Data Protection Information for parents

Data Protection Notice for Parents

The official language is German. In case of doubt, the German version shall prevail.

We respect and protect your privacy – it does not matter if you are a child, a custodian or parent in terms of §§ 1626-1698b BGB, an authorised or an interested person. Below, you will get a detailed overview of your or your child’s personal data that we collect and how we process them. We also inform you about your data protection rights and to whom you may refer with your questions concerning the protection of your data.

About Us             

Controller (responsible for data processing):

educcare Bildungskindertagesstätten gGmbH

Alter Markt 36-42

50667 Köln

phone: 0221 466 194 00

fax: 0221 466 194 99

Managing directors: Axel Thelen, Marcus Bracht



Kita GmbH

Alter Markt 36-42

50667 Köln

phone: 0221 466 194 00

fax: 0221 466 194 99

Managing directors: Axel Thelen, Marcus Bracht

We are a German, nationally recognised independent provider of educational childcare centres (“Bildungskindertagesstätten”), and we support municipalities and companies in matters of planning, constructing and organising childcare centres. The data processing is necessary for serving the purposes mentioned below.

Concerning questions about this Data Protection Information, processing of your data, your rights or other data protection topics, our Data Protection Officer (DPO) would be pleased to help you.

Contact Data of the DPO for the above-mentioned companies:

Der Datenschutzbeauftragte

Alter Markt 36-42

50667 Köln

To whom this information refers

This Data Protection Information refers to the children, cared by us, and their parents and custodians as well as interested persons.


Your obligations

For using our offer, we ask you to give us personal data within the framework of our business relationship.

Additionally we process your data for preserving our legitimate interests based on a balance of interests, so we can make sure that our services will improve.

We also offer services for which we need your consent to process your data. Giving your consent is always voluntary. If you deny or withdraw your consent, it won`t have consequences for the business relationship between us.

Please be aware that, if you deliver us information about other (further) persons, you will need their approval and you will have to inform them – regarding this Data Protection Information – about the purpose of forwarding their data in advance.

Which data will be processed?

Processed data, processing purposes and legal bases

  • Processing data for the initiation of a contract is necessary for deciding about the allocation of available places in the childcare centre.
  • Processing data for the fulfilment of a contract are necessary for enabling the whole workflow of childcare in our facilities and for meeting our obligations. This includes the filing of applications for and the realization of approved integration measures. Picture and audio records of your child, created by us, are used for the educational documentation (“Bildungsdokumentation”) in order to identify the belongings, the whereabouts or the personal spaces of children. In addition, they serve as a medium for reflection with children, interaction consulting, for internal case discussions, parent-educator talks, trainings and work documentation by placing pictures on the walls of our rooms.
  • In the framework of our company communication, we process your data in order to create invitations for events, for sending information and materials about our campaigns and for the organisation of events.
  • Our accounts receivable department processes data for execution and fulfilment of legal standards (especially tax law, commercial law, communal guidelines for collecting child data and registering children, specific country rules for operating methods of childcare centres as well as for data administration and fulfilment of contracts.
  • For the purpose of subsidy management, we process data in order to apply and keep up the operating licence, to apply and account subsidies, to fulfil legal statistic requests and for economic controlling.
  • If your commune approves of benefits (i. e. Bonus Card; social educational or participation benefits (“Leistungen aus Bildungs- und Teilhabepaket”) for using the services of a childcare centre, we process your personal data for accounting.
  • We process the employer confirmation (“Bestätigung des Arbeitgebers”) for the allocation of places in the childcare centre and for accounting.
  • Measles vaccination: According to section 20(IX) sentence 1 and section 20(X) sentence 1 of the German Infection Protection Act (Infektionsschutzgesetz or IfSG) any person that shall attend a childcare centre is obliged to prove to have a sufficient protection against measles provided by vaccination or due to immunity, or that they may not receive vaccination due to medical contraindication. For that purpose we ask for evidence as described in section 20(IX) sentence 1 of the Infection Protection Act and keep record of the fact that evidence was submitted. This is required for complying with a legal obligation (Art. 6 (I) (c) GDPR).In addition, we are obliged to notify the competent health office about
    • any person who has not submitted such evidence before the beginning of childcare, or who will not be able to acquire or complete sufficient protection by vaccination timely, or
    • any person who had already been in childcare on 1 March 2020 and who does not provide such evidence until 31 July 2021,

(see section 20(IX) sentence 4 and section 20(X) sentence 2 of the Infection Protection Act). The data that will be reported are described in section 2 no. 16 of of the Infection Protection Act. The notification is required for complying with a legal obligation (Art. 6 (I) (c) GDPR).

In addition, we process your data in the framework of initiation and fulfilment of contracts (Art. 6 (I) (b) GDPR), as well as on the basis of several laws concerning the operation of childcare centres and early childhood education (such as German SGB VIII, BStatG, specific country rules for operating methods of childcare centres, and communal rules for the use of childcare facilities) (Art. 6 (I) (c) GDPR).

Furthermore we process data in the framework of consents (Art. 6 (I) (a) GDPR).

In addition, the data mentioned above are used for the following purposes in the context of a balance of interests (Art. 6 (I) (f) GDPR). The interests are described below:

1. As it is our legitimate interest to improve our service, we regularly organise opinion surveys.

2. We use your name and your address for sending event invitations, information and materials for our campaigns as well as for the organisation of events due to our legitimate interest of communicating these topics.

3. We process your data for purposes of managing our company, for identification and persecution of financial risks, for concentrating our sales activities and for fulfilment of (contractual) obligations regarding our customers. For that purpose, the processed data will be used for the creation of reports and for evaluation. The processing takes place for protecting our legitimate interests in company and sales management as well as for fulfilment of our obligations regarding our customers.

4. As it is in our interest to ensure the security of our systems, we regularly conduct security and efficiency tests that allow us to process your above-mentioned data.

5. In case of a security incident in our company concerning your data, we are obliged to inform the Data Protection Authority in charge (Art. 33 GDPR). As it is our legitimate interest to meet this legal obligation immediately, possibly data may be processed during clearing up of the concerned security incident. Reports to the Data Protection Authority do not contain any personal data.

6. We perform (internal) audits and other control activities (e.g. data protection officer’s monitoring activities), because it is our legitimate interest to comply with legal provisions, to obtain transparency about our business processes, to constantly optimise these processes and to prevent and identify harmful acts against our business. In doing so, documents or data sets with your personal data may be processed.

7. We perform internal and external audits for the acquisition and retention of certifications, as well as for the compliance with our customer’s requirements and quality standards. Furthermore, our customers or external sources perform their own audits. In doing so, documents which contain your personal data may be processed.

8. For meeting our tax-law obligations, we engage tax counsellors. Furthermore, we engage financial auditors for meeting our duty of auditing the financial statements according to § 316 (1) Commercial Code (or German “Handelsgesetzbuch”, short HGB). Finally, as it is our legitimate interest to cooperate with auditors from tax authorities in order to prove the correct invoicing and financial statements. Documents which are regarded for these purposes may contain your personal data.

9. In case of controlling the disposition of public benefits, the Controlling Authority may see documents, containing personal data. However, as secret carriers controlling authorities are obliged to professional discretion.

10. Our clients have a legitimate interest in obtaining statistic data for demand planning and controlling from us.

11. Since it is our interest to solve legal disputes, we process your data in that specific case. It is also in our interest, in the event of litigation, to keep evidence until all relevant statutory limitation periods pursuant according to sections 195ff. of the German Civil Code, have expired. For this purpose, we retain the relevant data about you in accordance with these limitation periods. The retention periods cannot be globally predicted, since they depend on the particular matter in dispute and the respective statutory limitation period, which can be up to 30 years. The regular limitation period is three years.

12. In addition, it is in our interest to investigate suspected cases and to hand over relevant information to law enforcement authorities in case of a specific criminal suspicion.

13. Errors can occur to anyone and in any organisational process. In order to optimise our processes and minimising our error rate, we process the data which are available to our company for identifying sources of error. The processing takes place in order to protect our legitimate interests in the improvement of our processes.

14. We process your data for testing IT systems and software products and for migrations. The processing is necessary for satisfying our legitimate interest in evaluating if new products are correct and if migrations are complete.

15. For the purpose of promotion and subsidy management, we process data in order to apply for and retain an operating licence, for application for subsidies, fort he compliance with legal statistics requirements, and for business-management controls. For that purpose, we have to provide our external sources with evidence for the use of subsidies and personnel.

16. We maintain a black list, which lists former customers or prospects whom we no longer wish to begin business relations with. For example, repeated payment failures as well as contract-abusive, deceitful or business-damaging behaviour count to the reasons. The processing occurs in line with the freedom of contract for the protection of our legitimate interest in protecting our company against financial damages or defamation.

Overview of processed data

Data Initiation of a contract Fulfilment of a contract (Childcare contract) Company communication Accounts receivable Subsidy management Benefits ( i. e. BonusCard/ BuT) Data for employer confirmation Measles vaccination
Parents’/custodians’ details (e.g. surname, first name, family status, date of birth, citizenship, contact data, fulltime/halftime employment) x x x x x x x
Child’s details (e.g. surname, first name, date of birth, place of birth, denomination, citizenship, siblings) x x x x x x x
Details of persons authorised to collect child (e.g. surname, first name, date of birth) x x x
Short-time childcare costs x x x x
Catering costs x x x x x
Care time x x x x x
Desired date of start x x x x x x
Child´s health details (e.g. medical prevention, particularities, allergies, vaccinations, contagious diseases, vaccination consultation) x x x
Expert opinions, diagnoses, treatment plans, results of examinations, decisions x x
Eating habits x
Desired scope of childcare x x x x x x x
Catering scope x x x x x x x
Kind of childcare (“Krippe”/nursery, “Kita”/childcare) x x x x x x x
Current childcare x
Observation form (surname, date of birth, date, time, age: years-months, name of observer, observation)  


Contact data of parent/custodian and child (address, street, city, post code, phone number, email)  












Occupation (parent/custodian) x x x x x x
Ordered promotion materials x
Given consents x x
Date of receipt of postcard order x
Postage and interest for new cards x
Child’s diseases/permanent disturbances  






Parents’ bank details (account holder, IBAN/account number, BIC or bank code, bank, credit institute)  






Fee for childcare category x x x x x x
Billing and accounting data (i. e. customer number, amount, invoice line items)  






Information about ordered materials (e.g. surname, contact data, ordered items) x
Statement of youth welfare office x x x
Physical development    x x x
Language ability x x x
Emotional development x x x
Daily routine x x x
Movement behaviour x x
Playing behaviour x x
Emotional development: prevailing mood x
Accounting data x x x x
Child’s audio and photo recordings x
Evidence for measles vaccination or medical contraindication x
Date of examination x
Child’s name x
Child’s gender x
Child’s date of birth x

Deletion period (or retention period)

After closing a childcare contract, the processed data will be deleted 10 years after final clearing with the public benefit communes. The deadline begins at the end of the year of the final clearing for the last childcare centre year („Kitajahr“) or calendar year of the childcare contract. For example: If the contract ends on 31.07.2016 and the final clearing of this contract took place in 2017, the deletion period ends on 31.12.2027.

Data which will are processed due to integration measures will be deleted after completion of such measures.

Origin of data

Beside the data, which you (or an authorised person) gave us, we receive personal data from communes and educational childcare centres („Betriebskindertagesstätten“), as well as from our clients. In addition, we receive data from doctors in the context of integration measures.

Who receives your data?

The following list shows which organisations (“data recipients”) receive your data in which cases. You can read about the specific data in the corresponding sections of this data protection notice. Transfer of your data may sometimes occur due to contractual or legal requirements. In other cases, we use selected vicarious agents and service providers who work for us as com-missioned data processors (in accordance with Art. 28 GDPR) and may obtain access to your data in the required scope. Commissioned data processors are subject to numerous contractual obligations and may, in particular, process your personal data only on our instructions and solely for the fulfilment of the orders received from us.

  • Agencies
  • Employer of the parent/custodian
  • Auditors
  • Employers and communes
  • Banks, payment service providers
  • Authorities for operating license
  • Call centres
  • Data Protection Officer
  • Service providers for mass file destruction
  • Service providers for printing, letter shops
  • Service providers for customer surveys
  • Service providers for mailing and logistics
  • educcare Lösungen für Familie und Beruf GmbH (for supporting the development of pedagogical work in our facilities)
  • Recipient’s e-mail provider
  • Tax authorities
  • Courts, lawyers, contractual partners, consultants, business partners, law enforcement authorities, opposing lawyers, state or federal criminal police (for legal disputes or actual suspicious cases)
  • Health Office (in order to comply with the German Infection Protection Act)
  • Service providers for debt collection
  • IT service providers
  • Public or legal auditors appointed by our clients (communes and companies) or other external sources
  • Public external sources
  • Tax counsellors
  • Service providers for telecommunication
  • Financial auditors

Data Recipients in Non-EU Countries

Our IT service providers in the EU have affiliates or subcontractors outside the EU that can access your data. The EU Commission determines which non-EU/EEA countries (third countries) have an adequate level of data protection. Our service provider is responsible for using EU standard contractual clauses in accordance with Commission Decision No. (EU) 2021/914. A model of these EU standard contractual clauses can be found on the websites of the EU Commissioner for Justice and in the Official Journal of the EU.

Your rights

You have the legal right to:

  • Access to your personal that we process (Art. 15 GDPR)
  • Rectification and completion of your data (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
    Data portability (Art. 20 GDPR)
  • Withdrawal of your consent (Art. 7 GDPR) with effect for the future. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
  • You have the right to demonstration of your own point of view and refutation of an automated decision (Art. 22 GDPR).
  • You also have the right to object to the processing of your data which is based on our legitimate interests or the legitimate interests of a third party at any time, on grounds relating to your particular situation (Art. 21 GDPR). This also applies to profiling based on these provisions within the meaning of Art. 4 (4) GDPR.
  • Objection to direct marketing – You have the right to object to the processing of your data for the purpose of direct marketing at any time without giving reasons.

To exercise these rights, you can contact us via the contact details mentioned above.

You also have the legal right to lodge a complaint with a data protection supervisory authority (Art. 77 GD

Log in with your credentials

Forgot your details?