Privacy Policy
The protection of your personal data is a matter of particular importance to us. In this Privacy Policy we inform you, in accordance with Art. 13 and 14 of the General Data Protection Regulation (GDPR), about how we process personal data on this website.
1. Data Controller
The data controller within the meaning of the GDPR is:
KID-Institut – Bildungs- & Forschungs-Verein zu
Künstlicher Intelligenz & Digitalisierung
(Education & Research Association for Artificial Intelligence
& Digitalisation)
Erlafstraße 41, 3270 Scheibbs, Austria
Register number (ZVR): 1346623225
Email: office@kid-institut.org
Web: www.kid-institut.org
2. Data Collected and Purposes of Processing
We process personal data only to the extent necessary to provide our services or where you have given your express consent. Specifically:
2.1 Registration and Membership
During registration we collect: first name, last name, email
address, username, password (stored in encrypted form), address,
mobile number (optional), membership level and chosen project
access.
Purpose: Administration of association membership
and access to member areas and projects.
Legal basis: Art. 6(1)(b) GDPR (performance
of a contract / membership relationship).
2.2 Payment Processing
For processing membership fees we use the payment service
providers Stripe (Stripe Payments Europe, Ltd.) and PayPal
(PayPal (Europe) S.à r.l. et Cie, S.C.A.). Payment data
(credit card numbers, bank details) is processed exclusively
by these providers and is not stored on our servers. We receive
only a confirmation of successful payment.
Legal basis: Art. 6(1)(b) GDPR.
2.3 Newsletter
For the newsletter we collect your email address. Registration
is via a double opt-in procedure: you receive a confirmation
email, and by confirming it you give your consent. You may
unsubscribe at any time.
Legal basis: Art. 6(1)(a) GDPR (consent).
2.4 Server Log Files and Technical Operation
When you visit our website, our hosting provider (Hostinger)
automatically stores information in server log files: IP address,
URL accessed, date and time, data volume transferred, browser
type and operating system. These data are necessary to ensure
technical operation and are deleted after a maximum of 30 days.
Legal basis: Art. 6(1)(f) GDPR (legitimate
interest in the secure operation of the website).
2.5 Cookie Consent
When you visit this website, your cookie consent decision is
logged. This includes: IP address (anonymised), time of consent,
choice made, and the applicable policy version. This log serves
as proof of your consent in accordance with Art. 7 GDPR.
Legal basis: Art. 6(1)(c) GDPR (legal obligation).
2.6 Contact by Email
If you contact us by email, we store your email address and the
content of your message in order to process your enquiry. These
data are deleted after the matter is concluded, unless statutory
retention obligations apply.
Legal basis: Art. 6(1)(f) GDPR (legitimate
interest in responding to enquiries).
3. Recipients and Transfer of Data
Your data are not generally passed on to third parties, except in the following cases:
- Payment service providers: Stripe and PayPal receive the data necessary for payment processing.
- Hosting: Hostinger International Ltd., as our hosting provider, technically processes access data.
- KID-Institut projects: Within our single sign-on (SSO) system, when you log in to a project the following data are transmitted to that project: user ID, role, membership level for that project, and membership expiry date. Transfer only occurs to projects you actively access.
- Legal obligation: Where required by law, data may be disclosed to authorities.
Transfer to third countries outside the EU/EEA occurs only via Stripe and PayPal, who ensure an adequate level of data protection through EU Standard Contractual Clauses (SCC).
4. Social Media
Our website contains only simple hyperlinks to our profiles on the following platforms: Instagram, Facebook, X (Twitter), Discord and YouTube. Merely viewing these links does not transmit any data to those platforms. Data transmission only occurs when you actively click a link and visit the respective platform. The operators of those platforms are responsible for data processing on their sites. We have no influence over their data protection practices.
5. Retention Periods
| Data category | Retention period |
|---|---|
| Member data | Duration of membership + 7 years (statutory retention) |
| Payment data | 7 years (§132 BAO, Austrian tax law) |
| Newsletter consent | Until consent is withdrawn |
| Cookie consent log | 3 years |
| Server log files | Maximum 30 days |
| Email correspondence | Until matter is concluded, then deleted |
6. Your Rights
Under the GDPR you have the following rights:
- Right of access (Art. 15 GDPR): You may request information about the data stored about you.
- Right to rectification (Art. 16 GDPR): You may request correction of inaccurate data.
- Right to erasure (Art. 17 GDPR): You may request deletion of your data, provided no statutory retention obligations apply.
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR): You may object to processing based on legitimate interests.
- Right to withdraw consent (Art. 7(3) GDPR): Consent may be withdrawn at any time with effect for the future.
To exercise your rights please contact: office@kid-institut.org
You also have the right to lodge a complaint with the Austrian
Data Protection Authority:
Österreichische Datenschutzbehörde, Barichgasse 40–42, 1030 Vienna, Austria
www.dsb.gv.at
7. Cookies and Cookie Settings
This website uses only technically necessary cookies. For full details please see our Cookie Policy. You can adjust your cookie settings at any time via the "Cookie settings" link in the navigation or footer.
8. Updates to this Privacy Policy
This Privacy Policy is current as of June 2026. We reserve the right to update it as necessary to comply with current legal requirements or to reflect changes to our services. The updated policy applies from your next visit to the website.