STIOKids logo STIOKids · Legal information
Privacy protection and data confidentiality

Privacy Policy

STIOKids is committed to protecting the privacy and security of data related to children, parents, and staff in preschool institutions. This Privacy Policy explains what data we process, how we use it, and how we protect it.

STIOKids processes data exclusively on behalf of preschool institutions and never uses it for its own purposes.

Last updated: 01.04.2026.
Applies to the STIOKids website and platform

1. Who we are

STIOKids is a digital platform designed for preschool institutions to manage daily activities, communicate with parents, and support administrative and developmental processes in kindergartens.

For the purposes of personal data protection, preschool institutions using STIOKids act as data controllers, while STIOKids acts as a data processor, in accordance with the contractual relationship and applicable regulations.

Important:
The kindergarten owns the data and determines the purpose of processing, while STIOKids acts as a technical partner and data processor.

2. What data we process

Depending on how the platform is used and which features the institution chooses to use, STIOKids may process the following categories of data:

Children’s data

  • first and last name
  • date of birth
  • attendance and stay records
  • developmental data, observations, and notes entered by the institution
  • information about allergies or other important health notes, when recorded by the institution

Parent or guardian data

  • first and last name
  • email address
  • phone number
  • data necessary for communication with the institution

Employee and system user data

  • first and last name
  • job title or role in the system
  • user accounts and access rights

Technical and security data

  • IP address, when required for security and access logging
  • device and browser type
  • activity and login logs
  • technical records necessary for security, stability, and audit trail purposes

3. How we use data

Data is processed exclusively for purposes necessary to provide the service and ensure the platform functions properly, including:

  • enabling the use of system features
  • tracking children’s attendance
  • communication between the institution and parents
  • monitoring developmental and administrative processes
  • maintaining the security, stability, and reliability of the system
  • fulfilling legal and contractual obligations

STIOKids does not sell data and does not use it for its own marketing purposes without an appropriate legal basis.

4. Legal basis for processing

Data processing may be based on one or more of the following legal grounds:

  • performance of the contract between STIOKids and the preschool institution
  • compliance with the institution’s legal obligations
  • legitimate interest in relation to security, technical maintenance, and system improvement
  • consent, where applicable and required under applicable regulations

5. Data sharing and partners

STIOKids does not share data with third parties except where necessary to provide the service, technical infrastructure, or where required by law.

For hosting and technical infrastructure purposes, we use trusted partners within the European Union, including hosting providers such as Hetzner Online GmbH.

With partners involved in data processing, STIOKids has concluded a Data Processing Agreement (DPA), which includes confidentiality and data protection obligations in line with applicable privacy standards.

Such partners act solely on STIOKids’ instructions and are not permitted to use the data for their own purposes.

6. Data retention

Data is retained for as long as necessary to provide the service, for the duration of the contractual relationship with the institution, and to comply with legal obligations.

Once retention is no longer required, data is deleted, anonymized, or archived in accordance with legal obligations and internal data governance rules.

7. Data security

STIOKids applies appropriate technical and organizational protection measures to ensure the confidentiality, integrity, and availability of data.

  • access control and user permission management
  • secure communication protocols
  • secure data storage on servers within the European Union
  • restricted access to data according to user roles
  • activity monitoring and audit logs for security and traceability
  • infrastructure and server protection
  • system monitoring and regular security checks
  • contractual confidentiality safeguards with relevant partners

For more detailed information on system protection, availability, access, and technical safeguards, please also see our Data Security page.

8. User rights

In accordance with applicable data protection regulations, data subjects may have the right to access, rectify, erase, restrict processing, and exercise other rights provided by law.

However, since preschool institutions are the data controllers, all requests related to exercising these rights must be submitted directly to the institution using the STIOKids platform.

STIOKids does not independently decide on the purpose or method of processing end-user data, but acts solely on the institution’s instructions and, upon request, provides technical support in implementing those rights.

9. Cookies

Our website may use cookies and similar technologies to improve the user experience, security, and analytics.

More information is available in the document Cookie Policy.

10. Contact

For questions related to privacy, data security, or this Privacy Policy, you can contact us via email at:

info@stiokids.com

This Privacy Policy may be updated periodically to reflect legal, technical, and business changes.