will always appear on this website