top of page

Personal Data Notice

​​Contents 

1. Introduction 

Dibber’s purpose is to develop lifelong learners with a heart for the world. For us to fulfill this purpose it is essential to process the personal data of children, Parents, Additional Caretakers, employees, Users of our Dibber app as well as all other persons who are involved in the world’s most important job. We are uncompromisingly committed to protecting these data.  

We collect personal data directly when people enquire about, apply for, and agree to education services with a Dibber Education Services Provider, use the Dibber app, use our websites, sign up for our newsletters, sign up for courses or seminars, request guidance or submit complaints, participate in surveys, or apply for a position with us. We may also collect information indirectly when a complaint or non-conformity report contains information about people or when a Parent appoints an Additional Caretaker.  

We promise to do our outmost to ensure your privacy rights and to keep your personal data private, safe, and secure. We have prepared this statement about our processing of personal data and data protection to explain our processing of personal data, and which rights you have related to our processing of your personal data (our "Data Protection Statement"). 

“Dibber”, “we”, “our” and “us” refer to Dibber AS, a Norwegian private limited liability company, having the street address Aktivitetsvegen 2, 2069 Jessheim, Norway, with the postal address: post office box 215, 2051 Jessheim, Norway, and organisation number 998 831 067, or any other Dibber Education Service Provider. Dibber AS is the mother company of the Dibber group which consists of many Dibber Education Units across the world.  

Dibber AS is the data controller for our processing of personal data and have the responsibility to ensure that all processing of personal data takes place in accordance with Applicable Data Protection Legislation. You may find our contact information in section 5 of this statement. 

This Data Protection Statement has five sections in addition to this introduction. In section 2 you will find our defined terms. General information regarding Dibber services across the globe are to be found in section 3, while country specific particularities are listed in section 4. If you have an inquiry or complaint, please go to section 5. We may make changes to this Dibber Data Protection Statement from time to time. For information about changes go to section 6.  

1
2

2. Definitions 

In addition to other definitions made in these Terms and Conditions, these apply (singular and plural as applicable):  

"Additional Caretaker" means any caretaker or contact person for a child additional to a Parent, as appointed by a Parent to a Dibber Education Unit.  

"Applicable Data Protection Law" means the applicable legislation protecting individual’s right to data protection and privacy with regard to the processing of personal data under this Dibber Data Protection Statement. 

"Dibber" means the owner, operator and licensor of the Dibber app: Dibber AS, a Norwegian private limited liability company, having the street address Aktivitetsvegen 2, 2069 Jessheim, Norway, postal address post office box 215 2051 Jessheim, Norway and organisation number 998 831 067. 

"Dibber app" means the software(-as-a-service) provided by Dibber and a Dibber Education Services Provider and delivered through browsers or dedicated applications developed for Android OS, iOS, macOS and Microsoft Windows and any other means to the User subject to the Agreement.  

"Dibber Education Services Provider" means the legal entity in Dibber’s group of entities or the partner of Dibber that is the licensee of the Dibber app and the provider of education services as well as associated services to the User through a Dibber Education Unit in the individual instance. 

"Dibber Education Unit" means the specific unit through which the Dibber Education Services Provider is providing its education services in the individual instance (for example a specific kindergarten or school). 

"education services" means all types of education services, such as in early childhood development those provided under the labels kindergarten, day care, pre-school, afternoon programmes and in childhood development those provided under labels such as school and after-school programmes. 

“EU/EEA” means the European Economic Area, namely the European Union Member States along with Iceland, Liechtenstein and Norway. 

"GDPR" means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. 

"Intellectual Property Rights" means any and all intellectual and industrial property rights throughout the world including but not limited to rights in respect of, or in connection with: copyright (including future copyright and rights in the nature of, or analogous to, copyright); trademarks; inventions (including patents); any confidential information; service marks; designs; and whether or not existing now and whether or not registered or registrable and includes any right to apply for the registration of such rights and includes all renewals and extensions. 

"Parent" means a or other legally designated caretaker, natural or legal, of a child receiving services from a Dibber Education Services Provider. 

"User" means a Parent, any Additional Caretaker, employees of Dibber or any other user of the Dibber app. 

"User Data" means information uploaded onto the Dibber app by any User, including information about a child or a User, and such information in another way collected by Dibber or a Dibber Education Services Provider. 

Data protection and privacy terms such as “personal data”, “processing”, “restriction of processing”, “profiling”, “pseudonymization”, “filing system”, “controller”, “processor”, “recipient”, “third party”, “consent”, “personal data breach”, “genetic data”, “biometric data”, “data concerning health”, “main establishment”, “representative”, “enterprise”, “group of undertakings”, “binding corporate rules”, “supervisory authority”, “cross-border processing”, “relevant and reasoned objection”, “information society service”, and “international organization”, shall have the meaning as defined in the GDPR, unless Applicable Data Protection Law requires otherwise.  

3. Global

3

3.1. Introduction 

3.1

We process personal data for various purposes which you will find described in section 3.2. We provide you information about our information security to protect personal data in section 3.3. We use sub-processors in order for us to provide the best possible services, and you will find information regarding this in section 3.4. Information pertaining to transfers of personal data outside of the EU/EEA is providedin section 3.5. In section 3.6 you will find a summary of your rights with respect to our processing of personal data. 

Note that we often refer to the GDPR, which is an EU/EEA particular regulation, in this Global section 3. You may have accessed this Data Protection Statement from outside the EU/EEA and you may be subject to other Applicable Data Protection Laws. You are, however, still the target audience for this Data Protection Statement. Our reason for generally referring to the GDPR is that this regulation is by many considered the ‘gold standard’ of data protection and privacy regulations. In response to the explosion of online data, EU regulators adopted the GDPR to ensure a high protection of personal data, prevent security breaches and control data processing across all member states of the EU/EEA. As we strive to ensure the data protection and privacy for all our employees, Users, Additional Caretakers and other data subjects, we have decided to use the GDPR as a global baseline. Note, however, that differences due to national law may apply. You will find such differences in section 4. Note that differences may also apply to different EU member states, as the laws are not entirely harmonized. Such differences may also be listed in section 4. 

3.2.1

3.2. Our processing of personal data

3.2.1. Introduction 

We process personal data to provide services from our Dibber Education Units. This is explained in section 3.2.2. A particular matter is our use of our Dibber app. Processing with respect to the Dibber app particularly is described in section 3.2.3. Our processing of personal data for the purpose of recruitment is described in section 3.2.4. We also process personal data for purposes related to other reasons than the abovementioned, these purposes are described in section 3.2.6. 

If not specified otherwise, we retain and process personal data as long as it is necessary to achieve the purpose described in this Data Protection Statement. 

3.2

3.2.2. Processing of personal data to provide services from our Dibber Education Units 

3.2.2.1. Introduction 

Our processing of personal data to provide services from our Dibber Education Units is made on various legal bases as described in section 3.2.2.2 to 3.2.2.5. 

3.2.2.2. Performance of the contract or pre-contractual requests  

In order to provide and fulfill the agreement for a place in our education units we process the following categories of personal data about the parent of the child, the child itself and siblings, and the employees at Dibber. The processing of sibling information is only applicable when the Child and the sibling has placement in the relevant education unit.  

We also process work related personal data concerning Dibber employees working at Dibber and/or a relevant Dibber Education Unit. 

Relevant categories and types of personal data may be as follows:  

Data Subject
Categories of personal data
Personal Data
Parent

Personal contact information

Name, e-mail address, address, telephone number, etc

Parent

Communication data

Start/end of communication, message size, context etc

Parent

Other

Usage of rebate schemes and government grants

Child

Child information

Name, parent(s) and/or Additional Caretaker(s) name, sibling name, sibling relations, sex, birthdate, social security number, nationality, sleep cycles, eating levels, pedagogic level data, absence and absence reasons, personal weight and height, medical conditions relevant for daycare operations

Sibling

Family relation information

Name, parent(s) and/or Additional Caretaker(s) name, sibling name, birthdate

Dibber employees

Personal contact information

Name, e-mail address, address, telephone number, etc

Dibber employees

Work related information

Role/position, organization, and relevant work related contact information, social security numbers, bank details, union membership, age, sex, etc

Dibber employees

Communication data

Start/end of communication, message size, context, etc

The legal basis for processing is GDPR Article 6 no. 1 (b). For countries outside the EU/EEA please confer with section 4. 

We only process the personal data for as long as necessary to fulfill the agreement for a place in the relevant education unit or a legal obligation to retain such data. 

3.2.2.1
3.2.2.2
3.2.2

3.2.2.3. Legal obligation  

In order to comply with a legal obligation that we are subject to, for instance the obligation to provide a safe and satisfactory education experience for the child, we process the following ordinary categories of personal data and special categories of personal data for the daily activities in our education units

Data subject
Personal data
Special categories
Legal obligation
Child

Name, address, Parent telephone number, family information, picture

Health information, e.g. allergies, vaccination status, physical difficulties, medical conditions relevant for daycare operations

Will depend on the relevant jurisdiction. You will find information about this in section 4.

As an example: In Norway, the legal obligation will follow from Act no. 64 of June 2005 relating to Kindergartens (the Kindergarten Act).

The legal basis for the processing of ordinary personal data is GDPR Article 6 no. 1 (c), and for the special categories of personal data it is GDPR Article 9 no. 2 (g), cf. Article 6 no. 1 (c). Some jurisdictions may have implemented Applicable Data Protection Law that serves as a legal basis for such processing. For such local particularities please confer with section 4. 

We only process the personal data for as long as necessary to fulfill the agreement for a place in the relevant Dibber Education Unit, or if we have a legal obligation to retain such data.  

3.2.2.3
3.2.2.4

3.2.2.4. Legitimate interest 

We may process personal data of data subjects who may act as an Additional Caretaker. An Additional Caretaker can for example be a person who has a close or extended family relation to the child or the Parents, friends of the child’s Parents, a babysitter or an au pair.  

Data subject
Personal data
Special categories
Additional Caretaker

Name, e-mail address, address, telephone number, relation to the child or parents, etc

N/A in EU/EEA areas. For other areas this may be defined in section 4.

The legal basis for the processing of personal data of Additional Caretaker is legitimate interest, cf. GDPR Article 6 no 1 (f). For countries outside the EU/EEA please confer with section 4. 

We have a legitimate interest to ensure that the person delivering or picking up the child is approved and trusted by a Parent to take the responsibility for the child when the parents are prevented from delivering or picking up the child themselves. Further, if we are unable to reach the respective Parent, it may be necessary to notify someone else if something urgent or important occurs. We retain and process personal data regarding Additional Caretakers as long as it is necessary to achieve the purpose.

3.2.2.5. Consent  

We provide a developing, safe, fun and including environment in our Dibber Education Units, and we want to share the good experiences the children have with Parents and Additional Caretakers. For this and related purposes we need to process pictures, audio and videos of ("records") and we thus collect consents as described below: 

Consent
Content of consent
Detailed description if relevant
Internal purposes

Collecting and making records of children, Parents and Additional Caretakers

In these records the main motive is your child or children, Parents and Additional Caretakers (a portrait), such as when a child is wearing a birthday hat, blowing out candles on the cake.

Internal purposes

Collecting and making records of situations

In these records the main motive is not persons, but they are part of a situation, both indoor and outdoor activities and individual and group activities. A group of boys and girls enjoy a good game of soccer or play tag.

Internal purposes

Sharing records in the Dibber app

Our records can be uploaded to the Dibber app, shared and made available for downloading among Parents, Additional Caretakers or children of the same department in our Dibber Education Units. We do, for instance, show the children play tag in one of our daily summaries.

Internal purposes

Create installations with pictures of children with names and birthday in our education units.

Internal purposes

Use of pictures in handcraft sessions (on the wall or for the children to bring home).

Internal purposes

Observance for educational purposes.

External purposes (social media)

Sharing records in closed groups on other social media. This can include group activities such as a play, social events, and festivities, etc.

External purposes (marketing and press coverage)

Taking and using pictures and videos of children for use on our website, newsletters or social media platforms*.


Taking and using pictures, audio and video for press coverage.


*The children’s names will never be used together with the picture in the marketing.

The legal basis for this processing is GDPR Article 6 no. 1 (a). For countries outside the EU/EEA please confer section 4. 

If you are using the Dibber app, you can manage these consents there. If you are not using the Dibber app, your consents can be managed by contacting dpo@dibberfamily.com.

You can always choose to withdraw a specific consent or every consent you have previously given. We shall after withdrawal no longer process the data and shall delete the pictures and videos related to the consent withdrawn from our systems.  

We only process this personal data for as long as required for the specific purpose or any legal obligation to retain such data. 

3.2.2.5

3.2.3. Processing of personal data in the Dibber app 

3.2.3.1. Introduction 

We have created the Dibber app. The purpose of the Dibber app is to enable Parents and Additional Caretakers to communicate with a Dibber Education Unit in an easy manner.

3.2.3.2. Processing of personal data regarding Users  

When Users create an account on the Dibber app, we collect the following categories of personal data from the User, our customer relationship management system or a person appointing another person as contact person:

Personal data
Purpose
Legal basis
Name, phone number, email address, address, picture, IP-address, username, relation, place of work, preferred language

Provide access to the app, identify the correct User, provide the Dibber app services

GDPR article 6 no. 1 (b)

Dibber also processes User Data.  

3.2.3.1
3.2.3.2
3.2.3

3.2.3.3. Processing of personal data regarding children

For children with a place in our education units, we may collect the following personal data from the Parent, User, Additional Caretaker, the child or our customer relationship management system:

Personal data
Purpose
Legal basis

Ordinary personal data:


Name, date of birth, picture, address, nationality, parent and/or Additional Caretaker

Provide a safe and satisfactory kindergarten experience in accordance with a legal obligation.

If in EU/EEA, GDPR Article 6 no. 1 (b), cf. the Applicable Data Protection Law if described in section 4

Special categories of personal data:


Health information, e.g. allergies, medicines, vaccination status, physical and/or mental difficulties, sleep cycles, eating levels, pedagogic level data, absence and absence reasons, personal weight and height, medical conditions relevant for daycare operations

Provide a safe and satisfactory kindergarten experience in accordance with a legal obligation.


Provide communication with Parents or Additional Caretakers regarding Child health information and other information to secure a safe and satisfactory kindergarten.

If in EU/EEA, GDPR Article 9 no. 2 (g), cf, Article 6 no. 1 (b), cf. the Applicable Data Protection Law if described in section 4

3.2.3.3
3.2.5

3.2.4. Processing of personal data regarding Additional Caretaker

The data mentioned in relation to Additional Caretaker may be processed in the Dibber app.

3.2.5. Processing of personal data for recruitment 

We may collect the following categories of personal data in connection with recruitment:

Data subject
Personal data (including special categories, if applicable)
Applicants and candidates

Name, age, sex, e-mail addresses, phone numbers, education, previous employers, criminal record certificate, trade union membership, social security number

The legal basis for this processing is GDPR Article 6 no. 1 (b). If your application contains special categories of personal data, our basis for this processing is GDPR Article 9 no. 2 (a), cf. GDPR Article 6 no. 1 (b). For countries outside the EU/EEA please confer with section 4. 

All job applications that have not been considered are stored in our electronic archive for up to six months before being deleted. You can withdraw your job application at any time, and we will delete the information you have provided in connection with this application.

 

If we consider your job application but do not give you a job offer, we will only store the information you have provided in the recruitment process if you have given your consent that this information may be stored. You may withdraw your consent at any time. The legal basis for this processing is GDPR Article 6 no. 1 (a). For countries outside the EU/EEA please confer with section 4. 

3.2.4

3.2.6. Processing of personal data for other purposes

3.2.6.1. Introduction

In some instances, we may process personal data if we are provided with information containing personal data. For the purposes described below in section 3.2.6.2, section 3.2.6.3, and section 3.2.6.4, we process personal data as described in these sections. If we receive other personal data than the forementioned, we will make a concrete assessment of what legal basis may be applicable for the processing of that personal data. 

If not specified otherwise, we retain and process personal data as long as it is necessary to achieve the purpose described in this section. 

3.2.6.1
3.2.6

3.2.6.2. Subscribing to newsletters as e-mail 

We distribute newsletters by e-mail to those who have registered an e-mail address and consent to receiving newsletters. The information regarding the consent is stored in a separate database, is not shared with others, and deleted when you unsubscribe from the newsletter. You may unsubscribe by clicking on the link for this in the newsletter or by contacting us. 

The legal basis for processing your e-mail address in connection with our newsletter is consent, GDPR Article 6 no. 1 (a). For countries outside the EU/EEA, please confer with section 4. 

3.2.6.2

3.2.6.3. Surveys 

When we conduct surveys, we will always inform about its purpose and whether it is anonymous or not. We will not share the data with others or use the data for purposes other than those specified. 

If the survey is anonymous, we will not collect any information that can be linked to you. 

 

If the survey is not anonymous, we may identify those who have answered the survey. The legal basis for processing surveys is GDPR Article 6 no. 1 (a), where you consent to our processing of your personal data. For countries outside the EU/EEA please confer with section 4. 

3.2.6.3

3.2.6.4. Use of cookies on the website 

We use cookies to ensure that you get the best user experience. Cookies are small text files that are placed on your device to record preferences and analyze user behavior. If you continue browsing, we assume that you accept the use of cookies. Please see the Dibber Cookie Statement for more information about how we use cookies. 

Note that cookies are regulated differently in different countries. You may find country specific information in section 4 regarding local particulars.  

3.2.6.4

3.3. Our information security

We have robust routines and comprehensive measures to ensure that unauthorized persons do not gain access to your personal data, and that processing of personal data is made in accordance with the requirements of applicable legislations. Examples of such measures are risk assessments, implementation of technical, organisational and physical measures, access control and archiving routines, as well as routines for handling personal data and following up requests regarding the right of access, correction, and deletion. There are routines in place for notification in accordance with Applicable Data Protection Legislation in the event of a breach of data security or suspicion of this. 

We may use the data we collect about you when we have reason to believe that it is necessary to identify, contact, or take legal action against individuals or companies that may harm you, us, or others. We may also disclose your information when we believe the law requires it. 

3.3

3.4. Who we share personal data with

We will not share your personal data with third parties unless there are circumstances where such sharing is necessary for supporting our business operations, to provide our services to you, or to support you.  

We may share your data with the following categories of recipients:

Dibber group

We may transfer your personal data to the relevant Dibber group company. The relevant Dibber group company will then act as a sub-processor to Dibber AS and the processing will be subject to a data processing agreement.

Third party service providers

We only use authorized third parties (sub-processors) for assistance in the development, operation, and delivery of our IT-systems. Our sub-processors are committed through data processing agreements to comply with Applicable Data Protection Legislation, and have the necessary technical, organizational, and physical measures to safeguard personal data.

Others

We may provide other Users, Parents and Additional Caretakers with personal data when necessary for the daily operations of our education services. We may also provide personal data to municipalities, health institutions and social security institutions provided that there is a legal basis for such processing.

3.4

3.5. Transfer of personal data outside the EU/EEA

In some cases, we may transfer personal data outside the EU/EEA. Transfer to third countries outside the EU/EEA will only take place if there is a legally valid transfer mechanism under the GDPR. For the transfer of personal data to or from countries outside the EU/EEA, where the GDPR is not the Applicable Data Protection Law, please confer with section 4.

3.5
3.6.1

3.6. Your rights with respect to our processing of personal data

3.6.1. Introduction

You have the following rights when we are processing your data: 

  • Right to information 

  • Right to access personal data 

  • Right to rectification of personal data 

  • Right to erasure of personal data 

  • Right to restriction of processing of personal data 

  • Right to object to the processing of personal data 

  • Right to data portability 

  • Right to withdraw your consent if our processing is based on consent 

  • Right to lodge a complaint to your local data protection supervisory authority 

  • Be aware that these rights may be limited, depending on the concrete circumstances, in accordance with Applicable Data Protection Law.  

3.6
3.6.2
3.6.2. Access to your own data 

You may request a copy of all the information we process about you. The data will then be disclosed/transferred in a secure manner. Unless you request otherwise, the information shall be provided in a commonly used electronic format and sent to you encrypted. 

3.6.3
3.6.3. Rectification of personal data

You may ask us to correct or supplement data that is incorrect or misleading.

3.6.4
3.6.4. Erasure of personal data 

You may ask us to delete data about yourself. It is possible that we are obliged to retain the data in accordance with applicable law or other obligations.

3.6.5
3.6.5. Restriction of processing of personal data 

You may also ask us to restrict the processing of data about you. It is possible that we are obliged to not restrict our data processing in accordance with applicable law.

3.6.6
3.6.6. Object to processing of personal data 

If we process data about you on the basis of our tasks or on the basis of a balance of interests, you have the right to object to our processing of data about you.

3.6.7
3.6.7. Data portability 

If we process data about you on the basis of consent or a contract, you can ask us to transfer data about you to you or another data controller or processor. If it is technically possible, we may send this data directly to a new data controller or processor. If not, we will send the data to you. The information is provided in a regular electronic format and is sent encrypted. 

4.1

4. Local particulars

4.1. Introduction 

Dibber has presence in countries in different countries across the globe. Many of these countries have country specific laws that may apply to you but not others. In this section you will find particularities in local laws and regulations that may be applicable to you.  

4
4.2

4.2. Finland 

Not in use 

4.3.1
4.3.2
4.3.3

4.3. Germany 

4.3.1. Introduction

In this section 4.3 you will find local specific information concerning Germany which may not be relevant for other countries Dibber is present in.

4.3.2. Legal obligation

Regarding the processing of special categories of personal data described in section 3.2.2.3 the legal basis is also Section 22 no.1 of the German Federal Data Protection Law (in German Bundesdatenschutzgesetz (BDSG) in conjunction with Section 22 of Book Eight of the German Social Code (in German 8. Sozialgesetzbuch (SGB VIII)).

4.3.3. Consent

Regarding the processing of personal data described in section 3.2.2.5 the legal basis is also Section 26 no.1 and no.2 of the German Federal Data Protection Law (in German Bundesdatenschutzgesetz (BDSG). 

4.3

4.4. India 

Not in use 

4.4
4.5

4.5. Latvia 

Not in use 

4.6
4.6.1

4.6. Norway 

4.6.1. Introduction

In this section 4.6 you will find local specific information concerning Norway which may not be relevant for other countries Dibber is present in.

4.6.2
4.6.2. Dibber Education Units 

In Dibber Education Units in Norway the vast majority of personal data will be used, stored and otherwise processed in order to carry out tasks in accordance with the Kindergarten Act (barnehageloven) and the Education Act (opplæringslova).

4.6.3
4.6.3. Use of cookies on Dibber websites 

When visiting the Norwegian Dibber websites consent will be regulated in accordance with The Electronic Communications Act (ekomloven) section 2-7 b), which implements the rules of the EU directive 2009/136/EC regarding the use of cookies, in addition to the GDPR when applicable.  

If you do not want cookies to be stored, you may change your browser setting. You may also delete existing cookies. Note that you may experience reduced functionality on our websites by deleting or by not accepting cookies, such as user preferences. 

4.6.4
4.6.4. Subscribing to newsletters as e-mail

The legal basis of processing your e-mail address in connection with our newsletter is consent, GDPR Article 6 no. 1 (a). Note that the provided consent will also serve as a consent in accordance with the Norwegian Marketing Act section 15.

4.7

4.7. Poland

Not in use 

4.8

4.8. South Africa

Not in use 

4.9

4.9. Sweden 

Not in use 

4.10

4.10. UAE 

Not in use 

5. Information or complaints about our processing of personal data 

If you wish to exercise any of your rights under the Applicable Data Protection Law or seek more information about how we process your personal data, you may contact us at: dpo@dibberfamily.com.  

You are entitled to an answer without undue delay, and no later than 30 days. 

You may also lodge a complaint about our processing of personal data concerning you or a child to your local data protection supervisory authority. Please include the Dibber Education Unit in question in the inquiry, where applicable. A list of data protection authorities in the various EU/EEA countries on the date of this version of our Data Protection Statement may be found here

If your country is not on the list, please check the country specific information in section 4. 

5

6. Changes to our Data Protection Statement

Our Data Protection Statement is intended to reflect our continuously evolving Dibber family. Hence, we may change or update our Data Protection Statement from time to time. All changes are effective from the date they are published. We encourage you to review our Data Protection Statement regularly. 

If we make substantial amendments, we may send you an email if your email address has been registered by us. The current version of our Data Protection Statement will always be found on this website. 

6

* * *

The date of this version of our Data Protection Statement is 14 April 2023. 

bottom of page