RULES OF PROCESSING PERSONAL DATA
Dear BeeSpeaker Application and beespeaker.com user,
To ensure that our data processing processes are fully transparent, we present to you the rules of personal data protection binding in BeeSpeaker AB, constituted based on Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, (General Data Protection Regulation), hereinafter “GDPR.”
We inform you that the operator of the beespeaker.com website is itCraft limited liability company located in Warsaw, al. Jerozolimskie 181 B, 02-222 Warszawa, entered into the register of entrepreneurs of National Court Register under the number 0000844724, NIP: 5222966148, REGON: 142693160, share capital 500.000,00 PLN.
PERSONAL DATA PROCESSING BY THE CONTROLLER
- In relation to conducting their business, the Controller collects and processes personal data in accordance with the relevant provisions, in particular with the GDPR, and the rules of processing data determined in them.
- The Controller:
- ensures the transparency of processing data;
- always informs Users about processing data when they collect them, particularly about the purpose and legal basis for processing personal data, unless they are not obligated to do so based on separate provisions,
- ensures that the data are collected only in the scope necessary for a given purpose and processed only for the necessary duration,– while processing data, the Controller ensures their safety and confidentiality and the data subjects’ access to information about the processing. Should, despite the applied protection measures, a data breach (e.g., data “leak” or their loss) occur, and such a breach could cause a high risk of breaching data subjects’ rights or freedoms, the Controller will inform data subjects about a such incident in accordance with the provisions.
Chapter 1 – Definitions
- Controller – BeeSpeaker AB company located in Stockholm, address: BOX 2048, 116 74 Stockholm, entered into the register of the Swedish Company Registration Office run by Statistics Sweden, no. 559363-5112, e-mail: hello@beespeaker.com.
- Application – the BeeSpeaker mobile Application, used for learning foreign languages, available for free download from App Store and Google Play.
- Personal data – any information relating to a natural person who is identified or identifiable through one or more factors determining their physical, physiological, genetic, psychological, economic, cultural, or social identity, including their image, voice recording, contact details, location data, the information contained in correspondence, information collected through recording equipment or other similar technology.
- Account – the User’s account in the Application
- Premium Account – an account enabling the User to access the Application’s features described in chapter 6 below.
- Agreement – these terms of service including, among others, the User’s license agreement with the privacy policy published separately at: https://beespeaker.com/terms-of-use/.
- Services – any services offered by the Controller or relating to the Application.
- User – any natural person visiting the Website, owning an account in the Application, or using one or more services or features described in the Privacy Policy and the rules of personal data processing.
Chapter 2 – The Controller
- BeeSpeaker AB company located in Stockholm, address: BOX 2048, 116 74 Stockholm, entered into the register of the Swedish Company Registration Office run by Statistics Sweden, no. 559363-5112
- You can contact the Controller through the address provided in point 1 or via e-mail: hello@beespeaker.com
Chapter 3 – Purposes and legal bases of data processing
- The User’s personal data will be processed for the following purposes:
- carrying out the agreement concerned with providing Services by the Controller based on the accepting of the Terms of Service (article 6, section 1, point b GDPR)
- notifying the User about new features of the Services provided by the Controller based on the agreement concluded with the User (based on article 6, section 1, point b GDPR)
- notifying the User through push notifications and e-mail about planned or upcoming activities connected with providing the Services from the Controller (based on article 6, section 1, point b GDPR)
- sending systemic electronic messages (e-mail) regarding changes in the account that was set up (article 6, section 1, point b GDPR)
- sharing information about the features of the Services provided by the Controller, including commercial information via e-mail at a provided e-mail address in the form of a newsletter based on the User’s consent (article 6, section 1, point a GDPR)
- conducting opinion polls regarding Users’ preferences related to language learning (based on article 6, section 1, point a GDPR)
- carrying out the Controller’s legal responsibilities in the scope of taxes and accounting (for tax purposes) – in the scope of data in VAT invoices and other accounting documents issued by the Controller to the User for using the Application (based on article 6, section 1, point c GDPR)
- analytical and statistical purposes based on the Controller’s legitimate interest, which is to verify the User’s activity and their preferences for optimization of services and products, and the existing Application’s and website’s features (article 6, section 1, point f GDPR)
- pursuing possible claims or defending against claims which the User or Controller may both have (based on the Controller’s legitimate interest, article 6, section 1, point f GDPR)
- W każdym z wymienionych powyżej przypadków pkt. 1) podanie danych jest dobrowolne, jednak konieczne do zawarcia umowy lub skorzystania z innych funkcjonalności Aplikacji i serwisu. In each of the cases in point 1, providing your data is voluntary, however, necessary to enter the agreement and use other features of the Application and website.
Chapter 4 – The scope of data being processed
- The Controller processes personal data necessary to provide and develop the offered features available in the Application on the beespeaker.com website and its functionalities.
- The scope of the collected data is adequate to the purpose for which they are collected.
- The Controller processes:
- Data necessary to enter an agreement – the lack of these data makes it impossible to enter an agreement (in particular, all information listed in point 5.2 of the Terms of Service)
- Data related to providing the services – failure to provide some data may result in the impossibility of using all the service’s functions
- Data related to using a Google account and Facebook to log into the Application:
- all information shared by the User through their User account on Facebook – in the case of registering their Account by connecting their User account on this platform and in agreement with the privacy settings selected by the User on Facebook (in particular: User ID, account name, first name, surname, profile link, User name, hometown, User’s location on their profile, bio [description], gender, relationship status, time zone, language, information on whether the User is verified, time of the last profile update, User type)
- information shared by the User about their Google account – in the case of registering an account by connecting the User on this website and according to privacy settings selected by the User on Google (User ID, User server’s ID [where their account is stored], date of creation and expiry of the account, account name, first name, surname, e-mail, language).
- The number of the Premium User’s liabilities to the Controller.
- All information is voluntarily shared by the User from their own initiative while using the Application.
- Information about tests solved by the User within the Application and the User’s results.
Chapter 5 – duration of processing personal data
- The User’s personal data will be processed by the Controller:
- The personal data of registered Users using the Application will be processed for the period in which the person remains an active Application User, and after that, for a period necessary to keep compliance with the provisions of law, pursuing or defending against possible claims, however, not longer than 6 years counted from the date of terminating the agreement on providing services in the electronic form.
- The Users’ personal data are processed to share commercial information in the electronic form at the provided e-mail address in the form of a newsletter based on the User’s agreement and to conduct opinion polls regarding the User’s preferences in terms of learning languages – they will be processed until the User withdraws their consent.
- Data collected through cookie files will be processed according to the provisions in the point Cookie files and other technologies.
- After the expiry of the dates determined in point 1 above, the User’s personal data and their Representative disclosed while using the Application and website will be removed or anonymized by the Controller.
Chapter 6 – Data recipients
- Data processed by Beespeaker AB may be disclosed to external subjects, in particular:
- hosting services providers
- mail providers, including electronic mail;
- providers of legal and accounting services;
- IT services providers (who provide services helping the Controller run and maintain the Application);
- the Controller’s subcontractors.
- In justified cases, based on an appropriate legal basis, data may be shared with bodies or third parties who request access to such information.
- The Controller, in general, does not share data outside the European Economic Area. However, if it is necessary, data are shared with an ensured level of protection, mostly through:
- cooperation with subjects processing data in countries that received an appropriate decision from the European Commission regarding the confirmation of insurance of an appropriate level of personal data protection;
- applying standard contractual clauses issued by the European Commission;
- applying binding corporate rules approved by an appropriate supervisory body.
The Controller always informs Users about an intention to share personal data outside the EEA at the stage of collecting them.
Chapter 7 – Data subjects’ rights
- Each Data subject whose data are processed by the Controller has the right to:
- access their personal data,
- rectify data,
- remove data,
- restrict the processing of data,
- data portability
- object to the processing which occurs based on the Controller’s legitimate interest,
- withdraw their consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- The User also has the right to file a complaint to the President of the Personal Data Protection Office if they think that the processing infringes on the GDPR provisions.
Chapter 8 – Information about automated decision-making, including profiling
- In relation to the User using the Application, there will not be any automated personal data processing, including profiling resulting in making decisions producing legal effects for the User or influencing them significantly in a similar way.
Chapter 9 – The source of personal data
- The User’s personal data and other information determined in the Terms of Service may be collected:
- directly from them, or
- automatically during registering their Account (with their account on Facebook or Google) or using the Application.
COOKIES AND SIMILAR TECHNOLOGIES
- The Controller uses cookie files. Cookie files are small files sent by a website and stored in the User’s browser memory to simplify the development of the Application for the Controller. By using the Application or its dedicated website (www.beespeaker.com) without previously changing the settings of the software used, the User consents to receive cookie files via the software they use (particularly the browser). Tips on blocking cookie files in the most popular browsers can be found here: Mozilla Firefox / Microsoft Edge / Opera / Google Chrome. The Controller makes an effort to enable Users to make a free choice regarding personal data that they provide and data collected by cookie files. However, the User accepts that refusing to share the required data or blocking them may make the provision of services impossible or lead to the improper functioning of the Application.
- The Controller may use both permanent and session cookie files. Permanent cookie files remain in the browser’s memory after it has been shut down and may be used during future visits to the Application and on the dedicated website. Session cookie files disappear after the User closes their browser on their device.
- Cookie files enable following the following information:
- information about the User’s activity in the Application or the dedicated website, especially related to the time and duration of using the Application or its dedicated website, website addresses visited, and features used while using the Application.
- information about software (especially the browser and operating system) and the electronic device used by the User.
- information about the User’s location.
- information about Internet addresses visited immediately before or after using the Application or its dedicated website.
- information about the Internet access service provider.
- information about the type and speed of the Internet connection.
- the unique identifier of the mobile device assigned by its producer.
- the MAC address of the electronic device used by the User.
- preferences regarding the chosen language and time zone.
- information about the User’s online or offline status in the Application.
- The Controller will use cookie files and collected information for the following purposes:
- remembering choices made in the Application and its dedicated website and ensuring a faster, more convenient use of them.
- improving the Application and its dedicated website.
- diagnosing and analyzing technical problems occurring in the Application and its dedicated website.
- raising the security of using the Application and its dedicated website.
- enabling the User to stay logged in to the Application.
- reviewing queries from the User.
- generating reports on using the Application and its dedicated website.
- sending the User notifications about their Account or the Application.
- enabling and ensuring proper use and features of the Application and its dedicated website.
- carrying out any obligations and executing any rights arising from the User’s use of the Application.
- carrying out any other purposes agreed on with the User.
- Within the website dedicated to the Application, the Controller uses Google Analytics, Google AdWords, or other Internet analytical services offered by third parties, which enable them to collect anonymized data related to the User’s use of the Application or its dedicated website, particularly, information listed in point 18 above collected for purposes in point 19 above. Thanks to these tools, the Controller may, for example, follow various events, such as which Controller’s websites or e-mails were opened by the User and which links were clicked, as well as analyze the traffic on their website. The Controller uses it to optimize their communication with the User and to assess how their services are used, create statistical reports regarding activity on the website and create an aggregate profile of the visitors. In the case of Google Analytics, Users’ information about the use of the website and their IP addresses are shared with Google Inc. through the Google Analytics component. To decline being followed by Google Analytics in all Controller’s services, one must visit the page: http://tools.google.com/dlpage/gaoptout.
- Services offered by third parties (Facebook, Google) connected with the Application and its dedicated website may use their own cookie files and similar technologies – in accordance with their own privacy policies.
FINAL PROVISIONS
- The Controller reserves the right to anonymize all information collected from the User in accordance with the provisions of law. Anonymized information (information that does not enable personal identification) is not under restrictions stemming from the provisions of this privacy policy and may be used and disclosed to third parties without limitation.
- The Controller implements due technical, organizational, and physical measures of protection of the collected data and protecting these data from unlawful access. Regardless of the above, no method of storing electronic data and transferring them on the Internet and mobile devices is completely safe and does not conform to the warranty from the Controller. The User should use credible antivirus software and protect the confidentiality of the login and password that they use to access the Application.
- In cases not regulated by this privacy policy, the provisions of the Terms of Service and appropriate provisions of law apply.
- This Policy is binding from 22.09.2022