1. Data Controller

This WordDive Ltd (later referred to as “Company”) customer registry privacy policy has been drawn up according to the European Union’s General Data Protection Regulation (679/2016). The Data Protection Regulation is directly applicable legislation in all EU Member States as of 25 May 2018. WordDive Ltd is committed to complying with the applicable data protection legislation when processing your personal data. This Privacy Policy provides comprehensive information on the processing of personal data to our customers who use our WordDive service (later referred to as “User”).

If you have any questions about the processing of your personal data or you wish to exercise your rights regarding your personal data, please contact us at the address below.

Name and address of the data controller
WordDive Oy
Finlaysoninkuja 21 A
33210 Tampere, Finland

Contact information for registry matters
info@worddive.com
+358 10 205 4455 (weekdays 9 a.m.–3 p.m.)
(mobile call charge/local network charge)

Name of the registry
Marketing and Customer Registry of the WordDive service.

2. What Kind of Information is Collected About Me?

Information submitted by the user during registration:

In order to register for and use the WordDive service, the User must provide their name, email address, preferred password for their user ID (email address), the country where the service is being used and, if necessary, their postal address.

If the User has already registered for the service via Facebook, the Company will know the User’s Facebook username. Apple mobile devices also have a Sign in with Apple feature which automatically provides your name and email address from your Apple ID. If you wish, you can edit your name and choose to keep your email address private.

If they wish, the User can provide the following information in the initial survey: age, translation language, reasons for studying, and native language. The initial survey also examines the User’s current and target language skills. Answering the questions is voluntary for the User. This information is used to optimise the study experience and to develop learning content and marketing.

In the initial survey for a prep course, the User can choose to provide their gender and how they heard about WordDive. This information is used to develop our marketing. 

Information collected automatically during registration:

  • Personal User identifier
  • Time of registration
  • Registration channel
  • Free trial activation data
  • User interface language
  • User type
  • Time zone

Information generated automatically when using the service:

  • First login day
  • Purchase transactions
  • Start and end date of licence
  • Login data (“Remember me” cookies)
  • Promotional campaign data
  • Learning outcomes
  • User’s achievements
  • Hints and reminders shown to the User
  • Time when the password was last changed

Information submitted or set by the User when using the service:

  • Wrong answers (not linked to individual Users)
  • Feedback on study material (optional)
  • Study group data (for organisation users)
  • User’s exams (prep course users)
  • Grade guarantee refund data (prep course users)
  • Newsletter subscription or unsubscription
  • General service usage settings
  • User’s course-specific settings
  • User’s language-specific settings

Other information collected and processed for purposes described in section 3:

Notes added manually by customer service or R&D.
Information about emails sent by WordDive that the User has opened, and links that have been clicked.

3. For What Purpose is My Information Processed?

The information specified in section 2 is collected and processed for the following purposes:

Use of the service

The User’s email address and password are required for registering and logging in to the service unless the User uses the Sign in with Apple feature. During purchase transactions, information related to the purchase, such as the chosen course package and the duration of the licence, is stored so that the User can be provided with the service they have purchased. Country information is required to set the correct currency and tax.

The WordDive service is based on personal optimisation (profiling), for which the Company must store information such as the User’s exercise data, including selected and written answers.

The information in the profile formed as a result of this optimisation is collected from the person themselves when they register for and use the service. The information processed is necessary for the intended purpose, i.e., the individual optimisation of the service.

Much of the other information mentioned in section 2 is required to use the various features of the service. For example, certificates are sent based on stored results. The settings selected by the User are stored in order to control the functioning of the service according to the User’s wishes.

Information provided voluntarily, such as age and gender, is used to develop the service.

Research and development

The development of WordDive’s features and exercise algorithm is based on various tests and statistical analysis of User behaviour in the service, which is stored in the database, and Users’ learning outcomes. The customer data used in research and development is not traceable to an individual User. In accordance with the recommendations of the applicable data protection legislation, the analysis is performed statistically using a large mass of data (e.g. all Users learning English), where the data is processed in an anonymised form that does not allow individual Users to be identified. 

Customer service and communication with Users

The User’s contact information, payment information and exercise information are also required to answer the User’s support requests through customer service. These requests usually involve reviewing the User’s information and exercise data in WordDive’s administration panel and checking payment information in the administration panels of various payment service providers. Users’ email addresses are required for communication.

Marketing

Marketing platform pixels and other similar technologies collect information about Users’ movements and actions in the WordDive service. This information can be used to show them targeted advertising. The purpose of targeted advertising on Facebook and Google, for example, is to allow each consumer to see advertisements for products and services that they are interested in, rather than completely random advertisements.

A visiting User has the right to object to such profiling-based advertising or to withdraw their consent to this purpose by disabling “Targeting cookies” in the cookie settings of the website. A registered User can manage their ad settings directly in the social media services they use. Instructions for managing ad settings can be found directly on the websites of these services.

Accounting

The User’s personal information is also processed in connection with fulfilling the Company’s legal obligations, such as for the Company’s taxation and accounting. For accounting and taxation purposes, it is necessary to know, for example, what products Users have purchased and at what price, which payment service provider was used and in which country the purchases were made (country information affects, e.g., the amount of value added tax). User contact information is required to resolve any payment-related issues and abuses.

Changes or additions to the purposes

If the purposes for using personal data change significantly at a later date or new purposes are introduced, the Company will inform the User of such changes well in advance before the planned changes are implemented. In such cases, the Company must also request the User’s consent for such a significantly changed or new purpose.

4. What are the Legal Grounds for Processing Information?

The EU Data Protection Regulation defines six legal grounds for the processing of personal data. These are: 

Consent
Performance of a contract
Legal obligation
Protection of vital interests
Grounds relating to public interest or official authority
Legitimate interests

WordDive collects and processes personal data mainly on the grounds of consent, performance of a contract, the Company’s compliance with legal obligations and legitimate interests. 

Before registering for the WordDive service and submitting their personal information to the Company, Users are asked to carefully read the contents of this Privacy Policy regarding the use of the service before giving their consent to the processing of their personal data. The request for consent is presented clearly and separately from other matters, in an easily understandable and accessible form, and in clear and simple language. At the same time, the User is informed that they have the right to withdraw their consent at any time. More information about withdrawing consent is provided below in this Privacy Policy. According to the principle of voluntary consent, the User may choose which consent-based purposes of using their personal data they consent to.

Grounds related to the performance of a contract means that certain information must be collected from the User in order to make it technically possible to use and purchase the service.

Compliance with legal obligations means processing personal data, e.g., for the purpose of fulfilling the Company’s accounting and taxation obligations.

The Company’s legitimate interests may relate to, e.g., the following activities: customer service and handling cases of misconduct.

The collection and processing of all data listed in section 2 is based on some of these legal grounds.

If the User does not wish to provide personal data which is required on the grounds of performance of contract, the Company’s compliance with legal obligations or the Company’s other legitimate interests, the service cannot be used. 

5. From Which Sources is My Information Collected?

Personal data is mainly collected from the Users themselves, either directly or through cookies (see section 11). Data is also generated automatically during registration, purchases and use of the service (see section 2).

Personal data may be collected from publicly available information and other external sources: registries maintained by authorities (e.g., population register) and credit registers.

6. With Whom Can My Information be Shared?

The Company uses Google Analytics, a service provided by Google LLC in the United States, in its service. It is possible to log in to our service using an Apple account and pay using the Apple Pay payment service, which are products of Apple Inc. in the United States. Google and Apple may also process data in the United States.

As part of providing its service, the Company shares data with sub-processors, i.e., payment service providers that collect payments for services and products ordered or used through WordDive.

The payment service providers used by WordDive are:

Apple App Store
Google Play Store
RevenueCat
Klarna AB
PayPal Europe
Paytrail Oyj

The processing of data by the abovementioned payment service providers is carried out in accordance with the requirements of the EU Data Protection Regulation, and an agreement on the processing and confidentiality of personal data has been concluded with them. WordDive is responsible for the processing of personal data carried out by payment service providers as if it were its own in regard to the User. 

Personal and purchase data is also shared with the following third parties:

Joviaali Oy, responsible for the accounting and payroll of the Company
Freshdesk, a software used by the customer service of the Company
Liana Technologies, a software used by the Company to send newsletters
Google, a service used by the Company in advertising and analytics
Facebook, a service used by the Company in advertising
Instagram, a service used by the Company in advertising
Snapchat, a service used by the Company in advertising
TikTok, a service used by the Company in advertising
Unity, a service used by the Company in product development
Folcan, the Company’s advertising partner
Otavamedia, the Company’s sales and marketing partner and system supplier
Leadoo Marketing Technologies, the Company’s sales and marketing partner

The processing of data by the abovementioned companies is carried out in accordance with the requirements of the EU Data Protection Regulation, and an agreement on the processing and confidentiality of personal data has been concluded with them. WordDive is responsible for the processing of personal data carried out by the abovementioned third parties as if it were its own in regard to the User. 

The WordDive.com website is hosted on the servers of the Finnish WordPress service provider Seravo. The WordDive mobile application and the data related to its use are hosted on Google’s virtual servers and partly on AWS (Amazon Web Services) servers in Europe. Both Google and Amazon are ISO 27001 certified. 

WordDive may also transfer data to a company belonging to the same business group and in connection with company reorganisation.

Companies and organisations that have purchased licenses from the Company to offer to their employees or other parties will receive a report from the Company on the study progress of users who have activated their licenses in the Service, in accordance with a separate contract. The report includes the names and email addresses entered by the students in the Service, the license activation date, the activated course package, and the study time in minutes and as a percentage of the entire available course package.

7. Is My Personal Information Used for Profiling?

The WordDive service is based on personal optimisation, i.e., profiling, for which the Company must store the User’s exercise data, such as selected and written answers.

The information in the profile formed as a result of this optimisation is collected from the person themselves when they register for and use the service. The information processed is necessary for the purpose, i.e., the individual optimisation of the service

8. Is Information Transferred Outside the EU or EEA? 

Some of the third parties mentioned in section 6 to whom Users’ personal data is disclosed are companies outside the EU.

The transfer of data is based on the EU-US Data Privacy Framework. Apple may share data with the payment card issuer to execute a payment transaction and prevent fraud. 

9. Rights Related to the Processing of Personal Data 

Right to inspect and right to request correction of data

WordDive does not verify the accuracy of the information provided by the User. Users who are logged in to the service may view and edit their settings related to the use of the service, as well as the personal data they provided during registration.

The User has the right to request a copy of all other information concerning them from the WordDive customer service and to request WordDive customer service to correct any incorrect information in the system. The copy can be requested by email from info@worddive.com.

Other rights related to the processing of personal data

Deletion of data

The User can delete their user account from the service in their settings. The User also has the right to request that the Company delete all personal data concerning them from the WordDive database. Requests for data deletion can be made by email to info@worddive.com.

All other data can be manually deleted from the database, except for data required by official authorities (e.g., payment transaction data for accounting) and data generated by the use of the service for research and development, such as written answers. However, after the deletion of other data, this exercise data can no longer be connected to the User. In other words, it becomes anonymous information, as recommended by the applicable data protection legislation.

Right to object to or restrict processing

Profiling in the WordDive service cannot be objected to or restricted. The service is based on personal optimisation, i.e., profiling, for which the Company must store the User’s exercise data, including selected and written answers.

Opting out of direct marketing

When subscribing, the Company is granted permission to use the provided email address for direct marketing purposes. The customer can opt out of direct marketing by clicking the unsubscribe link that can be found in each message or by contacting info@worddive.com.

Transfer of data

The User has the right to transfer their personal data from one data controller to another. If you wish to transfer your data, please contact info@worddive.com.

Right to withdraw consent
A User visiting the Company’s website has the right to reject non-essential cookies in the cookie settings of the website and to withdraw their previous consent. You can always withdraw your consent by contacting info@worddive.com.

Right to lodge a complaint with a supervisory authority

If the User believes that WordDive is not complying with the Finnish Personal Data Act or the requirements of the EU Data Protection Regulation, the User has the right to lodge a complaint with a supervisory authority. In Finland, this authority is the Office of the Data Protection Ombudsman.

10. Data Retention

WordDive will retain customer and usage data for eight years from the end of the User’s last subscription period unless the User specifically requests the deletion of the data earlier.

11. Use of Cookies or Cookie-like Technologies

In order to track and enable the use of the service, cookies may be transferred to the User’s computer from time to time. Cookies allow the Company to provide the User with a service that better reflects the User’s wishes and preferences.

Cookies may also be used to provide the User with better offers and more personalised product recommendations.

In addition, cookies are used to monitor the number of visitors to the service. Some of the content on the website requires accepting cookies in order to function. Non-essential cookies can be disabled in the cookie settings.

12. Registry Protection

All persons processing the Company’s customer registry on behalf of the Company have personal access rights (username, password, and access level) granted by the data controller. These persons are bound by confidentiality and non-disclosure agreements or are otherwise subject to appropriate statutory confidentiality. Users’ personal data is accessible only by persons who need this information to perform their duties. These include customer service personnel and technical administrators of the service.

WordDive provides the service in such a way that external parties cannot gain unauthorised access to the User’s information or communications. Other parties involved in the provision of the service (e.g., payment service providers and network or mobile operators) are responsible for the data security of their services.

WordDive provides the service in accordance with built-in and default data protection principles. Personal data is processed in a pseudonymous or anonymous form whenever possible. The data content of the registry is technically secured, and backups are performed regularly. 

WordDive implements appropriate technical and organisational measures in connection with the processing of personal data, in particular to protect against personal data breaches. If, despite this, a personal data breach occurs, i.e., accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to data, that results in a high risk to the rights and freedoms of Users, we will inform Users of the breach without delay, including its likely effects and the recommended actions for counteracting its harmful effects.

10.11.2025