Personal Data Processing Policy

1. General Provisions
This Personal Data Processing Policy is drafted in accordance with the requirements of Federal Law No. 152-FZ "On Personal Data" dated July 27, 2006 (hereinafter – the "Personal Data Law") and defines the procedure for processing personal data and security measures implemented by Sole Proprietor Latarevich Yauheni Iosifovich (hereinafter – the "Operator").
1.1. The Operator's highest priority and condition for its operations is the respect for human and civil rights and freedoms when processing their personal data, including the protection of privacy rights, and personal and family confidentiality.
1.2. This Operator's policy regarding the processing of personal data (hereinafter – the "Policy") applies to all information about users of the Speakylex application that the Operator may obtain.

2. Key Terms Used in the Policy
2.1. Automated Processing of Personal Data – processing using computer technology.
2.2. Blocking of Personal Data – temporary suspension of processing (except where clarification is needed).
2.3. Mobile Application – the subject of service under these terms.
2.4. Personal Data Information System – a set of personal data in databases and related IT/technical processing tools.
2.5. Depersonalization of Personal Data – actions making it impossible to attribute data to a specific user without additional information.
2.6. Processing of Personal Data – any action (operation) or set of actions performed with personal data (automated or not), including collection, recording, systematization, accumulation, storage, clarification (update/modification), retrieval, use, transfer (dissemination/provision/access), depersonalization, blocking, deletion, or destruction.
2.7. Operator – a state/municipal body, legal entity, or individual organizing/processing personal data and defining processing purposes.
2.8. Personal Data – any information relating to an identified or identifiable user of Speakylex.
2.9. Personal Data Permitted for Dissemination – data accessible to an unlimited audience by consent of the data subject under the Personal Data Law.
2.10. User – an individual using the Speakylex mobile application (including anonymously or via account).
2.11. Provision of Personal Data – disclosure to a specific person/group.
2.12. Dissemination of Personal Data – disclosure to unlimited persons (e.g., media, internet).
2.13. Cross-Border Transfer of Personal Data – transfer to foreign authorities/entities.
2.14. Destruction of Personal Data – irreversible deletion preventing data recovery.

3. Operator's Key Rights and Obligations
3.1. Operator's Rights:
— Receive reliable personal data from subjects;
— Continue processing without consent if grounds exist under the Law;
— Determine necessary security measures.
3.2. Operator's Obligations:
— Provide processing information upon request;
— Organize processing per Russian law;
— Respond to data subjects' inquiries;
— Process data subject requests (for information on processing, clarification, blocking, or destruction of personal data) within 30 calendar days of receipt;
— Report to authorities within 10 days;
— Ensure open access to this Policy;
— Implement security measures against unlawful access/destruction;
— Terminate processing/destroy data as required by law.

4. Data Subjects' Key Rights and Obligations
4.1. Data Subjects' Rights:
— Obtain processing information (exceptions apply);
— Demand data clarification/blocking/destruction if inaccurate;
— Withdraw processing consent;
— Appeal unlawful Operator actions.
4.2. Data Subjects' Obligations:
— Provide accurate personal data;
— Notify the Operator of data updates.
4.3. Persons providing false data bear liability under Russian law.

5. Principles of Personal Data Processing
5.1. Processing is lawful and fair.
5.2. Limited to predefined legitimate purposes.
5.3. Incompatible databases shall not be merged.
5.4. Only relevant data is processed.
5.5. Data scope matches stated purposes (no excess).
5.6. Accuracy and relevance must be ensured; incomplete data is updated/deleted.
5.7. Storage duration aligns with processing purposes; data is destroyed/depersonalized post-use.

6. Purposes of Personal Data Processing
6.1. Purposes:
- User identification;
- Learning material personalization;
- Performance analysis for program adaptation;
- Paid services (premium accounts);
- Technical support and service improvement.
6.2. Data Processed:
- Full name;
- Email;
- Learning progress/tests;
- Technical data (IP/cookies/device ID);
- Telegram Id
6.2.1. Cookies and similar technologies: The application and website may use cookies and local storage for service operation (authentication, saving preferences), usage analytics, and service improvement. You may disable or limit cookies in your browser or device settings; some website or application features may become unavailable as a result.
6.3. Data Sources:
- Directly from users;
- Automated usage metrics;
- Payment aggregators.
6.4. Legal Basis: Agreements between Operator and data subjects.
6.5. Processing Types: Collection, recording, systematization, storage, destruction, depersonalization.
6.6. Sending informational emails.
6.7. Profiling:
Based on your learning data, the system generates individual recommendations through AI algorithms.
6.8. Processing and artificial intelligence (AI): The User's personal data are not transferred to external AI systems, third-party AI services, or AI providers. Any processing using AI algorithms (including for personalization and recommendations) is carried out only within the Operator's infrastructure without transferring personal data to third parties.

7. Conditions for Processing
7.1. Data subject's consent;
7.2. Fulfillment of Operator's legal obligations;
7.3. Execution of court/legal acts;
7.4. Performance of agreements involving the data subject;
7.5. Pursuit of legitimate interests (without rights infringement);
7.6. Processing of publicly accessible data;
7.7. Mandatory disclosure under federal law.

8. Procedure for Collection, Storage, and Transfer
Security is ensured via legal, organizational, and technical measures.
8.0. Users under 16: Processing of personal data of users under 16 is permitted only with consent from a parent (or legal representative) sent to the Operator at contact@speakylex.ru. The request must include the child's data (e.g. email or application identifier), the parent's contact details, and explicit consent to process the minor's personal data within the Speakylex Service. If an account of a user under 16 is identified without such consent, all that user's personal data will be deleted within 24 hours.
8.1. Operator safeguards data against unauthorized access.
8.2. Data is not transferred to third parties, except:
- Legal requirements;
- Subject's consent for contractual performance.
8.2.1. Personal data are not transferred to third-party artificial intelligence systems and are not used by external AI services for model training or other processing.
8.3. Users update inaccurate data via email: contact@speakylex.ru (subject: "Personal Data Update").
8.4. Storage and processing period: Personal data is stored no longer than required for processing purposes. After account deletion by the user or withdrawal of consent, data is depersonalized or destroyed within 30 calendar days, except where longer retention is required by law (e.g. accounting and settlements). Data used only for service operation (learning progress, created materials) is deleted with the account. Other periods may apply under contract or applicable law.
Consent withdrawal: Email contact@speakylex.ru (subject: "Withdrawal of Consent").
8.5. Third-party services (payment systems, etc.) process data per their agreements. Operator is not liable for their actions.
8.6. Dissemination restrictions do not apply to state/public interests.
8.7. Confidentiality is maintained.
8.8. Storage duration matches processing purposes.
8.9. Processing terminates upon: purpose achievement, consent expiry/withdrawal, or unlawful processing.

9. Actions Performed by Operator
9.1. Collection, recording, systematization, storage, clarification, retrieval, use, transfer, depersonalization, blocking, deletion, destruction.
9.2. Automated processing with/without information transfer via networks.

10. Cross-Border Data Transfer
10.1. Operator must notify authorities before cross-border transfers.
10.2. Relevant information must be obtained from foreign recipients beforehand.

11. Confidentiality
Operator and authorized persons must not disclose data without consent (unless legally required).

11.1. Notification of Personal Data Security Breaches
In the event of unlawful or accidental access to personal data or other security breach resulting in loss, alteration, or dissemination of personal data, the Operator shall notify data subjects and the competent authority for the protection of data subjects' rights in the manner and within the time limits prescribed by applicable law of the Russian Federation.

12. Final Provisions
12.1. User inquiries: contact@speakylex.ru.
12.2. Policy updates will be reflected herein. It remains effective until superseded.
12.3. Current version: Privacy Policy.

We use cookies to improve site performance, analyze traffic, and display ads. You can review our Privacy Policy.