Who we are, and the purpose of this Privacy Policy:

This Privacy Policy (“Policy”) explains the privacy practices of Babbel GmbH (Andreasstraße 72, 10243 Berlin, Germany) (“Babbel”, “we,” “us,” “our”) relating to your access and use of Babbel’s services. 

This Policy is designed to help you better understand how we collect, use, store or share any personal information about you (your “Personal Data”). It also describes your rights in relation to your Personal Data. Under data protection law, the term Personal Data refers to all information that relates to an identified or identifiable person. At Babbel, we only process Personal Data in compliance with applicable data protection laws and regulations. Babbel is responsible as controller for the data processing described in this Policy, unless stated otherwise. The term “controller” under data protection law refers to the entity which decides what to do with the Personal Data that has been collected, and how to do it.

We may update this Policy from time to time by publishing a new version on our website. 

Contents

1. On what basis do we process your Personal Data?
2. What kinds of Personal Data do we use?
3. Your rights in relation to your Personal Data
4. Where do we process your Personal Data?
5. How do we use “cookies” and other tracking technologies?
6. How long do we store your Personal Data? 
7. How can you contact us?
8. Who do we share your Personal Data with, and why?
9. Joint Controllership
10. Legal basis according to the GDPR

Additional region/country-specific information:

11. California Privacy rights
12. Other U.S. State privacy rights
13. Additional information for residents of Canada.

1. On what basis do we process your Personal Data?

We process your Personal Data using the following legal bases: 

(i) with your consent, 

(ii) in order to provide services to you under the terms of a contract between you and Babbel, or, in order to enter into a contract between you and Babbel and at your request (e.g., when you sign up for a Babbel account), 

(iii) for compliance by Babbel with a legal obligation or

(iv) if the processing is necessary for the protection of our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms requiring the protection of your Personal Data override these. 

2. What kinds of Personal Data do we use?

At Babbel, we collect and use (process) your Personal Data in different ways, depending on how you interact with Babbel – whether you are a:

• User who uses Babbel to learn languages;
• Visitor to Babbel’s websites; 
• Contact person at a B2B customer who enables the employees of the B2B customer to use Babbel; 
• Job applicant who wants to join our team;
• Contact person at a service provider, supplier, business partner or a freelancer with whom we cooperate;
• Visitor to Babbel’s social media websites and/or apps.

For more details regarding the data processed in relation to each category, please see below.

2.1 Users

2.1.1 If you are a Babbel user, we process the Personal Data that you provide when you register with Babbel, or that you provide when you complete your profile. This includes, for example, your name and email address, as well as your payment details (including bank information, account number and/or the card you use for payment).

This Personal Data is processed for the following purposes, and on the following legal bases:

• Registration for and provision of the Babbel language learning app and other services related to our learning platform;
• Booking, management and delivery of Babbel Live sessions and Intensive One-to-One courses;
• Support and communication: responding to requests from users;
• Processing payments.

Legal basis: Performance of a contract and/or pre-contractual measures

• Non-promotional communication on technical, security and contract-related topics (e.g. fraud alerts, account blocking or contract changes);
• Non-promotional communication regarding product updates, new features as well as motivating users to learn. 

Legal basis: legitimate interest

• Conducting product and satisfaction surveys;
• Advertising of products and services of Babbel and its business affiliates.

Legal basis: consent (in situations where we have obtained consent from you); legitimate interest in all other cases. 

• Compliance with legal requirements and data retention obligations.

Legal basis: legal obligation

2.1.2 We process information about your learning behavior, personal vocabulary and learning progress. This includes content and  voice recordings, if applicable.

This Personal Data is processed for the following purposes, and on the following legal bases:

• Deploying the app and adapting our services to your needs and skills; 
• Reviewing pronunciation and measuring your learning.

Legal basis: Initiation and performance of contract 

• Selection of suitable users for interviews, surveys and campaigns;
• Anonymization of voice for speech analysis and further development of internal machine learning.

Legal basis: legitimate interest 

• Compliance with legal requirements and data retention obligations.

Legal basis: legal obligation

2.1.3 We process pseudonymized information about how you behave on our app. This includes server log files, IP addresses, and user IDs, some of which are assigned by third-party providers.

This Personal Data is processed for the following purposes, and on the following legal bases:

• Scientific research purposes for the areas of machine learning, artificial intelligence, natural language processing and deep learning (transmission to third parties only after prior anonymization);
• Ensuring the security, operability and stability of our services, including defense against cyber-attacks.

Legal basis: legitimate interest

• To measure our reach and analyze user behavior to optimize our products, increase customer satisfaction and improve error analysis;
• Tracking and conversion tracking to measure our reachand conversion rate tracking of our business affiliate partners.

Legal basis: consent (in situations where we have obtained consent from you); legitimate interest in all other cases.

2.1.4 We process feedback and information you provide in surveys and interviews.

This Personal Data is processed for the following purposes, and on the following legal bases:

• Optimization of our products, increasing customer satisfaction and improving error analysis;
• Publication on our website and other marketing channels for promotional purposes.

Legal basis: consent (in situations where we have obtained consent from you);  Legitimate interest in all other cases.

2.2 Website visitors

2.2.1 We process data you provide to us in contact forms about yourself or the company you work for, such as your name, email address and telephone number.

This Personal Data is processed for the following purposes, and on the following legal bases:

• Customer acquisition;
• Support and communication: answering inquiries.

Legal basis: legitimate interest

2.2.2 Pseudonymized information about the device and browser you are using, server log files, your network connection, and your IP address.

This Personal Data is processed for the following purposes, and on the following legal bases:

• Ensuring the security, operability and stability of our services, including defense against cyber-attacks; 
• Integration of third-party content (ratings, videos, questionnaires).

Legal basis: legitimate interest

2.2.3 Information about how you behave on the website. This includes your IP address and user IDs, some of which are assigned by third-party providers.

This Personal Data is processed for the following purposes, and on the following legal bases:

• To measure reach and analyze user behavior to optimize our websites, increasing customer satisfaction and analyzing errors;
• Conversion tracking to measure reach and determine commissions for our affiliate partners; 
• Remarketing for acquisition purposes and new customer acquisition.

Legal basis: consent (in situations where we have obtained consent from you); legitimate interest in all other cases.

2.3 Contact persons at B2B customers

We process data you provide to us about yourself and the company you work for, such as your name, email address and telephone number.

This Personal Data is processed for the following purposes, and on the following legal bases:

• Fulfillment of the contract with your company (e.g. to manage your account, for invoicing, following up on invoices);
• Registration on our admin portal;
• Support and communication: answering requests;
• Non-promotional communication regarding product updates and new features, and to motivate the users at your company.

Legal basis: legitimate interest 

• Conducting product and satisfaction surveys;
• Advertising of products and services of Babbel and business affiliates.

Legal basis: consent (in situations where we have obtained consent from you); legitimate interest in all other cases.

• To comply with legal requirements and data retention obligations.

Legal basis: legal obligations

2.4 Job Applicants

2.4.1 We process data that you provide to us as part of your job application, or that a recruiter provides to us, or that we collect during the application process. This includes information about your resume or curriculum vitae, your career to date and other data that you provide to us before or during the application process.

This Personal Data is processed for the following purposes, and on the following legal bases:

• Initiation of a current or future employment relationship.

Legal basis: Performance of a contract and/or pre-contractual measures

• Fulfillment of legal storage obligations.

Legal basis: legal obligation

• In the situation where no employment relationship is established as a result of your job application, but you consent to our further storage of your information in case a suitable vacancy arises in the future.  

Legal basis: consent

2.4.2 We process your contact information that we have received during the application process.

This Personal Data is processed for the following purposes, and on the following legal bases:

• To document who has applied for a job with Babbel.

Legal basis: legitimate interest

Duration of storage: If we are unable to offer you employment, we will retain the data you have provided to us for up to six months after any rejection for the purpose of answering questions in connection with your application and rejection. This time period does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of providing evidence or if you have expressly agreed to a longer storage period.

2.5 Contact person(s) at service providers, suppliers, business partners and freelancers

We process data you provide to us about yourself and/or the company you work for, such as your name, email address and telephone number.

This Personal Data is processed for the following purposes, and on the following legal bases:

• Initiation and fulfillment of the contractual relationship with you or the company you work for (this includes contract management, billing, and communication).

Legal basis: legitimate interest

• To comply with legal requirements and retention obligations.

Legal basis: legal obligations

2.6  Visitors to our social media pages

2.6.1 Controller

Social media provider

Data Processing

When you visit our social media pages (Facebook, Instagram, LinkedIn, TikTok), through which we present our company or individual products from our range, certain information about you as a visitor is processed.

More Information

Facebook and Instagram:

• Privacy Policy of Meta Platforms Ireland Limited
• Opt-out option

LinkedIn:

• Privacy Policy of LinkedIn Ireland Unlimited Company

TikTok:

• Privacy Policy of TikTok Technology Limited

2.6.2 Controller

Social media provider and Babbel (joint controller)

Data Processing

The social media providers collect and process event data and send us anonymized statistics and insights for our pages, which help us gain insights into the types of actions people take on our page (so-called “page insights”). These page insights are created based on certain information about people who have visited our site(s).

More Information 

Facebook and Instagram:

•  Joint Controller Agreement
• Data subject rights can also be asserted against Meta. You can find more information on this in their privacy policy.

LinkedIn: 

•  Joint Controller Agreement
• Data subject rights can be asserted against LinkedIn via this contact form. You can contact their data protection officer via this link.
• LinkedIn and Babbel have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You can submit your complaint to the Irish Data Protection Commission (see www.dataprotection.ie) or to any other supervisory authority.

TikTok:

• Joint Controller Agreement
• Data subject rights can be asserted with TikTok via this form.
• TikTok and Babbel have agreed that the Irish Data Protection Commission is the competent supervisory authority to oversee the processing of Page Insights. You can lodge your complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or with any other supervisory authority.

2.6.3 Controller

Babbel GmbH

Data Processing

We process information that you have provided to us via our social media page on the respective social media platform. This information may be the username used, contact details or a message to us.

More Information

We process this data based on our legitimate interest in contacting individuals who have asked us a question.

Legal basis: legitimate interest.

Data processing for participation in sweepstakes: to determine winners and send prizes.

Legal basis: Performance of a contract and/or pre-contractual measures.

3. Your rights in relation to your Personal Data:

You have the right to exercise certain data subject rights under applicable laws. To exercise your data subject rights, please use the contact details available in this Policy.

Depending on the data protection laws that apply to you, you have at least the following rights: 

• To ask for access to information confirming whether and, if so, to what extent we are processing Personal Data concerning you.
• To ask us to correct your Personal Data if it is incorrect or out of date.
• To ask us to delete your Personal Data.
• To ask us to restrict the processing of your Personal Data.
• To receive your Personal Data, which you have provided to us, in a structured, commonly used, and machine-readable format, and the right to transfer your Personal Data to another company.
• Where you have consented to a specific processing activity (i.e. a specific use by us of your Personal Data), you can, at any time, withdraw this consent. If you do withdraw your consent, the lawfulness of the processing that was based on that consent before it was withdrawn will not be affected.
• If you think that the processing of your Personal Data is not in compliance with data protection laws, you have the right to make a complaint about Babbel to the appropriate supervisory authority. We encourage you to contact us before raising a concern with the supervisory authority, to see if we can resolve any concerns that you have about our processing of your Personal Data.

If, and to the extent that, we process your Personal Data on the basis of a legitimate interest, in particular if we pursue our legitimate interest to conduct direct marketing or to apply profiling in connection with direct marketing, you have the right to object to such use of your Personal Data at any time. Profiling is where you look at a person’s interests, habits and behavior. Profiling for direct marketing often also involves predictions or assumptions about people. It can help us target our direct marketing messages.

If you object to the processing of your Personal Data for direct marketing purposes, we will promptly stop processing your Personal Data for these purposes. In all other cases, we will carefully consider your objection and stop further use of the information in question, subject to compelling reasons for further processing that may take precedence over your interest in objecting, or if we need to use the information for the justification, exercise or defense of legal claims. 

If you exercise your data subject rights, we will process the transmitted Personal Data for the purpose of implementing these rights, and to be able to provide evidence of how your request was handled. We will only process data stored for the purpose of providing information and preparing it for this purpose and for data protection control purposes. We will otherwise restrict processing.

To protect your privacy and maintain security, we take steps to verify your identity before giving you access to your personal information or complying with a deletion, portability, or other related request. We may, in certain situations, reject your request for access, correction, or portability. For example, we may reject your request where you are unable to verify your identity.

4. Where do we process your data?

In principle, we process your data on European servers with the highest security standards. In providing our services, we are supported by external service providers to whom we may send your data. Some data processing may involve the transfer of certain Personal Data to “third countries”, i.e. countries outside of the European Economic Area, where the GDPR is not in force. Such a transfer is permissible if the European Commission has determined that an adequate level of data protection is provided in the relevant third country. This applies to all transfers to countries that are listed here: 

https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

If an adequacy decision of the European Commission does not exist, a transfer of Personal Data to a third country will only take place if appropriate safeguards exist, or if one of the conditions listed in Art. 49 GDPR is met. If you consent to the transfer of Personal Data to third countries, any such transfer will take place on that legal basis.

In all other cases, we use the EU standard contractual clauses as appropriate safeguards for the transfer of Personal Data to third countries that fall outside the scope of the GDPR. You have the possibility to obtain a copy of these EU standard data protection clauses, or to inspect them. To do so, please contact us.

5. How do we use “cookies” and other tracking technologies?

We use cookies and similar technologies on our website and in providing our services. We have compiled more information about how we use these technologies in our cookie banners. The banners are accessible from the footer of any of our websites, or in the app. There you will also find a list of other companies that place cookies on our websites, a list of cookies that we place, and an explanation of how you can refuse certain types of cookies.

6. How long do we store your data? 

Unless otherwise stated, we only store Personal Data for as long as is necessary to achieve the processing purpose or to fulfill our contractual or legal obligations. Such statutory retention obligations may arise from commercial or tax law regulations. From the end of the calendar year in which the data was collected, we will retain Personal Data contained in our accounting records for ten years and Personal Data contained in commercial letters and contracts for six years. In addition, we will retain data in connection with consents that require evidence, as well as in connection with complaints and claims, for the duration of the statutory limitation periods in each case. We will delete data stored for advertising purposes if you object to processing for this purpose, and if it is not required for any other purpose.

Notwithstanding the other provisions of this section, we may retain your Personal Data where retention is necessary for Babbel to comply with a legal obligation, or to protect your vital interests or the vital interests of another natural person. Vital interests cover only interests that are essential for someone’s life, and generally only apply to matters of life and death.

7. How can you contact us?

If you have any questions about this Policy or would like to exercise your data subject rights, please contact us at privacy@babbel.com.

You can reach our data protection officer as follows: 

E-mail: privacy_ext@babbel.com

Herting Oberbeck Datenschutz GmbH

https://www.datenschutzkanzlei.de

8. Who do we share your personal information with, and why?

8.1 Recipient: 

Hosting provider

Reason for the disclosure: 

We do not have our own servers. We engage certified service providers to host our systems.

8.2 Recipient:

IT service providers and SaaS providers

Reason for the disclosure:

We engage the services of various service providers who act as processors to help us provide our services to you. The term “processor” under data protection law typically refers to any external company or individual that a controller (in this case, Babbel) gives instructions to, to handle their data for any purpose.

8.3 Recipient:

Advertising and marketing service providers

Reason for the disclosure:

We want to provide an attractive product for our customers and convince more customers to purchase our product. To do this, we work with a variety of advertising and marketing service providers.

8.4 Recipient:

Affiliated companies

Reason for the disclosure:

We are a global company with cross-border and cross-company teams. Therefore, data transfer to our subsidiary (Babbel Inc., a company based in the United States of America) occurs.

8.5 Recipient:

Authorities

Reason for the disclosure:

To comply with legal requirements or to respond to court orders or other similar governmental requests.

8.6 Recipient:

Payment provider

Reason for the disclosure:

To process payments, we share your data with payment providers and banks that process your data as data controllers and processors. 

8.7 Recipient:

Service providers

Reason for the disclosure:

In addition, we may transfer your Personal Data to bodies such as postal and delivery services, our bank, tax consultancy/auditing firm or the tax authorities, as well as to service providers for the destruction of files.

9. Joint Controllership

As a global company, we work closely with Babbel Inc. based in the USA. If we are joint controllers of your Personal Data (joint controllership according to Art. 26 GDPR), you will be informed of this in the descriptions of the individual data processing operations below.

Controller

Babbel Inc. and Babbel GmbH

Data Processing

Data processing in connection with customer acquisition and lead generation in the USA

More Information

The data collection is carried out by both Babbel Inc. and Babbel GmbH. The technical and organizational measures are largely ensured by Babbel Inc. Data storage as well as the fulfillment of all other obligations of the GDPR are carried out by Babbel GmbH. 

10. Legal basis according to the GDPR

10.1 Legal Basis: 

Consent

Relevant article of GDPR: 

Art. 6(1)(a) GDPR

10.2 Legal Basis:

Performance of a contract and/or pre-contractual measures 

Relevant article of GDPR: 

Art. 6(1)(b) GDPR

10.3 Legal Basis:

Legal obligation

Relevant article of GDPR: 

Art. 6(1)(c) GDPR

10.4 Legal Basis:

Legitimate interest

Relevant article of GDPR: 

Art. 6(1)(f) GDPR

ADDITIONAL COUNTRY OR REGION-SPECIFIC INFORMATION

Your rights may differ from country to country, or region to region. Here you can find out which country or region-specific deviations apply to you.

11. CALIFORNIA PRIVACY RIGHTS

The California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act of 2020, provides you with specific rights regarding your personal information (which is very similar to Personal Data described above). This section describes the rights that California consumers have and explains how to exercise those rights. To be clear, these rights are granted only to the extent that you are a California consumer and we are acting as a “business” under the CCPA with respect to your personal information. 

11.1 Information We Collect; How We Collect It; How We Use It

The section in this Policy titled “What kinds of Personal Data do we use?” describes the Personal Data that we collect. The categories of such information are as follows:

11.1.1 Category

Identifiers

Examples

Name, email address, online identifier, internet protocol (IP) address or other similar identifiers.

Purposes

To provide you with our services, to enhance our services and to retarget advertising to you.

11.1.2 Category

Commercial information

Examples

Records of products or services purchased; Purchasing or consuming histories or tendencies.

Purposes

To provide you with our services and to enhance our services.

11.1.3 Category

Internet or other similar network activity information

Examples

Browsing history, search history, information regarding consumer’s interaction with a website, application, or advertisement.

Purposes

To provide you with our services, to enhance our services and to retarget advertising to you.

11.1.4 Category

Professional or employment-related information

Examples

Employer, employment history, resumes and curriculum vitae, background checks, and other employment-related information.

Purposes

To manage employees and applicants.

11.2 How We Use and Disclose Your Personal Information

We collect and disclose your personal information as follows:

11.2.1 Category

Identifiers

Source

Directly from consumers when interacting with our services

Disclose(d) to

Vendors, service providers and other third parties

Sell/Sold to

Third parties helping with retargeting advertising to you

Share(d) with

Third parties helping with retargeting advertising to you

11.2.2 Category

Commercial information

Source

Directly from consumers when interacting with our services

Disclose(d) to

Vendors and service providers 

Sell/Sold to

Not “sold”, as defined under the CCPA

Share(d) with

Not “shared”, as defined under the CCPA

11.2.3 Category

Internet or other similar network activity information

Source

Directly from consumers when interacting with our services

Disclose(d) to

Vendors, service providers and other third parties

Sell/Sold to

Third parties helping with retargeting advertising to you

Share(d) with

Third parties helping with retargeting advertising to you

11.2.4 Category

Professional or employment-related information

Source

Directly from job applicants when interacting with our services

Disclose(d) to

Vendors and service providers

Sell/Sold to

Not “sold”, as defined under the CCPA

Share(d) with

Not “shared”, as defined under the CCPA

We may also disclose personal information in connection with a bankruptcy proceeding in relation to Babbel, or the sale, merger, or change of control of Babbel or the division responsible for the services with which your information is associated.

11.3 Rights to Your Information

11.3.1 Right to Know 

As a California consumer, you have the right to ask us to tell you certain information about our collection, use, disclosure, or sale of your personal information. Once we receive and confirm your verifiable consumer request (see Exercising Your Rights, below), and subject to certain limitations that we describe below, we will give you this information. You have the right to ask for any or all of the following:     

• The categories of personal information we collected about you;
• The categories of sources from which the personal information is collected;
• Our business or commercial purpose for collecting or selling that personal information;
• The categories of third parties with whom we share that personal information; and/or
• The specific pieces of personal information we collected about you.

11.3.2 Right to Delete 

You have the right to ask us to delete any of your personal information that we collected from you and stored, with certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Your Rights, below), we will delete (and tell our service providers to delete) your personal information from our records, unless an exception applies. However, we may retain personal information that has been de-identified or aggregated. Additionally, we may deny your deletion request if retaining the information is necessary for us or our service provider(s) to perform certain actions that are legally required under CCPA, such as detecting security incidents and protecting against fraudulent or illegal activity.

11.3.3 Right to Data Portability

You have the right to ask for a copy of personal information that we have collected and maintained about you. You may ask for your information from us up to twice during a 12-month period. We will provide our response in a readily usable (and usually electronic) format.

11.3.4 Right to Correct

You have the right to ask us to correct any personal information we have about you.

11.3.5 Right to Opt Out of Selling or Sharing Your Personal Information

You have the right to opt out of the sale or sharing of your personal information, along with the right to opt in to the sale of such information. We do not sell or share the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is less than 16 (but greater than 13) years of age, or the parent or guardian of a consumer less than 13 years of age. To our knowledge, we do not sell or share the personal information of minors under 16 years of age.

To exercise the right to opt out, you (or your authorized representative) can submit a request to us by visiting the following Internet Web page: “Do Not Sell or Share My Personal Information/Opt-out“. We will also treat Global Privacy Control browser signals as valid opt-out requests.   

11.3.6 Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights, including but not limited to, by denying you goods or services or charging you different prices or rates for goods or services.

11.3.7 Exercising Your Rights

To exercise the rights described above, please contact us by using the following methods:

• Emailing us at privacy@babbel.com
• Visiting our consent and opt-out page.

After you send us certain requests, we may take steps to verify your identity so that we can properly respond and confirm that your request is not fraudulent. To verify your identity, we may ask that you provide your name, email address, phone number, address, and relationship to us, so that we can check this information against the information in our records. Only you, or an agent legally authorized to act on your behalf, may make a verifiable request related to your personal information. If you are making a request as the authorized agent of a California consumer, we may ask you to send us reliable proof that you have been authorized in writing by the consumer to act on such consumer’s behalf, such as a signed document.

12. OTHER U.S. STATE PRIVACY RIGHTS

Residents of Virginia, Colorado, Connecticut, Utah, Iowa and other U.S. States with comprehensive consumer privacy laws (collectively, the “State Laws”) have certain rights with respect to their personal information. The rights available to residents of these States are explained below, and are different based upon the State Laws that are applicable to us and to you. Such laws are being enacted and modified on a regular basis, so these rights are evolving. 

The categories of personal information we process, our purposes for processing your personal information, the categories of personal information that we share with third parties, and the categories of third parties with whom we share it are explained in detail above. 

12.1 Rights to Your Information

In addition to the rights described in our Policy, the State Laws provide you with the following rights, except where indicated otherwise below:

• Right to know: You have the right to know whether we process your personal information and to access this personal information. 
• Right to data portability: You have the right to get a copy of your personal information that you previously provided to us or that we have obtained in a portable and, to the extent technically possible, readily usable format that allows you to transmit the data to another business without difficulty, where the processing is carried out by automated means. 
• Right to delete: You may have the right to delete personal information that you have provided to us or that we have obtained about you. Please note that we may deny requests to delete if the requested deletion falls under an exception described in the applicable State Laws. 
• Right to opt out: You may have the right to opt out of the processing of the personal information for purposes of: (i) targeted advertising; (ii) the sale of personal information; or (iii) profiling that produces legal or similarly significant effects concerning you. 

As of the date of this Policy:

• We process personal information for the purposes of targeted advertising;
• We do not sell your personal information in exchange for monetary consideration; and
• We do not engage in profiling decisions based on your personal information that produce legal or similarly significant effects concerning you.

If you want to opt out of the processing of your personal information for any of the above purposes, and your state of residence provides for such opt-out right, please click here. 

• Right to correct. Residents of Virginia, Colorado and Connecticut have the right to correct inaccuracies in their personal information, taking into account the nature of the personal information and the purposes for which we process it. 
• Right to nondiscrimination. You have the right not to be discriminated against by us for exercising your privacy rights. 

12.2 How to Exercise Your Rights; Verifying Your Identity

To exercise any of your State Law privacy rights, or if you have any questions about your privacy rights, you can contact us by:

• Emailing us at privacy@babbel.com
• Visiting our consent and opt-out page.

After you send us a request, we will take steps to verify your identity so that we can properly respond and/or confirm that your request is not fraudulent. We may contact you for additional information as reasonably necessary to authenticate your request. if we are ultimately unable to authenticate your request using reasonable commercial efforts, then we may not be able to comply with it. Only you may make a verifiable request related to your personal information. If you are making a request as the parent or legal guardian of a person known to be a child, regarding the processing of that child’s personal information, we may ask you to submit reliable proof of your identity.

12.3 Response Time; Your Right to Appeal

If we decide not to act on a request that you have submitted, we will inform you of our reasons for doing so, and, for residents of states where State Laws provide for an appeal process, we will provide instructions for how to appeal the decision. Residents of those states will have the right to appeal within a reasonable time after they have received our decision. We will notify you of any action taken or not taken in response to that appeal, including a written explanation of the reasons for the decisions. If we deny your appeal, we will provide you with a method for contacting your state’s regulatory authority to submit a complaint.

13. ADDITIONAL INFORMATION FOR RESIDENTS OF CANADA

Babbel collects, uses and discloses (in other words, processes) your Personal Data in connection with your access and use of our services in compliance with Canadian privacy laws, specifically the Personal Information Protection and Electronic Documents Act (PIPEDA) and relevant provincial privacy laws. This Policy provides information regarding our practices and procedures for such processing and how we comply with these laws. In addition to the information provided above, please note the following.

13.1 Consent

We may obtain your consent to our collection, use and disclosure of your Personal Data either expressly, for stated purposes, or impliedly when the purposes are indicated by the relevant circumstances or follow logically from other stated purposes. 

By providing us with your Personal Data, you consent to the collection, use and disclosure of that information relating to providing our services, managing our relationship with you, administering our business and as permitted or required by law, in accordance with this Policy.

We rely on the GDPR’s “legitimate interests” rule as authorization to process your Personal Data where the circumstances and uses of such processing are known to or would be expected by you in connection with your access and uses of our services, in particular as set out in this Policy, provided that we will always seek your express, actively provided consent in instances where we propose to process your information for purposes of profiling, tracking, advertising or publication or if the information would be considered sensitive.

We will seek your consent before using Personal Data for any purpose beyond the scope of your original consent or our stated purposes. 

You may withdraw your consent or request us to stop processing your Personal Data at any time, subject to legal and contractual restrictions and reasonable notice, by:

• Emailing us at privacy@babbel.com
• Visiting our consent and opt-out page.

13.2 Service providers outside of Canada

We may use service providers that are located outside of Canada. As a result, Personal Data under our custody or control may be accessible to regulatory authorities, courts and law enforcement outside of Canada in accordance with the laws of these jurisdictions. Subject to these laws, Babbel will use reasonable measures to maintain protections of your Personal Data that are equivalent to those that apply in Canada.

13.3 How can you contact us?

If you have any questions regarding this Policy or would like to exercise your rights, please contact us at privacy@babbel.com. You can reach our data protection officer at the following contact details:

Herting Oberbeck Datenschutz GmbH

https://www.datenschutzkanzlei.de

E-mail: privacy_ext@babbel.com