Privacy Information for the Audvice Application
Last Update: 01 February 2024
The Audvice Application collects some personal data from its Users, which are outlined here.
From a data privacy perspective, the Controller is the client on whose behalf Audvice GmbH processes personal data as a data processor.
5412 Puch bei Hallein
Processor’s Data Protection Officer
Dr. Karsten Kinast, LL.M.
KINAST Rechtsanwaltsgesellschaft mbH
Definitions and Legal References
Personal Data (or Data)
Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
Information collected automatically through the Audvice Application (or third-party services employed at Audvice GmbH), which can include: the IP addresses or domain names of the computers utilized by the Users who use the Audvice Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.
The individual using the Audvice Application who, unless otherwise specified, coincides with the Data Subject.
The natural person to whom the personal data refers.
The natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller, as described in this data privacy information.
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, including the security measures concerning the operation and use of the Audvice Application.
The Audvice Application
Application by which or on account of which the User's personal data is collected and processed, referring to the Audvice platform reachable under https://create.audvice.com.
The service provided by the Audvice Application as described in the relative terms (if available) and here.
European Union (or EU)
Unless otherwise specified, all references made within this document refer to the European Union including all current member states and the European Economic Area.
This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General data Protection Regulation).
Types of Data Collected
Personal data may be freely provided by the User, or, in case of usage data, collected automatically when using the Audvice Application. The processing of personal data (e.g. collection, retrieval, use, storage or transmission) always requires a legal basis or your consent. data is deleted as soon as the purpose of the processing has been achieved and there are no longer any legally required retention obligations.
Unless specified otherwise, all data requested by Audvice Application is mandatory and failure to provide this data may make it impossible for Audvice to provide its services. In cases where Audvice specifically states that some data is not mandatory, Users are free not to communicate this data without consequences to the availability or the functioning of the service.
Mode and Place of Data Processing
Methods of Processing
The data Processor takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the data. The data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the data Processor in some cases, the data may be accessible to certain types of persons in charge, involved with the operation of the Audvice Application (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Sub-Processor by the data Processor. The updated list of these parties may be requested from the Controller at any time. Please see the current list below.
Legal Basis of Processing
The data Processor may process personal data on behalf of the Controller relating to Users if one of the following applies:
Users have given their consent for one specific purposes, Art. 6 para. 1 GDPR. Note: Under some legislations the Processor may be allowed to process personal data until the User objects to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases. This, however, does not apply, whenever the processing of personal data is subject to European data protection law;
provision of data is necessary for the performance of an agreement pursuant to Art. 6 para. 1 lit. b) GDPR with the User and/or for any pre-contractual obligations thereof;
processing is necessary for compliance with a legal obligation pursuant to Art. 6 para. 1 lit. c) GDPR to which the Controller and/or the Processor are subjects;
processing is related to a task that is carried out in the public interest or in the exercise of official authority pursuant to Art. 6 para. 1 lit. d) GDPR vested in the Controller and/or in the Processor;
processing is necessary for the purposes of the legitimate interests pursued by the Controller, the Processor or by a third party pursuant to Art. 6 para. 1 lit. f) GDPR.
In any case, the data Controller and, if applicable, the data Processor will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract. The specific legal basis for each data processing operation is also set out below.
Personal data shall be processed and stored for as long as required by the purpose they have been collected for.
Personal data collected for purposes related to the performance of a contract between the Controller and the User shall be retained until such contract has been fully performed.
Personal data collected for the purposes of the Controller’s or the Processor’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by the Controller or the Processor’s within the relevant sections of this document or by contacting the Controller using the information provided in the contact section.
The Controller or the Processor may be allowed to retain personal data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Controller or the Processor may be obliged to retain personal data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
Once the retention period expires, personal data shall be deleted. Therefore, the right of access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
The Purposes of Processing
The data concerning the User is collected to allow the data Processor to provide its Service, the data Controller and Processor to comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its Users or third parties), detect any malicious or fraudulent activity, as well as the following: hosting and backend infrastructure, displaying content from external platforms, analytics, contacting the User, platform services and hosting and registration and authentication provided directly by the Audvice Application.
How Data is processed in Audvice Applications
Authentication & User Profile
When creating an account the User is asked for their firstname, lastname, email address and to set a password. The User’s email address is being processed for authentication and email notifications.
The legal basis for the processing of the mentioned data is Art. 6 para. 1 lit. b) GDPR. The provision of the required user data is necessary and obligatory for the conclusion or execution of the contract.
After the User’s first login the Audvice Application is processing access and refresh tokens as well as the language of the User’s device. The purpose for this is to provide easier access for the User after their first manual login and display the Audvice Application in the User’s language.
Locally Stored Data
Audvice Application saves the access and the refresh token after the User logs in the web application. In order to keep the User logged in, the access and the refresh token are stored after User’s first manual login. The legal basis for the processing of the mentioned data is Art. 6 para. 1 lit. b) GDPR.
Local storage is also used to improve Users’ experience. For example, storing the language helps translating the Audvice Application into the preferred language immediately after the User opens a page. Storing the volume helps remember the preferred volume, with which the users listens to tracks. This way the User doesn’t have to adjust the volume each time after the Audvice Application is closed.
All data stored in the Local Storage can be erased by the User in the Audvice Applications by clearing the browser’s cache.
The legal basis for the processing is the legitimate interest in processing personal data according to Art. 6 para. 1 lit. f) GDPR.
The Audvice Application sends email notifications to the user to inform them on recent and relevant activities in the Audvice Application.
The legal basis for data processing concerning email notifications is the user’s consent and thus Art. 6 para. 1 lit. a) GDPR. The user can revoke his consent to receive email notifications at any time with effect for the future by opting out directly in the email to no longer receive the notifications.
Audvice is applying analytics across all Audvice Applications with the purpose of improving user experience and developing new features that benefit the User and Controller. All data is anonymized or condensed before being processed for analytics.
The legal basis for this is Art. 6 para. 1 lit. f) GDPR. If the user has given his consent, the legality of the use is also based on Art. 6 para. 1 lit. a) GDPR.
Hosting and Backend Infrastructure
All user data at rest or in transit is processed on severs in Frankfurt, Germany, provided by Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg. There is no transfer of personal data outside the EU.
All personal data at rest, namely email-address, first name, last name, user ID, profile picture, LinkedIn profile, streaming history, tracks (audio-files), playlist metadata, including title, description, link to external sources and track titles, transcripts is encrypted through the industry standard AES-256 encryption algorithm.
All personal data in transit is encrypted. This includes data processed through email notifications, which is encrypted using TLS; streaming of tracks, which is encrypted using SSL; data processed through the generation of transcripts, which is encrypted through SSL.
For more information, please refer to the information provided by AWS, e.g.: AWS Compliance & Data Privacy FAQs.
The use of AWS is based on Art. 6 para. 1 lit. f) GDPR. The Processor has a legitimate interest in the most reliable presentation of Audvice Applications. If a corresponding consent was requested, the processing is based exclusively on Art. 6 para. 1 lit. a) GDPR; the consent can be revoked at any time.
The data will be stored as long as a contractual relationship with the Controller exists. After that, the data will be deleted as long as no legal regulations require a longer deletion period.
The Processor has concluded a data Processing Agreement (DPA) with AWS. This is a contract required by data protection law, which ensures that AWS only processes the personal data of the Users the Audvice Applications in accordance with the Processor’s instructions and in compliance with the GDPR.
Furthermore, the EU standard contractual clauses have been concluded and a transfer impact assessment of the Amazon Web Services Sub-Processor is available.
Eleven Labs Inc Integration for Text-to-speech
Eleven Labs Inc is a service tool integrated into the Audvice application to process text data provided by users and generate audio files out of it.
All text data provided by user’s using the Audvice Text-to-Speech functionality is processed on servers located in 169 Madison Ave #2484 New York, NY 10016 United States, provided by Eleven Labs Inc. No personal data of the user is transferred to or processed on Eleven Labs Inc. servers. The processing only entails the user-provided text data in the Audvice Application to be turned into audio.
If you have personal data from the text converted into an audio file, Eleven Labs has no direct access to this data. Nevertheless, the conversion is a data processing operation based on the implementation of Audvice services as part of the user contract pursuant to Art. 6 para. 1 lit. b) GDPR.
For more information, please refer to Eleven Lab Inc’s data protection practices and policies.
Contacting by the User
If you contact Audvice by email, your email address and the content of your message will be forwarded to the Controller to process your request and stored in the event that follow-up questions arise. The processing of your personal data serves the purpose of being able to assign your request and to be able to answer you.
In this context, the legal basis for the processing of your personal data is the Controller’s legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. The Controller has a legitimate interest in fulfilling the inquiries of the Audvice Application’s Users and in responding to them in a timely manner.
The personal data will be deleted after the storage is no longer necessary or the processing will be restricted if legal storage obligations prevent the deletion
The rights of Users
If your personal data is processed, you are a data subject within the meaning of the General Data Protection Regulation (GDPR) and the following rights apply to you:
Pursuant to Art. 15 GDPR you can request information about your personal data processed by us. In particular, you may obtain information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the right to lodge a complaint with a supervisory authority, the origin of your data, if not collected from us, about transfer to third countries or international organisations, and the existence of automated decision-making, including profiling and, where applicable, meaningful information about the logic involved.
Pursuant to Art. 16 GDPR you can immediately demand the correction of incorrect data or the completion of your personal data stored with us.
Pursuant to Art. 17 GDPR, you may request the deletion of your personal data stored by us, provided that the processing is not necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
Pursuant to Art. 18 GDPR, you can request the restriction of the processing of your personal data if you contest the accuracy of the data, if the processing is unlawful, if we no longer need the data and if you refuse their deletion because you need to establish, exercise or defend legal claims. You are also entitled to the right under Art. 18 GDPR if you have objected to the processing in accordance with Art. 21 GDPR.
Pursuant to Art. 20 GDPR, you may request that the personal data you have provided us with be received in a structured, current and machine-readable format or you may request that it be transmitted to another person responsible.
Pursuant to Art. 7 para. 3 GDPR you can withdraw your consent at any time. As a consequence, we are no longer allowed to continue the data processing based on this consent for the future.
Pursuant to Art. 77 GDPR, you have the right to complain to a supervisory authority. You can contact the supervisory authority of your habitual residence, place of work or our company headquarters.
In case the processing of your personal data is based on legitimate interest in accordance with Art. 6 para. 1 s. 1 lit. f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR insofar as there are reasons which arise from your particular situation or if the objection refers to direct marketing. In the case of direct marketing, you have a general right of objection which will be considered without mentioning any particular situation.
You can exercise these rights by contacting firstname.lastname@example.org.
Audvice GmbH as the Processor will receive the requests from data subjects. The request will be forwarded to the Controller for the requests to be properly addressed.
List of Sub-Processors
Amazon Web Services EMEA SARL
38 avenue John F. Kennedy
Eleven Labs Inc.
169 Madison Ave #2484
New York, NY 10016