This WordDive Ltd (later referred to as ”Company”) customer registry privacy policy is written according to the General Data Protection Regulation (EU) 679/2016. The Data Protection Regulation is a directly applicable legal framework in all EU Member States from 25.5.2018. WordDive Ltd is committed to following the applicable data protection legal framework when processing your personal information. This Privacy Policy provides a comprehensive explanation of the processing of personal information to customers using the WordDive service (later referred to as ”User”).
If you have any questions about the way your personal information is handled, please contact us at the address below.
1. Name and Address of the Registry Keeper
WordDive Oy
Verstaankatu 1, 2F
33100 Tampere, Finland
2. Contact Information in Registry Matters
info@worddive.com
+358 10 205 4455
(Mobile call charge/local network charge. The call charge may include additional fees if calling from outside of Finland.)
3. Name of Registry
Marketing and Customer Registry of the WordDive service.
4. What Kind of Information is Collected?
Information submitted by the user during registration:
In order to register for the WordDive service and to use the service, the User has to provide their name, email address, preferred password for the user ID (email address), and the country where the service is being accessed from.
If the User registers for the service through Facebook, the Company will know the User’s Facebook username. Apple mobile devices also use a Sign in with Apple functionality which automatically gives the information on your name and email address from your Apple ID. If you want to, you can edit your name and choose to keep your email address private. You can find more information at https://support.apple.com/en-us/HT211687.
In addition, the User can voluntarily give the following information during registration or use of the service: year of birth, gender, first language, and where they heard about the service. Information about age, gender, and first language is used to develop the service, optimize the exercises, and to set the default translation language. Information about where the User heard about the service is used for marketing development purposes.
Information collected automatically during registration:
Personal User identifier
Time of registration
Registration channel
Free sample activation data
User interface language
User type
Time zone
Information generated automatically during use of the service:
First login day
Purchase events
Start and end date of licence
Login data (”Remember me” cookies)
Offer campaign data
Analytics data (Google Analytics)
Learning results
User’s achievements in the mobile app
Hints and reminders shown to User
Time from last password change
Information submitted or selected by the User during use of the service:
Audio files generated by User doing speaking exercises
Wrong answers (not connected to individual users)
Feedback on study material (optional)
Friends added by User (optional)
Study group data (for organisation users)
User’s exams (prep course users)
Grade guarantee refund data (prep course users)
Newsletter subscription or unsubscription
General service usage settings
User’s course-specific settings
User’s language-specific settings
Other information collected and handled for purposes described in section 5:
Notes added manually by customer service or R&D
Information about which emails sent by WordDive the User has opened
5. Why Is My Information Collected?
The information specified in section 4 is collected and processed for the following purposes:
Use of the service
The User’s email address and password are required for registering and logging in to the service, except if the User uses the Sign in with Apple functionality. During purchase events, information related to the purchase, such as the chosen course package and the duration of the licence, is stored so that we can deliver the User the service the User has bought. Information about country is required to set the correct currency and tax.
The WordDive service is based on personal optimisation (profiling), which requires the Company to store information such as the User’s exercise data, including selected, written, and recorded answers. Optional information, such as age and gender, is also used to develop the service and optimise the exercises.
The profile formed as a result of this optimisation consists of information collected from the User during registration and use of the service. This information is necessary to use the service, i.e., to get the individual optimisation.
Much of the other information specified in section 4 is required to use the different features of the service. For example, certificates are sent based on stored results. The settings selected by the User are stored in order to adjust the functioning of the service according to the User’s wishes.
Research and development
The development of WordDive’s features and exercise algorithm is based on different tests and statistical analysis of User behaviour data stored in the database, as well as the Users’ learning results. The data used in research and development is not traceable to an individual User. According to the applicable data protection legal framework, the analysis is made statistically using a large mass of data (e.g. all Users learning English) where the information is stored anonymously and individual Users are no longer identifiable.
Customer service and informing Users
The User’s contact information, payment information, and exercise information is also required to answer customer support requests. These requests usually involve looking at the User’s information and exercise data in WordDive’s management panel and checking payment information in various payment service providers’ management panels. User email addresses are also required for informing purposes.
Marketing
Marketing platform pixels and other similar techniques collect information about Users’ movement and actions in the WordDive service. This information can be used to show them targeted advertising. The purpose of targeted advertising, e.g. in Facebook and Google, is to show each consumer advertisements for products and services the consumer is interested in rather than completely random advertisements.
The visiting User has the right to resist this kind of profiling-based advertising or withdraw consent by disabling “Targeting cookies” from the website’s cookie settings. The registered User can manage their ad settings directly in the social media services they use. Instructions for managing the ad settings can be found from the websites of those services.
Accounting
The User’s personal information is also handled while fulfilling the Company’s legal duties, such as taxation and accounting of the Company. For accounting and taxation purposes, the Company must know, e.g., which products the Users have purchased, how much the products cost, which payment service provider was used, and which country the purchases were made from (country information affects, e.g., the amount of Value Added Tax). User contact information is required in case any problems or misuse issues related to payments arise.
Changes or additions to information usage purposes
In case there are essential changes to the usage purposes of personal information or new purposes are taken into use, the Company will inform the User well in advance before carrying out the changes. In these cases, the Company must also ask the User’s consent for such essential changes or new usage.
6. What Are the Legal Grounds for Information Processing?
There are six legal grounds for processing personal information defined in the EU Data Protection Regulation. These are:
- Consent
- Performance of a contract
- Legal obligation
- Protection of vital interests
- Grounds related to public interest or official authority
- Legitimate interests
WordDive collects and processes personal information mainly on the grounds of consent, performance of a contract, grounds related to the Company’s compliance with legal obligations, and legitimate interests.
Before the User registers to the WordDive service and submits personal information to the Company, the User is requested to read the contents of the Privacy Policy related to the use of this service carefully before consenting to the processing of the User’s personal information. The request for consent is presented clearly and separately from other matters, in an easily understandable and accessible form, in clear and simple language. At the same time, the User is informed that the User has the right to withdraw consent at any time. More information about withdrawing consent is given elsewhere in this Privacy Policy. According to the free consent principle, the User may choose which consent-based personal data usage purposes the User consents to.
Grounds related to performance of a contract means that certain information has to be collected from the User to make it technically possible to use and purchase the service.
Compliance with a legal obligation means processing personal information, e.g., for the purposes of performing the Company’s duties related to accounting and taxation.
The Company may have legitimate interests related to the following functions amongst others: customer service, handling of misuse cases, product and service development.
The collecting and processing of all information listed in section 4 is based on some of these legal grounds. If you would like to get a more detailed explanation of these legal grounds, you may request it by email at info@worddive.com.
If the User does not want to submit personal information which is required on the grounds of performance of contract, grounds related to the Company’s compliance with legal obligations or the Company’s other legitimate interests, the service cannot be used.
7. Which Sources Does the Information Come from?
Personal information is collected mainly from the Users themselves, either directly or through cookies (see section 14). Information is also generated automatically during registration, purchase, and use of the service (see section 4).
Personal information can also be collected from publicly available information and other external sources: registries upheld by authorities (e.g., civil registry) and credit registers.
8. Will Personal Information Be Shared with Third Parties?
Personal information will be shared with payment service providers that charge for products and services ordered from or used via WordDive. The payment service providers used by WordDive are:
- Apple App Store
- Google Play Store
- Klarna AB
- PayPal Europe
- Paytrail Oyj
The processing of information by the abovementioned payment service providers occurs according to the requirements of the EU Data Protection Regulation, and an agreement on the processing and confidentiality of personal information has been made with them. WordDive is responsible for the processing of personal information done by these third parties the same way as it itself is in regard to the User.
Personal and puchase information are also shared with the following third parties:
- Joviaali Oy, responsible for the accounting and payroll of the Company
- Freshdesk, a software used by the customer service of the Company
- Liana Technologies, a software used by the Company in sending newsletters
- Google, a service used by the Company in advertising and analytics
- Facebook, a service used by the Company in advertising
- Instagram, a service used by the Company in advertising
- Snapchat, a service used by the Company in advertising
- Tiktok, a service used by the Company in advertising
- Smartly, a service used by the Company in advertising
- App Annie, an analytics service used by the Company
- Unity, a service used by the Company in product development
- Otavamedia, a partner of the Company in sales and marketing
The processing of information by the abovementioned companies occurs according to the requirements of the EU Data Protection Regulation, and an agreement on the processing and confidentiality of personal information has been made with the companies. WordDive is responsible for the processing of personal information done by these third parties the same way as it itself is in regard to the User.
A User visiting the Company’s website has the right to resist this kind of profiling-based advertising or withdraw consent by disabling “Targeting cookies” from the website’s cookie settings.
A registered User can manage their advertising settings directly in the social media services they use. Instructions on advertising settings used by the marketing partners of the Company can be found directly from the partners’ websites.
The WordDive.com website as well as the WordDive mobile application are located on the servers of the Finnish cloud service provider Nebula in Helsinki. Part of the service is located on the servers of the trustworthy international service provider AWS (Amazon Web Services) in Ireland. Both Nebula and Amazon are ISO 27001–certified.
WordDive can share the User’s information also with other third parties if the User has given their consent to it. WordDive can also use other subcontractors, unnamed here, in the processing of the User’s information as long as the processing happens according to the requirements of the EU Data Protection Regulation.
WordDive is responsible for its subcontractors’ processing of personal information the same way as it itself is in regard to the User. With contractual arrangements, WordDive ensures that subcontractors are bound by non-disclosure and confidentiality, and that they carry out the appropriate technical and organisational measures when processing personal information.
WordDive may also transfer information to a company belonging to the same business group as well as during company reorganisation.
9. Will Information Be Transferred Outside the EU or the ETA?
Some of the third parties mentioned in section 8, with whom personal information of the Users is shared, are companies outside the EU (American). However, all the companies are large, reliable operators that have many clients in the EU area and that follow the principles of the EU Data Protection Regulation.
If personal information is transferred outside the EU or the ETA, the transfers always comply with the EU’s standard contract clauses or other appropriate protective measures to ensure that the transfer complies with the EU Data Protection Regulation’s requirements.
More information about data protection in these companies as well as the international data protection certificates granted to them can be found from the companies’ websites.
10. Right to Inspect and Right to Request Correction
WordDive does not check the correctness of the information submitted by the User. Users logged in to the service can check and change their settings related to the use of the service, as well as the personal information submitted during registration.
The User also has the right to request a copy of all other information concerning themselves from the WordDive customer service, as well as the right to request the correction of any possible incorrect information in the system from the customer service. The copy can be requested by email at info@worddive.com. Requesting a copy is free in principle. However, WordDive may charge a reasonable fee for repeated information requests on the grounds of administrative expenses or refuse to perform the action requested by the User if the request is clearly baseless and unreasonable.
11. Other Rights Related to Processing of Personal Information
Deleting information
The User can delete their own user account through the service settings. The User also has the right to request the Company to delete all the User’s personal information from the WordDive database. Information deletion can be requested by email at info@worddive.com.
All other information, apart from that which is required by official authorities (e.g., payment transaction data for accounting) the data used in research and development which is generated by the use of the service (e.g. written or recorded answers), can be deleted from the database manually. After other information has been deleted, such exercise data cannot be connected to the User. In other words, it becomes anonymous information as recommended by the applicable data protection legal framework.
Refusing direct marketing
The User can forbid the use of their information for direct marketing purposes, marketing research, and opinion polls. WordDive uses the Liana Technologies software for practically all marketing letters and research invitations. The User can unsubscribe from these by disabling emails in their settings or by clicking the newsletter unsubscribing link that can be found in the footer of each newsletter.
Limiting information processing
The User can forbid the use of their information on the so-called Top List, which displays the Users’ first name, the initial of their last names, and the sum of their progress in the service during a certain period of time, e.g., one week. There are two Top Lists: one for the friends added by the User and one for all Users. The purpose of the lists is to motivate the Users and their friends to learn languages.
The Company has the right to save the User’s photo if the User has given the Company the right to use it. The User always retains the right to decide where the picture can be shown or if it can be shown at all.
Transferring information
The User has the right to transfer the information concerning them from one registry keeper to another. In matters concerning transferring information, please contact info@worddive.com.
Right to withdraw consent
If the User has consented to personal data processing that is not based on performance of contract, the Company’s compliance with legal obligations, or the Company’s legitimate interests, the User also has the right to withdraw this consent. Targeting cookies can be disabled from the cookie settings. The User can withdraw consent to direct marketing by disabling emails in their settings.
Right to file notice of appeal to authorities
If the User is of the opinion that WordDive does not comply with the Finnish Personal Data Act or the requirements of the EU Data Protection Regulation, the User has the right to file notice of appeal to an authority. In Finland, this authority is the Data Protection Ombudsman.
12. Storing of Information
WordDive will store User and usage information for a minimum of one year after the end of the User’s last subscription period, unless the User specifically requests to have the information deleted. After this, the information may be deleted from the registry during database clean-ups carried out at certain intervals according to the current practice.
Notwithstanding the above, and for the sake of clarity, it should be noted that information related to purchase events may be stored even after this time, to the extent and for the time the service provider believes it necessary to store this information, in order to carry out accounting and other legal obligations.
13. Use of Cookies
In order to monitor the use of the service and to make it possible, cookies may be introduced to the User’s computer at times. Cookies make it possible for the Company to provide the User with a service that takes the User’s wishes and preferences into account better.
Cookies can also be used to give the User better offers and more personal product recommendations, either directly or through an external service, such as Google or Facebook.
In addition, cookies are used to monitor the number of visitors in the service. Parts of the website require accepting cookies in order to function. Targeting cookies can be disabled from the cookie settings.
You can also manage advertisement settings in your Facebook or Google or other social media account. You can manage cookies on your computer by using a service designed for that purpose, such as Disconnect.
https://disconnect.me/disconnect
For more information concerning browser-based online marketing and online privacy:
https://www.youronlinechoices.com/
14. Registry Protection
All persons handling the registry possess a personal user permission (username, password, and level of rights) granted by the registry keeper. These persons operate under a non-disclosure agreement or are otherwise legally obligated to confidentiality. The personal information of Users is accessible only by persons who need this information to do their work. These include the customer service personnel and technical staff.
WordDive will, to the best of its ability, strive to offer the service in such a way that external parties will not get unlawful access to the User’s information or communications. Other parties connected to providing the service (e.g., payment service providers and network or mobile operators) are responsible for their own data security.
WordDive strives to offer the service according to the principle of Privacy by Default. Personal information is processed in pseudonymous or anonymous form whenever possible. The information content of the registry is technically secured and backups are made regularly.
WordDive carries out the appropriate technical and organisational actions in connection to processing personal information, especially in order to protect personal information from data security breaches. If, despite this, a data security breach (i.e., accidental or illegal destruction, loss, altering, unlawful transfer or access) that causes a high risk to the Users’ rights and freedoms should occur, we will inform without delay the Users of the violation, including its likely effects and the recommended actions for counteracting its harmful effects.
8.9.2023