Privacy policy for kiiaara.com

As of: January 1, 2026

Privacy policy for kiiaara.com

As of: January 1, 2026

  1. person in charge

Responsible party within the meaning of the General Data Protection Regulation (GDPR):

WS Academy GmbH
Industriegelände 8
7041 Wulkaprodersdorf
Austria

FN 611579 g – Eisenstadt Regional Court

Email: office@academy.ws
Support: support@academy.ws

......

  1. General information on data processing

We process personal data exclusively in accordance with the applicable data protection regulations, in particular the GDPR and the Austrian Data Protection Act (DSG).

This privacy policy provides information about the nature, scope, and purpose of the processing of personal data in connection with the use of the KIIAARA platform.

......

  1. Processing during registration and use of the platform

3.1 Processed data

As part of the registration and account use process, we process the following in particular:

  • First and last name
  • E-mail address
  • company name
  • Login details (encrypted)
  • registration date
  • Contract and usage information

3.2 Purpose

  • Setting up and managing the user account
  • authentication
  • contract execution
  • Platform security

3.3 Legal basis

Art. 6 para. 1 lit. b GDPR (performance of a contract)

......

  1. Chargeable use and billing

When you take out a subscription, we process:

  • invoice data
  • transaction data
  • contract terms
  • Payment provider information

Payment data is processed exclusively by certified payment service providers.

Legal basis:
Art. 6 para. 1 lit. b GDPR
Art. 6 para. 1 lit. c GDPR (statutory retention obligations)

......

  1. Processing of content in the context of AI use

5.1 Type of data

Users can enter content, including:

  • texts
  • documents
  • URLs
  • company-related information

This content may contain personal data.

5.2 Purpose

Processing for the provision of contractually owed AI-supported services.

5.3 Storage

Entered content is only stored to the extent that this is technically necessary.
Permanent storage only takes place if this is necessary for the execution of the contract.

......

  1. Processing in the context of AI interactions (visitors to our customers' websites)

6.1 Role

When using KIIAARA on our customers' websites, we act as a processor in accordance with Art. 28 GDPR.

The customer who uses KIIAARA on their website is responsible in each case.

6.2 Type of data processed

Depending on the configuration, the following can be processed:

  • Name
  • E-mail address
  • phone number
  • company information
  • chat histories
  • interaction content
  • technical usage data

6.3 Purpose

  • Responding to inquiries
  • lead capture
  • Forwarding information to the respective customer
  • technical provision of AI interaction

6.4 Legal basis

The legal basis is determined by the respective responsible party (customer).
Processing is carried out exclusively on documented instructions.

......

  1. Not for training purposes

Content entered by users or website visitors will not be used for training or further development of AI models, unless expressly agreed otherwise.

......

  1. Technical usage data

When you access our platform, we process:

  • IP address
  • browser type
  • operating system
  • Date and time of access
  • server log data

Purpose:
Ensuring functionality, security, and stability.

Legal basis:
Art. 6 para. 1 lit. f GDPR (legitimate interest)

Log data is stored for a maximum of 30 days.

......

  1. Cookies and tracking

We use:

  • Technically necessary cookies
  • Analysis and tracking cookies (only with consent)

Analysis and tracking cookies are only set after active consent has been given via a cookie consent tool.

Legal basis:
Art. 6 para. 1 lit. a GDPR

......

  1. Processors and third country transfers

We use service providers in the following categories:

  • Hosting and cloud providers
  • AI service provider
  • payment service provider
  • IT and support service provider

If processing takes place outside the EU/EEA, we ensure appropriate safeguards in accordance with Art. 44 ff. GDPR (e.g., EU standard contractual clauses).

......

  1. storage period

Personal data will only be stored for as long as is necessary for the respective purposes.

  • Account details: until the account is deleted
  • Billing data: 7 years (legal requirement)
  • Log data: max. 30 days
  • Interaction data: as agreed with the respective customer

......

  1. Rights of data subjects

Those affected have the right to:

  • information
  • correction
  • deletion
  • Restriction of processing
  • data portability
  • objection

Please send inquiries to: support@academy.ws

......

  1. right of appeal

Austrian Data Protection Authority
Barichgasse 40–42
1030 Vienna

......

  1. No automated decision-making

There is no automated decision-making within the meaning of Article 22 of the GDPR.

......

  1. Changes to this privacy policy

We reserve the right to amend this privacy policy in the event of technical or legal changes.