Privacy

Privacy Statement Whispp

1. Introduction

Whispp develops and provides speech technology and software applications that improve the intelligibility of both whisper speech and affected (pathological) speech. Whispp B.V. (Chamber of Commerce (KvK): 78082056) is located at Langegracht 70, 2312 NV, Leiden in The Netherlands (“Whispp” or “we”).

As an organization, Whispp processes data about individuals (“personal data”). In so doing, Whispp generally acts as a data controller within the meaning of the General Data Protection Regulation (“GDPR”). This involves data relating to (“data subjects”):

  1. individuals interested in the products and services of Whispp (“interested individuals”);
  2. individuals who use our application and services (“users”);
  3. individuals with whom the user interacts through our application and services but is not itself a user (“third-party users”);
  4. individuals medically involved with interested individuals and users, such as speech therapists and therapists (“medical stakeholders”);
  5. visitors to our website (“website visitors”);
  6. applicants or individuals orienting on employment within Whispp (“job applicants”);
  7. individuals from whom we purchase products or services or who are employed by

our suppliers (“suppliers”);

  1. individuals who are a relation of ours or employed by our relations (“relations”);
  2. third parties other than relationships, such as resellers with whom we work and persons who contact Whispp (“third parties”).

In this Privacy Statement, we explain, among other things:

  • What personal data we process from the categories of individuals;
  • For what purposes we process personal data and on what legal basis;
  • What rights individuals have regarding the data we process about them;
  • Who you can contact about this Privacy Statement and how Whispp processes personal data about you.
  1. What personal data do we process
  1. From interested individuals we process the following data:
    1. contact information (name and address, telephone number and similar information required for communication);
    2. health insurance data;
    3. data on hardware and the supplier of hardware.

When interested individuals give their consent, we also process:

  1. age segment and gender;
  2. data regarding a medical condition(s).
  1. From users, we process the following data:
    1. contact information (name and address, telephone number and similar information required for communication);
    2. authentication information (email address and password);
    3. subscription details;
    4. device data (including device type, operating system version, troubleshooting information);
    5. interaction data (including user id, time and duration of interaction, calling mode (VoIP/PSTN/live/video), IP address);
    6. audio and video communications;
    7. health insurance data;
    8. data on hardware and the supplier of hardware.

When users give permission, we also process:

  1. age segment and gender;
  2. data regarding a medical condition(s).
  1. From third-party users, we process the following data:
    1. phone number;
    2. interaction data (including time and duration of interaction, calling mode (VoIP/PSTN/live/video), IP address);
    3. audio and video communications.
  1. From medical stakeholders, we process the following data:
    1. contact information (name and address, telephone number and similar information required for communication);
    2. data relating to electronic messages originating from or intended for medical data subjects and data necessary for the purpose of maintaining contact with medical data subjects;
  1. From website visitors, we process the following data:
    data in connection with a visit to our website, such as data for the purpose of identifying and communicating with website visitors or data recorded to maintain visitor statistics of our website.
  1. Of job applicants, we process the following data:
    1. contact information (name and address, title, telephone numbers and similar information needed for communication), date of birth, nationality, place of birth, gender;
    2. data concerning training, courses and internships taken or to be taken;
    3. details of the position applied for;
    4. information regarding the nature and content of the current employment, as well as any termination thereof;
    5. in some cases: a certificate of conduct and details of proof of identity;
    6. other data for the purpose of fulfilling the position, provided by the person concerned or known to him (such as data on a resume, or results of a competency test);
    7. other data whose processing is required pursuant to or necessary for the application of laws or regulations.
  1. From suppliers, we process the following data:
    1. contact information (name and address information, telephone numbers and similar information needed for communication), bank account number;
    2. data for the purpose of placing orders or purchasing services;
    3. data for the purpose of calculating and recording expenses and making payments;
    4. data relating to electronic messages originating from or intended for suppliers and data necessary for the purpose of maintaining contact with such suppliers;
    5. other data whose processing is required pursuant to or necessary for the application of laws or regulations.
  1. From relations we process the following data:
    1. contact information (name and address information, telephone numbers and similar information needed for communication);
    2. data relating to electronic messages originating from or intended for relations and data necessary for maintaining contact with these relations;
  1. From third parties, we process the following data:
    1. contact information (name and address information, telephone numbers and similar information needed for communication);
    2. data relating to electronic messages originating from or intended for third parties and data necessary for the purpose of maintaining contact with such third parties;
  1. For what purposes do we process this data and on what legal basis

We process personal data for the following purposes:

  1. Perform and deliver our application and services, including providing support;
  2. complete purchases or transactions;
  3. Improve, repair and modify our application and services;
  4. To understand how people use our application and services;
  5. To evaluate and improve our application and services;
  6. Research, develop and test new services and features;
  7. Performing problem-solving activities…;
  8. maintain contact with stakeholders;
  9. improving our security;
  10. for the recruitment and selection of new employees;
  11. complying with laws and regulations.

We may only process personal data if there is a valid legal basis for doing so. We therefore process the data only if:

  1. the processing is necessary for the provision of our application and services, for example to enable interaction between (third-party) users or to perform pre-contractual actions at their request, for example for the completion of a job application procedure (“contract performance”);
  2. the processing is necessary to comply with a legal obligation imposed on Whispp, such as, for example, our obligation to ascertain the identity of our associates and employees (“legal obligation”);
  3. the processing is necessary for the protection of the legitimate interests of Whispp or another, and those interests outweigh the interests or fundamental rights of the person whose data are at issue, which is the case, for example, when using contact data to send unsolicited commercial messages to maintain our business relationships and improve our application and services (“legitimate interest”); or
  4. the data subject has given consent to the processing, for example processing data about the medical condition (“consent”).
    1. With whom we may share personal data

    We may share personal data about interested individuals with:

    1. medical stakeholders (when the user discloses that someone is medically involved);
    2. resellers (when requested by an interested individual);
    3. others, with the data subject’s consent, or if there is a legal obligation.

    We may share personal data about users with:

    1. medical stakeholders (when the user discloses that someone is medically involved);
    2. resellers (when requested by a user);
    3. suppliers;
    4. others, with the data subject’s consent, or if there is a legal obligation.

    We may share personal data about job applicants with:

    1. suppliers (for example, the external party providing our competency test);
    2. others, with the data subject’s consent, or if there is a legal obligation.

    We may share personal data about relationships with:

    1. suppliers (for example, external translation agencies);
    2. others, with the data subject’s consent, or if there is a legal obligation.

    We may share personal data about third parties with:

    1. suppliers.

    We may share personal data about all data subjects with the data subject’s consent or if there is a legal obligation.

    1. How do we protect your personal data

    Whispp applies technical and organizational measures to protect your personal data against destruction, loss, alteration or unauthorized disclosure or access. These measures include administrative, physical and technological measures. Persons working with us are bound by confidentiality and must comply with our instructions aimed at the adequate protection of your data.

    1. Transfer to countries outside the EEA

    There may be instances where personal data is transferred to a country outside the European Economic Area (EEA) that provides a lower level of protection for personal data than the regulations within the EEA. For example, a provider of online services that we use may be located outside the EEA (for example, in the United States of America), and use of those services may involve a transfer of personal data to the provider.

    If such a situation arises and personal data is transferred to a country outside the EEA that provides less legal protection for personal data, we will ensure that appropriate safeguards are in place to ensure that the transfer takes place in accordance with applicable privacy regulations.

    1. How long we keep personal data

    We keep personal data no longer than necessary: i) for the purposes for which the personal data is processed; ii) to comply with laws and regulations: for example, data needed for our accounting purposes are kept for seven years.

    1. Your rights regarding your personal data

    Personal data protection regulations grant individuals the following rights with respect to personal data relating to them:

    1. the right to request whether personal data concerning them is processed, and, if so, to have access to it;
    2. the right to request rectification and erasure of that data;
    3. The right to object to processing or request restriction of processing;
    4. The right to withdraw consent to processing if the processing is based on your consent;
    5. the right to receive or deliver your data to an organization you designate, in a structured, common and machine-readable form;
    6. depending on the country where you live, the right to lodge a complaint with a data protection supervisory authority. In the Netherlands, this is the Personal Data Authority in The Hague (www.autoriteitpersoonsgegevens.nl).

    Whispp will process a request related to the exercise of these rights in the manner prescribed by the regulations. However, these rights are not absolute; they do not apply in all circumstances and applicable regulations provide for appropriate exceptions. If we do not comply with your request, we will explain why.

    1. Contact details

    To exercise the rights described above, please send an email to info@Whispp.com. You can also use that email address if you wish to file a complaint about the way your personal data has been processed by Whispp. If you are not satisfied with the way we have handled your complaint, you may file a complaint with the Personal Data Authority or, if you live or work in another EEA country, with the regulator in that country.

    1. Changes

    This statement was last changed on December 8, 2022.

    If we amend this statement in the future, we will publish the amended statement on our website, indicating the date on which the amendments take effect. If there are changes that may significantly affect one or more data subjects, we will do our best to notify those data subjects immediately as well.