PRIVACY POLICY
PRIVACY POLICY PROVIDES AN
OVERVIEW OF THE FOLLOWING:
1. DEFINITIONS
2. GENERAL INFORMATION AND CONTACT
DETAILS
3. GENERAL PURPOSES, GROUNDS FOR,
AND ACTIVITIES OF PROCESSING
4. COMPOSITION AND COLLECTION OF
PERSONAL DATA
5. TRANSFER AND AUTHORISED
PROCESSING OF PERSONAL DATA
6. RIGHTS OF THE DATA SUBJECT AND EXERCISE
OF RIGHTS
7. STORAGE AND SECURITY OF
PROCESSING PERSONAL DATA COOKIES AND OTHER WEB
TECHNOLOGIES
1. DEFINITIONS
Under the definitions, you will
find the meaning of the terms often used in the Privacy Policy.
1.1 “Data Subject” or “you” means a natural person regarding
whom we have information or information that can be used to identify a natural
person.
1.2 “Privacy Policy” means this text, which sets
out our principles of personal data processing.
1.3 “Cookies” mean data files stored in
the Data Subject’s device on the Website according to the selection made.
1.4 “Website” means our website https://wa.nsdai.me/.
All terms and definitions in
relation to personal data are used in the same meaning as in the European
Union General Data Protection Regulation (2016/679) (hereinafter “GDPR”).
2. GENERAL INFORMATION
AND CONTACT DETAILS
Under general information, you
will find information about who is the data controller regarding your personal
data, how to contact us and some additional information about this Privacy
Policy.
2.1 About us. Controller of your personal
data is Septentrions OÜ (registry code 14814501, address Kiriku tn 6,
10130, Tallinn, Estonia) - a company engaged in collection of your voice data
for the purpose of machine learning.
2.2 Contacts. You can contact us in
matters related to personal data by e-mail at [email protected].
2.3 About the Privacy Policy. The Privacy Policy is
applicable to Data Subjects, and all our employees and key cooperation partners
who have access to the personal data in our possession are guided by the rights
and obligations specified in the Privacy Policy. We have the right to unilaterally
amend this Privacy Policy. We will notify the Data Subject of all material
changes on the Website or otherwise.
All our processes,
guidelines, actions, and activities related to personal data processing are
based on the following principles: lawfulness, fairness, transparency,
purposefulness, minimisation, accuracy, storage limitation, integrity,
confidentiality, and data protection by default and by design.
3. GENERAL PURPOSES, GROUNDS FOR, AND ACTIVITIES OF PROCESSING
Here you will find information
about the purposes and grounds for processing your personal data.
We use the following grounds as
grounds for personal data processing:
3.1 Consent. Based on consent, we process personal data precisely within the limits,
to the extent and for the purposes for which the Data Subject has given us
their consent. The Data Subject’s
consent to us shall be freely given, specific, informed, and unambiguous, i.e.,
by ticking the box on the Website. We might have gathered your consent to
processes data for the machine learning purpose for the development of Korean
language. Consent might be given on behalf of a child by a parent or legal
guardian.
3.2 Legal obligation. We process personal data to
comply with a legal obligation in accordance with and to the extent provided by
law. We process Personal Data to follow GDPR and other legal
obligations.
3.3 Legitimate interest. Legitimate interest means our
interest in managing or directing our activities. In case we are using
legitimate interest, we have previously assessed your interests. We may process
your personal data based on legitimate interest for the following purposes:
(1) operation of our Website; we may analyse identifiers and
personal data collected via our Website and use it for the operation of our
Website;
(2) network, information, and cyber
security reasons, we take measures
for combating piracy and ensuring the security of the Website as well as for
making and storing back-up copies;
(3) establishing, exercising, or
defending legal claims, we may
use personal data as evidence in a legal dispute.
Data subject has a right to
access legitimate interest analysis related to Data Subject’s personal data
processing (please forward the corresponding request to our e-mail using the
contact details provided in Chapter 2 p 2.2).
3.4 New purpose. Where personal data is
processed for a new purpose other than that for which the personal data are
originally collected or it is not based on the Data Subject’s consent, we
carefully assess the permissibility of such new processing.
4. COMPOSITION AND COLLECTION OF PERSONAL DATA
Here you will find information
about which personal data we collect and how we collect personal data.
4.1 We collect the following types of
personal data:
(1) Personal data disclosed to us by
the Data Subject (i.e., full name, username, data of birth, gender, e-mail,
city, phone number, country, city, nationality, voice sample (audio file, voice
recording date and time, recording level), Korean language proficiency, desired
exam level, native language, TOPIK score, TOPIK grade, level of education,
Korean language study period, residence period in Korea (years), Korean
language study purpose, Korean language study method, Desired NIA exam level);
(2) Personal data resulting from
visiting and using the Website or generated by us (i.e., user data (voice
sample recording date, time, hour, speaker ID).
5. TRANSFER AND AUTHORISED PROCESSING OF PERSONAL DATA
Here you will find information
about the transfer and authorised processing of personal data.
5.1 We cooperate with partners to
whom we may transmit data, including personal data, concerning the Data
Subjects within the context and for the purpose of cooperation. When
transferring personal data to third parties, we comply with the applicable data
protection requirements.
5.2 Such third parties include Korean
government (Ministry of Science of ICT of Republic of Korea), National
Information Society Agency and Korean Governments research partners (Nara Information Co.Ltd, NAVER Corporation, Nectarsoft
Co.,Ltd, Sogang University, Seoul National University, Sungkyunkwan University,
Terinuu Co. LTD, and Koran Society of Speech Science), ICT partners, i.e., service providers for various
technical services, provided that:
(1) the respective purpose and
processing are lawful;
(2) personal data is processed
pursuant to the instructions of the controller and based on a valid contract.
5.3 As a rule, we do not transmit
personal data outside the European Economic Area or to countries about whom EU
Commission has not decided that there is an adequate level of protection. We
transfer personal data to the Republic of Korea. Republic of Korea is a subject
of EU Commission adequacy decision and there are appropriate safeguards in
place.
6. RIGHTS OF THE DATA SUBJECT AND EXERCISE OF RIGHTS
Your personal data belongs to
you, and here you will find information about your rights and protecting of
your personal data.
6.1 Rights concerning consent:
(1) You shall have the right to
withdraw his or her consent at any time. The withdrawal of consent shall not
affect the lawfulness of processing based on consent before its withdrawal.
(2) You can exercise your rights
concerning consent by contacting us at the address [email protected] or
via Websites self-service.
6.2 In the event of processing
personal data, the Data Subject has the following rights, provided that the
prerequisites set out in the GDPR are met:
(1) Right to receive information, i.e., the Data Subject has the
right to receive information about the personal data collected about them.
(2) Right to access data, which includes, inter alia, the
right of the Data Subject to a copy of the personal data processed.
(3) Right to rectification of
inaccurate personal data. The
Data Subject can rectify incorrect data by contacting us using the contact
details provided above.
(4) Right to erasure, i.e., in certain cases, the
Data Subject has the right to obtain the erasure of personal data, for example
where data is processed solely based on consent.
(5) Right to restriction of
processing personal data. This
right arises, inter alia, where the processing of personal data is not
permitted by law or temporarily when the Data Subject contests the accuracy of
personal data.
(6) Right to data portability, i.e., in certain circumstances,
the Data Subject acquires the right to receive their data in a machine-readable
format or to require the transmission of the data to another controller in a
machine-readable format.
(7) Rights related to automated
processing and profiling mean
that the Data Subject, on grounds relating to their situation, has the right to
object at any time to the processing of personal data concerning them based on
automated decisions/profiling and to require human intervention. The Data
Subject may also require an explanation regarding the logic of making an
automated decision. Automated processing/profiling may also be partially based
on data collected from public sources. We do not use automated
processing or profiling that has a significant effect on the Data Subject or
their rights.
(8) Right to object means that Data Subject shall
have the right to object, on grounds relating to his or her situation, at any
time to processing of personal data concerning him or her which is based on
point (e) or (f) of GDPR Article 6(1), including profiling based on those
provisions.
(9) Right to an assessment by a
supervisory authority as
to whether the processing of the personal data of the Data Subject is lawful.
(10) Right to compensation for
damages where the
processing of personal data has caused damages to the Data Subject.
6.3 Exercise of rights. In the event of a question,
request, or complaint regarding the processing of personal data, the Data Subject
has the right to contact us using the contact details provided in Chapter 2 p
2.2.
6.4 Filing complaints:
(1) The Data Subject has the right to
file their complaint with us, the Data Protection Inspectorate, or the court.
(2) Contact details of the Data
Protection Inspectorate (DPI) can be found on the DPI’s website at https://www.aki.ee/en.
7. STORAGE AND SECURITY OF PROCESSING PERSONAL DATA
Here you will find a description
of how we protect your personal data and for how long we store personal data.
7.1 Storage. We store personal data only
for the period necessary for the purpose of processing. As a rule, for the
duration of the period of five years.
When data is processed in
relation to legal claims, we process data until it is necessary for the dispute
(until the dispute is resolved or the expiry date of such claims).
When storage period has expired,
we destroy or anonymise data.
When storing personal data, we
comply with the purpose of processing, limitation periods for potential claims
in the event of filing claims, and storage periods provided for in the law.
7.2 Security measures. We
have established guidelines and rules of procedure on how to ensure the
security of personal data using both organisational and technical measures.
Among others, we do the following to ensure security and confidentiality:
(1) we provide our employees with
access to personal data only where this is necessary for the performance of
their duties and where the respective permission has been requested and rights
have been granted;
(2) a processor may process the
personal data transferred to them only for the purpose and to the extent
necessary for providing the services set out in the contract;
(3) we use software solutions that
help ensure a level of security that meets the market standard.
7.3 In the event of any incident or
breach involving personal data, we do our best to mitigate the consequences and
alleviate the relevant risks in the future. When the personal data breach is
likely to result in a high risk to the rights and freedoms of Data Subject, we
shall communicate the personal data breach to the Data Subject.
8. COOKIES AND OTHER WEB TECHNOLOGIES
Here you will find information
about which Cookies or other technologies we use.
8.1 We may collect data via Website
by using Cookies (i.e., small fragments of information stored in the hard drive
of the Data Subject’s computer or another device by the browser) or other
similar technologies and process such data.
8.2 We use the following types of
Cookies:
8.2.1 Necessary Cookies are required to use the Website – to
navigate the page and use its functions –, and necessary Cookies enable logging
into the Website, distinguishing bots from people, and ensuring other security
functions. Without these Cookies, the Website cannot function properly, and the
provision of service may be hindered. Because necessary Cookies are essential
for the operation of the Website these Cookies are always enabled.
8.3 The processing is generally based
on legitimate interest as only necessary cookies are used.