1. Privacy at a Glance
General information
The following information provides a simple overview of what happens to personal data when you use the „Kiggbe“ application (app). Personal data refers to all data that can be used to personally identify you. For detailed information on data privacy, please refer to our privacy policy listed below this text. This is a translation of the leading German document.
The terms used are not gender-specific.
Effective Date: October 15, 2024
What data does the „Kiggbe“ app collect?
The app primarily collects voice data to provide users with language practice in a simulated dialogue. This voice data is stored for the duration of the dialogue and shared with ChatGPT as a dialogue partner to enhance the dialogue scenario. If the user’s consent is given, the title and language of the selected dialogue scenarios are anonymized and sent to our Firestore server. This data allows us to assess which topics are of interest to users and which are less so. We appreciate your support.
Collection and Processing of Personal Data
This app does not collect personal data such as name, address, phone number, or email address when used. It is not necessary to create an account or go through a registration process to use the app. Device-specific data such as IP addresses or device identification numbers are not used by us. Payment transactions are handled through the Google Play Store and Apple App Store.
Voice Recordings and Their Processing
As part of the language training function, voice recordings are created and converted into text via speech recognition. These texts are sent to the ChatGPT server to generate a dialogue response. The app stores the converted user dialogues only for the duration of the program runtime without personal data. The app provides both audio and visual cues to indicate recording. No voice recordings are made outside of the training. No voice records or textual voice records are stored by the app. The app suggests corrections and improvements to the spoken sentences. The app does not collect or store data on speech quality or error rates.
Other Types of Data Collection
To implement the speech dialogue, the app and the mobile phone operating system access technical data, such as connection data to the ChatGPT server. This collection occurs automatically once you start the training.
What do we use your data for?
Some of the data is collected to ensure the app functions correctly, such as the voice data. Voluntary data about the selected dialogue scenarios allows us to effectively design the selection of dialogue topics. Technical data is necessary to provide the service.
What role does ChatGPT play in data processing?
The dialogues spoken by users, which are transmitted as text to ChatGPT from OpenAI, are stored on OpenAI’s servers in accordance with OpenAI’s privacy policy. Kiggbe does not associate these contents with personal attributes, such as linking dialogue texts with usernames, device IDs, or IP addresses. According to OpenAI, the transmitted texts can be anonymized for training OpenAI models. We recommend using fictional personal information in dialogues that might contain personal details (e.g., „Where should the letter be sent?“). For more information, please see: OpenAI Privacy Policy.
What rights do you have regarding your data?
You have the right to request information about the origin, recipients, and purpose of your stored personal data at any time free of charge. You also have the right to request the correction or deletion of this data. If you have consented to data processing, you can revoke this consent at any time for the future. Furthermore, you have the right to request the restriction of the processing of your personal data under certain circumstances. You also have the right to lodge a complaint with the competent supervisory authority. For these and other questions about data privacy, you can contact us at any time.
2. General Information and Mandatory Information
Data Protection
Protecting your personal data is of great importance to us. We treat personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
This privacy policy informs you about what data we collect, how we use this data, and for what purpose the collection and use are carried out. Please note that data transmission on the internet (e.g., when communicating via email) can have security gaps. Complete protection of data from access by third parties is not possible.
Responsible Party
The responsible party for data processing in this app is: DGL Lernsoftware
Berensberger Winkel 22
52072 Aachen
Germany
Phone: +49 1573 227 2860
Email: info@dgl-lernsoftware.com
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).
Storage Duration
We delete personal data in accordance with legal regulations as soon as the underlying consents are withdrawn or there are no longer any legal grounds for processing. This occurs when the original purpose of processing ceases or the data is no longer needed. Exceptions exist when legal obligations or special interests require longer retention or archiving of the data. Data retained for commercial or tax reasons, or data required for legal proceedings or protecting the rights of other natural or legal persons, are archived accordingly. Our privacy notices provide additional information on the retention and deletion of data specifically for certain processing activities.
General Information on Legal Bases for Data Processing in this App
If you have consented to data processing, we process your personal data based on Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of personal data are processed under Art. 9(1) GDPR. If there is explicit consent to transfer personal data to third countries, data processing is additionally based on Art. 49(1)(a) GDPR. If you have agreed to the storage of cookies or access to information on your device (e.g., via device fingerprinting), data processing is also carried out in accordance with § 25(1) TTDSG. Your consent can be withdrawn at any time.
Data Processing Based on Legitimate Interest
Data processing can also be based on our legitimate interest under Art. 6(1)(f) GDPR. We will inform you about the specific legal basis for processing in each individual case in the following sections of this privacy policy.
Data Protection Officer
We have appointed a data protection officer.
DGL Lernsoftware UG (haftungsbeschränkt)
Dorothee Lanfermann
Berensberger Winkel 22,
52072 Aachen
Germany
Phone: +49 1573 2272860
Email: info@dgl-lernsoftware.com
National Data Protection Regulations in Germany
In addition to the GDPR, national regulations on data protection apply in Germany, including the Federal Data Protection Act (BDSG). The BDSG includes specific regulations on the right to information, the right to deletion, the right to object, processing of special categories of personal data, processing for other purposes, and the transfer as well as automated decision-making in individual cases, including profiling. State data protection laws of individual federal states may also apply.
Information on the Application of GDPR and Swiss DPA
These data protection notices serve to provide information under both the Swiss DPA and the GDPR. We ask you to note that, due to broader spatial application and comprehensibility, the terms of the GDPR are used. Specifically, instead of the terms used in the Swiss DPA, such as „processing“ of „personal data,“ „overriding interest,“ and „particularly sensitive personal data,“ the terms „processing“ of „personal data,“ „legitimate interest,“ and „special categories of data“ used in the GDPR are applied. However, the legal meaning of the terms continues to be defined under the Swiss DPA.
Recipients of Personal Data
As part of our business activities, we work with various external entities, which may sometimes require the transfer of personal data. We only share personal data if this is necessary for the fulfillment of a contract, if we are legally obligated to do so (e.g., transfer of data to tax authorities), if we have a legitimate interest under Art. 6(1)(f) GDPR in sharing the data, or if another legal basis permits data sharing.
Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)
If your personal data is processed based on Art. 6(1)(e) or (f) GDPR, you have the right to object to this processing at any time for reasons arising from your particular situation. This also applies to profiling based on these provisions. After an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms or if the processing serves to assert, exercise, or defend legal claims (Art. 21(1) GDPR).
If your personal data is processed for direct marketing purposes, you have the right to object to the processing of your personal data for this purpose at any time. This also applies to profiling, as far as it is related to direct marketing. If you object, your personal data will no longer be used for direct marketing purposes (Art. 21(2) GDPR).
Right to lodge a complaint with the competent supervisory authority
In the event of violations of the GDPR, affected individuals have the right to lodge a complaint with a supervisory authority. This can be done particularly in the member state of their habitual residence, place of work, or the location of the alleged violation. The right to complain is without prejudice to other administrative or judicial remedies.
Right to data portability
You have the right to receive data that we process automatically based on your consent or in the performance of a contract, in a commonly used, machine-readable format, or to have it transferred to a third party. If you request the direct transfer of the data to another responsible party, this will only be done to the extent technically feasible.
Access, rectification, and erasure
Within the framework of applicable legal provisions, you have the right to obtain information about your stored personal data, its origin, recipients, and the purpose of the data processing at any time free of charge. You may also have the right to request the rectification or deletion of this data. For these and other questions on personal data, you can contact us at any time.
Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. For this, you can contact us at any time. This right exists in the following cases:
- If you contest the accuracy of your personal data stored by us, we generally need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
- If the processing of your personal data was or is unlawful, you can request the restriction of data processing instead of erasure.
- If we no longer need your personal data, but you require it to establish, exercise, or defend legal claims, you have the right to request the restriction of processing instead of deletion.
- If you have filed an objection pursuant to Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
- If the processing of your personal data has been restricted, these data may only be processed – apart from being stored – with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.
Encryption during data transmission
The app establishes an encrypted connection to protect the transmission of data to the ChatGPT OpenAI server interface (referred to as „API“). The OpenAI API encrypts data during transmission using TLS (Transport Layer Security) 1.2 or higher. TLS 1.2+ ensures a secure communication channel by encrypting the connection, which protects the confidentiality and integrity of data during transmission over the Internet.
Data Analysis
This app uses Google Firestore to analyze training selection. Google Firestore is a cloud service provided by Google LLC that stores data in data centers worldwide. Further information on Google’s data processing can be found in Google’s privacy policy. The provider is Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland. We receive anonymized usage data regarding the selection of topics in training. This information helps us to tailor the topic selection to user preferences.
The following data is sent to Google Firestore for analysis purposes: training topic, selected language, level of difficulty, and playback speed. These data are used to analyze the use of the different sessions and improve the app’s quality.
Google LLC is certified under the „EU-US Data Privacy Framework“ (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards in data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. Further information can be obtained from the provider at the following link: EU-US Data Privacy Framework.
We have entered into a data processing agreement with Google and fully comply with the strict requirements of the German data protection authorities when using Google Firestore.
3. Plugins und Tools
ChatGPT
This app uses ChatGPT for dialogue generation. No personal data is sent to ChatGPT. The provider of ChatGPT is OpenAI, 3180 18th St, San Francisco, CA 94110, USA, https://openai.com. When you start a training session through our app and ChatGPT is activated, your speech input is converted into text and sent, along with metadata, to ChatGPT’s servers, where it is processed to generate an appropriate response. OpenAI reserves the right to use the inputs made in ChatGPT to further train its own algorithm. We cannot assess how exactly the data is processed.
The use of ChatGPT is based on Art. 6 para. 1 lit. f GDPR. The purpose of the application can only be achieved with the use of modern technical solutions. Accordingly, the user’s consent is assumed. The data processing is solely based on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be withdrawn at any time by deleting the app from the mobile device.
We have signed a data processing agreement (DPA) for the use of the above service. This is a legally required contract that ensures that ChatGPT processes personal data of our app users only according to our instructions and in compliance with the GDPR.
Google and Apple Speech-to-Text
This app uses both Google Speech-to-Text and Apple Speech-to-Text to convert voice inputs into text. Both services process voice inputs on the servers of the respective providers to convert the input into text form for the app.
Google Speech-to-Text is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. More information can be found here: https://cloud.google.com/speech-to-text. Google is certified under the EU-U.S. Data Privacy Framework (DPF).
Apple Speech-to-Text is provided by Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA. More information can be found here: https://www.apple.com/privacy. Apple also adheres to strict data protection standards, including the GDPR, to ensure the security of processed data.
When using these services, only the spoken voice input and technically necessary metadata (e.g., language settings) are transmitted to Google or Apple’s servers. No personal data such as names, addresses, or other information that can be directly linked to the user is sent to the speech processing services.
The transmitted voice data is exclusively used to convert the voice input into text. This text data is used in the app to design the language learning dialogue via ChatGPT. The voice data is neither permanently stored nor used for other purposes.
Google and Apple implement strict security measures to ensure the integrity of the transmitted data. These measures include encryption during transmission and compliance with data protection standards, as required by the EU-U.S. Data Privacy Framework (DPF) and the GDPR. We have signed data processing agreements (DPA) with both providers to ensure that the data is processed according to our instructions and the applicable data protection regulations.
Google Fonts
This app uses Google Fonts for the uniform display of fonts, provided by Google. These Google Fonts are stored locally within the app. They are not provided through Google’s servers during runtime. When using locally stored Google Fonts, no personal data is transmitted to third parties. Since no connection to Google servers is established, there is no need to inform users about data transmission or to obtain their consent.