Privacy policy

Privacy statement

Privacy Policy Whispp B.V.
Email address for privacy-related inquiries info@whispp.com

Introduction

This is the Privacy Policy of Whispp B.V. (‘‘Whispp’’ or ‘‘We’’). Whispp is located at Langegracht 70, 2312 NV, Leiden, and registered with Chamber of Commerce under 78082056. Whispp develops and provides speech technology and a software application that improve the intelligibility of both whisper speech and affected (pathological) speech. Whispp accomplishes this, among other things, with the assistance of artificial intelligence, which is used to convert voice recordings of users. This Privacy Policy explains how we handle personal information we receive when you use our services, including through our website at whispp.com and the Whispp mobile or desktop application (or “app”). We are committed to protecting and safeguarding your privacy and personal information.

This Privacy Policy is written in the Dutch language. We do not garantee the accuracy of any translated versions of this Privacy Policy. Any translations are for your convenience only. To the extent that any translated versions of this Privacy Policy conflict with the Dutch language version, the Dutch language version of this Privacy Policy shall control. You may view the Dutch language version by selecting the Dutch flag from the dropdown at the top of the page.

As an organization, Whispp processes data about individuals (‘‘personal data’’). Personal data are data that tell something about you as a person. Some categories of personal data are more sensitive, such as your medical information or voice recordings. In this Privacy Policy, you can read what happens to your data. Whispp acts as a data controller within the meaning of the General Data Protection Regulation. This concerns data related to individuals who come into contact with Whispp in various ways (‘‘Data subjects’’), these categories are:

  • Individuals interested in the products and services of Whispp (‘‘Interested Parties’’);
  • Individuals who use our application and services (‘‘Users’’);
  • Individuals with whom the user interacts through our application and services but are not users themselves (“Third-Party Users”);
  • Individuals who are medically involved with interested parties and users, such as speech therapists and therapists (“Medically Involved Individuals”);
  • Visitors to our website (‘‘Website Visitors’’);
  • Applicants or individuals considering a job at Whispp (“Applicants”);
  • Individuals from whom we purchase products or services or who work for our suppliers (“Suppliers”);
  • Individuals who are in a relationship with us or work for our partners (“Partners”);

Third parties, other than partners, such as resellers with whom we collaborate (“Third Parties”).
In this Privacy Policy, we clarify, among other things:

Which personal data we process from the different categories of individuals;
For which purposes we process this data and on what legal basis;
What rights these individuals have regarding the data we process about them;
Who you can contact about this Privacy Policy and how Whispp processes personal data about you.

Data Collection: What data do we collect and for what purpose?

What does Whispp do?

Whispp offers an application that assists individuals with voice-related issues through smart speech technology. When using the app, you can choose to modify or enhance your own voice to improve your clarity in communications. Smart speech technology utilizes artificial intelligence, which is of paramount importance for the user experience and capabilities of Whispp, as it enables the real-time shaping of voices and usage of this. This is what we do and, and we take pride in it. The data we collect depends on the context of your interaction with Whispp, the choices you make, and the products and features you utilize. For clarity, a User’s voice recordings for messages and phone calls are used only to personalize a voice for that particular User; they are not captured or used for AI training. Voice recordings from “Contributors” pursuant to separate agreements with Whispp for that particular purpose are used to train the AI model.
Whispp is not a “covered entity” or a “business associate” under the United States Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, and its related regulations and amendments from time to time (collectively, “HIPAA”). It is important to note that HIPAA does not necessarily apply to an entity or person simply because there is health information involved, and HIPAA does not apply to your transactions or communications with Whispp. However, notwithstanding the foregoing, Whispp is committed to safeguarding all of your personal data.

For each data processing activity, we require a legal basis. The legal bases upon which Whispp relies for its processing activities are outlined further in this Privacy Policy.
The Service is not directed to anyone under the age of 18. We do not knowingly collect information from anyone under the age of 18 and/or their internet usage, and such persons are not authorized to use the Service. If we obtain actual knowledge that a User is under 18, we will take steps to remove that user’s personal information from our databases.

What information does Whispp collect automatically from the data subjects?

The Services capture some information about you automatically utilizing background local storage and session storage technologies (“Cookies”). Cookies are small files or other pieces of data which are downloaded or stored on your computer or other device, that can be tied to information about your use of the Services. Examples of information of this type are your IP address, the browser you are using, the operating system you are using, the pages on the website that you visit and details of your transaction activity. When we use Cookies, we may use “session” Cookies that last until you close your browser or “persistent” Cookies that last until you or your browser delete them. You may change your browser setting to decline the use of Cookies.

We use third party analytics services, including Google Analytics and Mixpanel (“Analytics Services”) to help analyze how users use the Services. We use the information we get from Analytics Services only to improve our Services. The information generated by the Cookies or other technologies about your use of our Services (the “Analytics Information”) is transmitted to the Analytics Services. The Analytics Services use Analytics Information to compile reports on user activity. The Analytics Services may also transfer information to third parties where required to do so by law, or where such third parties process Analytics Information on their behalf. Each Analytics Services’ ability to use and share Analytics Information is restricted by such Analytics Services’ Terms of Use and Privacy Policy. By using our Service, you consent to the processing of data about you by Analytics Services in the manner and for the purposes set out above.

For more information regarding how Google collects, uses and shares your information, please visit www.google.com/policies/privacy/partners/. You can deactivate Google Analytics using a browser add-on if you do not wish the analysis to take place. You can download the add-on here: https://tools.google.com/dlpage/gaoptout?hl=en.

For more information on what type of information Mixpanel collects, please visit the Mixpanel’s Terms of Use page at www.mixpanel.com/terms/. You can prevent Mixpanel from using your information for analytics purposes by opting out at www.mixpanel.com/optout.

We operate social media pages on third party networks and have social media icons on our website. When you visit or link to our social media pages, data is processed both by us and the applicable social media provider. Social media providers are unaffiliated with us, and we are not responsible for the content or privacy practices of social media providers. Social media providers have their own terms of use and privacy policies, and we encourage you to review those policies whenever you visit their websites or interact with their platforms.

When using your mobile device to visit, access or use the Service, categories of information that we collect may include:

Your name associated with your mobile device;
Your telephone number associated with your mobile device;
Your geolocation;
Your mobile device ID information.

What information does Whispp collect voluntarily from the data subjects?

Concerning Interested Parties, we may process the following data:
Contact information (name and address details, phone number, and similar data necessary for communication);
Health Insurance information;
Information about hardware and the hardware provider.

When Interested Parties provide explicit consent as defined in the GDPR for categories of data which are considered to be sensitive under the GDPR, we also process:
Age segment and gender;
Data regarding medical conditions.

Concerning Users, we may process the following data:
Contact information (name and address details, phone number, and similar data necessary for communication);
Authentication data (email address and password);
Subscription data;
Device information (such as device type, operating system version, troubleshooting information);
Interaction data (including user ID, time and duration of interaction, call mode (VoIP/PSTN/live/video), IP address);
Information about hardware and the hardware provider
Age segment and gender

When Interested Parties provide explicit consent as defined in the GDPR for categories of data which are considered to be sensitive under the GDPR, we may also process:
Data regarding medical conditions;
Voice recordings;
audio- and video communications; and
your contacts and/or contact information (e.g., names, telephone numbers) stored on or through your mobile device.

Concerning Third-Party Users, we process the following data:
Phone number;
Interaction data (including time and duration of the interaction, call mode (VoIP/PSTN/live/video), IP-address);
audio- and video communication.

Concerning Medically Involved Individuals, we process the following data:
Contact information (name and address details, phone number, and similar data necessary for communication);
Data related to electronic messages originating from or intended for Medically Involved Individuals and data necessary for maintaining contact with Medically Involved Individuals.

Concerning Website Visitors of Whispp, we process the following data:
Data related to visiting our website, such as data for the identification and communication with website visitors or data recorded to track visitor statistics on our website.

Concerning Applicants, we process the following data:
Contact information (name and address details, title, phone numbers, and similar data necessary for communication), date of birth, nationality, place of birth, gender;
Data concerning completed or ongoing education, courses, and internships;
Data concerning the applied-for position;
Data concerning the nature and content of the current employment, as well as any termination thereof;
In some cases: a certificate of good conduct and data regarding an identity document;
Other data necessary for fulfilling the position, provided by the individual or known to them (such as data on a curriculum vitae or results of a competency test);
Other data the processing of which is required by or necessary for the application of legal or regulatory requirements.

Concerning Suppliers, we process the following data:
Contact information (name and address details, phone numbers, and similar data necessary for communication), bank account number (to facilitate electronic payments);
Data for the purpose of making orders or purchasing services;
Data for calculating and recording expenses and making payments;
Data related to electronic messages originating from or intended for Suppliers and data necessary for maintaining contact with these Suppliers;
Other data the processing of which is required by or necessary for the application of legal or regulatory requirements.

Concerning Partners, we process the following data:
Contact information (name and address details, phone numbers, and similar data necessary for communication);
Data related to electronic messages originating from or intended for Partners and data necessary for maintaining contact with these Partners.

Concerning Third Parties, we process the following data:
Contact information (name and address details, phone numbers, and similar data necessary for communication);
Data related to electronic messages originating from or intended for Third Parties and data necessary for maintaining contact with these Third Parties.

For what purposes do we process this data and on what legal basis?

What are the purposes of Whispp’s data processing?

We process personal data for the following purposes:

To perform and deliver our application and services, including providing support;
To complete purchases or transactions;
To improve, repair, and customize our application and services;
To understand how people use our application and services;
To evaluate and enhance our application and services;
To research, develop, and test new services and features;
To conduct troubleshooting activities;
To communicate with data subjects, including to provide status updates, transactional emails and other service communications, to provide notices about a data subject’s account and to contact them through telephone, text, email or chat, as permitted by law, and to send marketing communications;
To enhance our security measures;
For recruitment and selection of new employees;
To comply with laws and regulations to which Whispp is subject and cooperate with regulators, other appropriate agencies or authorities and law enforcement bodies, both within a data subject’s jurisdiction and internationally;
To manage and assure the integrity of our platform;
To protect and defend the rights and property of our users, Client and its affiliates, and third parties;
For other purposes that we tell you about when you register or provide data about yourself to us; and
For other legitimate business and lawful purposes.

Whispp may obtain your written consent from time to time in electronic form by using online agreements or other acknowledgements on the Services, including for any other contemplated uses of your personal data not addressed in this Privacy Policy. These specific uses will be elaborated upon in the agreements. Please read all online agreements carefully before accepting them.
We use your mobile number to send you a confirmation text when you register with us. We may send you service-related announcements when it is necessary (for example, if we must temporarily suspend our service for maintenance). You may choose to receive push notifications from the app related to your usage.

We process the data mentioned above for the purposes listed above on the basis of the following legal grounds.

On which legal grounds under the GDPR does Whispp base these processing activities?

Performance of a Contract: Whispp may process data when the processing is necessary for providing our application and services, such as facilitating interactions between (third-party) users or conducting pre-contractual actions at the user’s request, for example, handling a job application process;

Compliance with a Legal Obligation: Whispp processes data to fulfill necessary legal obligations, such as verifying the identity of our partners and employees;
Legitimate Interests: Whispp may process data when it is necessary for the legitimate interests pursued by Whispp or a third party, provided that these interests outweigh the interests or fundamental rights of the data subject. This includes using contact information for sending unsolicited commercial messages, maintaining business relationships, and improving our application and services;
Consent: When a data subject has given consent for the processing of certain data, Whispp may rely on this consent as a legal basis. Data subjects have the right to withdraw their consent at any time, and Whispp will stop processing their personal data from that moment, unless there is another legal basis for processing.
Explicit Consent: For special categories of personal data as defined in the General Data Protection Regulation (GDPR), such as data related to medical conditions or voice data, Whispp only processes them when the data subject has given explicit consent. There is a distinction between “regular” consent and “explicit” consent when the collecting of aforementioned data occurs within the jurisdiction of the GDPR. Because Whispp may need to use special sensitive categories of personal data to operate its service, it may request explicit consent for processing this type of data. When doing so, this will be clearly stated in the request.

These legal bases ensure that Whispp’s data processing activities are carried out in accordance with the principles of data protection and privacy under the General Data Protection Regulations (GDPR).

With whom can we share personal data?

Whispp is a provider of services headquartered in the Netherlands, and as such may need to share information with internal personnel and third party providers in different geographic locations in order to perform our Services, including without limitation our payment processors, technology providers and professional advisors.

We may disclose information (within or outside your country of residence) if we have a good faith belief that disclosure is necessary by law or the legal process, to protect and defend our or others’ interests or property, or to enforce agreements you enter into with us.
In order to transmit mobile text messages, we share information with platform providers, phone companies, and other third-party service providers who assist us in the delivery of mobile messages. As with all information collected by Whispp, we reserve the right at all times, to the extent permitted by law, to disclose any information as necessary to satisfy any law, regulation or governmental request, to avoid liability, or to protect our rights or property.

Your information may be transferred to another company (within or outside your country of residence) in the event of any reorganization, merger, sale, joint venture, assignment, transfer, liquidation or other disposition of all or any portion of our business, assets or stock with such third party.

We may share aggregated and de-identified information with third parties (within or outside your country of residence) for analytical, research or other similar purposes.
Below are examples of third parties with whom we may share data. We may share personal data about Interested Parties with:
Medically Involved Individuals (when the user indicates there is someone medically involved);
Others, with the consent of the data subject, or when there is a legal obligation.

We may share personal data about Users with:

Medically Involved Individuals (when the user indicates there is someone medically involved);
Suppliers;
Others, with the consent of the data subject, or when there is a legal obligation.

We may share personal data about Applicants with:

Suppliers (e.g., external parties providing our competency tests);
Others, with the consent of the data subject, or when there is a legal obligation.

We may share personal data about Partners with:

Suppliers (e.g., external translation agencies);
Others, with the consent of the data subject, or when there is a legal obligation.

We may share personal data about Third Parties with:

a) Suppliers.

We may share personal data about all data subjects with the consent of the data subject or when there is a legal obligation. When it comes to special categories of personal data as defined under the GDPR, we only do this with the explicit consent of the data subject.

How do we protect your personal data

Whispp has integrated various technical and organizational measures to protect your personal data from destruction, loss, alteration, unauthorized disclosure, or unauthorized access. These measures encompass reasonable administrative, physical, and technological safeguards. No Internet or e-mail transmission is ever fully secure or error free, however. We therefore cannot guarantee absolute security of your data, and we are not responsible for processes and networks that we do not control.

Transfer to countries outside the EEA

It may happen that personal data is transferred to a country outside the European Economic Area (EEA) that provides a lower level of protection for personal data than the regulations within the EEA. For instance, a Supplier of online services that we use might be located outside the EEA (e.g., in the United States of America), and using that service may involve the transfer of personal data to the Supplier.
In such a situation, if personal data is transferred to a country outside the EEA with less legal protection for personal data, we will use commercially reasonable efforts to ensure appropriate safeguards are in place and to ensure that the transfer complies with applicable privacy regulations.

How long do we retain personal data

We retain the personal data we collect for so long as reasonably necessary to fulfill the purposes for which the data was collected and to perform our contractual and legal obligations. We will retain personal data required to comply with privacy requests, to manage active accounts, as required by law, in order to resolve disputes, or to enforce our agreements. We will retain the personal data we process on behalf of our Users as directed by them. We may also retain copies of your personal data for disaster recovery purposes or for our legitimate business purposes.

Notwithstanding the generality of the foregoing, we store email addresses until the user requests to be unsubscribed.

Your rights regarding your personal data

We are committed to facilitating the exercise of your rights granted by the laws of your jurisdiction, which may include the right to request the correction, modification or deletion of your personal information and the right to opt out of the sale or sharing of your personal information (as applicable). We will do our best to honor your requests subject to any legal and contractual obligations. If you would like to make a request, please contact us at info@whispp.com or make changes to any user profile information connected to your account.

If you are located in the European Union, the United Kingdom or another jurisdiction that has adopted laws substantially similar to the European Union’s General Data Protection Regulation (GDPR), your privacy rights include the following:
The right to request whether personal data concerning them is being processed and, if so, to access it;
The right to request rectification and erasure of such data;
The right to object to processing or request restriction of processing;
The right to withdraw consent for processing when processing is based on your consent;

The right to receive or transmit your data to an organization of your choice in a structured, commonly used, and machine-readable format;
Depending on your country of residence, the right to lodge a complaint with a supervisory authority responsible for enforcing data protection rules. In the Netherlands, this authority is the Autoriteit Persoonsgegevens in The Hague (www.autoriteitpersoonsgegevens.nl).

Whispp will handle requests related to the exercise of these rights in accordance with the regulations. These rights are not absolute; they do not apply under all circumstances, and applicable regulations provide for necessary exceptions. If we do not fulfill your request, we will explain why. If you have any questions about our use of your personal information or this Privacy Policy, please contact our complaints officer by email at info@whispp.com

Contact Information

Please contact us if you have any questions about our Privacy Policy, or to exercise the rights described above, by sending an email to info@whispp.com.

Changes

This Privacy Policy was last updated on Jan 2nd, 2024.

If we make changes to this Privacy Policy in the future, we will publish the updated Privacy Policy on our website, along with the date the changes take effect.