Legal
Privacy Policy
Last updated: 8 July 2026
KidLogg is committed to protecting your personal data and respecting your privacy. This privacy policy explains how KidLogg BV, the company behind KidLogg, collects, uses and protects personal data in accordance with the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679) and the Belgian Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data.
1. Data Controller
The data controller within the meaning of the GDPR is:
KidLogg BV
[ADDRESS], [POSTAL CODE] [CITY], Belgium
CBE number: [CBE NUMBER]
Email: privacy@kidlogg.com
Phone: [PHONE NUMBER]
For questions about the processing of your personal data, you may contact our Data Protection Officer (DPO):
Email: dpo@kidlogg.com
2. Scope
This privacy policy applies to:
- Visitors to the website kidlogg.com
- Customers (daycare managers) who create a KidLogg account
- Contacts who submit a demo request
Processor role: When a daycare uses KidLogg to manage data about children, parents and staff, KidLogg BV acts as a data processor on behalf of the daycare (the data controller). This processing is governed by a separate Data Processing Agreement. The daycare bears final responsibility for that data and must establish its own privacy policy towards the individuals concerned.
3. Personal Data We Process
A. Account data (KidLogg as data controller)
- Manager's first and last name
- Professional email address
- Name and address of the daycare
- Phone number
- Billing and payment details
B. Contact form data
- Name, email address, organisation name and an optional message
C. Usage and technical data
- IP address, browser and device information
- Pages visited, time of visit, referring URL
- Necessary and functional cookies (see section 9)
D. Daycare operational data (KidLogg as processor)
This data is processed solely on the daycare's instructions and falls outside this policy. It includes personal data of children (name, date of birth, medical notes) and parents. Daycares process special categories of data (health data of minors) and bear their own obligation to obtain explicit consent.
4. Purposes and Legal Bases
| Purpose | Legal basis (GDPR art. 6) |
| Account management and service delivery | Performance of a contract (art. 6.1.b) |
| Invoicing and accounting obligations | Legal obligation (art. 6.1.c) |
| Responding to contact and demo requests | Legitimate interests (art. 6.1.f) |
| Security and fraud prevention | Legitimate interests (art. 6.1.f) |
| Technical analysis and service improvement | Legitimate interests (art. 6.1.f) |
| Newsletter and commercial communications | Consent (art. 6.1.a) |
Where we rely on legitimate interests, these have been balanced against your interests and fundamental rights.
5. Retention Periods
- Account data: for the duration of the contract, plus 10 years after termination (accounting obligation)
- Contact form data: maximum 2 years after last contact
- Invoice data: 7 years (statutory accounting retention)
- Technical logs: maximum 12 months
After expiry of the retention period, your data is securely deleted or anonymised.
6. Recipients and Transfers
We do not share your personal data with third parties for commercial purposes. Data may be shared with:
- Sub-processors: cloud infrastructure providers (within the EEA only), payment processor, transactional email provider
- Competent authorities: where required by law (e.g. court order)
All sub-processors are contractually bound to the same protection standards. An up-to-date list is available on request at privacy@kidlogg.com.
International transfers: KidLogg stores data on servers within the European Economic Area. Where a sub-processor handles data outside the EEA, this is done solely on the basis of the European Commission's Standard Contractual Clauses (SCCs) or an adequacy decision.
Bot protection (Cloudflare Turnstile): Our contact form uses Cloudflare Turnstile to protect against spam and automated abuse. To distinguish humans from bots, Turnstile processes your IP address and browser and device signals on our behalf, on the basis of our legitimate interest in security and fraud prevention (art. 6.1.f). Turnstile may set a strictly necessary cookie for this purpose. For more information, see Cloudflare's Turnstile Privacy Policy.
7. Your Rights
Under the GDPR you have the following rights:
- Right of access (art. 15): You may request a copy of the personal data we process about you.
- Right to rectification (art. 16): You may have inaccurate or incomplete data corrected.
- Right to erasure (art. 17): You may request deletion of your data, unless we have a legal obligation to retain it.
- Right to restriction of processing (art. 18): In certain circumstances you may temporarily suspend processing.
- Right to data portability (art. 20): You may receive your data in a structured, commonly used, machine-readable format.
- Right to object (art. 21): You may object to processing based on legitimate interests or for direct marketing.
- Right to withdraw consent (art. 7): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
Exercise your rights by emailing privacy@kidlogg.com. We respond within 30 calendar days. Proof of identity may be requested.
8. Complaints — Data Protection Authority
If you believe your personal data is being processed unlawfully, you have the right to lodge a complaint with the supervisory authority:
Data Protection Authority (GBA/APD)
Rue de la Presse / Drukpersstraat 35, 1000 Brussels, Belgium
Phone: +32 2 274 48 00
Email: contact@apd-gba.be
Website: www.dataprotectionauthority.be
We do ask that you contact us first at privacy@kidlogg.com so that we can work towards a solution together.
9. Cookies
The kidlogg.com website uses cookies and similar technologies:
- Strictly necessary cookies: essential for the website to function (no consent required)
- Functional cookies: remember your preferences (e.g. language setting)
We do not use analytical or marketing cookies and do not share any data with advertising networks.
On your first visit, consent is requested via a cookie banner. You may change your preferences at any time.
10. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss or misuse. These include encryption of data in transit (TLS) and at rest, least-privilege access controls, audit logging of changes to sensitive data, automatic enforcement of retention periods, regular security audits and backup procedures.
In the event of a data breach that poses a risk to your rights and freedoms, we will notify the GBA/APD within 72 hours (GDPR art. 33) and inform you directly where necessary (GDPR art. 34).
11. Changes to This Policy
We may update this privacy policy from time to time. For material changes we will inform you by email or via a prominent notice on our website. We recommend checking this page regularly. The date of the last update is shown at the top of this document.
12. Contact
For questions, requests or comments regarding this privacy policy:
KidLogg BV — KidLogg
Email: privacy@kidlogg.com
DPO: dpo@kidlogg.com
Address: [ADDRESS], Belgium