The General Data Protection Regulation (GDPR) is a new and important EU legislation designed to make data protection laws clearer and more accessible to all individuals within the European Union. This new regulation was approved and adopted in 2016 and will be enforceable on May 25, 2018.Worddio is committed to the new GDPR laws. Below we explain in plain language what is the GDPR, what information we collect about our users, and how this information is used.Please note: The content of this page may change from time to time. We encourage you to revisit this page periodically to stay updated with the most recent adjustments to Worddio’s GDPR compliance.
It’s one of the most important data protection legislations to be introduced in the EU in the last 20 years. The new General Data Protection Regulation of 2018 will replace the 1995 Data Protection Directive.The main goal of the GDPR is to standardize and regulate the handling of personal data about individuals in the EU, including its collection, storage, transfer or use by companies and third parties. Under the GDPR, “personal data” refers to any information relating to an identified or identifiable individual (“data subject”), including, name, address, phone number, email address, government-issued identifier, credit card information, unique identifier, biometric information, photos, videos, location information, device ID or IP address, or any other combination of these.The GDPR gives individuals (legally titled “data subjects”) more rights and control over their personal data on one hand, and considerably increases the legal obligations of companies processing such data, on the other hand. Under the GDPR, “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.EU-based individuals will now have more control and rights over their personal data. This is achieved by companies’ compliance with the new regulations, including the former’s transparent disclosure of how they process the personal data of the data subjects using their service or products.
Data subjects now have the right to receive “fair and transparent” information about the processing of their personal data. Additionally, data subjects now have the right to be forgotten (Data Erasure), the right to request that any complete or correct data (Data Rectification) and the right to request a copy of any personal data stored in their regard (Data Portability). See below the explanation on your Rights with regard to your use of Worddio.One of the fundamental aspects of the GDPR are stricter consent requirements meaning that companies and organizations must obtain data subject’s specific and "active" consent to distinct purposesIn any event of violation of data subject’s rights, he or she has the right to lodge a complaint with a supervise authority. If you're based in the European Economic Area and think that we haven't complied with the GDPR, you have a right to lodge a complaint with the Data Protection Commission with your local supervisory authority.
Under the new GDPR laws, companies must report data breaches to data protection authorities within 72 hours of “first having become aware of the breach.” Companies classified as Data Processors will be required to notify their customers, the controllers, “without undue delay” after first becoming aware of a data breach.
The GDPR requires companies and organizations to implement relevant policies and security protocols, including codes of conduct, perform privacy impact evaluations, have and maintain detailed records on data activities, and enter into written agreements with vendors or any third party that comes in contact with “personal data”.
Under the GDPR legislation, companies and organizations must meet additional requirements if they are involved in profiling or monitoring behavior of EU individuals. Data subjects have the right not to be subject to a decision-based solely on automated processing, including profiling.
The GDPR allows authorities to fine organizations up to the greater of €20 million or 4% of a company’s annual global revenue, depending on the gravity of the breach and damages incurred.
This is still information you should be aware of and understand. The new GDPR legislation applies to any organization that collects and/or uses personal data of individuals in the European Union. This includes tracking individuals’ online activities regardless of whether the organization has a physical presence in the EU.
The GDPR requires that transfer of personal data outside the EU should not undermine the level of protection of data subjects’ rights. Therefore, controllers and processors must comply with GDPR terms and conditions while doing so, including by making data transfers on a lawful mechanism of data transfer or to an adequate jurisdiction as determined by the EU competent authorities.For more information on these new changes and what they include, please visit
INFORMATION WORDDIO COLLECTS AND WHY
Why? To get in touch with you, offer support, and special offers, also your email is your username to login into the app.
Why? To stop learning process when someone calling to you and secure your profile in Worddio
Why? To save all words and phrases that you want to learn
Why? To scan QR codes when you add teachers’ word list
Why? To be able to record your pronunciation and compare it with this on native speakers
Why? Mainly in order to enable the use of our services, to safeguard your profile, and to retrieve your content should anything happen.
Why? Because it’s none of our business :-)
In all circumstances, data will be retained in accordance with the GDPR requirements as following:
Once data is no longer lawfully required it will be destroyed securely.If you wish to change this default setting, you’re welcome to contact us and request that we permanently delete your information, in accordance with the “Contacting Us” section below.
The following is a list of third party providers Worddio uses to make it possible to offer you our product and the services services. The table mentions whether each third party has a Data Protection Agreement (DPA) with Worddio.
|Third Party Company||Has DPA with Worddio?||Third Party GDPR Information|
|Google (BigQuery / Firebase /Google Analytics / TagManager / AdWords)||Yes||Link|
|MailChimp (Mandrill App for user emails)||Yes||Link|
|Coolicehost.com (servers and data backup)||Yes||Link|
|Hotjar (website analytics)||Yes||Link|
|Has GDPR compliant representation||Link|
, data subjects in the EU have a right to erasure (‘right to be forgotten’). This means you have the right to obtain from the controller (in this case Worddio is the controller) the prompt erasure of your associated personal data. Should you decide to exercise this right with regard to your use of Worddio, we will be obligated to erase your personal data without undue delay.Please keep in mind that once you request to exercise your Right to be Forgotten with regard to your use of Worddio, any deleted content and/or information will not be retrievable.
, EU data subjects have the right to rectification of any inaccurate personal data. This means you may request to correct, amend or delete information we hold about you.
, EU data subjects have the Right to Data Portability. This means you have the right to request a copy of any personal data stored in your regard by Worddio. This is assuming you haven’t yet exercised your Right to be Forgotten. See below the steps to achieve that.
If you have any questions or concerns regarding how we use your information, please contact us at
and mention “GDPR” in your message’s subject line.