Lesson Nine Gmbh (“Lesson Nine”) provides this Privacy Policy as a means of informing you how your personal data is processed. Lesson Nine treats all personal data with the utmost care. We have undertaken all necessary steps to ensure the safety of this data.

Who can I contact?

Lesson Nine GmbH
Max-Beer-Straße 2-4
10119 Berlin
privacy@babbel.com

You can use this contact information to get in touch with our Data Protection Officer or another person with a data protection function. Please feel free to contact us at any time should you have specific questions regarding your data, the deletion of same, or your rights.

What rights do I have?

You can contact us at any time with questions regarding your data protection rights or should you wish to exercise one of the rights listed below:
  • Withdrawal of consent in accordance with Art. 7 para. 3 GDPR (e.g. you can contact us to withdraw consent and stop receiving a newsletter)
  • Right of Access in accordance with Art. 15 GDPR (e.g. you can contact us to find out which data of yours we have saved)
  • Rectification in accordance with Art. 16 GDPR (e.g. you can contact us if your e-mail address has changed and you want us to update it)
  • Erasure in accordance with Art. 17 GDPR (e.g. you can contact us if you want us to delete any of your data that we have saved)
  • Restriction of processing in accordance with Art. 18 GDPR (e.g. you can contact us if you do not want us to delete your e-mail address but only wish us to send you e-mails that are strictly necessary)
  • Data portability in accordance with Art. 20 GDPR (e.g. you can contact us to receive the data we have saved on you in a compressed format, e.g. because you want to provide the data to another website)
  • Objection in accordance with Art. 21 GDPR (e.g. you can contact us if you do not consent to one of the advertising or analytical procedures listed in this document)
  • Right to lodge a complaint with the relevant supervisory authority in accordance with Art. 77 para. 1 GDPR (e.g. in the event of a complaint you could contact the data protection supervisory authority in your state directly)

      Deletion of data and storage period

      If not otherwise noted, we delete personal data as soon as it is no longer needed. Your data will also be locked or deleted if a storage period set out by law expires, unless the data must be kept in order to complete or fulfil a contract. Some data may have to be stored for a longer time period if the law requires it. You can, of course, request information regarding the personal data we have saved on you at any time.

      Hosting/saving the data

      The personal data processed for use of services is processed solely on servers located within the EU. The hosting providers were carefully selected, and we have signed processing contracts with them as required by Art. 28 GDPR.
      Our main service providers are AWS (https://aws.amazon.com/de/), Heroku (https://www.heroku.com) and Learncube (https://www.learncube.com).

      Processing for companies within the Babbel framework

      As part of providing Babbel’s services to companies, Babbel acts as the data processor, in accordance with Art. 28 GDPR. The company in question makes use of Babbel’s services in order to provide the Babbel product to their employees, who are then able to use Babbel’s services independently.
      Companies sign a data processing agreement with Babbel as required by Art. 28 GDPR in order to legitimize the processing of employee data necessary for this access.

      Website access

      Bei jedem Seitenaufruf werden Zugriffsdaten in einer Protokolldatei, dem Server-Log, gespeichert. Der dabei gespeicherte Datensatz enthält die folgenden Daten:
      •   Your IP address (a unique address used to identify your computer)
      •   The remote host (name and IP address of the computer requesting the page)
      •   The time, the status, the amount of data transferred, and the website from which you accessed the requested page (Referrer)
      •   Product and version information on the browser in use (User Agent)

      Lesson Nine uses a standardized web server log file format for this purpose. Provided the data is not necessary for technical system maintenance or system security, it will be anonymized immediately, and the original logs will be deleted. Anonymization is achieved by removing or shortening the IP address while assigning a code to the data that is not connected to the user.  It is then no longer possible to match the data to a specific person, or to identify a specific person using the remaining information. Lesson Nine therefore only uses anonymized logs, that is logs containing no connection to or information on your person, for statistical evaluations. Lesson Nine can use these logs, for example, to determine on which days and at which times Babbel is particularly popular, and what volume of data is created on the Babbel web servers. In addition, Lesson Nine can use the log files to identify any potential errors, e.g. incorrect links or program errors, and thus use the log files to improve Babbel. Lesson Nine does not connect the page requests or uses saved in the server log with individual persons.
      The legal basis for this process is known as legitimate interest, which has been verified within the framework of the previously listed protective measures and in accordance with the European data protection requirements as laid out in Art. 6 para. 1 s. 1 lit f GDPR.

      Registration and use of services

      When you register for our services, we record and save basic data such as name, e-mail address, and any other contact information you provide, such as username and password. We may receive additional information from you via the website (e.g. if you fill out your personal profile) or when you communicate with us.

      Babbel Live

      Our Babbel Live service offers Babbel users the opportunity to take part in digital language lessons in small groups (1-6 users). For this service, users meet together with a teacher and take part in a lesson. As part of the lesson, learning objectives are defined and language exercises are carried out, and the teacher supports the users as they learn the language. The personal data entered during registration by the user is processed as part of this service. The user’s name will therefore be visible to the teacher and to other participants.

      Babbel Live lessons are hosted on Zoom, a US-based online meeting platform (https://zoom.us). We have signed a data processing agreement with Zoom including EU standard contractual clauses.
      In doing so, we have implemented the settings options provided by Zoom to ensure that the least possible amount of personal data is processed during participation in these lessons. Features such as attention tracking and other analytical options are always deactivated.
      You can find more information on Zoom’s data protection at: https://zoom.us/de-de/privacy.html.

      Babbel Intensive

      Our Babbel Intensive service offers Babbel users the opportunity to take part in one-on-one online language lessons for English, French, Spanish, and German. As part of the lesson, learning objectives are defined and language exercises are carried out, and the teacher supports the users as they learn the language. The personal data entered during registration by the user is processed as part of this service. The teacher can therefore see the user’s name.
      Babbel Intensive lessons are hosted on Learncube, an online classroom solution (https://www.learncube.com/). We have signed a data processing contract with Learncube including EU standard contractual clauses. Learncube processes only that data which is required for carrying out lessons and for improving usability. That includes, for example, the first and surnames of the participants, profile pictures, e-mail addresses, and (optionally) telephone numbers. In addition, the service processes technical data such as IP addresses, browser settings, language settings, and time zones that are required in order to provide the service.
      You can find more information on Learncube’s privacy policy at: https://www.learncube.com/privacy-policy.html

      Newsletter & e-mails

      We will send you e-mails for a variety of reasons. They may include order confirmation or confirmation of registration. However, they may also contain information on our services, provided you have not objected to receiving such information, which you can of course do at any time at https://my.babbel.com/en/user-profile/settings. E-mails that we send to you will be saved and any e-mails that may be considered business letters will not be deleted during the legally required retention period. In addition, we record those e-mail addresses to which an e-mail was unable to be sent, in order to request that the e-mail address be updated. In terms of our newsletter e-mails, we record (e.g. using what are known as tracking pixels) whether or not an e-mail has been opened and which links in the e-mail have been clicked on in order to optimise our offers and ensure they are designed based on needs. We use this data to send you newsletter content tailored for you. If you wish to object to this use of data, you can do so by unsubscribing from our newsletter. We also use service providers from the US (HubSpot - see explanation below) to send out our emails. We have signed the required data processing agreements with these companies, as well as additional guarantees for appropriate levels of data protection. In addition, we use a service provided by Emarsys to send out our newsletters (www.emarsys.com).  Emarsys is an Austrian company and we also have a data protection agreement in place with them. To find out more information about them please see their privacy policy at https://emarsys.com/privacy-policy/.

      Apps

      In addition to our website, we also offer applications (apps) for various smartphone operating systems. We also collect data regarding the use of these applications using software from third party providers, in order to detect and correct errors and to improve the applications. In doing so, however, no data is collected from which a third-party provider could directly link the data to a specific person. This allows us to collect aggregated information regarding how the apps are used and which features are particularly popular, so that we can draw conclusions in terms of future improvements for product development. You can prevent this analysis by choosing to opt out here: https://www.tune.com/optoutmobile/

      In addition – provided that you have given permission via your device settings – we will be informed in the event of program crashes. These crash reports are performed by third-party service providers. In doing so, however, no data is processed from which a third-party provider could link the data to a specific person.

      Cookies

      Our website uses cookies in some instances. Cookies are small text files that are usually saved in a folder in your browser. Cookies contain information on your current and previous website visits:
      • Name of the website
      • Cookie expiration date
      • Cookie value
      Provided that cookies do not contain a specific expiration date, they are only saved temporarily and automatically deleted as soon as you close your browser or turn off the device. Cookies with expiration data remain saved even after you have closed your browser or turned off your device. These cookies are only removed once they have reached their expiry date or if you manually delete them.
      Our website uses the following three types of cookies:
      • Required cookies (these are needed, for example, in order to display the website correctly for you and to temporarily save certain settings)
      • Functional and performance cookies (these cookies help us, for example, to evaluate technical data from your visit and therefore avoid error messages)
      • Advertising and analytics cookies (these cookies ensure that, for example, you see ads for shoes if you had previously searched for shoes)

      You can use your browser settings to configure, block, and delete cookies. If you delete all cookies from our website, you may find that some website features are not displayed properly. You can find helpful information and instructions for common browsers on the website of the German Federal Office for Information Security: https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html


      Cookies are only activated after you have granted express permission, with the exception of those cookies that are required for the technology to work. You can withdraw this permission at any time. You can find information on how to withdraw permission, as well as additional information, in the cookie configuration options.

      Google Analytics

      This website uses Google Analytics, a web analysis service provided by Google Inc. (Google). Google Analytics uses cookies, which are text files saved on your computer that make it possible to analyse how you use the website. Because we have activated anonymization of the data, your IP address will be shortened by Google within the European Union Member States or other states party to the agreement regarding the European Economic Area and only then transferred to the USA. The full IP address will only be transferred to a Google server in the USA and shortened there in exceptional cases. Google uses this information on behalf of the operator of this website to evaluate your use of the website, in order to compile reports regarding website activities and in order to perform additional services for the website provider connected to website use and internet use. The IP address transmitted from your browser for use in Google Analytics will not be connected to other data from Google.
      You can prevent the cookies from being saved by selecting the appropriate setting in your browser software; please note that in this case you may not be able to fully use all features available on the website.
      You can find additional information on Google Analytics’ use of data and data protection athttps://marketingplatform.google.com/about/analytics/terms/de/ or at https://marketingplatform.google.com/about/. Babbel only uses Google Analytics in combination with the gat._anonymizeIp(); expansion, so that IP addresses are only recorded in a shortened, i.e. anonymized form.

      Data exchange with Facebook (applies to registered Facebook users only)

      We are participating in a statistical program from the company Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA, which identifies Facebook users who have a similar user profile to our regular customers (Facebook Custom Audiences – Statistical Twins). As part of this program, customer e-mail addresses are transferred to Facebook in an anonymized form (as what is known as a hash). The e-mail address cannot be reconstructed from the data provided. Facebook uses the same method to create a hash from the e-mail addresses of their users, compares this anonymized data and determines whether one of our users is registered with Facebook under the same e-mail address.

      Facebook guarantees that they will not save this match or use it outside of this program. Based on this information, other Facebook users are identified that interact with Facebook in a similar manner to that customer and we receive the opportunity to directly address those individuals. You will not see any additional advertising or receive any additional messages from us or from Facebook as a result of this program.
      If you are not registered with Facebook under the same e-mail address you used to register with us, then Facebook will not receive any information about you. We will not under any circumstances be informed as to whether you are registered with Facebook and will also not receive any additional data on you.
      You hereby give permission for your e-mail address to be forwarded in anonymized form as described above. Although we have every reason to trust the assurances provided by Facebook, we would like to note here that Facebook is not subject to German data protection laws.
      For additional information on the purpose and scope of data collection and further processing and use of the data by Facebook, as well as your options for settings to protect your privacy, please see the Facebook data protection policy, which can be found, among other places, at https://www.facebook.com/about/privacy/.

      Social Plugins

      We sometimes also use social plugins on our website. This is done using technology from the provider ShareThis. Social plugins from Facebook and Twitter are embedded into the site. The following provides information on the social plugins embedded using this technology.

      Facebook Social Plugin

      Our website makes use of social plugins (plugins) from the social network facebook.com (Facebook). Facebook is operated by the company Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, in the USA.
      If you open a website that is part of our internet presence containing such a plugin, your browser will connect directly to the Facebook servers. The contents of the plugin are transferred from Facebook directly to your browser and embedded into the website by your browser. Once the plugin is embedded, Facebook receives the information that you have opened the relevant site that is part of our internet presence. If you are logged into Facebook, Facebook can match your visit to the website with your user account.
      You can find information on the purpose and scope of the data collected, as well as further processing and use of the data by Facebook and your rights in this regard, plus your options for settings to protect your privacy, in the Facebook privacy policy: https://www.facebook.com/policy.php If you have a Facebook account and do not want Facebook to gather information on you via our internet presence and connect it to the user data Facebook has saved on you, you must log out of Facebook before visiting our website. It is also possible to block Facebook social plugins using browser add-ons, for example Facebook Blocker.

      Use of the Twitter widget.

      We also use what are known as Twitter widgets on our websites. When calling these websites, a connection is made to Twitter's servers. Twitter’s servers are located in the USA. When calling a website containing a Twitter widget, Twitter receives information about the call. This includes, at least, your IP address, the type of browser, the operating system, and the address of the website on which the Twitter widget is located.
      In addition, the Twitter widget places a cookie in your device’s browser. In connection with the cookie, Twitter is theoretically able to tell which other pages you visited, provided those pages also contain a Twitter widget. According to Twitter, this data may also be used to improve suggestions as to who to follow – if you have a Twitter account. Based on their own account, Twitter begins to delete data after a maximum period of 10 days, and is then finished with this process at the latest one additional week later. If you have a Twitter account, you may be able to make additional settings changes regarding data processing in your account. You can find more information in Twitter’s privacy policy, that you can view here: https://twitter.com/de/privacy

      Hubspot 

      This website uses HubSpot for our online marketing activities. HubSpot is a software company from the USA with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Telephone: +353 1 5187500.

      Our log-in services allow people who use our website to find out more about our company, download content, and provide their contact information, as well as additional demographic information. This information, as well as the contents of our website, is saved on servers belonging to our software partner HubSpot. It can be used by us to contact those who visit our website and determine which of our company’s services they are interested in. All information we collect is subject to this privacy policy. We only use the information collected to optimise our marketing measures.

      On some subpages of our website, we also use the HubSpot live chat service “Messages” (round chat icon on the bottom right of the screen) to send and receive notifications in order to improve the user experience. If you agree to and use this function, the following data will be sent to the HubSpot servers:– contents of all chat messages, both sent and received– context information (e.g. the page on which the chat was opened)– optional: the user’s email address (if the user provided their address during the chat)HubSpot’s services are used on the legal basis of Art. 6 para. 1 s. 1 lit f GDPR – legitimate interest. Our legitimate interest in regard to the use of this service is optimization of our marketing measures and improving the quality of service on our website.


      More information on the HubSpot privacy policy »More information from HubSpot regarding the EU Data Protection Regulations »You can find more information on the cookies used by HubSpot here & here.

      Hotjar

      We also use the web analytics service Hotjar from Hotjar Ltd. Hotjar Ltd. is a European company with their headquarters in Malta (Hotjar Ltd, Level 2, St. Julian’s Business Centre, 3, Elia Zammit Street, St. Julian‘s STJ 1000, Malta, Europe). This tool is used to record movement on websites using Hotjar (heat maps). This provides information, for example, on how far down the page users scroll and which buttons the users click, and how often. It is also possible to get feedback directly from website users using this tool. This allows us to access valuable information in order to design our websites so that they are faster and more customer friendly. When using this tool, we pay particular attention to protecting your personal data. We are only able to see which buttons were clicked, how the mouse moved, how far down the page people scroll, the device’s screen size, the type of device and browser information, geographical location (only the country), and the preferred language for displaying our website. Areas of the website that show personal data from yourself or a third party are automatically hidden by Hotjar and we therefore cannot access this information at any time. The legal basis for use of this service is your consent as laid out in Art. 6 para. 1 s. 1 lit a GDPR, and consent is granted via our cookie banner. Consent can be withdrawn at any time via cookie management.

      LinkedIn Insight Tag

      Our website makes use of the LinkedIn Insight Tag from LinkedIn Ireland Unlimited Company. This tool creates a cookie in your web browser that allows for the following data, amongst others, to be collected: IP address, device and browser characteristics, and page events (e.g. page requests). This data is encrypted, anonymized within 7 days, and the anonymized data is deleted within 90 days. LinkedIn does not share any personal data with us, but rather offers anonymized reports regarding the website’s target audience and advertising performance. LinkedIn also offers the option of retargeting via the Insight Tag. Using this data, Babbel can show targeted advertising outside of their website, without identifying you as the visitor to the website. You can find more information on data protection at LinkedIn in the LinkedIn privacy policy.
      LinkedIn members can adjust settings regarding the use of their personal data for advertising purposes via their account settings.
      The legal basis for use of this service is your consent as laid out in Art. 6 para. 1 s. 1 lit a GDPR, and consent is granted via our cookie banner. Consent can be withdrawn at any time via cookie management.

      Google Conversion Tracking

      Our website uses Google Conversion Tracking from Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (subsequently: Google), in order to record statistics on the use of our website and for the purpose of evaluating optimization of our services for you. Google AdWords places a cookie on your computer in the event that you have reached our website via a Google ad. If the user visits specific pages on the AdWords customer’s website, and if the cookie has not yet expired, Google and the customer can see that the user clicked on the ad and was directed to this page.
      Every AdWords customer receives a different cookie. Cookies can therefore not be tracked via AdWords customer’s websites. The information collected with help from the conversion cookies serves to create conversion statistics for AdWords customers who have decided to make use of conversion tracking. We receive information on the total number of users who have clicked on the advertisement and were forwarded to a page containing a conversion tracking tag. However, we do not receive any information that can be used to personally identify users.
      The legal basis for use of this service is your consent as laid out in Art. 6 para. 1 s. 1 lit a GDPR, and consent is granted via our cookie banner. Consent can be withdrawn at any time via cookie management.

      Google Tag Manager

      We use Google Tag Manager, a service from Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (Google). Google Tag Manager allows website tags to be managed via an interface.
      According to Google, Google Tag Manager is a cookie-less domain that does not record any personal data. Google Tag Manager ensures that other tags are triggered that may in turn record data. Google Tag Manager does not access this data. If deactivation takes place on the domain or cookie level, this remains unchanged for all tracking tags implemented with Google Tag Manager.
      You can find more information on data protection in the Google data protection policy: https://policies.google.com/privacy?hl=en-US
      The legal basis for use of this service is your consent as laid out in Art. 6 para. 1 s. 1 lit a GDPR, and consent is granted via our cookie banner. Consent can be withdrawn at any time via cookie management.

      New Relic

      New Relic, a web analytics service offered by provider New Relic Inc., collects and saves data which is used to create usage profiles saved under pseudonyms. These usage profiles serve to analyse user behaviour and are evaluated in order to improve our service and implement needs-based design. Cookies may be used for this purpose. These cookies allow for user recognition during subsequent visits to the website.
      You can find more information on data protection in the data protection policy: https://newrelic.com/termsandconditions/services-notices
      The legal basis for use of this service is your consent as laid out in Art. 6 para. 1 s. 1 lit a GDPR, and consent is granted via our cookie banner. Consent can be withdrawn at any time via cookie management.

      Data security

      Lesson Nine takes security precautions to guarantee that your data is protected from loss, alteration, or misuse. Lesson Nine does this with industry standard firewalls that are constantly being updated as well as other security systems. At the same time, the user should be aware that we cannot offer one hundred percent protection from attacks, due to the constant barrage of new viruses and ever developing means of attack on internet service’s secure data systems. Lesson Nine will pursue every attack on the data, regardless of who carried it out, under both civil and criminal law, and inform users in the event that their data has been compromised.

      Data is not forwarded to third parties

      Lesson Nine does not forward user’s personal data to third parties, unless the user has provided express permission to do so or there is a legal requirement to forward the data. In addition, personal data may be forwarded to third parties if doing so is legally allowed and the data must be forwarded in order to fulfil our contractual obligation to our customers.

      In the event that payment is made, the data for completion of the payment process will be forwarded to the payment service provider in the event that you do not provide them with the data directly. If you provide your payment data directly to a payment service provider, then we receive only very limited access to this data. In this case, we will only be informed whether or not a transaction matching a specific transaction number has taken place or not. We do not receive your account information in this case. In the event that the rights of third parties (in particular copyright, brand, name, and trademark rights) are violated by the user, the user’s data will only be provided to the rights holder in the event that the rights holder demonstrates their claim conclusively to Lesson Nine.

       

      Last updated: September 2020