Last Modified: July, 2022
- Scope of this policy
- General Information
- Which information we collect about you and why
- How we use the information we collect
- Who may receive information about you
- How we store and secure information we collect
- How to access and control your information
- Overview of the rights you have
We are very delighted that you have shown interest in our enterprise. Speexx, a brand of digital publishing AG (“Speexx”; “we”, “us”, “our”), is offering online language testing and learning solutions to organizations and individuals using web applications via the Speexx Portal on https://portal.speexx.com (the “Service”) and we operate websites on https://www.speexx.com (the “Websites”) to market for the subscription to the Service. We are committed to protecting the privacy of individuals who visit our Websites (“Visitors”) and individuals who register to use the Service (“Users”) (collectively “you” or “your”).
Our Data Protection Principals
Speexx follows these principals to protect the privacy of your personal data:
- We do not collect personal information other than is necessary to provide the Service or the Websites.
- We do not keep your personal information if it is no longer needed.
- Where we provide our Service under contract with an organization (for example your employer) that organization controls the personal information processed by the Service. For more information, please see “Data Processing on Behalf of Customer”.
We, digital publishing AG and its affiliates, assume the role of controller as per the EU General Data Protection Regulation (GDPR). In other words, we are the legal entity that shall determine the purposes and means of the processing of personal data. If you have questions or concerns about how your information is handled, please direct your inquiry to: Tumblingerstraße 32, 80337 Munich, Germany, Tel.: +49 89 74 74 82 0, Fax: +49 89 74 79 23 08, E-mail: email@example.com
Data Protection Officer
Our Data Protection Officer is Felix Frankenberger, Tumblingerstraße 32, 80337 Munich, Germany, E-mail: firstname.lastname@example.org
Processing for another purpose
Data processing on behalf of customer
Many products of our Service are intended for use by organizations. Where the Service is made available to you through an organization (e.g. your employer), that organization is the controller of your personal information and we are the processor of data in accordance with Article 28 (3) of the EU GDPR. In such cases, the data processing is subject to a dedicated data processing agreement between the organization and Speexx. If you have any questions or requests related to your personal data for such managed Service User accounts, please get in touch with your organization.
If you are an organization and you would like to ensure your compliance with the EU-GDPR when using Speexx as a provider, you can use our Data Processing Agreement template available here. Please return the completed and signed agreement to email@example.com.
Which information we collect about you and why
The main reason we process personal data is to fulfil our contractual obligations towards the Users of our Service. The processing of data is required, for example, for us to be able to provide our language training services to you. In addition to this, we process your data to preserve our justifiable interests while taking your interests into account (e.g. when you sign up for our newsletters). In some cases, we are legally obliged to process data (e.g. to pass the data on to any investigative authorities). In all other cases we will ask for your consent to process your data (e.g. when you sign up for one of our online webinars or conferences).
Information you provide when you use our Service or visit our Websites
Information you provide as User of the Service: We collect information about you when you register as a User for the Service, create or modify your profile, set preferences, sign-up for or make purchases through the Service. For example, you provide your contact information (name, address, contact telephone number, email address) so that we can identify you and interact with you. You are also asked to add a nick name to ensure that you do not have to reveal your real identity when interacting with us or other Users of the Service and your time zone to ensure the booking and calendar features of the Service to your profile. We keep track of your preferences when you select settings within the Service (e.g. about the language training topics you are interested in)
Content you provide through the Service: The Service includes the Speexx products you use, where we collect and store content that you post, send, receive and share. This content includes any information about you that you may choose to include. Examples of content we collect, and store include: the comments you add in our Forum, the answers you provide in our Skill Training, the messages and information you exchange with our trainers as part of the language training Service, and any feedback you provide to us. Content also includes the files and links you upload to the Service.
Information you provide as Visitor of our Websites: The use of our Websites is possible without entering personal data. However, if you wish to access content such as white papers, infographics, eBooks or participate in a webinar or Speexx conference, we will ask you to enter personal data, such as name, surname, work email and company name via our Websites. By entering your data, you consent to the processing of your data and to the use of your email address for sending you Speexx contents or event invitations. Please note that when registering for a webinar provided by Speexx and one of our partner organizations, you consent to the processing of your data and the use of your e-mail address by our specific partner who may opt to contact you. You can change mailing/content preferences in the dedicated subscription center at all times.
Information you provide through our customer service channels: The Service and the Websites include our customer support services via a help desk system, where you may choose to submit a question about the Service or information regarding a problem you are experiencing with the Service. Whether you designate yourself as a technical contact, open a support ticket, speak to one of our representatives directly or otherwise engage with our customer service team, you will be asked to provide contact information, a summary of the problem you are experiencing, and any other documentation, screenshots or information that would be helpful to answering your request, via our help desk.
Payment Information: We collect certain payment and billing information when you register for a paid Service. For example, we may ask you to designate a billing representative, including name and contact information, upon registration. You might also provide payment information, such as payment card details, which we collect via secure payment processing services.
Information we collect automatically when you use the Service or the Websites
Your use of the Service: We keep track of certain information about you when you use and interact with our Service. This information includes the features you use, the content you click on and you upload to the Service, and how you interact with our trainers and with other Users of the Service, e.g. when using our virtual classroom.
Device and connection information: We collect information about your computer, phone, tablet, or other devices you use to access the Service or the Websites. This device information includes your connection type and settings when you install, access, update, or use our Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use your IP address and/or country preference to approximate your location to provide you with a better Service experience. How much of this information we collect depends on the type and settings of the device you use to access the Service or the Websites.
How we use the information we collect
How we use the information we collect depends on which Service or Websites you use or visit, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you.
To provide the Service and personalize your experience: We use information about you to provide the Service to you, including to process transactions with you, authenticate you when you log in, provide customer support, and operate and maintain the Service. Our Service includes tailored features that personalize your experience by automatically analyzing your activity to provide activity feeds, notifications and recommendations that are most relevant for you.
For research and development: We are always looking for ways to make our Service smarter, faster, secure, integrated, and useful to you. We use collective learnings about how people use our Service and feedback provided directly to us to troubleshoot and to identify trends, usage, activity patterns and areas for integration and improvement of the Service.
To communicate with you about the Service: We use your contact information to send transactional communications via email and within the Service, including confirming your purchases, responding to your questions and requests, providing customer support, and sending you technical notices, updates, security alerts, and administrative messages. We also provide tailored communications based on your activity and interactions with us. These communications are part of the Service, and in most cases, you cannot opt out of them. If an opt-out is available, you will find that option within the communication itself or in the settings of your Service account.
To market and promote the Service on our Websites: We use your contact information you provide on our Websites to send promotional communications that may be of specific interest to you, including by email and by displaying Speexx ads on other companies’ websites and applications, as well as on platforms like LinkedIn, Facebook, and Google. These communications are aimed at driving engagement and market the Service, including information about industry trends and news, new features, survey requests, newsletters, and events we think may be of interest to you. You can control whether you receive these communications as described below under “Opt-out of communications.”
For safety and security: We use information about you and your Service use to verify accounts and activity, to monitor suspicious or fraudulent activity, and to identify violations of Service policies.
To protect our legitimate business interests and legal rights: Where required by law or where we believe it is necessary to protect our legal rights, interests, and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
With your consent: We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may send you promotional newsletters or invitations to online webinars when you sign up for these.
Who may receive information about you?
Your data can only be viewed by you and Speexx employees who are delivering parts of the Service to you. If you are using the Service through an organization (e.g. your employer, please see “Data processing on behalf of the customer” above), this organization may also have access to your personal data.
We only pass your personal data on to third parties when this is required to fulfill our business purposes (i.e. for payment processing or providing customer service via our help desk), when you have given your consent to this by using our Websites or agreeing on the collection of personal information on our Websites, or when we are obliged to on legal grounds, by court order, or at the request of another official authority.
In cases where we work together with external service providers for our data processing (e.g. for payment processing or providing customer service), this is usually carried out on an order processing basis, whereby we remain responsible for data processing. We review each of these service providers beforehand with regard to the measures they have undertaken to ensure data protection and data security, thereby safeguarding the contractual provisions as stipulated by law for the protection of personal data.
In cases where we use third-party providers on our Websites who will receive personal information about you, you will find the details on how we use those providers and to which extent they receive information about you in the section “Which type of technologies to we use” of our Cookies and Tracking Notice.
We use our help desk provider, Intercom, to process customer inquiries on our websites. Intercom is an online help desk service provider and offers a system for processing customer inquiries via a chat system. Intercom is operated by Intercom R&D Unlimited Company, 2nd Floor Stephen Court 18-21, St. Stephen’s Green, Dublin 2, Ireland.
If you contact our customer service via the chat system integrated into the website, your personal data will be automatically transmitted to Intercom. By using our customer service via the chat system, you consent to the transmission of the personal data required to answer your service request. The personal data exchanged with Intercom is your name, your email address, and all additional data that you provide in the course of your service request.
The legal basis for using Intercom for our customer service is a data processing agreement pursuant to Art. 6(1)(b) GDPR between Speexx and Intercom.
We use the payment provider Stripe for processing payments when you register for a paid Service. Stripe is an online payment service provider. Payments are made via a Stripe plugin. Stripe also offers the possibility to make virtual payments via credit cards. Stripe makes it possible to trigger online payments to third parties or to receive payments. The operating company of Stripe is Stripe, Inc., 185 Berry Street, Suite 550, San Francisco, CA 94107, USA.
If you choose “Credit Card payment” as the payment option during the ordering process of a paid Service, the payment information will be transmitted automatically to Stripe. By selecting this payment option, you agree to the transmission of personal information required for payment processing. The personal information exchanged with Stripe is the purchase sum and your e-mail address, which are both necessary for payment processing. If necessary, Stripe will pass on personal information to affiliates and service providers or subcontractors to the extent necessary to fulfill contractual obligations or to process the data in the order.
You have the possibility to revoke the consent to the handling of personal data at any time from Stripe. A revocation shall not have any effect on personal data which must be processed, used or transmitted in accordance with (contractual) payment processing.
Content assets on our Websites
We use our provider ClickDimensions for managing access to content assets on our Websites (e.g. whitepapers, infographics, e-Books etc). ClickDimensions is a digital marketing service provider and provides a system for collecting data for our opt-in marketing lists. The operating company of ClickDimensions is ClickDimensions LLC, 5901 Peachtree Dunwoody Road, NE, Suite B500, Atlanta, GA 30328, USA.
If you choose to download content assets on our Websites, we will ask you for your consent to forward your personal information to ClickDimensions. The personal information exchanged with ClickDimensions is your name, e-mail address and any additional information you choose to provide as part of your request.
The legal basis for using ClickDimensions for managing access to content assets on our Websites is a data processing agreement pursuant to Art. 6(1)(b) GDPR between Speexx and ClickDimensions, which in turn is EU-US Privacy Shield certified.
Regarding the provision of our Service, we collect information globally and store that information in Germany and the European Union. We may transfer, process and store your information outside of your country of residence, to where we operate for the purpose of providing you the Service. Whenever we transfer your information, we take steps to protect it.
If we do this to fulfill our contractual obligation, this does not require either an adequacy decision pursuant to Article 45 of the EU GDPR or appropriate safeguards pursuant to Article 46 of the EU GDPR.
In cases where the transfer does not serve the fulfilment of our contractual obligations, we have not received consent from you, the transfer is not necessary for the establishment, exercise or defense of legal claims, and no other exemption clause applies, we shall only transfer your data when an adequacy decision pursuant to Article 45 of the EU GDPR or appropriate safeguards pursuant to Article 46 of the EU GDPR are in place.
One of these adequacy decisions is the so-called “Privacy Shield” for the USA. For transfers to companies certified in accordance with the Privacy Shield, the level of data protection is deemed in principle as adequate, pursuant to Article 45 of the EU GDPR. Generally speaking we do not rely on the Privacy Shield alone however. Instead we provide for appropriate safeguards by closing standard data protection clauses as decreed by the European Commission with the recipient body pursuant to Article 46 of the EU GDPR, as well as an adequate level of data protection.
How we store and secure information we collect
Information storage and security
We use our own servers, as well as data hosting and housing service providers in Germany and the European Union to host the information we collect, and we use technical measures to secure your data.
How long we keep information