1. Introduction

Welcome to English, no kidding. Your privacy is critically important to us. This Privacy Policy outlines how [Your Company Name] ("we," "us," or "our") collects, uses, processes, and protects your information when you use our portfolio of 16 applications, our websites, and related services (collectively, the "Services").

We are committed to protecting the privacy of our users, especially students and educators, and handling their data transparently and securely in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

This policy is a legally binding agreement between you and us. By using our Services, you agree to the collection and use of information in accordance with this policy.

2. Data Controller and Data Processor

Under the GDPR, it is important to understand the roles regarding your data:

• Data Controller: When an educational institution (e.g., a school, university, or a teacher in their professional capacity) uses our Services to manage the learning process for its students, the institution is the Data Controller. The institution determines the purposes and means of processing personal data.
• Data Processor: In this relationship, [Your Company Name] acts as the Data Processor. We process personal data on behalf of the Data Controller and in accordance with their instructions, this Privacy Policy, and our Data Processing Addendum (DPA).

If you are an individual user subscribing to our services for personal use, we will be the Data Controller for your personal data.

3. What Information We Collect and Why

We collect only the information necessary to provide and improve our Services.

A. Information You or Your Institution Provides to Us:

• Account Information: When you (or your institution) create an account, we collect information such as your name, email address, password, and your role (e.g., teacher, student). This is necessary to create and manage your account and provide you with access to the Services.
• User-Generated Content: As you use the Services, you may create content, such as responses to exercises, recordings of your voice for speaking practice, and messages exchanged in peer-to-peer interactions. We collect this information to deliver the core functionality of our apps, track progress, and facilitate interaction.
• Communications: If you contact us for support or other inquiries, we will collect your name, email address, and the content of your message to respond to your request.

B. Information We Collect Automatically:

• Usage Data: We collect information about how you interact with our Services. This includes which applications you use, the features you engage with, time spent on activities, and performance data (e.g., scores on quizzes). This helps us understand usage patterns and improve the educational experience.
• Device and Technical Information: We collect technical information about the device you use to access our Services, such as IP address, device type, operating system, browser type, and unique device identifiers. This is for security purposes, to ensure compatibility, and for analytics.
• Cookies and Similar Technologies: We use cookies to operate and administer our website, gather usage data, and improve your experience. For more detailed information, please see our separate Cookie Policy.

4. Legal Basis for Processing Your Data (GDPR)

We process your personal data based on the following legal grounds under GDPR:

Where we process data based on legitimate interest, we have carried out a balancing test to ensure that our interests do not override your fundamental rights and freedoms.

5. Data Sharing and Disclosure

We do not sell your personal data. We will only share your information in the following circumstances:

• With Your Institution (the Data Controller): We share student progress and usage data with their respective teachers and school administrators who have authorized access.
• Third-Party Service Providers: We use a limited number of third-party vendors to help us provide the Services, such as cloud hosting (e.g., Google Cloud, AWS) and analytics. These providers are carefully vetted and are contractually obligated to protect your data and are prohibited from using it for any other purpose.
• For Legal Reasons: We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend our rights or property, or protect the personal safety of users or the public.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

6. Your Data Protection Rights Under GDPR

If you are in the European Economic Area (EEA), you have the following rights:

• The Right to Access: You have the right to request copies of your personal data.
• The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• The Right to Erasure (The "Right to be Forgotten"): You have the right to request that we erase your personal data, under certain conditions.
• The Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• The Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
• The Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

To exercise any of these rights, please contact our Data Protection Officer at [Your DPO Email or privacy@yourcompany.com]. If you are a student or teacher at an educational institution, please direct your request to your institution (the Data Controller) first. We will assist them in responding to your request.

7. Data Security

We take the security of your data very seriously. We use a range of technical and organizational measures to protect your personal data from unauthorized access, use, or disclosure. These include data encryption, access controls, and secure software development practices.

8. International Data Transfers

Your information may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ. If we transfer personal data from the EEA to other countries, we will ensure that a similar degree of protection is afforded to it by using appropriate safeguards, primarily the European Commission's approved Standard Contractual Clauses (SCCs).

9. Children's Privacy

Protecting the privacy of young learners is especially important. Our Services are intended for use by educational institutions. The institution, as the Data Controller, is responsible for obtaining any necessary parental consent as required by law before allowing a child to use our Services. We do not knowingly collect personal information from children under the age of 16 without such consent. If we become aware that we have collected personal data from a child without verification of parental consent, we will take steps to remove that information from our servers.

10. Data Retention

We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy, or as required by our contract with the Data Controller (your institution). We will retain and use your data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For material changes, we will notify you either through the email address you have provided us, or by placing a prominent notice on our Service.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us.

Data Protection Officer:
[Name of DPO, if appointed, or "Privacy Team"]
Email: [Your DPO Email or privacy@yourcompany.com]

Company Address:
[Your Company Name]
[Your Company Address]
[Bari, Apulia, Italy]

You also have the right to lodge a complaint with a supervisory authority. As we are based in Italy, our lead supervisory authority is the Garante per la protezione dei dati personali.