Welcome to www.sayspeaking.com, the website (hereafter the “Site”) of SAY Global Inc. (hereafter “SAY”, “we”, “us” and/or “our”). This Site is operated by SAY and has been created to provide information about our company and our online services providing foreign language tutoring for Korean learners worldwide and related services (together with the Site, hereafter “the Services”) to our Service visitors (hereafter “you”, “your”, “the student”).
When you interact with us through the Services, we may collect Personal Data and other information from you, as further described below:
You can visit the Site without providing any Personal Data. If you choose not to provide any Personal Data, you may not be able to use certain Services.
Personal Data is information by which you can be directly or indirectly identified ("Personal Data"). This generally includes information such as your name, address, email address and telephone number; however, it may also include other information such as your IP address, shopping habits, lifestyle habits or preferences such as interests.
"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers virtually any handling of data.
As a Seoul-based Company, we are supplementing the current absence of a consistent data protection regime by adopting the principles set out in the EU's General Data Protection Regulation (“GDPR”).
The responsible party within the meaning of the GDPR is:
7, Bongeunsa-ro 16-gil, Gangnam-gu, Seoul, Republic of Korea
Email : firstname.lastname@example.org
(hereinafter referred to as "we", "us" or "our")
The legal bases and your rights
The legal bases for processing are listed below and at least one of these must apply whenever we process personal data:
- Consent: the individual has given clear consent to process personal data for a specific purpose.
- Contract: the processing is necessary for a contract or because you have asked us to take specific steps before entering into a contract.
- Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
- Vital interests: the processing is necessary to protect someone’s life.
- Public task: the processing is necessary for us to perform a task in the public interest or for official functions, and the task or function has a clear basis in law.
- Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.
You have the following rights with respect to us processing your personal data:
Right of access
You have the right to obtain information about whether and which of your personal data is processed by us. In this case, we will also inform you about:
- the purpose of processing;
- the categories of data;
- the recipients of your personal data;
- the planned storage period or the criteria for the planned storage period;
- Your further rights;
Unless we have been provided with your personal data by you: Any available information about its origin
if available: the existence of automated decision-making and information about the logic involved, the scope and the intended effects of the processing.
Right to rectification
You have a right to rectification and/or completion if your personal data processed by us is inaccurate or incomplete.
Right to restriction of processing
You have a right to restriction of processing, provided that
- we verify the accuracy of your personal data processed by us;
- the processing of your personal data is unlawful;
- you need your personal data processed by us for legal prosecution after the purpose has ceased to exist;
- you have objected to the processing of your personal data and we are reviewing this objection.
Right to erasure
You have a right to erasure if
- we no longer need your personal data for its original purpose;
- You withdraw your consent and there is no further legal basis for processing your personal data;
- you object to the processing of your personal data and - unless it is direct marketing - there are no overriding reasons for further processing;
- the processing of your personal data is unlawful;
- the erasure of your personal data is required by law;
- your personal data was collected as a minor for information society services.
Right to information
If you have exercised your right to rectification, erasure or restriction of processing, we will inform all recipients of your personal data, of this rectification, erasure of data or restriction of processing.
Right to data portability
You have a right to receive your personal data processed by us on the basis of consent or for the performance of a contract in a structured, common and machine-readable format and to transfer it to another controller. If technically feasible, you have the right to have us transfer this data directly to another controller.
Right to object
You have the right to object to the processing of your personal data in case of special reasons. In this case, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing. In case of processing of your personal data for direct marketing purposes, you have the right to object at any time.
Right of withdrawal
You have the right to revoke any consent given to us at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the competent supervisory authority if you believe that the processing of your personal data by us violates the law.
Provision of the app and creation of log files
The legal basis for the processing of your personal data in the context of the provision of the app and the creation of log files is our legitimate interest. The temporary storage of your personal data by us is necessary to enable delivery of the App's functionality. For this purpose, your personal data must be stored for the duration of the session. Data that may be collected when using the App, i.e. IP address, IP location, Geolocation, type and version of the end device used, information on the mobile network used, time zone settings, operating system and platform. The storage of your personal data in log files is done to ensure the functionality of the App. In addition, we use your personal data to optimise the App and to ensure the security of our information technology systems. Your personal data is not processed in any other way.
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of your personal data for the provision of the App, this is given as soon as you close the App. In the case of storage of your personal data in log files, these are deleted after 30 days at the latest. If the data is stored beyond this period, your personal data will be anonymised so that it can no longer be assigned. The collection of your personal data for the provision of the App and the storage of your personal data in log files is absolutely necessary for the operation of the App. Consequently, there is no possibility for you to object.
We collect information from and about the device(s) you use to access our services, including:
- hardware and software information such as IP address, device ID and type, device-specific and apps settings and characteristics, app crashes, advertising IDs (such as Google’s AAID and Apple’s IDFA, both of which are randomly generated numbers that you can reset by going into your device’ settings), browser type, version and language, operating system, time zones, identifiers associated with cookies or other technologies that may uniquely identify your device or browser (e.g., IMEI/UDID and MAC address);
- information on your wireless and mobile network connection, like your service provider and signal strength; information on device sensors.
The legal basis for the processing of your personal data in the context of account registration is the performance of a contract. Your registration enables in particular the conclusion of contracts as well as the maintenance of our customer relationship. We collect data when you create or update your account, and this may depending on how you use our App.
As a general principle, accounts are generated anonymously and without the need to provide any name or personal information with a mere reference to the above explained collection of log files.
In addition, you may also use your social media log in from Facebook to create an account. This is done exclusively with your express consent. Facebook Login is a service of Meta Platforms, Inc., doing business as Meta and formerly known as Facebook, Inc. 1 Hacker Way in Menlo Park, CA 94025. An additional registration or login is therefore not necessary. To log in or register, you will be redirected to the Facebook page where you can log in with your user data. This links your Facebook profile and our service. Through the link we automatically receive the following data from Facebook Inc: First and last name, E-mail address, Your Facebook app ID, and Facebook friends list who uses this app.
The processing of your personal data within the scope of registration is in this case based on your consent and necessary for the fulfilment of a contract or the implementation of pre-contractual measures as well as the successful maintenance of our relationship. Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case at the latest in the event of the termination of your customer account. You have the option to cancel your customer account registration at any time. In this case, your personal data will be deleted unless legal retention periods prevent deletion.
- The Company is a global company, with its affiliates and group companies “Affiliated Entities” located in several countries. Your data may be transferred to Our Affiliated Entities, or to Our business partners and service providers from time to time for legitimate business purposes identified in this Policy.
- We store Personal Data about Players and visitors to Our Platforms on servers located in India and We may also process this information in other countries where Our Affiliated Entities, business partners and service providers have their operations. Personal Data collected in the United Kingdom (“UK”) or European Countries may be transferred to, and stored at, a destination outside of the UK or European Countries (as applicable) for purposes such as: (a) the processing of transactions and Your payment details; or (ii) the provision of customer care Services.
- When We transfer Your Personal Data internationally, We will take reasonable steps to ensure that Your Personal Data is treated securely, lawfully, and only in accordance with and as permitted by the law of Your home jurisdiction. Please be aware that the laws and practices relating to the protection of the Personal Data are likely to be different and, in some cases, may be weaker than those within Your home jurisdiction. Regardless, in all events, We shall apply the provisions of this Policy to Your Personal Data wherever it is located.
The legal basis for the processing of your personal data transmitted in the course of you contacting us is our legitimate interest. If the contact aims at the conclusion of a contract, the performance of a contract is an additional legal basis for the processing of your personal data. The processing of your personal data in the event of a contact serves us solely to process your request.
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case for the personal data sent in the course of contacting us when your request has been processed and legal retention periods do not prevent deletion. You have the option at any time to object to the processing of your personal data in the context of contacting us for the future. In this case, however, we will not be able to process your request any further. All personal data stored in the course of contacting you will be deleted in this case, unless legal retention periods prevent deletion.
Advertisers and third parties also may collect information about your activity on app, on devices associated with you, and on third-party sites and applications using tracking technologies. Tracking data collected by these advertisers and third parties is used to decide which ads you see in our app. You can opt out on the Digital Advertising Alliance (DAA) website if you wish not to receive targeted advertising. You may also be able to choose to control targeted advertising on other websites and platforms that you visit. In addition, you may also choose to control targeted advertising you receive within applications by using the settings and controls on your devices.
When you send a data subject access request
The legal basis for the processing of your personal data in the context of handling your data subject access request is our legal obligation and the legal basis for the subsequent documentation of the data subject access request is both our legitimate interest and our legal obligation. The purpose of processing your personal data in the context of processing data when you send a data subject access request is to respond to your request. The subsequent documentation of the data subject access request serves to fulfil the legally required accountability.
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective process. You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.
Legal defence and enforcement of our rights
The legal basis for the processing of your personal data in the context of legal defence and enforcement of our rights is our legitimate interest. The purpose of processing your personal data in the context of legal defence and enforcement of our rights is the defence against unjustified claims and the legal enforcement and assertion of claims and rights.
Your personal data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. The processing of your personal data in the context of legal defence and enforcement is mandatory for legal defence and enforcement of our rights. Consequently, there is no possibility for you to object.
How we process your information
We may process the data we collect for the following purposes and legal bases:
- To provide our services and to fulfil contractual obligations:
- To carry out contracts with you such as fulfilling our obligations and dealing with your enquiries;
- to communicate with you about your enquiries, questions and comments; and
- to provide online services to you;
Legitimate interests we have as a business:
- Direct marketing and other forms of marketing such as in cases when we inform you about our products and services;
- when we identify you in order to improve or personalise your user experience on our app;
- To manage our business and develop our services and products, such as conducting customer and market research, feedback surveys and statistical/demographic surveys, and evaluating the effectiveness of our sales, organisation/services and marketing;
- Maintain, manage and optimise our products, offerings, promotions, online services and other technologies and diagnose technical and service issues;
- Ensuring and evaluating the security and stability of our networks and systems and identifying a fraud prevention device; and
- To establish, exercise or defend legal rights.
To comply with legal obligations:
- Protecting, detecting and preventing fraud and other crimes, claims and other liabilities;
- To comply with legal obligations and our policies;
- Monitoring and reporting compliance issues; and
- Complying with court and regulatory orders.
With your consent (where required by law), we may use the information we collect for the following purposes:
- to send you emails or messages about our products and services, competitions, offers or promotions that we think may interest you;
- to send you emails or messages about our business partners' products and services;
- To provide location-based services;
- Installing cookies and similar technologies; and
- Providing online services to you, including our web sites or mobile apps.
We may process the data we collect about you in other ways that we will inform you about at the time of collection or for which we will seek your consent.
How we share the data we collect
We may share your personal information with service providers who perform services for us, providing data processing and other IT services, conducting research and analysis, and for targeted information and advice about products and services. We do not permit these service providers to use this data for their own purposes or to use it for any purpose other than to provide services on our behalf.
For strategic or other business reasons, we may decide to sell or transfer all or part of our business. As part of that sale or transfer, we may share data that we have collected and stored, including personal data, with anyone involved in the sale or transfer.
We may share data if it does not uniquely identify you. For example, we may share anonymous aggregate statistics about your use of our online services. Or we may combine data about you with that of other guests and share the data in ways that cannot be attributed to a specifically affected guest.
We may use or disclose personal information when necessary to comply with laws, regulations or legal requirements; to protect our online services and restaurant technology; to assert or defend legal claims; to protect the rights, interests, safety and security of our organisation, our employees or franchisees, or the public; or in connection with the investigation of fraud or other crimes or violations of our internal policies.
For individual areas, the app offers the option of being informed via push notification (push technology or Server Push describes a type of communication in which data is transmitted even though the receiving app is running in the background).
You can configure this function via the settings of your smartphone settings and activate/deactivate the notifications there. For the delivery of the messages, it is necessary to store a push token of your mobile end device.
We may request access or permission to certain functions from your mobile device. The legal basis for data processing is our legitimate interest and the provision of contractual or pre-contractual measures.
You can deactivate push notifications at any time via Settings/Messages (iOS) or Settings/Notifications/ (Android).
Push notifications for advertising purposes will only be sent to you if you have given your prior consent. The legal basis for sending promotional push notifications is consent. Deactivation is also possible via Settings/Messages (iOS) or Settings/Apps/ (Android).
We use within our online offer on the basis of our legitimate interests (Art. 6 para. 1 lit. f. GDPR), content or services offered by third-party providers in order to integrate their content and services.
This always requires that the third-party providers of this content are aware of your IP address, since the content or service could not send to your browser without the IP address. The IP address is thus required for the display of this content, and we endeavour to use providers that only use your IP address for the delivery of the content or services. However, Third-party providers may also use so-called pixel tags for statistical or marketing purposes. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the device and operating system, referring source, time of visit and other information about the use of our online offer, as well as be linked to such information from other sources.
The app also uses the Facebook Audience Network service to display ads. Ads are personalised based on the device you are using. You can disable this via the settings on your device. You can find more information about ad tracking using this ad ID in the Settings app on your device
The Facebook Audience Network service is provided by Meta (Facebook, Inc., 1 Hacker Way, Menlo Park, California, United States). General information on the handling of user data can be found in Facebook Audience Network policy:
In accordance with Article 22 of the GDPR, you have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. We do not carry out any exclusively automated data processing.
If you want to delete all your personal data from our servers, you can to settings page of app and tap on "Delete Account" button. This will delete all your personal information from our servers permanently. Please note that this operation is irreversible.
You can also mail us at email@example.com requesting data deletion, and we will delete your personal data within 1 business day.
We take appropriate technical and organisational measures in accordance with the GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk; the measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, entry into, disclosure of, assurance of availability of, and separation of, the data relating to them. We also have procedures in place to ensure the exercise of data subjects' rights, deletion of data and response to data compromise. Furthermore, we already take the protection of personal data into account during the development or selection of hardware and software as well as procedures in accordance with the principle of data protection through technology design and through data protection-friendly default settings.
Security measures include in particular the encrypted transmission of data between your browser and our servers or the encryption of your passwords in the database.
If, in the course of our processing, we disclose data to other persons and companies as highlighted above (processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art. 6 (1) lit. b GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, hosting providers, etc.). If we commission third parties with the processing of data on the basis of a so-called order processing agreement, this is done on the basis of Art. 28 GDPR.
Among other things, tools from companies based in the USA or other third countries that are not secure from a data protection perspective are integrated on our App. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.
For business reasons and in order to be able to recognise market trends, wishes of contractual partners and users, we analyse the data we have on business transactions, contracts, enquiries, etc., whereby the group of persons concerned may include contractual partners, interested parties and users of our online offer.
The analyses are carried out for the purpose of business evaluations, marketing and market research (e.g. to determine customer groups with different characteristics). In doing so, we may, if available, take into account the profiles of registered users together with their details, e.g. regarding services used. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with summarised, i.e. anonymised values. Furthermore, we take the privacy of users into consideration and process the data for analysis purposes as pseudonymously as possible and, if feasible, anonymously (e.g. as summarised data).
We may request access or permission to certain functions from your mobile device. The legal basis for data processing is our legitimate interest and the provision of contractual or pre-contractual measures. You can deactivate push notifications at any time via Settings/Messages (iOS) or Settings/Notifications/ (Android). Push notifications for advertising purposes will only be sent to you if you have given your prior consent. The legal basis for sending promotional push notifications is consent. Deactivation is also possible via Settings/Messages (iOS) or Settings/Apps/ (Android).
You are not obliged to provide us with personal data. However, depending on the individual case, the provision of certain personal data may be necessary for the provision of the above services. If you do not provide us with this personal data, we may not be able to provide the service.
It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.
You can stop all information collection by our App by uninstalling it using the standard uninstall process for your device. If you uninstall the app from your mobile device, the unique identifier associated with your device will continue to be stored. If you re-install the application on the same mobile device, we will be able to re-associate this identifier to your previous transactions and activities.
If you have any questions, complaints or wish to exercise any of your rights, please do not hesitate to contact us using firstname.lastname@example.org
Please note that we may ask you to confirm your identity before we process your inquiry or complaint. We may also ask you for more information to help us ensure that you are authorized to make this inquiry or complaint to us if, for example, you are contacting us on behalf of someone else.
When you interact with SAY through the Services, we receive and store certain non-identifiable information. Such information, which is collected passively using various technologies, cannot presently be used to specifically identify you. SAY may store such information itself or such information may be included in databases owned and maintained by SAY affiliates, agents or service providers. The Services may use such information and pool it with other information to track, for example, the total number of visitors to our Site, the number of visitors to each page of our Site, and the domain names of our visitors’ Internet service providers. It is important to note that no Personal Data is available or used in this process.
In an ongoing effort to better understand and serve the users of the Services, SAY often conducts research on its customer demographics, interests and behavior based on the Personal Data and other information provided to us. This research may be compiled and analyzed on an aggregate basis, and SAY may share this aggregate data with its affiliates, agents and business partners. This aggregate information does not identify you personally. SAY may also disclose aggregated user statistics in order to describe our Services to current and prospective business partners, and to other third parties for other lawful purposes.
For more information on how these services uses this data here are some of the services we may use: Google: www.google.com/policies/privacy/partners/, HotJar -https://www.hotjar.com/privacy.
We also may use local shared objects, also known as Flash cookies, to display content based upon what you view on
our site to personalize your visit. Flash cookies are different from browser cookies because of the amount of, type
of, and how data is stored. Cookie management tools provided by your browser will not remove Flash cookies. To
learn how to manage privacy and storage settings for Flash cookies click here:
For instance, if you contact us by email, we will use the Personal Data you provide to answer your question or resolve your problem. Also, if you provide Personal Data in order to obtain access to the Services, we will use your Personal Data to provide you with access to such services and to monitor your use of such services. We may also use Personal Data to allow you to book and pay for tutoring sessions, catalog information about the student’s progress, send you reminders or alerts about upcoming sessions or to notify and thank an individual or school that referred you to the Service that you have signed up.
SAY will share certain information with our tutors and tutor managers as necessary to provide you the Services and improve upon your experience. This information includes, but may not be limited to, your name, age, school and grade, city and state, language level and interests, content discussed in tutoring session, word list and account activity, feedback or reviews, as well as any comments or notes from previous tutors. All of our tutors are bound by confidentiality obligations and are prohibited from using such information outside of providing the Services to you.
As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Data may be part of the transferred assets.
SAY like many businesses, sometimes hires other companies to perform certain business-related functions. Examples of such functions include mailing information, maintaining databases and processing payments. When we employ another entity to perform a function of this nature, we only provide them with the information that they need to perform their specific function.
SAY may disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of SAY, (iii) act in urgent circumstances to protect the personal safety of users of the Services or the public, or (iv) protect against legal liability.
SAY takes reasonable steps to protect the Personal Data provided via the Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from the Services may not be secure. Therefore, you should take special care in deciding what information you send to us via email. Please keep this in mind when disclosing any Personal Data to SAY via the Internet.
Your access to and use of the Services is subject to the Terms of Service at http://www.sayspeaking.com/tos