Privacy Policy and cookies

Privacy policy and cookies
innerfrench.com

🇵🇱 Dostępne również w języku polskim tutaj.

🇫🇷 Aussi disponible en français ici.

# 1: Who is the controller of your personal data? 

The controller of your personal data is Hugo Cotton conducting business activities under the name Hugo Cotton, Aleje Jerozolimskie 49/11A, 00-697 Warsaw, TIN 5252604303.

# 2: Who can you contact regarding the processing of your personal data?

As part of the implementation of personal data protection in our company, we have decided not to appoint a data protection officer due to the fact that in our case it is not mandatory. For matters related to personal data protection and broadly understood privacy, you can contact us at odo@innerfrench.com.

# 3. What information do we have about you?

Depending on the purpose, we may process the following information about you: 

  1. name and surname,
  2. level of French,
  3. address of residence,
  4. address of business activity,
  5. TIN number,
  6. email address,
  7. phone number,
  8. information about the orders placed,
  9. data included in comments,
  10. data contained in the correspondence addressed to us,
  11. bank account number.

The scope of the data processed has been described precisely for each purpose of processing. Information in this respect can be found later in this policy.

# 4. Where do we get your personal data from? 

In most cases, you give them to us yourself. This happens when you:

  1. purchase a course,
  2. cancel a course or ask for a refund,
  3. subscribe to the newsletter,
  4. add a comment,
  5. contact us.

# 5. Are your data secure? 

We care about the security of your personal data. We have analyzed the risks associated with the various data processing processes and then implemented appropriate security and data protection measures. We constantly monitor the state of our technical infrastructure, train our staff, observe the procedures applied, and make necessary improvements. If you have any questions about your personal data, we are at your disposal at odo@innerfrench.com.

# 6. For what purposes do we process your personal data? 

Below is a list of the purposes followed by a more detailed discussion. We have also assigned the appropriate legal grounds for processing to the individual purposes. 

  1. provision of digital content—Article 6(1)(b) of the GDPR,
  2. handling complaints or withdrawals from the contract—Article 6(1)(f) of the GDPR,
  3. sending the newsletter—Article 6(1)(a) of the GDPR,
  4. comment handling—Article 6(1)(a) of the GDPR,
  5. handling correspondence—Article 6(1)(f) of the GDPR,
  6. fulfillment of tax and accounting obligations—Article 6(1)(c) of the GDPR,
  7. creating an archive for the purposes of a possible need to defend, establish, or pursue claims—Article 6(1)(f) of the GDPR,

Provision of digital content—details

In order to gain access to paid learning materials, one needs to place an order, which will also create a user account necessary to use these materials. 

Placing an order requires providing personal data specified in the order form. 

The data provided by you as part of the order are processed in order to perform the contract for the supply of digital content concluded in accordance with the Website terms and conditions, which means that in this regard the legal basis for the processing of your personal data is Article 6(1)(b) of the GDPR. 

The data will be stored until the expiry of the limitation period for claims under the contract. In this regard, I rely on my legitimate interest referred to in Article 6(1)(f) of the GDPR, which is the archiving of information for the purpose of a possible need to defend, establish, or pursue claims.

Complaints and withdrawal from the contract—details 

If you submit a complaint or withdraw from the contract, you provide personal data contained in the complaint or statement of withdrawal from the contract, which includes name and surname, address of residence, telephone number, email address, and bank account number. Providing the data is voluntary but necessary to lodge a complaint or withdraw from the contract.

The data provided to us in connection with the filing of a complaint or withdrawal from the contract are used for the purpose of the complaint procedure or the withdrawal procedure, and then for archiving purposes, which is our legitimate interest (Article 6(1)(f) of the GDPR). 

The data will be processed for the time necessary to implement the complaint procedure or the withdrawal procedure. Complaint documents and statements of withdrawal from the contract will be stored until the end of the business activity and for 5 years from the end of the year in which the business was terminated. 

Newsletter—details

By subscribing to the newsletter, you provide us with your name and email address. Providing the data is voluntary but necessary to subscribe to the newsletter. 

The system we use to handle the newsletter includes segmentation of recipients. We create groups of recipients based on several criteria. The first group is created based on the criterion of having purchased the course in the past. The second group consists of users who have not bought the course and is created based on information about where and when the user signed up for the newsletter. The third group is created because of what message language you have chosen. These criteria will influence the content that will be sent to you in the newsletter. We have introduced segmentation of newsletter recipients so that you receive information that is best suited to you. 

The data provided to us in connection with the subscription to the newsletter are used to send you the newsletter, and the legal basis for their processing is your consent (Article 6 (1)(a) of the GDPR) given when subscribing to the newsletter. As for the processing of information that does not come from you and was collected automatically by our mailing system, we rely in this respect on our legitimate interest (Article 6 (1)(f) of the GDPR) in analyzing the behavior of newsletter subscribers in order to optimize mailing activities. 

You can unsubscribe from the newsletter at any time by clicking on the dedicated link in each message sent as part of the newsletter or by simply contacting us. Despite unsubscribing from the newsletter, your data will still be stored in our database in order to identify the returning subscriber and possibly defend claims related to sending you the newsletter, in particular to demonstrate that you have given your consent to receive the newsletter and the moment of its withdrawal, which is our legal legitimate interest referred to in Article 6(1)(f) of the GDPR. If the limitation period for civil law claims, criminal record or penalties under administrative law expires after the termination of the business activities, the data will be deleted after this period.

You can modify the data you provided to receive the newsletter at any time by clicking on the appropriate link visible in each message sent as part of the newsletter or by simply contacting us.

Comments—details

When adding a comment, you must provide at least the username and email address that will be assigned to the comment (the name may contain personal data, such as your name or surname) and the email address. Providing the data is voluntary but necessary to add a comment or opinion. You can provide your website address, but it is not mandatory. 

The data provided in connection with adding a comment will be processed in order to publish the comment. The basis for processing is your consent (Article 6(1)(a) of the GDPR, resulting from sending the form for publishing a comment. You can withdraw your consent at any time by requesting the removal of the comment.  

Your comment will be publicly available on the website as long as it is available on the Internet unless you request removal of the comment in advance. You can also modify the content of the comment at any time as well as modify the data assigned to it as the person who added the comment. 

Correspondence—details

By contacting us, you naturally provide us with your personal data contained in the correspondence, in particular your email address and name and surname. Providing the data is voluntary but necessary to make contact. 

In this case, your data are processed in order to contact you, and the basis for processing is Article 6(1)(f) of the GDPR, i.e. our legitimate interest. The legal basis for processing after the contact has ended is also our legitimate purpose in the form of archiving correspondence for the purpose of ensuring the possibility of proving certain facts in the future (Article 6(1)(f) of the GDPR). 

The content of your correspondence may be archived and we are unable to determine when it will be deleted. You have the right to request the history of any correspondence you have had with us (if it is archived) as well as to request its deletion unless archiving it is justified by our overriding interests, such as defending against potential claims from you.

Tax and accounting obligations—details

If we issue an invoice for you, it is part of the accounting documentation, which will be kept for the period of time required by law. In such a situation, your personal data are processed in order to fulfill our tax and accounting obligations (Article 6(1)(c) of the GDPR in connection with the provisions governing tax and accounting obligations). 

Archive—details

As part of the description of the individual purposes for the processing of personal data above, we have indicated time limits for the storage of personal data. These time limits are often related to our archiving of certain data for the purpose of ensuring that we can prove certain facts in the future, reconstruct the course of our cooperation with you, the correspondence exchanged, or defend, establish, or assert claims. We rely in this respect on our legitimate interest as referred to in Article 6(1)(f) of the GDPR.

# 7: How long will we store your personal data

The data storage periods have been indicated separately for each purpose of processing. You will find this information under the details for each separate processing purpose. 

# 8: Who are the recipients of your personal data? 

We will risk saying that modern business cannot do without services provided by third parties. We also use such services. Some of these are related to the processing of your personal data. The following processors are involved in the processing of personal data: 

  1. hosting provider that stores data on the server, 
  2. provider of a cloud computing service in which backups that may contain your personal data are stored, 
  3. provider of the mailing system in which your data are stored, if you are a newsletter subscriber, 
  4. supplier of the invoicing system in which your data are stored for the purpose of invoicing, 
  5. an accounting office that processes your data visible on invoices, 
  6. an entity providing maintenance services that gains access to the data, if the technical works carried out relate to areas where personal data are located, 
  7. other subcontractors who gain access to the data, if the scope of their activities requires such access. 

Personal data may be transferred to law offices if there is a need to use legal assistance that requires access to personal data. 

Your personal data may also be transferred to tax offices to the extent necessary to fulfill tax, settlement, and accounting obligations. This applies in particular to all declarations, reports, statements, and other accounting documents which contain your personal data. 

In addition, if necessary, your personal data may be made available to entities, bodies, or institutions authorized to obtain access to data on the basis of legal provisions, such as the police, security services, courts, public prosecutor’s offices. 

Furthermore, we use tools that collect a range of information about you related to the use of our website. This includes, in particular, the following information: 

  1. information about the operating system and web browser you use, 
  2. viewed subpages,
  3. time spent on the website,
  4. transitions between individual subpages, clicks on individual links,
  5. the source from which you come to our website,
  6. the age range you are in,
  7. your gender,
  8. your approximate location narrowed down to a certain city,
  9. your interests determined by your online activity.

This kind of information in itself is not, in our opinion, personal data. Since this kind of information is collected by external tools that we use, this information is also processed by the tool providers in accordance with their terms of use and privacy policies. In general, this information is used to provide and improve services, manage them, develop new services, measure the effectiveness of advertisements, protect against fraud and misuse, and to personalize the content and advertising displayed on individual websites, landing pages, and applications. We have endeavoured to describe the details in this regard in the further part of this policy, as part of the explanations for individual tools.  

# 9: Do we transfer your data to third countries or international organizations?

Yes, part of the processing of your personal data may involve their transfer to third countries.  

We transfer your personal data to third countries in connection with the use of tools that store personal data on servers located in third countries, in particular in the USA. The providers of these tools guarantee an adequate level of protection of personal data through appropriate compliance mechanisms provided for by the GDPR, in particular through the use of standard contractual clauses. Due to the fact that a large part of our customers use our services in the USA, we decided that the use of tools that transfer personal data to this country is justified. 

The storage of personal data on servers located in third countries occurs within the following tools:

  1. Kinsta hosting provided by Kinsta Inc. 10880 Wilshire Blvd, Suite 1101, Los Angeles, CA 90024—for all data processed as part of our InnerFrench website, 
  2. Fathom Analytics services to track trafic on our website.

Both Kinsta Inc. and Fathom Analytics ensure an adequate level of data protection. If you want to read more about the security measures in place, see here: 

  1. Kinsta: https://kinsta.com/legal/privacy-policy/
  2. Fathom Analytics: https://usefathom.com/compliance

We would also like to remind you here that we use external tools that may collect anonymous information about you. We have mentioned this several times under this policy, including in response to the previous question. The providers of these tools often use servers located around the world, in particular in the United States of America.

# 10: Do we use profiling? Do we make automated decisions based on your personal data? 

We do not make decisions based solely on automated processing, including profiling, that would have legal effects on you or that would similarly significantly affect you. 

Yes, we do use tools that can take specific actions depending on the information collected as part of the tracking mechanisms but we believe that these actions do not have a significant impact on you for they do not differentiate your situation as a customer, they do not affect the terms of the contract you can enter into with us, etc. 

Using certain tools, we may, for example, target personalised advertisements to you based on previous actions taken by you on our website or suggest products that may be of interest to you. This is called behavioral advertising. We encourage you to learn more about behavioral advertising, particularly with regard to privacy issues. Detailed information, including the ability to manage your behavioral advertising settings, can be found here: http://www.youronlinechoices.com

We would like to emphasize that as part of the tools that we use, we do not have access to information that would allow your identification. The information we are talking about here is, in particular: 

  1. information about the operating system and web browser you use, 
  2. viewed subpages,
  3. time spent on the website,
  4. transitions between individual subpages, 
  5. the source from which you come to our website,
  6. the age range you are in,
  7. your gender,
  8. your approximate location narrowed down to a certain city,
  9. your interests as determined by your online activity.

We do not combine the information indicated above with your personal data which are in our databases. This information is anonymous and does not allow us to identify you. This information is stored on the servers of the suppliers of individual tools and these servers may most often be located around the world. 

# 11: What rights do you have with regard to the processing of your personal data? 

The GDPR grants you the following potential rights related to the processing of your personal data: 

  1. the right to access your data and obtain a copy thereof,  
  2. the right to demand the rectification of the data,  
  3. the right to erase the data (if in your opinion there are no grounds for us to process your data, you can request that we erase them),  
  4. the right to restriction of data processing (you can request that we restrict the processing of data only to their storage or performance of activities agreed with you if in your opinion we have incorrect data or we process them unjustifiably), 
  5. the right to object to the processing of data (you have the right to object to the processing of data on the basis of a legitimate interest; you should indicate a specific situation that, in your opinion, justifies the termination of the processing covered by the objection; we will stop processing your data for these purposes unless we prove that the grounds for data processing by us override your rights or that your data are necessary for us to establish, assert, or defend claims),  
  6. the right to transfer data (you have the right to receive from us, in a structured, commonly used, machine-readable format, personal data that you provided to us on the basis of a contract or your consent; you can commission us to send these data directly to another entity),
  7. the right to withdraw consent to the processing of personal data if you previously gave such consent, 
  8. the right to lodge a complaint with the supervisory body (if you find that we are processing data unlawfully, you can submit a complaint to the President of the Personal Data Protection Office or another competent supervisory authority). 

The rules related to the implementation of the above-mentioned rights are described in detail in Articles 16–21 of the GDPR. We encourage you to familiarize yourself with these provisions. For our part, we consider it necessary to explain to you that the above-mentioned rights are not absolute and you will not be entitled to them in relation to all activities involving the processing of your personal data. 

We shall emphasize that you always have one of the rights indicated above—if you believe that we have breached the provisions on the protection of personal data while processing your personal data, you have the option to lodge a complaint with the supervisory body (the President of the Personal Data Protection Office).  

You can also always ask us to provide you with information about what data we hold on you and for what purposes we process them. All you need to do is send a message to the address odo@innerfrench.com. Nonetheless, we have made every effort to ensure that the information you are interested in is comprehensively presented in this privacy policy. You can also use the email address provided above if you have any questions related to the processing of your personal data. 

# 12:  Do we use cookies and what are they exactly?

Our website, like almost all other websites, uses cookies. 

Cookies are small pieces of data stored on your end device (e.g. computer, tablet, smartphone), which can be read by our ICT system (first-party cookies) or ICT systems of third parties (third-party cookies). Cookies can record and store certain information which ICT systems can then access for specific purposes.

Some of the cookies we use are deleted after the end of the browser session, i.e. after closing it (so-called session cookies). Other cookies are stored on your end device and allow us to recognize your browser the next time you visit the website (persistent cookies). 

If you want to learn more about cookies as such, you can check, for example: https://pl.wikipedia.org/wiki/HTTP_cookie

# 13: On what basis do we use cookies? 

We use cookies on the basis of your consent, except if the cookies are necessary for the proper provision of electronic services to you. 

Within the scope of your consent to cookies, we accept the option that you consent by setting your web browser or additional software supporting the management of cookies. We assume that you agree to all cookies used by us which are not blocked by your browser or additional software that you use.   

Please note that disabling or limiting the use of cookies may prevent you from using some of the features available on our website and may cause difficulties in using the website, as well as many other websites that use cookies. For example, if you block the cookies of social network plugins, then buttons, widgets, and social features implemented on our website may not be available to you.  

# 14: Can you disable cookies? 

Yes, you can manage cookie settings within your web browser. You can block all or only selected cookies. You can also block cookies from specific websites or delete previously saved cookies as well as other website and plug-in data at any time.  

Web browsers also offer the option of using incognito mode. You can use it if you do not want information about visited pages and downloaded files to be saved in your browsing and download history. Cookies created in incognito mode are deleted when you close all incognito mode windows. 

There are also browser plug-ins for controlling cookies, such as Ghostery (https://www.ghostery.com). The option to control cookies may also be provided by additional software, in particular anti-virus packages, etc.  

In addition, there are tools available on the Internet that allow you to control some types of cookies, in particular for collective management of behavioral advertising settings (e.g.  www.youronlinechoices.com/, www.networkadvertising.org/choices).

Please bear in mind that disabling or limiting the use of cookies may prevent you from using some of the functions available on our website and cause difficulties in using our website, as well as many other websites that use cookies. For example, if you block cookies from social plug-ins, then buttons, widgets, and social functions implemented on our website may not be available to you. 

# 15: For what purposes do we use our own cookies? 

First-party cookies are used to ensure the proper functioning of individual website mechanisms, such as maintaining a session after logging in to the account, remembering recently viewed products and products added to the basket. 

# 16: What third party cookies are used? 

Our website uses the following third-party cookies:  

  1. Fathom Analytics,
  2. PodBean,
  3. Vimeo.

The details of those third-party cookies are described below.    

Fathom Analytics – details

We want to process as little personal information as possible when you use our website. That’s why we’ve chosen Fathom Analytics for our website analytics, which doesn’t use cookies and complies with the GDPR, ePrivacy (including PECR), COPPA and CCPA. Using this privacy-friendly website analytics software, your IP address is only briefly processed, and we (running this website) have no way of identifying you. As per the CCPA, your personal information is de-identified. You can read more about this on Fathom Analytics’ website.

The purpose of us using this software is to understand our website traffic in the most privacy-friendly way possible so that we can continually improve our website and business. The lawful basis as per the GDPR is “f); where our legitimate interests are to improve our website and business continually.” As per the explanation, no personal data is stored over time.

PodBean – details

We make podcast episodes available for listening on our website. In order to allow you to listen to the podcast we use the PodBean system, whose provider is LiveChat, Inc. One International Place Suite 1400 Boston, MA 02110-2619 United States of America, contact : LiveChat Software S.A. ul. Zwycięska 47, 53-033 Wrocław, Polska.

This service uses cookies to optimize media delivery and monitor podcast listening statistics. The information collected through cookies related to podcasts from PodBean embedded on our pages is used by LiveChat to ensure the proper and secure functioning of the widget, to analyze and optimize the services provided by PodBean, as well as for personalization and advertising purposes.

Please bear in mind that by playing the recordings available on PodBean, you are using the services provided electronically by LiveChat. LiveChat is a separate entity, independent of us, providing electronic services to you. For details on PodBean’s terms of use, including privacy, you may refer to documents provided directly by PodBean:

https://www.podbean.com/site/default/privacy.

Vimeo – details

Vimeo widgets are embedded on our sites, allowing you to play the recordings available on Vimeo directly on our sites. Vimeo is operated by Livestream LLC.

Videos are embedded on the site in privacy mode. Based on information provided by Vimeo, this means that no cookies are stored on your device nor does Livestream collect any information about you until you play the video. 

When you play a recording, Vimeo saves cookies on your device and receives information that you played the recording from a specific website, even if you do not have a Livestream account or are not currently logged in. If you have logged into your Livestream account, this service provider will be able to directly associate your visit to our website with your account. The purpose and scope of data collection and the further processing and use of data by Livestream, as well as the possibility of contacting us and your rights in this respect and the option of making settings to protect your privacy are described in Livestream’s privacy policy. 

If you do not want Livestream to attribute the data collected during video playback directly to your profile, you must log out of your account before playing the video. You can also completely prevent plugins from loading on the site by using the appropriate extensions for your browser, such as script blocking. 

The information collected through cookies related to Vimeo videos embedded on our sites is used by Livestream to ensure the correct and safe functioning of the widget, to analyze and optimize the services provided by Vimeo, as well as for personalization and advertising purposes. 

Please note that by playing the recordings available on Vimeo, you are using a service provided electronically by Livestream LLC. Livestream LLC is a separate entity, independent of us, providing electronic services to you. For details on Vimeo’s terms of service, including privacy protection, you may refer to documents provided directly by Vimeo:

  1. Vimeo Terms of Service: https://vimeo.com/terms,
  2. Vimeo Privacy Policy: https://vimeo.com/privacy.

# 17: Do we track your behavior on our website? 

Yes, we use Fathom Analytics that collect information about your activity on our website. These tools are described in detail in the third-party cookies question, so it would be redundant to repeat this information here as well. 

# 18: Do we target advertising to you? 

No, we don’t.

# 19: How can you manage your privacy? 

The answer to this question can be found in many places in this privacy policy when describing individual tools, behavioral advertising, cookie consent, etc. However, for your convenience, we have collected this information once again in one place. Below you will find a list of options for managing your privacy. 

  1. cookie settings in the web browser, 
  2. browser plug-ins supporting cookie management, e.g. Ghostery,  
  3. additional cookie management software, 
  4. incognito mode in a web browser, 
  5. behavioral advertising settings, e.g. youronlinechoices.com,

# 20: What are server logs? 

Using the website involves sending queries to the server on which the website is stored. Each query directed to the server is saved in the server logs. 

Logs include your IP address, server date and time, information about the web browser and operating system you use. Logs are saved and stored on the server. 

The data stored in the server logs are not associated with specific people using the website and are not used by us to identify you. 

The server logs are only auxiliary material used to administer the website and their content is not disclosed to anyone except those authorized to administer the server. 

# 21: Is there anything else you should know about? 

As you can see, the subject of personal data processing, the use of cookies, and general privacy management is quite complicated. We have made every effort to ensure that this document provides you with as much knowledge as possible on issues important to you. If anything is unclear, you want to learn more, or just discuss your privacy, please write to us at: odo@innerfrench.com.