Privacy policy

PRIVACY POLICY AND PRINCIPLES ON PERSONAL DATA PROCESSING

Dear BeeSpeaker Application User,

Thank you for your interest in our services. Please read our Privacy Policy carefully before using the BeeSpeaker mobile application (the “Application”) as it describes the basic principles governing our processing of your personal data in connection with your use of the Application. 

IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, YOU SHOULD NOT USE THE APPLICATION. BY DOWNLOADING, INSTALLING OR USING THE BEESPEAKER APPLICATION, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD AND AGREE TO BE BOUND BY THIS PRIVACY POLICY. 

Any terms used in this document that begin with a capital letter will have the meaning attributed to them in section 1 of the terms of service available at the following link: https://beespeaker.com/privacy-policy/, hereinafter referred to as “Terms of Service”. By using, downloading, or installing the BeeSpeaker’s Application, you also agree to be bound by the Terms of Service.

PERSONAL DATA PROCESSING.

  1. The Controller may collect the following information concerning the User (including personal data) in connection with his/her use of the Application:
    1. any information provided to the Controller during User Account registration (in particular any information listed in section 5 point 2 of the Terms of Service).
    2. all information provided by the User through the User’s Facebook account – in the event of account registration through linking the User’s account on Facebook and in accordance with the privacy settings selected by the User on Facebook (in particular: the User id, name, first name, surname, link to the profile, User name, hometown, location that the User has saved in the profile, biography [description], gender, relationship status, time zone, language, information whether the User is verified, time of the last profile update, User type).
    3. all information provided by the User in the Google Account – in case of the account registration by linking the User’s account in this portal and in accordance with the privacy settings selected by the User in the Google portal (User id, User server id [where it is stored], date of account creation and expiration, name, first name, surname, e-mail, language).
    4. photo of the User placed by him/her as his/her avatar in the Application.
    5. the amount of the Premium User’s payables towards the Administrator.
    6. any information voluntarily provided by the User on his/her own initiative during the use of the Application.
    7. information about tests solved by the User within the Application and the results obtained by the User.
  2. The Controller (itCraft spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw, al. Jerozolimskie 181 B, 02-222 Warsaw, entered in the Register of Entrepreneurs of the National Court Register under number 0000844724, TIN: 5222966148, REGON: 142693160, share capital: PLN 500.000,00, e-mail: kontakt@beespeaker.pl acts as the controller of the personal data collected during the use of the Application by the Users. All personal data collected by the Administrator shall be processed in accordance with the applicable legal regulations, in particular:
    1. the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as “GDPR”.
    2. the Personal Data Protection Act of 10 May 2018.
  3. The User acknowledges that (s)he has right to:
    1. access to his/her personal data processed by the Controller, which means that he/she has the right to obtain from the controller information as to whether the Controller processes his/her personal data and, if so, to obtain access to such data and obtain information about: (i) the purposes of the processing, (ii) the categories of personal data processed, (iii) the recipients or categories of recipients of that data, (iv) the intended period of data retention or the criteria for determining that period, (v) their rights under the GDPR and their right to lodge a complaint with a supervisory authority, (vi) the source of that data, (vii) automated decision-making, including profiling, and (viii) the safeguards applied in relation to the transfer of that data outside the European Economic Area (if any), and the right to receive a copy of their personal data.
    2. request that his/her personal data collected by the Controller be completed, updated, rectified, amended – if it is incomplete, outdated, or incorrect.
    3. request the erasure of their personal data by the Controller in the cases provided for in Article 17 of the GDPR, in particular if they are processed in violation of applicable laws or if they are no longer needed to achieve the purpose for which they were collected. They acknowledge, however, that the deletion of certain personal data may prevent or impair the use of the Application or even lead to the deletion of the Account. The Administrator reserves the right to retain information required by applicable law, information required for the establishment, investigation and defense of any claim related to the User’s use of the Application, including to demonstrate the accuracy of the provision of the Access Services, and to report or document a crime, other violation of law or abuse committed in connection with the use of the Application.
    4. request restriction of processing of their personal data in cases provided for in Article 18 of the GDPR.
    5. transfer his/her personal data processed by the Controller in accordance with the principles provided for in Article 20 of the GDPR.
    6. object to the processing of his/her personal data, in accordance with the principles provided for in Article 21 of the GDPR, in particular in relation to the processing of his/her personal data for the purposes of direct marketing carried out on the basis of the legitimate interest of the Controller (raising an objection will not, however, affect the lawfulness of data processing prior to raising an objection).
    7. lodge a complaint to the supervisory authority – the President of the Office for Personal Data Protection – the complaint may be lodged in writing to the address: ul. Stawki 2, 00-193 Warsaw or in electronic form via the platform available on the website of the supervisory authority at: https://uodo.gov.pl.
    8. withdraw at any time their consent to the processing of their personal data if such processing was based on their consent, whereby they acknowledge that the withdrawal of their consent shall have no negative effect on the processing of their personal data by the Controller during the period in which the consent is in force.
  4. The User’s personal data provided by him/her in the Account registration process (indicated in section 5 points 2-3 of Terms of Service) are required for the conclusion of the agreement for the use of the Application by the User. The above personal data and other personal data collected by the Controller during the User’s use of the Application shall be processed by the Controller:
    1. for the purpose of providing the Services by the Controller – as necessary to take action at the User’s request before the conclusion of the agreement and for the purpose of its conclusion, and as necessary for the subsequent performance of the agreement by the Controller – on the basis of Article 6 section 1 point (b) GDPR, while with regard to the processing of the User’s image on the basis of his/her consent granted on the basis of Article 6 section 1 point (a) GDPR.
    2. to fulfil the Controller’s legal obligations in the area of taxation and accounting – on the basis of Article 6 section 1 point (c) of GDPR in connection with Article 86 § 1 of the Tax Ordinance Act of 29 August 1997 – to the extent of the data contained in VAT invoices and other accounting documents issued by the Administrator in connection with the use of the Application by the User.
    3. for the purposes of a possible claim or defence against claims that may be made against the User or the Controller – on the basis of Article 6 section 1 point (f) GDPR – i.e. the Controller’s legitimate interest.
    4. with regard to the User – in order to verify the User’s payment reliability – on the basis of Article 6 section 1 point (f) GDPR – i.e. the Controller’s legitimate interest.
    5. to promote the Controller’s services and products within the Application (by means of banners, frames, etc. containing sponsored content) – as necessary for the purposes arising from the Controller’s legitimate interest (which is the marketing of the Controller’s own products and services or those of its commercial partners, if any) – based on Article 6 section 1 point (f) GDPR.
    6. in order to carry out direct marketing of the Controller’s services and products via the e-mail address associated with the Account – as necessary for the purposes deriving from the Controller’s legitimate interest (which is to carry out direct marketing of products and services) – on the basis of Article 6  section 1 point (f) GDPR and on the appropriate consents given by the User in accordance with Article 10 section 2 of the Act of 18 July 2002 on Electronic Provision of Services and Article 172 section 1 of the Telecommunications Act of 16 July 2004.
    7. for the purpose of improving the operation of the Application and the development of its programming engine after deletion of the Account (to the extent of the voice data – on the basis of the User’s consent given pursuant to Article 6 section 1 point (a) of the GDPR.
  1. The main functionality of the Application is the ability for Users to send samples of spoken sentences and words in a foreign language in order to verify their correct pronunciation, which involves the processing of personal data in the form of voice, which does not, however, constitute biometric data because it would need to be processed using special technical methods not used by the Controller. Without uploading voice samples to the Application, it will not be possible to complete any lesson, hence the legal basis is Article 6 section 1 point (b) of the GDPR. Recordings of voice samples and transcriptions made from them will be stored exclusively on our servers located in Poland. At the same time the Administrator indicates that the stored voice samples will be used to improve the operation of the Application and the development of its programming engine and will not be used for any other purpose, especially commercial; neither will they be transferred to third parties, subject to provision of section 10 below. The User may give his or her consent to the processing of his or her voice samples also after deletion of the Account, until such time as he or she withdraws his or her consent.
  2. The User’s personal information disclosed through use of the Application may be disclosed by the Controller to the following categories of recipients:
    1. hosting providers;
    2. postal service providers, including e-mail;
    3. legal, accounting, and bookkeeping service providers;
    4. IT service providers (who provide support services to the Controller for the operation and maintenance of the Application);
    5. the Controller’s subcontractors;
    6. the locally competent tax office – with regard to User data;
    7. courts of law, public prosecutor’s office and other authorized state authorities – if required by the applicable law or necessary in order to protect the Controller’s or third parties’ rights;
    8. third parties who have filed claims against the Controller with respect to any breaches of the Agreement by the User or in connection with the User’s use of the Application;
    9. business information agencies that the Controller cooperates with in relation to the User data;
    10. the Controller’s subsidiaries, affiliates, acquirers, and legal successors.
  1. The User’s personal data is not transferred to any extent to lecturers for whom the User remains anonymous. 
  2. The User’s personal data will be processed by the Administrator:
    1. regarding the data processed for the purpose indicated in section 4 point 1 above – by the time of deleting the User Account, and if the consent to process the User’s image has been withdrawn earlier, then by the time of its withdrawal.
    2. regarding the data processed for the purpose indicated in section 4 point 2 above – for the period required by the generally applicable legal regulations, in particular until the statute of limitations of the Controller’s tax obligations (as a rule it is a period of five years from the end of the calendar year in which the tax deadline expired).
    3. regarding data processed for the purpose indicated in section 4 point 3 above, until the expiry of the limitation period for any claims that may be made against each other by the User and the Controller in connection with the User’s use of the Application, extended by a period of 6 months necessary to ensure that no such claims have arisen or have been asserted before the expiry of their limitation period.
    4. with respect to User data processed for the purpose indicated in section 4 point 4 above, until deletion of User’s Account from the Application. 
    5. with respect to data processed for the purpose indicated in section 4 points 5 and 6 above – until the User objects to the processing of his/her personal data or until he/she withdraws the consent based on which the marketing content is sent to him/her, or until the provision of the Services by the Administrator is terminated.
    6. regarding data processed for the purpose indicated in section 4 point 7 above – until withdrawal of the granted consent.
  1. After the expiry of the periods indicated in section 8 above, the User’s and User representative’s personal data disclosed in connection with the use of the Application shall be deleted or anonymized by the Controller. 
  2. The User’s personal data shall not be transferred outside the European Economic Area. Anonymous voice samples of the User are transmitted in real time to the Controller’s server, from which they are directed to a dedicated tool which in real time creates a transcription of the spoken words from the voice sample. Then, the transcription is compared with the master material on the Controller’s servers. Google does not save the voice sample of the User nor the created transcription. The User has the right to contact the Controller at any time with questions concerning the countries to which their personal data are transferred.
  3. The User’s personal data and other information indicated in the Terms of Service may be obtained:
    1. directly from him/her, or
    2. indirectly – from business information agencies – in the scope concerning the User’s payment reliability – in particular, information about his possible debts, or
    3. automatically during Account registration (using the User’s Facebook account or Google account) or use of the Application.
  1. The User’s personal data, as well as any other data collected by the Administrator, will be stored by the Controller on the Controller’s servers located in Poland. If the User accesses the Application from countries other than Poland, he/she agrees that his/her personal data will be transferred to Poland and may be transferred to other countries in connection with the storage and processing of data and provision of Services by the Controller.
  2. The Controller may at any time change its hosting provider and server location to another location within a country that is a member of the European Economic Area and will notify the User by updating this Privacy Policy.
  3. In connection with the use of the Application by the User, there will be no purely automated processing of the User’s personal data, including profiling, resulting in decisions that produce legal effects in relation to the User, or that materially affect the User in a similar manner.
  4. Any queries and applications regarding the processing of the User’s personal data by the Controller should be addressed to the Controller in English:
    1. by registered mail – to the address of the Administrator indicated in section 2 above, or
    2. by e-mail message sent from the e-mail address associated with the User Account – to the following e-mail address of the Controller shown in section 2 above.

COOKIES AND SIMILAR TECHNOLOGIES

  1. The Controller uses cookies. Cookies are small files sent by a website and stored in the memory of the User’s web browser to help the Controller develop the Application. Cookies in themselves do not identify the User. By using the Application or the website dedicated to the Application (link: www.beespeaker.vom), without first changing the settings of the software in use, the User consents to the receipt of cookies by the software in use (in particular the Internet browser). Instructions for blocking cookies in the most popular web browsers can be found at the following links: Mozilla Firefox / Microsoft Edge / Opera / Google Chrome. The Controller endeavors to enable Users to make a free choice regarding the personal data provided and the data collected by cookies. However, the User accepts that refusing to provide the requested data or blocking cookies may prevent the provision of the Services or lead to a malfunction of the Application.
  2. The Controller may use both permanent and session cookies. Permanent cookies remain in the memory of the web browser on User’s electronic device after the User closes it and may be used during subsequent visits to the Application and to the website dedicated to the Application. Session cookies disappear after the User closes the web browser on his electronic device.
  3. Cookies allow the following information to be tracked:
    1. information about the User’s activity in the Application or on its dedicated website, in particular: time and length of use of the Application or its dedicated website, network addresses visited, functionalities used in the use of the Application.
    2. information on the software (in particular the browser and operating system) and the electronic device used by the User.
    3. information on User’s location.
    4. information on the Internet addresses visited immediately before and immediately after using the Application or its dedicated website.
    5. information about the Internet access provider.
    6. information on the type and speed of the Internet connection.
    7. the unique mobile device identifier assigned by the manufacturer of the mobile device used by the User.
    8. MAC address of the electronic device used by the User.
    9. The User’s preferred language and time zone.
    10. information concerning the User’s online or offline status in the Application.
  4. Cookies and the information collected are used by the Controller for the following purposes:
    1. for remembering the choices, the User makes within the Application and its dedicated website and for providing a faster and more convenient use of the Application and its dedicated website.
    2. to improve the Application and its dedicated website. 
    3. to diagnose and analyze technical problems occurring with the Application and its dedicated website.
    4. to increase the safety of using the Application and its dedicated website.
    5. to allow the User to remain logged in to the Application.
    6. to handle inquiries made by the User.
    7. to generate reports on the use of the Application and its dedicated website by the User.
    8. to provide to the User notifications concerning the User’s Account and the Application.
    9. to enable and ensure the proper use and functionality of the Application and its dedicated website.
    10. for the performance of any obligations and enforcement of any rights resulting from the User’s use of the Application.
    11. for any other purpose agreed with the User.
  1. The Controller on the website dedicated to the Application uses Google Analytics, Google AdWords or other web analytics services offered by third parties, which allow the collection of anonymized data on the use of the Application or its dedicated website by the User, in particular the information listed in section 18 above collected for the purposes indicated in section 19 above. With these tools, the Controller can, for example, track various events, such as which Controller’s pages or emails from us have been opened by the User and which links have been clicked, as well as analyze the traffic on our website. We use this to optimize our communications with Users and to evaluate how our services are being used, to create statistical reports on website activity, and to create a profile of aggregate visitors. In the case of Google Analytics, information about Users’ use of the website and their IP address is transmitted to Google Inc. through the Google Analytics component. To opt out of being tracked by Google Analytics across all Controller’s services, please visit http://tools.google.com/dlpage/gaoptout. Such information may be collected directly by or shared with providers of web analytics services.
  2. The services offered by third parties (Facebook, Google) associated with the Application and the website dedicated to the Application may use their own cookies and similar technologies – in accordance with their own privacy policies.

FINAL PROVISIONS.

  1. The Administrator reserves the right to anonymize any information collected from the User in accordance with the applicable legislation. Anonymized information (non-personally identifiable information) is not subject to restrictions arising from the provisions of this privacy policy and may be used and disclosed to third parties without restriction.
  2. The Controller implements appropriate technical, organizational, and physical measures to protect the collected data and to protect them against unauthorized access. Regardless of the above, no method of electronic data storage and data transmission via the Internet or mobile devices is fully secure and is not guaranteed by the Controller. The User shall use reliable anti-virus software and protect the confidentiality of the login and password enabling the use of the Application.
  3. In matters not regulated by this Privacy Policy, the provisions of the Terms of Service and the applicable legal regulations shall apply.