Effective date: 5th October 2014

Last Updated: 19th September 2019

Introduction

This Privacy and Cookies Statement explains how personal information is collected, used, and disclosed by SoapBox Labs Limited, an Irish company (“we”, “us”, “our”) in connection with your use of the speech recognition applications and associated services (collectively the “Services”) of SoapBox Labs.

We respect your right to privacy and your freedom to control and monitor your children’s online activities. This Privacy and Cookies Statement together with any terms and conditions of use for the Services (“Terms”) and any other documents which they refer to sets out the basis on which any personal data we collect from you and from any children who use our Services will be processed by us. Note that children are defined as under the age of 18 in the US, or 16 in the EU (unless the Member State has made provision for a lower age limit, but no lower than 13).

There are two different ways that our Services can be accessed:

  1. Directly through interaction with a SoapBox Labs application (via tablet, smartphone, etc) that uses our speech technology (“Direct Access”);
  2. Indirectly through a third party service or application that uses our speech technology to provide voice interface functions (“Indirect Access”).

Our services apply a “data protection by default” and “data protection by design” approach in keeping with the principle of minimizing the processing of personal data to the extent necessary to provide the Services and to further develop and enhance our services. Accordingly, Soapbox will not take any steps to re-identify or de-anonymize any voice data or otherwise associate the voice data with personally identifiable information and does not authorize, instruct, or encourage any third party to do so.

Parental Consents

For Direct Access, we rely on consent from an individual with parental authority as the legal basis for processing data where the data subject is a child. We have our own clear parental consent mechanisms and verification processes in place and you can withdraw your consent as outlined below. For Indirect Access, we require any third parties using our services to ensure that the relevant parental consents are in place before they send any voice data to our services.  We process de-identified voice data for the legitimate interest purposes of improving the Services as outlined in this statement. Your rights and the mechanisms for objecting to this type of processing of data are clearly outlined below.

If you are accessing our services from the US please note:

SoapBox Labs comply with the Children’s Online Privacy Protection Act (COPPA). COPPA is a U.S. law created to protect the privacy of children under 13. As such, we have established COPPA compliant privacy practices and adhere to the strict information collection, use and disclosure requirements set forth by the Act.

Identity and contact details:

If you have questions or concerns about our privacy practices, please contact us at privacy@soapboxlabs.com 

If you are in the European Union, please note that our Data Protection Officer (DPO) can be contacted at privacy@soapboxlabs.com 

If you are in the European Union and have further concerns after you have contacted us, you can lodge a complaint with the Irish Data Protection Commission directly at info@dataprotection.ie.

Acceptance Of This Privacy and Cookies Statement

By using the Services or permitting your child to use the Services, you signify acceptance of this Privacy and Cookies Statement. If you do not agree with or you are not comfortable with any aspect of the Privacy and Cookies Statement, you should discontinue use of the Services. 

With Direct Access, you may also request deletion of previously collected user data by contacting us at the contact details above; with Indirect Access, by contacting the third party through whom you are accessing our services. We may update our privacy policy from time to time, so please check back regularly for updates. If we make a material change to the policy and we have your email address, we will notify you before making that change to allow you to opt out if you no longer agree to our collection and use of information practices.

Direct Access: Information We May Collect From You

  • Email addresses (including parental email address) if we need to contact you in respect of the Services or this Privacy and Cookies Statement;
  • audio recordings which help us to build better speech technology that improves our Services (“Recordings”);
  • technical information regarding the type and model of the device being used for the Services which help us to understand how the Services work on different devices;
  • the age of the children using the Services;
  • details of your use of the Services including, but not limited to, IP address, traffic data, location data (depending on the settings you have chosen on your device) and other communication data and the resources that you access.
  • We may also automatically collect certain logistical information in server logs, including information about how various features of our Services are used and information about the number, frequency and length of each session.
  • if you contact us for any reason, we may keep a record of that correspondence.

Indirect Access: Information We May Collect From You

Where you are accessing our services through a third party, the voice data passed to us is de-identified voice data and no other data relating to the identity of the child is received by our system.  Depending on the terms and conditions agreed with the third party provider, this voice data may be retained in our system after processing for the sole purpose of improving the services. In other cases, the data is deleted immediately after processing.  You should check with the third party to clarify the basis on which the voice data is passed to our system to assess whether or not it is retained post-processing.

Children

We respect the role of parents or guardians in the monitoring of their children’s online activities. Accordingly, we limit our collection of personal information from children to no more than is reasonably necessary to participate in the Services and to improve it going forward. We do not collect any personal information from children other than as set out in this privacy policy. At any time parents or guardians can contact us and request the deletion of any personal information of their child which we store.

We collect Recordings from children which are captured when children interact with the Services depending upon the particular application being used. We may use, store, process and transcribe Recordings in order to provide and maintain the Services, to perform, test or improve our own/proprietary speech recognition technology and artificial intelligence algorithms, or for other research and development and data analysis purposes. Additionally, these recordings may be listened to by human ears for the specific purpose of generating transcriptions or labelling data.  We do not share the recordings, or any data generated by the recordings, with any third parties for any purpose other than those described above.

Where We Store Your Personal Data

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). By submitting your personal data or permitting your child to use the Services, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy and Cookies Statement, typically through the use of EU-approved “model contract clauses” or ensuring our third party vendors are certified under the EU-US Privacy Shield.

All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password or username which enables you to access certain parts of our Services, you are responsible for keeping this password or username confidential. We ask you not to share this information with anyone. You can request deletion of this data at any time by emailing us at privacy@soapboxlabs.com, from the email address provided upon initial registration.

We will delete personally identifiable information after expiry of an appropriate retention period (typically a number of years after our contact with you has terminated). However we will retain de-identified data indefinitely for product development purposes unless you have chosen to withdraw your consent or delete your data as outlined below.

Uses Made Of Your Information

We use information held about you:

  • to build better speech technology;
  • to ensure that content from our Services is presented in the most effective manner for you and for your computer
  • to notify you about important changes to our Services and our Terms and policies
  • to provide, maintain and improve the Services and to process and to carry out our obligations arising from any contracts entered into between you and us;
  • to provide you with information or services that you request from us or which we feel may interest you, (in the case of marketing communications you can opt out at any time by following the unsubscribe option in our emails);
  • to allow you to participate in interactive features of our Services.
  • If you are an existing customer, we will only contact you by electronic means (such as email) with information about goods and services similar to those which were the subject of a previous transaction between us.

Disclosure Of Your Information

We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and other agreements; or to protect the rights, property, or safety of SoapBox Labs, its subsidiaries and its group companies, our users, or others.

We may disclose aggregated or anonymised data if:

  • We work with advisors or service providers;
  • We or substantially all of our assets are acquired by a third party, in which case personal data held by us about our users will be one of the transferred assets. In the case of sale or merger the privacy policy will apply. In the case of a material change you will be notified and provided an opportunity to opt out.

Other than as set out in this Privacy and Cookies Statement, we do not currently disclose data to any other third parties; if this changes in the future we will notify users through changes in this Privacy Policy.

Direct Access: Cookies and Similar Technology

If you are accessing our services directly, we may collect information about your computer or other device including, where available, device and browser type for system administration and analytical purposes. This is statistical data about how you use our Services. 

For the same reason, we may obtain information about your general usage of the Services by using a cookie or similar software which is stored on the memory of your computer or device. This software contains information that is transferred to your computer or device’s memory. Cookies help us to improve our Services and to deliver a better and more personalised service. We may use Web beacons or similar technology in connection with the Services. Web beacons are small, invisible graphic images that may be used in the Services or in emails relating to our Services to collect certain information and monitor user activity on the Services.  

You may refuse to accept cookies by activating the settings on your browser or device which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of the Services.

We work with third party analytics provider Unity Analytics. We use a restricted version of Unity, that does not use any advertising services, and no user data is shared with any other third parties. For more information on Unity’s Privacy Policy click here.

Your Data Subject Rights

You have the right to request a copy of your personal data which is held by us about you or your child. If you are accessing our service directly, you should contact us about this data – if you are accessing our services indirectly, you should also contact the third party provider.  You also have the right to access your or your child’s personal data, have changed any inaccuracies in the details we hold, the right to object to the use of personal data, the right to block any specific uses of personal data in certain circumstances, the right to data portability and the right to request deletion of personal data, by means of a request in writing setting out as much detail as possible to privacy@soapboxlabs.com Where your data has been deleted or de-identified by us it will not be possible to act on your request. 

Contact

Questions, comments and requests regarding this Privacy and Cookies Statement are welcomed and should be addressed to SoapBox Labs with its registered office at Floor 3, The Boat House, Bishop Street, Dublin 8, Ireland or privacy@soapboxlabs.com