Privacy policy

Privacy statement

Whispp B.V. Email address for privacy-related inquiries (info@whispp.com)

1. Introduction

This is the privacy statement of Whispp B.V. (‘‘Whispp’’ or ‘‘We’’). Whispp is located at Langegracht 70, 2312 NV, Leiden, and registered with Chamber of Commerce under 78082056. Whispp develops and provides speech technology and software application that improve the intelligibility of both whisper speech and affected (pathological) speech. Whispp accomplishes this, among other things, with the assistance of artificial intelligence. This privacy statement explains how w handel personal information we receive when you use our services. We are commuted to protecting and safeguarding your privacy and personal information. Our privacy policy and this privacy statement comply with the General Data Protection Regulation (‘‘GDPR’’).

As an organization, Whispp processes data about individuals (‘‘personal data’’). Personal data are data that tell something about you as a person. Some categories of personal data are more sensitive, such as you medical information or voice recordings. We respect your privacy and take all necessary measures to protect personal data. In this statement, you can read what happens to your data. Whispp acts as a data controller within the meaning of the General Data Protection Regulation. This concerns data related to individuals who come into contact with Whispp in varioys ways (‘‘Data subjects’’), these categories are:

1. Individuals interested in the products and services of Whispp (‘‘interested parties’’);

2. Individuals who use our application and services (‘‘users’’);

3. Individuals with whom the user interacts through our application and services but are not users themselves (“third-party users”);

4. Individuals who are medically involved with interested parties and users, such as speech therapists and therapists (“medically involved individuals”);

5. Visitors to our website (‘‘website visitors’’);

6. Applicants or individuals considering a job at Whispp (“applicants”);

7. Individuals from whom we purchase products or services or who work for our suppliers (“suppliers”);

8. Individuals who are in a relationship with us or work for our partners (“partners”);

9. Third parties, other than partners, such as resellers with whom we collaborate and individuals who contact Whispp (“third parties”).

In this Privacy Statement, we clarify, among other things:

· Which personal data we process from the different categories of individuals;

· For which purposes we process this data and on what legal basis;

· What rights these individuals have regarding the data we process about them;

· Who you can contact about this Privacy Statement and how Whispp processes personal data about you.

2. Data Collection: What data do we collect and for what purpose?

What does Whispp do?

Whispp offers an application that assists individuals with voice-related issues through smart speech technology. When using the app, you can chose to modify or enhance your own voice to improve your clarity in communications. Smart speech technology utilizes artificial intelligence, which is of paramount importance for the user experience and capabilities of Whispp, as it enables the real-time shaping of voices and usage of this. This is what we do and, and we take pride in it. The data we collect depends on the contect of your interaction with Whispp, the choices you make, and the products and features you utilize. For each data processing activity, we require a legal basis. The legal bases upon which Whispp relies for its processing activities are outlined further in this Privacy Statement.

What information can Whispp collect from the data subjects?

1. Concerning Interested Parties, we process the following data:

a) Contact information (name and adress details, phone number, and similar data necessary for communication);

b) Health Insurance information;

c) Information about hardware and the hardware provider.

When Interested Parties provide explicit consent as defined in the GDPR, we also process:

d) Age segment and gender;

e) Data regarding medical conditions.

2. Concerning Users, we process the following data:

a) Contact information (name and address details, phone number, and similar data necessary for communication);

b) Authentication data (email address and password);

c) Subscription data;

d) Device information (such as device type, operating system version, troubleshooting information);

e) Interaction data (including user ID, time and duration of interaction, acall mode (VoIP/PSTN/live/video), IP address);

f) Information about hardware and the hardware provider

g) Age segment and gender

When Interested Parties provide explicit consent as defined in the GDPR, we also process:

h) Data regarding medical conditions;

i) Voice recordings;

j) audio- and video communications;

k) Health Insurance information.

3. Concerning Third-Party users, we process the following data:

a) Phone number;

b) Interaction data (including time and duration of the interaction, call mode (VoIP/PSTN/live/video), IP-address);

c) audio- and video communication.

4. Concerning Medically Involved Individuals, we process the following data:

a) Contact information (name and address details, phone number, and similar data necessary for communication);

b) Data related to electronic messages originating from or intended for medically involved individuals and data necessary for maintaining contact with medically involved individuals.

5. Concerning Website Visitors of Whispp, we process the following data:

a) Data related to visiting out website, such as data for the identification and communication with website visitors or data recorded to track visitor statistics on our website.

6. Concerning Applicants, we process the following data:

a) Contact information (name and address details, title, phone numbers, and similar data necessary for communication), date of birth, nationality, place of birth, gender;

b) Data concerning completed or ongoing education, courses, and internships;

c) Data concerning the applied-for position;

d) Data concerning the nature and content of the current employment, as well as any termination thereof;

e) In some cases: a certificate of good conduct and data regarding an identity document.

f) Other data necessary for fulfilling the position, provided by the individual or known to them (such as data on a curriculum vitae or results of a competency test);

g) Other data the processing of which is required by or necessary for the application of legal or regulatory requirements.

7. Concerning Suppliers, we process the following data:

a) Contact information (name and address details, phone numbers, and similar data necessary for communication), bank account number;

b) Data for the purpose of making orders or purchasing services;

c) Data for calculating and recording expenses and making payments;

d) Data related to electronic messages originating from or intended for suppliers and data necessary for maintaining contact with these Suppliers;

e) Other data the processing of which is required by or necessary for the application of legal or regulatory requirements.

8. Concerning Partners, we process the following data:

a) Contact information (name and address details, phone numbers, and similar data necessary for communication);

b) Data related to electronic messages originating from or intended for partners and data necessary for maintaining contact with these Partners.

9. Concerning Third Parties, we process the following data:

a) Contact information (name and address details, phone numbers, and similar data necessary for communication);

b) Data related to electronic messages originating from or intended for third parties and data necessary for maintaining contact with these third parties.

3. For what purposes do we process this data and on what legal basis?

What are the purposes of Whispp’s data processing?

We process personal data solely for the following purposes:

1. To perform and deliver our application and services, including providing support;

2. To complete purchases or transactions;

3. To improve, repair, and customize our application and services;

4. To understand how people use our application and services;

5. To evaluate and enhance our application and services;

6. To research, develop, and test new services and features;

7. To conduct troubleshooting activities;

8. To maintain contact with data subjects;

9. To enhance our security measures;

10. For recruitment and selection of new employees;

11. To comply with laws and regulations.

As we adhere to the principles of purpose limitation and data minimization, we will never use the data for purposes other than those described above. We will also not collect data that is incompatible with the purposes outlined above.

Furthermore, we may only process personal data if there is a valid legal basis for doing so. We process the data mentioned above for the purposes listed above only on the basis of the following legal grounds.

Since Whispp also deals with more specific types of data, we have conducted a Data Protection Impact Assessment (‘‘DPIA’’). This is an instrument through which we assessed potential privacy risks in advance. We do this to comply with our accountability obligations under the GDPR. In this way, all data is collected only when based on a legal processing ground. For Whispp, the following legal bases are relevant for the stated purposes.

On which legal grounds under the GDPR does Whispp base these processing activities?

1. Performance of a Contract: Whispp may process data that are not special, sensitive categories of personal data when the processing is necessary for providing our application and services, such as facilitating interactions between (third-party) users or conducting pre-contractual actions at the user’s request, for example, handling a job application process;

2. Compliance with a Legal Obligation: Whispp processes data to fulfill necessary legal obligations, such as verifying the identity of our partners and employees;

3. Legitimate Interests: Whispp may process data when it is necessary for the legitimate interests pursued by Whispp or a third party, provided that these interests outweigh the interests or fundamental rights of the data subject. This includes using contact information for sending unsolicited commercial messages, maintaining business relationships, and improving our application and services;

4. Consent: When a data subject has given consent for the processing of certain data, Whispp may rely on this consent as a legal basis. Data subjects have the right to withdraw their consent

at any time, and Whispp will stop processing their personal data from that moment, unless there is another legal basis for processing; or

5. Explicit Consent: For special categories of personal data, such as data related to medical conditions or voice data, Whispp only processes them when the data subject has given explicit consent. There is a distinction between “regular” consent and “explicit” consent. Because Whispp needs to use special sensitive categories of personal data to operate its service, it may request explicit consent for processing this type of data. When doing so, this will be clearly stated in the request.

These legal bases ensure that Whispp’s data processing activities are carries out in accordance with the principles of data protection and privacy under the GDPR.

4. With whom can we share personal data?

Whispp will not sell, rent, or otherwise disclose your personal data to third parties unless necessary for the purposes for which they are processed as described in this privacy statement or as required by law. We require such third parties to use the personal data we transfer to them only for the purpose for which it was transferred and not to retain the data longer than necessary to fulfill that purpose. We will never explicitly sell your personal data to third parties. Below are the third parties with whom we may share data if necessary for the service or with your consent.

We may share personal data about interested parties with:

a) Medically involved individuals (when the user indicates there is someone medically involved);

b) Others, with the consent of the data subject, or when there is a legal obligation.

We may share personal data about users with:

a) Medically involved individuals (when the user indicates there is someone medically involved);

b) Suppliers;

c) Others, with the consent of the data subject, or when there is a legal obligation.

We may share personal data about applicants with:

a) Suppliers (e.g., external parties providing our competency tests);

b) Others, with the consent of the data subject, or when there is a legal obligation.

We may share personal data about partners with:

a) Suppliers (e.g., external translation agencies);

b) Others, with the consent of the data subject, or when there is a legal obligation.

We may share personal data about third parties with:

a) Suppliers.

We may share personal data about all data subjects with the consent of the data subject or when there is a legal obligation. When it comes to special categories of personal data, we only do this with the explicit consent of the data subject.

5. How do we protect your personal data

Whispp has integrated various technical and organizational measures to protect your personal data from destruction, loss, alteration, unauthorized disclosure, or unauthorized access. These measures encompass administrative, physical, and technological safeguards. Whispp does not use subprocessors for training the service. Individuals working with us are bound by confidentiality and are required to adhere to our instructions aimed at ensuring the adequate protection of your data.

6. Transfer to countries outside the EEA

It may happen that personal data is transferred to a country outside the European Economic Area (EEA) that provides a lower level of protection for personal data than the regulations within the EEA. For instance, a supplier of online services that we use might be located outside the EEA (e.g., in the United States of America), and using that service may involve the transfer of personal data to the supplier.

In such a situation, if personal data is transferred to a country outside the EEA with less legal protection for personal data, we will ensure appropriate safeguards are in place to ensure that the transfer complies with applicable privacy regulations. This way, the European level of protection is maintained.

7. How long do we retain personal data

We do not retain personal data longer than necessary for: i) the purposes for which the personal data is processed; ii) compliance with laws and regulations. For example, data necessary for our accounting administration or bookkeeping may be retained for seven years. Data that is no longer necessary will be securely destroyed.

8. Your rights regarding your personal data

The GDPR grants individuals the following rights regarding personal data concerning them:

a) The right to request whether personal data concerning them is being processed and, if so, to access it;

b) The right to request rectification and erasure of such data;

c) The right to object to processing or request restriction of processing;

d) The right to withdraw consent for processing when processing is based on your consent;

e) The right to receive or transmit your data to an organization of your choice in a structured, commonly used, and machine-readable format;

f) Depending on your country of residence, the right to lodge a complaint with a supervisory authority responsible for enforcing data protection rules. In the Netherlands, this authority is the Autoriteit Persoonsgegevens in The Hague (www.autoriteitpersoonsgegevens.nl).

Whispp will handle requests related to the exercise of these rights in accordance with the regulations. These rights are not absolute; they do not apply under all circumstances, and applicable regulations provide for necessary exceptions. We consider the essential applicability of fundamental rights and freedoms when addressing these requests. If we do not fulfill your request, we will explain why. The limitation will only be a necessary and proportionate measure to safeguard national security, public interests, or your protection or the rights and freedoms of others. If you have any questions about our use of your personal information or this privacy statement, please contact our complaints officer by email at info@whispp.com

9. Cookies

Functional and analytical cookies are collected when visiting our website. These cookies automatically collect certain data about activity on our website. Information that can be processed includes, but is not limited to, browser type, IP address, operating system data (version number and hardware ID), and network data (routes and latency). We use this information to provide our website correctly and optimize your experience. We process technical information based on our legitimate interest in doing so, namely our legitimate business interest in providing and improving our services.

10. Contact Information

To exercise the rights described above, you can send an email to info@whispp.com. You can also use this email address to file a complaint about how Whispp has processed your personal data. If you are not satisfied with how we have handled your complaint, you can lodge a complaint with the Autoriteit Persoonsgegevens or, if you reside or work in another EEA country, with the supervisory authority in that country.

11. Changes

This statement was last updated on September 27, 2023.

If we make changes to this statement in the future, we will publish the updated statement on our website, along with the date the changes take effect. If there are changes that may significantly affect one or more data subjects, we will make our best effort to inform those data subjects directly.