Privacy policy

Download as PDF

Stand: April 1, 2022

(For ease of reading, we use all personal nouns in their masculine form below. However, we also mean all personal nouns in their feminine form).

In this privacy policy, we inform you to what extent we process your personal data when you use the QuickSpeech software and to what extent we make personal data available to other persons.

1. Cases in which we are the data controller:

1.1      If you register for the basic version of QuickSpeech and use our software with the basic login, we process your personal data as the “controller” within the meaning of the GDPR.

1.2      If you order premium logins from us for third parties, we are also the “controller” with regard to the data that is generated in the course of processing the order and the customer contract with you.

1.3      Our contact details for all data protection questions and requests are as follows:
QuickSpeech GmbH
Linzer Straße 1, Stiege
3B 3003 Gablitz
E-mail: office@quickspeech.net

2. Cases in which we act as a precessor:

2.1      If we collect personal data for you as our customer from persons to whom you yourself or someone on your behalf or with your consent have provided premium logins for use, we process the personal data of these users as “Processor” within the meaning of the GDPR.

2.2      If you use the QuickSpeech software with a premium login, we are therefore not the “controller” of the data processing, but the party that has provided you with this login. Please address all data protection inquiries and requests directly to the controller. If we receive inquiries or requests from you that are directed to the  controller, we will forward them to the controller.

2.3      We have concluded an order processing contract with our customers.

3. Basic information on data processing:

3.1      The protection of our users’ and customers’ personal data is very important to us. We process personal data exclusively within the scope of our corporate purpose and on the basis of the relevant legal regulations (GDPR, DSG, TKG). If we act as a processor, we process data in accordance with the instructions of the respective controller.

3.2      We only provide our customers and third parties with personal data of users to the extent that we have informed you of this in this privacy policy or separately. In addition, our customers and third parties may receive anonymized statistics and evaluations.

 

4. Data processing in cases where you use our software as a user

4.1      When you register as a user or use the QuickSpeech software (via basic or premium logins), we collect the following categories of personal data:

a) Master data, e.g.

  • First and last name
  • E-mail address (optional, for service messages and password reset)
  • Profile picture
  • Team/department/group, who you belong to are (only with the premium version)

b) Login data (user/password hash)

c) Usage data, e.g.

  • Entered/selected answer option incl. evaluation
  • Learning progress
  • Points scored
  • Completed contents
  • News articles, videos, attachments, images etc. viewed in the software.
  • Period of use / periods without use

d) Communication data, e.g. your feedback, messages

e) Technical data, e.g.

  • Login time
  • Operating system incl. version
  • Browser incl. version
  • Device type
  • IP address
  • Set language

f) Interaction data, e.g.

  • Navigation in the software, button clicks
  • Answer selection and changes made
  • Timestamp

4.2 We process this data in order to be able to fulfill the contractual relationship concluded with you (Art. 6 para. 1 lit. b GDPR) and due to our interest in measuring and improving the security and performance of our offer (Art. 6 para. 1 lit. f GDPR). In the event that we process this data as a processor for a customer, the legal basis lies in your consent (Art. 6 para. 1 lit. a GDPR), in a contractual relationship between you and our customer (Art. 6 para. 1 lit. b GDPR) and in the customer’s overriding interest in your training and further education (Art. 6 para. 1 lit. f GDPR). This also includes the interest that the content of the software can be adapted to your level of performance and knowledge through automatic evaluation of your use (machine learning).

4.3 If we process this data under our own responsibility, we do not pass it on to anyone in personal form. If we process the data as our customer’s processor, the customer decides whether and to what extent data is passed on in personal form or disclosed to third parties. The customer can, for example, arrange for data to be passed on in personal form to companies that are superordinate or subordinate in a group or sales structure. The customer will inform you directly about the recipients in this regard.

4.4 If we process your data on our own responsibility, we store it in personal form until you have your account or individual data deleted by us (or change it in your profile yourself). If we process the data as our customer’s processor (i.e. when using premium logins), the customer from whom you received the login decides on the storage period in personal form.

4.5 We process your IP address for a maximum of three months in order to be able to respond to any judicial or official inquiries (e.g. in the event of fraudulent use under a false identity). After this period, your IP address will be shortened so that it can no longer be used to identify you. The legal basis for the processing is our legal obligation to provide information (Art. 6 para. 1 lit. c GDPR) as well as our legitimate interest in protecting ourselves and our customers from abusive behavior and clarifying this behavior (Art. 6 para. 1 lit. f GDPR). We only transmit the IP address at the request of a court or
authority. We may also process the IP address during these three months to check whether a login is being used by several people in breach of contract. This is also justified by our legitimate interest in ensuring that our offers are not shared among several people contrary to the contractual provisions.

4.6      The interaction data mentioned above under 4.1 f) is evaluated by us exclusively statistically and anonymized or pseudonymized immediately after collection. This evaluation is justified by our legitimate interest in improving our offers by evaluating the type of use (e.g. with regard to user-friendliness) and being able to offer our customers evaluations without any personal reference. Interaction data is not used for personalized advertising.

4.7      As a user, you decide for yourself what information you enter in your profile (e.g. whether you upload a profile picture). All this information is visible to the respective administrators (e.g. superiors) and – in some cases, for example in rankings – also to your other users.

The following data is accessible to other users of the QuickSpeech software:

a)        Your position in the ranking list of the relevant group or company, including your points progress and your profile picture, but only if:

  • you are among the top 3 in the ranking; or
  • you are the next best user or second best user of the person who calls up the ranking list function in the QuickSpeech software.

b)      Furthermore, your data and your game progress – the average number of points achieved – are made accessible to other users in your group or company, as other players can use the statistics option in the QuickSpeech software to get an overview of their performance curves compared to the average curve of all users in their company. The score progress of all users is added together and displayed graphically as an average value. The extent to which conclusions can be drawn about specific individuals depends on the size of the team.

4.8       The QuickSpeech software can adapt to the user’s performance level and level of knowledge based on usage, response and learning behavior through machine learning. In this way, the software can enable the user to repeat and practise content that is causing them difficulties in a targeted manner. For this purpose, the software stores usage, response and learning behavior in personal form throughout the entire period of use. This data can be viewed by customers in the Admin Dashboard.

4.9      The usage data listed above under 4.1 c) is also stored after the end of use by the respective user, e.g. in order to be able to display the results for the respective customer to whom the user is assigned as evaluations and graphics. This is justified by the customer’s legitimate interest in training and further education. The deletion of the personal reference takes place at the request of the customer, at the latest at the end of the customer relationship.

5. Data processing in cases where you as a customer use our
software

5.1      If you use the QuickSpeech software as a customer, e.g. use our Admin Dashboard for administration, we process the following categories of personal data:

a)      Login data (user/password hash)

b)      Content data, e.g.

  • Questions defined for users, learncards, question catalogs, challenges, courses, groups, teams
  • Feedback sent by you to users
  • News articles published by you for users
  • Videos published by you for users

c)      Communication data, e.g. feedback

d)      Technical data, e.g.

  • Login time
  • Operating system incl. version
  • Browser incl. version
  • Device type
  • IP address
  • Set language

5.2      We process this data in order to be able to fulfill the contractual relationship concluded with you (Art. 6 para. 1 lit. b GDPR) and due to our interest in measuring and improving the security and performance of our offer (Art. 6 para. 1 lit. f GDPR). Via the Admin Dashboard, customers can not only manage the ordered logins and set content for the assigned users, they can also (if desired and clarified internally) view the user behavior of the assigned users. Customers can view the game progress of the respective users via the Admin Dashboard.

5.3      We store the above-mentioned data in personal form until the contract is fulfilled or you have individual data deleted by us (or change it yourself in your account).

5.4      We process your IP address for a maximum of three months in order to be able to respond to any judicial or official inquiries (e.g. in the event of fraudulent use under a false identity). After this period, your IP address will be shortened so that it can no longer be used to identify you. The legal basis for the processing is our legal obligation to provide information (Art. 6 para. 1 lit. c GDPR) and our legitimate interest in protecting ourselves and our customers from abusive behavior and clarifying this behavior (Art. 6 para. 1 lit. f GDPR). We only transmit the IP address at the request of a court or authority. We may also process the IP address during these three months to check whether a login is being used by several people in breach of contract. This is also justified by our legitimate interest in ensuring that our offers are not shared among several people contrary to the contractual provisions.


6. Data processing when ordering premium logins

6.1      If you order premium logins from us, we collect and store all related data (order date and time, number, type of logins, if applicable, assignment by name, payment methods, payment data, contract data, etc.).

6.2      The legal basis is the fulfillment of our contractual obligation towards you or the implementation of pre-contractual measures (such as requests for quotations) – Art 6 para 1 lit b GDPR. We store all this data until the conclusion of the contractual relationship. Statutory retention obligations (e.g. in accordance with accounting regulations) remain unaffected.

6.3      It is up to the customer to decide whether the ordered premium logins remain anonymous or are provided with the name of the respective user.

7. Data collection when making contact

7.1      If you write to us via the chatbot, the chat or the contact form or contact us via the feedback function, by e-mail or by telephone, we collect and store all the data that you disclose to us in the process. In the case of an online inquiry, you must provide data such as your name, your company, your telephone number, a note and a valid e-mail address. If you do not provide us with this data, we will not be able to process your request.

7.2      The data processing is carried out to carry out pre-contractual measures (such as a request for a quote) or to fulfill a contractual relationship (Art 6 para 1 lit b GDPR) or is based on our legitimate interest in processing the response to the request (Art 6 para 1 lit f GDPR). We only pass the data on to third parties (e.g. to the respective responsible customers/administrators) if this is necessary for answering the inquiry.

7.3      We store the data for the duration of the response to the inquiry and for any follow-up questions. In addition, we store your inquiries for up to a further six months so that you can refer to an older inquiry at a later date.

8. Server-Logging/Operations

8.1      To ensure the security of our services, to protect us against possible attacks and for audit reasons, all access and web service interactions are recorded (using AWS Cloudwatch, ElasticSearch, Sentry).

8.2      Our server logs contain various technical data (user agent, timestamp), user ID and IP address.

Even if you visit our website without registering or logging in, our web server records the data that your Internet browser provides us with (including the name of the page or file accessed, date and time, Internet browser used, number of visits, length of visit, the page from which you came to us (referrer), screen resolution and operating system, IP address). We store the IP address unabridged for a maximum of three months in order to be able to answer any legal or official inquiries (e.g. in the event of a fraudulent order under a false identity). After that, your IP address will be shortened so that it is no longer possible to draw conclusions about your person. The legal basis for the processing is our legal obligation to provide information (Art. 6 para. 1 lit. c GDPR) as well as our legitimate interest in protecting ourselves and our customers from abusive behavior and clarifying this behavior (Art. 6 para. 1 lit. f GDPR). We only transmit the IP address at the request of a court or authority. The other data is evaluated in a non-personalized statistical form so that we can learn more about the use of our platform, correct errors and optimally align our offer to our audience.

8.3       Application Performance Monitoring (APM)

We use the Elasticsearch APM service to record the performance of our software in order to ensure the security, performance and stability of our services. Every web service request is recorded for this purpose: Technical data (see above), user ID, IP address – for the handling of the IP address, see under point 8.2

8.4       Crashlytics (Sentry)

To ensure the stability of the software, crashes and errors are tracked in conjunction with various data:

  • Technical data (see above)
  • Type of error, error text
  • User ID (no IP address)

8.5      The QuickSpeech software in app form is available in the App Store, the Google Play Store and the HUAWEI AppGallery. We also use usagerelated data from these stores to continuously improve our software. In this way, we obtain information about how our software is used and when, why and how our software crashes or does not work. This enables us to draw conclusions and incorporate them into the improvement of our software.
Further information on what information is made available to us can be found
at https://www.apple.com/legal/privacy/de-ww/          and
https://policies.google.com/privacy                             and
https://consumer.huawei.com/at/legal/cookie-policy/.

9. Reference customers, recommendations

9.1      If you allow us to name you publicly as a reference customer, we will process your name, your position and, if applicable, the company logo for this purpose and publish this data, possibly together with a report, a success story and a quote and/or a public relations message on our website and other online channels (e.g. our social media profiles or Google).

9.2      The legal basis for this is your consent (Art. 6 para. 1 lit. a GDPR). We store and process this data until you withdraw your consent.

10. Cookies

10.1    You can read about the cookies set when using our software here: https://quickspeech.at/cookie-richtlinie-eu/ or https://quickspeech.net/cookierichtlinie- eu

11. Forwarding of data, order processing

11.1    The personal data processed by us as the “controller” will be used exclusively by us and will not be passed on to third parties without your consent, a legal obligation or a court or official decision. If we use third parties (“processors”) to carry out orders, we ensure that they use your data exclusively within the framework of the agreement concluded with them, our orders and in compliance with data protection regulations.

11.2    You can find a list of the processors we use here. Some of these providers are based in the USA. The transfer of personal data to the USA takes place under the conditions of Art. 44 ff GDPR. This means that processing in third countries may take place on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU or compliance with officially recognized contractual obligations.

12. Plugins

12.1     YouTube

We have integrated videos from the provider YouTube on our website. When you interact with the video, data may be sent to YouTube, YouTube cookies may be set on your device and YouTube may use them.

A list of the cookies used by YouTube (including purpose and storage duration) can be found in the document above:

Further information about YouTube and the exact scope and purpose of data processing can be found in Google’s privacy policy at
https://policies.google.com/privacy. Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is responsible for data processing.

13. Your rights

You have the right to request information from us about all processed data, the correction or deletion of this data or the restriction of the processing of the data. You can also object to the data processing. You can also revoke your consent to the use of your data at any time by sending an email to office@quickspeech.net. If you withdraw your consent or object, we will delete your data unless we are legally obliged to store it or are entitled to do so for compelling legitimate reasons. If you withdraw your consent, this will not affect the lawfulness of the data processing carried out up to that point. You also have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format. If you believe that your data is being used contrary to the legal requirements, please contact us. We can usually clarify your concerns in a direct conversation. You can also contact the data protection authority with a complaint.

14. Changes to this privacy policy

We reserve the right to amend or supplement this declaration if necessary in order to take account of changes to our offers and the wishes of our users and customers. The date of the last change can be found at the top of this document. Please visit our platform regularly to find out about the current status of the privacy policy.