Vasco Audience app
Privacy Policy

The Privacy Policy defines the rules for the processing of personal data in connection with the use of the Vasco Audience mobile app and the related Vasco Audience Service.

1. Definitions

   Terms written in capital letters shall have the following meaning:

   1. App - mobile software, enabling the use of the automatic translation of speech in the format of one-to-many or several-to-many in near real time.
   2. Vasco / Controller - Vasco Electronics S.A. with its registered office in Cracow, al. 29 listopada 20, 31-401 Cracow, Poland.
   3. Client - a legal person or organizational unit without legal personality which purchases packages of hours and concludes an agreement for the provision of the Vasco Audience service.
   4. User - a natural person using the Vasco Audience service.
   5. Account - a collection of resources and authorizations necessary to use the App, created by the Client in the App.
   6. Vasco Audience Service - the App’s main functionality, enabling automatic translation of speech in the format of one-to-many or several-to-many in near real time.
   7. Client’s representative - a natural person acting for and on behalf of the Client, authorized to represent the Client in relations with the Controller, in particular in concluding, managing, performing and settlement of the Agreement for the provision of Vasco Audience Service.
   8. Privacy Policy - this policy defining the rules for the processing of personal data by the Controller.
   9. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
2. The role of Vasco in the data processing

   In order to ensure full transparency of the processes of personal data processing related to the provision of the Vasco Audience App and Service, Vasco shall take on a double role, in the light of GDPR:

   1. Vasco as Controller

      Vasco is the Controller with reference to the data for which it independently and autonomously defines purposes and methods of processing. The role concerns in particular the personal data processed in order to manage the business relationship and Client’s Account, ensuring the security and stability of the Vasco Audience App and Service, as well as conducting analytical activities, aimed at improving and developing the Vasco Audience Service and App.

   2. Vasco as the processing entity

      Vasco acts as the processing entity with respect to the data covering the statements of the Speaker, translations, transcripts, lists of Users related to a specific event and the content of questions asked by the Users. In this case it is the Client that fulfills the role of the Controller, and Vasco processes the data solely upon the Client’s documented instruction, in order to provide the service of automated translation, pursuant to a separate Personal Data Processing Agreement according with Art. 28 GDPR.
      
      The distinguishing criterion shall be the entity defining the purposes and methods of processing. Vasco shall fulfill the role of the Controller in cases where it independently decides on the purposes and method of processing.

3. Data processed by Vasco as the Controller
   1. Data processed in order to conclude and perform the agreement

      Vasco processes the personal data of the Client, Client’s Representatives and Users in order to conclude and perform the agreement for the provision of services electronically in the scope of access to the App, management of the Account and use of the Vasco Audience Service.
      
      To this end the Controller shall process the following data categories:

      1. identification data of the Client and Client Representatives - data gathered through an application form (first name, last name, e-mail address, company name, address),necessary for communication as well as for conclusion and performance of the agreement;
      2. Client’s identifier - the unique string character assigned to the Client’s Account in order to manage the data of the Account and the administrative and technical service as part of the Vasco Audience Service provided;
      3. Account identification data - e-mail address and data on the method of Account creation;
      4. data on Account management - information on the Account settings, including also the Account’s name;
      5. data on the Account status - date and hour of Account creation, date of last login;
      6. data on the purchased package of hours - including in particular information on the type of package, number of available and unused hours, the package expiration and update dates, limitations concerning a given package of hours.

      The legal basis for processing: art. 6 (1) (b) GDPR, i.e. necessity of processing for the performance of the agreement for the provision of Vasco Audience Service and Account management.
      
      Retention period: ddata processed for the conclusion and performance of an agreement are retained for the entire term of the agreement for the provision of Vasco Audience Service and owning an Account in the App.
      
      After the agreement has expired or terminated, the identification data of the Client and Client’s Representatives, as well as the data concerning the package purchased can be stored for the purpose of defending against claims arising from business activities. The processing then shall take place pursuant to Art. 6 (1) (f) GDPR.

   2. Data processed for settlement and legal purposes

      Vasco processes data in order to fulfill legal obligations, in particular resulting from tax and accounting provisions, related to the purchase packages of hours by the Client. For this purpose Vasco processed settlement data, identification data and address data of the Client and the Client’s Representatives.
      
      The legal basis for processing: art. 6 (1) (c) GDPR, i.e. necessity to fulfill the legal obligation of the Controller.
      
      Retention period: settlement data, including identification data and address data of the Client and the data concerning the packages of hours purchased are stored for 5 years, counting from the end of the calendar year, in which the payment of tax for a given transaction was due.

   3. Data processed in order to ensure security, stability and proper functioning of the App and Service, as well as its improvement and optimization

      Vasco processes data in order to ensure security stability, proper functioning and optimization and development of the Vasco Audience App and Service. Categories of data processed by Vasco to this end are technical data, system logs, and their processing is necessary in particular to diagnose and fix errors, maintain continuity of activity, protect the service against threats and analyze technical efficiency.
      
      To this end the Controller shall process the following data categories:

      1. technical identifiers - anonymous or pseudonymous identifiers, allowing for the reporting and tracking of errors;
      2. device data - the data concern the detailed information on the User’s device and operating system;
      3. data on functionalities and connection status - information on the conditions in which the App is working. The data concern the working parameters of the device and the data concerning the network connection;
      4. location data - approximate location (country, city) of the User on the basis of the IP address at the time of the connection.
      5. diagnostic data and history of events - record of recent technical activities and interactions which led to an error, together with precise details of the failure itself, such as error code or error message.

      The legal basis for processing: art. 6 (1) (f) GDPR (a legitimate interest of the Controller). A legitimate interest is ensuring security, integrity and availability of the Service as well as the proper functioning and optimization of the App and the Vasco Audience Service.
      
      Retention period: the data are stored for 90 days from the moment they are obtained.

   4. Data processed for the optimization of translation algorithms and the quality of the Vasco Audience Service

      For the purpose of development and improvement of quality and efficiency of translation algorithms and to maintain high standards of the Vasco Audience Service, Vasco shall process the following data categories:

      1. metadata related to the translation, in particular language pairs, duration of the translation session, data concerning translation engines;
      2. metadata concerning translation errors, in particular technical data related to problems with translation, data concerning the completion of translation;
      3. data concerning the efficiency and accuracy of translation engines - metrics used for the comparison and selection of the most effective translation models.

      The legal basis for processing: art. 6 (1) (f) GDPR (a legitimate interest of the Controller). A legitimate interest is the optimization of translation algorithms, which is fundamental to provide Clients with a high quality Vasco Audience Service.
      
      Retention period: the data are stored for one year from the moment they are obtained.

   5. Data processed for the analytics of Clients’ needs and development

      Vasco processes data for the improvement and optimization of the functionality of the Vasco Audience App and Service, as well as to better understand patterns of usage and needs of the Clients and Users. The processing is necessary to provide the Clients with a high quality Vasco Audience Service, improve the business model and further develop the Vasco Audience App and Service.
      
      To this end the Controller shall process the following data categories:

      1. system identifiers allowing for the association and technical identification of the Client, Account and mobile device;
      2. data concerning the use of the Vasco Audience App and Service, in particular such as the data concerning the frequency of signing in, Account features used, interactions with the event settings, duration of the event, language pairs (source language of the speaker and target language of the participant), data concerning the event configuration method;
      3. data concerning Vasco products used to conduct events;
      4. technical information about the Device, operating system, App versions;
      5. Data concerning the use of packages of hours and their validity.

      The legal basis for processing: art. 6 (1) (f) GDPR (a legitimate interest of the Controller). The data analysis allows Vasco to evaluate the popularity and usefulness of the particular features, adapt them to the actual needs of the Clients and further develop the Vasco Audience App and Service.
      
      Retention period: the data are stored for 3 years. After this time the data are stored only as statistical data (anonymized and aggregated) for the purpose of historical analyses and development of the Vasco Audience App and Service.

   6. Complaints handling and satisfaction guarantee

      Vasco processes personal data for the purpose of proper accepting, handling and providing responses to complaints, as well as to verify the terms and conditions of the Client’s using satisfaction guarantee.
      
      To this end Vasco shall process the following categories of data:

      1. identification data - e-mail address assigned to the Account, and in case of the need to verify the right to use the satisfaction guarantee - also the data concerning the use of the Vasco Audience Service by the Client;
      2. contact data - e-mail address and other contact data mentioned in the notification, necessary to provide the response;
      3. content of the correspondence - the content of the complaint correspondence and the correspondence concerning the use of satisfaction guarantee.

      The legal basis for processing: art. 6 (1) (b) GDPR. The processing is necessary for Vasco to fulfill its obligations arising from the Terms and Conditions, including in the scope of handling complaints and returns procedure as part of the satisfaction guarantee.
      
      The legal basis for processing: art. 6 (1) (f) GDPR. Correspondence archiving for the defense against any future claims.
      
      Retention period: the data are stored for a period necessary to handle a complaint, complete a warranty procedure or satisfaction guarantee procedure, and then for the purpose of archiving to defend against any future claims.

   7. Establishment, investigation and defense of claims

      Vasco processes personal data in order to protect its legitimate interests, including in the scope of establishing, pursuing and defending against claims which may arise in connection with the performance of agreements with Clients and Users. This concerns both the claims made by Vasco against Clients and the defense against claims pursued against Vasco.
      
      The legal basis for processing: art. 6 (1) (f) GDPR, the processing is necessary for the legitimate interest of Vasco, consisting in the ability to effectively assert its rights and defend itself against unjustified claims, which is fundamental for conducting business activity.
      
      Retention period: the data necessary for evidence purposes are stored until any claims become time-barred according to the applicable law.

4. Data recipients

   The provider may disclose the personal data to the following categories of recipients:

   1. providers of hosting and IT infrastructure - entities ensuring server infrastructure and technical maintenance service, necessary for the operation of the Vasco Audience App and Service;
   2. IT systems providers - companies providing software fort the management of clients relations, systems for Account data management, billing systems as well as e-mail and internal communication services;
   3. Accounting companies and legal advisors - entities processing identification and transaction data of the Clients in order to fulfill Vasco’s legal obligations (financial settlements, taxes) and defend it against claims;
   4. analytics, diagnostic and monitoring services providers;
   5. public authorities pursuant to the applicable law (e.g. courts, police, tax authorities).
5. Transfer of data outside the EEA

   The Controller may use the services of entities located outside the European Economic Area (EEA), which is necessary for the provision of the Vasco Audience Service (e.g. in the case of using cloud services, analytics or diagnostic services providers).
   
   In the case of a transfer of personal data outside the EEA, the Provider ensures that the transfer shall take place with the use of appropriate means of security Art. 44 GDPR and based on one of the following mechanisms:

   1. decision establishing the adequacy of the protection - the transfer takes place to third countries, with respect to which the European Commission issued a decision establishing an appropriate level of protection (e.g. Canada, Japan, New Zealand);
   2. appropriate security measures - the transfer is based on Standard Contractual Clauses (SCC) approved by the European Commission;
   3. EU-USA legal frameworks for personal data (Data Privacy Framework) - the transfer takes place to entities in the United States which certified its participation in the EU-USA legal framework for personal data and are entered into the list of the US Department of Trade.
6. Profiling

   Vasco does not apply automated decision making, including profiling, within the meaning of Art. 22 GDPR, which would have legal consequences for the Clients and Users or similar, significant impact.
   
   The analysis of patterns of use of the App is only conducted for the technical optimization, development of the Vasco Audience App and Service and is not used to make automated decisions concerning particular Clients or Users.

7. Rights of Data Subjects

   The natural persons whose data are processed by Vasco as the Controller have the right to:

   1. Access their data;
   2. Rectify their data;
   3. Delete their data (“the right to be forgotten”);
   4. Restrict the processing;
   5. Transfer their data;
   6. Object to the processing of data based on a legitimate interest;
   7. File a complaint with the regulatory authority.

   In order to exercise the rights mentioned above it is necessary to contact the Controller by e-mail at the following address: gdpr@vasco-electronics.com