Privacy Policy

01/01/24

Thank you for your interest in our website www.language-gym.com.

The protection of your personal data (hereinafter also referred to as "data") is very important to us. We are committed to protecting your privacy within the scope of the law and to handling your personal data carefully.

We would therefore like to inform you in detail below what data is collected during your visit to our website and use of our services, and how this data is processed and used by us. We would also like to inform you about the accompanying technical and organisational security measures we have taken.

Please note that this privacy policy may be updated from time to time due to the implementation of new technologies and/or changes in the law. We will bring this to your attention in an appropriate manner. We will, of course, always take your interests into account when making any changes.

  1. General information on data processing

    1. Controller for the data processing

      In accordance with Art. 4 No. 7 GDPR, the controller under data protection law is the entity that decides on the purposes and means of the processing of personal data. We are responsible for the technical setup, administration and distribution of the website. You can reach us at:

      THE LANGUAGE GYM LIMITED
      No 5 17/F Strand 50 50 Bonham Strand
      999077 Sheung Wan. Hong Kong
      Email: [email protected]
      Our UK-GDPR Representative is:
      Rickert Services Ltd UK
      -EPI Language Learning Group
      PO Box 1487
      Peterborough
      PE1 9XX
      United Kingdom
      Email: [email protected]
      If you have any questions or comments about this privacy policy or about data protection in general, please contact us by e-mail at [email protected] or confidentially by post to the above address.
    2. Legal Basis for the Processing of the Personal Data

      We only process data if we have a legal reason to do it. We will explain each legal basis in more detail in the individual processing operations. However, in general terms, the following applies:

      • To the extent that we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.
      • For the processing of personal data that is necessary for the fulfilment of a contract, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing that is necessary for the implementation of pre-contractual measures.
      • If the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
      • If the processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject are not overridden, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
    3. Storage Periods

      The data processed by us are deleted or their processing is limited in accordance with the legal requirements, in particular in accordance with arts. 17 and 18 GDPR. Unless expressly stated in this Privacy Policy, we will delete stored data as soon as it is no longer required for the intended purpose. Only if it is necessary for other legally permissible purposes or if the data must be stored due to legal retention obligations will the data be stored after the purpose has ceased to apply. This means that the data will be blocked and not processed for any other use.

    4. Your Rights

      In accordance with the provisions of the law, you are entitled to exercise the following rights free of charge vis-à-vis the data controller:

      • Withdrawal of your consent (Art. 7 para. 3 GDPR);
      • Right to information (Art. 15 GDPR);
      • Right to rectification or erasure (Art. 16 and Art. 17 GDPR);
      • Right to restriction of processing (Art. 18 GDPR);
      • Right to data portability (Art. 20 GDPR);
      • Right to object to processing (Art. 21 GDPR).

      You also have the right to complain to a data protection supervisory authority about the processing of your personal data by the controller.

      To assert a claim, please contact the controller at the above address, or you can send us an E-Mail [email protected]. To send us an email, please use an address used on our system for identification purposes.

      In addition, you have the right to lodge a complaint with a data protection supervisory authority against the processing of your personal data by the controller (Article 77 GDPR).

    5. Children

      To use our website, you must be at least 13 years old or if any younger have your parent consent.

    6. Recipients, Third Country Transfer, Linked Third Party Websites

      We use third party service providers for the processing of your data and we would like to inform you about the third parties and processors to whom we may transfer data. There are various third party services that we use on our website. These have different uses, which are explained in more detail in the relevant paragraphs. These are services that we use to make our website functional, secure and visually appealing, and to continually optimize its content. In general, we share information with the following categories of recipients:

      In the event that processors are used, they will be bound to our data protection instructions by means of a corresponding data processing agreement in accordance with Art. 28 GDPR. These service providers are our contractors and assist us in the processing of your personal data, e.g. in the provision of this website. These contractors have been carefully selected by us and are regularly monitored. The processors do not carry out any independent processing for their own purposes.

      We will inform you separately about the recipient and the relevant legal basis in the event of a cross-border transfer (transfer to a third country or to an international organisation). If your data is transferred outside the European Union, either to controllers or processors, the transfer will be justified by the European Commission's standard contractual clauses or other safeguards.

      We may provide links to other websites. If you follow a link to one of these websites, please note that they have their own privacy policies and that we are not the controller of your data on those websites. Please read their privacy policies before providing any personal information to them.

      Under the so-called "Data Privacy Framework", the EU Commission has recognised the data protection level of certain US companies as part of the Adequacy Decision of 10 July 2006. Both the list of certified companies and more information on the Privacy Framework can be found on the US Department of Commerce website at https://www.dataprivacyframework.gov/. In the relevant sections of the Privacy Notice, we inform you which service providers we use are certified under the Privacy Framework.

    7. Automated Decision Making

      Automated decision making, including profiling, will not be part of the process.

    8. Data Security

      In order to protect any personal data, we may have collected from you against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons, we use technical and organisational security measures. Our security measures are continually improved in line with technological developments. We use transport encryption technology (known as TLS, Transport Layer Security) when transferring your personal data via our website.

  2. Collection and Processing of Your Personal Data when using our Website

    You generally do not need to actively provide personal information to use our website. Instead, we only collect and use information that your internet browser automatically sends to us. This includes:

    • your browser type;
    • the browser settings;
    • the operating system used;
    • the last page you visited;
    • the amount of data transferred and the access status (file transferred, file not found, etc.) and
    • your IP address.

    The data will be stored on our servers. We do not store this data together with any personal data other than the above. In order for the website to be delivered to your computer, the system temporarily stores your IP address. We do not evaluate the data on a personal basis, in particular for marketing purposes.

    Processing the aforementioned data is technically necessary to provide the Website according to Art. 6 para. 1 lit. b GDPR in order to display our website correctly to you. We store log files with your anonymised IP address for a period of 7 days to prevent threats and for our IT security as well as to detect possible attacks. The legal basis for this is Art. 6 para. 1 lit. f GDPR.

    Our website is stored and hosted on servers of our host provider Digital Ocean.

    For users in uk.language-gym.com, the servers and data are hosted in Data Centre LON1 in London, United Kingdom.

    For users in language-gym.com, the servers and data are hosted in Data Centre SGP1 in Singapore.

    In particular, the host provider processes inventory data, contact data, content data, contract data, usage data, meta and communication data of visitors or customers of the website. The legal basis is our legitimate interest in the efficient and secure provision of the website in accordance with Art. 6 para. 1 lit. f GDPR. The host provider has been contractually obliged by means of an order processing agreement in accordance with Art. 28 GDPR to process personal data only on our instructions.

    1. Placing an Order

      Personal data is only collected by us if you provide it to us as part of the ordering process.

      When you place an order on our website, you are required to provide the information necessary to process your order and to enter into and perform the contract. The information necessary for the performance of the contract is marked separately, the other information is voluntary.

      The following data is processed:

      • First and last name,
      • Billing address,
      • Payment details,
      • Country Prefix
      • Company
      • Phone Number
      • Email address;

      The provision of the data is necessary for the conclusion of a contract when placing an order. Failure to provide the data means that the contract cannot be concluded. The processing is carried out on the basis of Art. 6 par. 1 lit. b GDPR and is necessary for the performance of a contract with you.

      For example, your data will be passed to the payment service providers, order processing service providers and IT service providers you have selected. In all cases, we strictly comply with legal requirements. The amount of data transferred is kept to a minimum.

      Once the contract has been fully processed, unless you have expressly consented to the further use of your data or the further processing is lawful and permissible, your data will be blocked and deleted after the expiry of statutory periods, in particular those relating to tax and commercial law.

    2. Registration and Customer Account

      You may register a customer account with us. During the registration process, you will be asked to provide some personal information.

      You can register as a student or teacher on our website. The following personal information is required:

      • Full Name
      • E-Mail
      • Password

      The legal basis for setting up a user account is Art. 6 para. 1 lit. b GDPR. The data we collect is used exclusively to provide you with the customer account.

      In addition, the date and time of registration and the IP address used are stored in order to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data. The legal basis for this is Art. 6 para. 1 lit. c and lit. f GDPR.

  3. Cookies and Integrated Third-Party-Offers

    Our website uses cookies. Cookies are small text files that our web server sends to your browser when you visit our website and that are stored on your computer for later retrieval. You can control whether cookies can be set and retrieved by adjusting the settings in your browser. For example, you can turn off cookies altogether in your browser, limit them to certain websites, or set your browser to automatically notify you when a cookie is about to be set and ask for your feedback. You can always delete cookies from your browser's security settings. However, please note that this may affect the quality of your experience on our website.

    Unless otherwise indicated, the processing of personal data described in this section is based on your consent in accordance with Art. 6 para. 1 lit. a, Art. 7 GDPR, which may be withdrawn at any time with effect for the future. Further information on how to withdraw your consent can be found in our cookie settings. These are linked in the footer of our website.

    1. Use of Airwallex

      We use the service of Airwallex, 34th Floor, Oxford House, Taikoo Place, 979 King's Road Quarry Bay, Hong Kong SAR , to process payment via the Website.

      As part of the payment process, we transmit the information you provide to us during the order process (first and last name, address, account number, account code, credit card number, invoice amount, currency and transaction number and any other data required for payment processing) to Airwallex.

      Your data will only be passed on for the purpose of payment processing with the payment service provider Airwallex and only to the extent that it is necessary for this purpose. Airwallex processes your data as an independent controller in accordance with its data protection provisions. The transfer is based on Art. 6 para. 1 lit. b GDPR for the fulfilment of the contract and on our legitimate interests in secure payment processing and fraud prevention in accordance with Art. 6 para. 1 lit. f GDPR.

      You can find more information on data protection at Airwallex at https://www.airwallex.com/terms/privacy-policy#scope-of-policy

    2. Use of Cloudflare

      Our website uses the service of CloudFlare Inc, 101 Townsend St, San Francisco, CA 94107 USA, to safeguard our website (Web Application Firewall) and optimise loading times (Content Delivery Network). When you visit our website, your requests are routed through the CloudFlare server and statistical information about your visit is collected and stored in a cookie on your device. This information includes your IP address, the web pages you visit, the type and version of your browser, your operating system, the referrer URL (the site from which you came to us), the length of your visit, and the frequency of requests to our pages. Analysis based on this data is necessary to detect and defend against attacks. Cookies are used to identify your device. They are not used for statistical or advertising purposes. The legal basis is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in safeguarding and optimizing the functionality of our website.

      CloudFlare has joined the EU-US Data Privacy Framework and is certified. Data is transferred to the USA on the basis of the European Commission's new adequacy decision on the EU-US Data Privacy Framework. This certification confirms that CloudFlare complies with the required data protection regulations and practices. If a Data Privacy Framework is not or not yet in place, data will be exchanged during the transition period on the basis of the concluded EU standard contractual clauses in order to ensure an adequate level of EU data protection.