Privacy Policy

Last updated: 23.07.2025

Introduction

Welcome to Keelekool.ee (“we,” “us,” “our”). We are committed to protecting your privacy and ensuring your personal data is handled responsibly. This Privacy Policy explains how we collect, use, store, and protect your data when you visit our website at https://www.keelekool.ee and interact with our AI-powered chatbot or other services. Our practices comply with the General Data Protection Regulation (GDPR) and the EU Artificial Intelligence Act (EU AI Act), ensuring transparency, security, and respect for your rights. We process data only for necessary purposes, minimize collection, and provide clear mechanisms for consent and rights exercise.

This policy covers our current services, including English language courses and an AI chatbot, and may be updated to reflect future features (e.g., payment processing, newsletters). This Privacy Policy was created with the help of the TermsFeed Privacy Policy Generator and customized to reflect our practices.

Who We Are

Our website address is: https://www.keelekool.ee. We operate this site and provide services, including English language courses and an AI chatbot that assists with inquiries, registration, and support. The Company refers to keelekool.ee, located at Liikuri tn 50, Harju county, Tallinn, Estonia. For the purpose of the GDPR, the Company is the Data Controller.

For privacy-related questions, please contact us at:

  • Email: info@keelekool.ee

  • Website: https://www.keelekool.ee/contact

Interpretation and Definitions

Interpretation

Words with an initial capital letter have meanings defined below. These definitions apply whether the terms appear in singular or plural.

Definitions

For the purposes of this Privacy Policy:

  • Account: A unique account created for you to access our Service or parts of our Service.

  • Affiliate: An entity that controls, is controlled by, or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for election of directors or other managing authority.

  • Company: Refers to keelekool.ee, Liikuri tn 50, Harju county, Tallinn, Estonia.

  • Cookies: Small files placed on your computer, mobile device, or other device by a website, containing details of your browsing history on that website among other uses.

  • Country: Estonia.

  • Data Controller: For GDPR purposes, refers to the Company as the legal person determining the purposes and means of processing Personal Data.

  • Device: Any device that can access the Service, such as a computer, cellphone, or digital tablet.

  • GDPR: EU General Data Protection Regulation.

  • Personal Data: Any information relating to an identified or identifiable individual, including name, identification number, location data, online identifier, or factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity.

  • Service: Refers to the website (https://www.keelekool.ee) and related services, including the AI chatbot and English language courses.

  • Service Provider: Any natural or legal person processing data on behalf of the Company, considered Data Processors under GDPR.

  • Third-Party Social Media Service: Websites or social networks (e.g., Google, Facebook, Instagram, Twitter, LinkedIn) through which a user can log in or create an account to use the Service.

  • Usage Data: Data collected automatically, generated by the use of the Service or its infrastructure (e.g., page visit duration).

  • You: The individual or legal entity accessing or using the Service, referred to as the Data Subject or User under GDPR.

Information We Collect

We collect the following types of personal data:

  • User-Provided Data:

    • Information submitted through forms, comments, or user accounts (e.g., name, email address, phone number, profile details).

    • Messages and queries sent to our AI chatbot, including any personal details shared during conversations.

  • Automatically Collected Data:

    • IP address, browser type, browser version, device information, pages visited, time and date of visits, time spent on pages, unique device identifiers, and other diagnostic data.

    • Metadata from chatbot interactions (e.g., timestamps, session identifiers).

  • Media Data:

    • If you upload photos or other media, we may process metadata (e.g., EXIF data) unless removed prior to upload.

We minimize data collection to what is essential for service provision and anonymize where possible.

How We Collect Information

We collect your data through:

  • Website Interactions: Forms, comments, user account creation, and media uploads.

  • AI Chatbot: Conversations with our chatbot, which is clearly identified as an AI system at the start of each interaction.

  • Cookies and Tracking Technologies: Technologies that track usage and preferences (see Cookies and Tracking Technologies section).

When you access the Service via a mobile device, we may automatically collect information such as device type, unique ID, IP address, mobile operating system, browser type, and other diagnostic data.

Purpose of Data Collection

We process your personal data to:

  • Provide and maintain our Service, including website functionality, English language course support, and chatbot responses.

  • Manage your account and provide access to Service functionalities.

  • Perform contracts, such as processing registrations or purchases for courses.

  • Respond to inquiries and provide customer support via email, phone, SMS, or push notifications.

  • Provide news, special offers, and information about similar services, unless you opt out.

  • Analyze usage to enhance user experience and improve our Service (e.g., via analytics).

  • Comply with legal obligations and ensure security.

  • Evaluate or conduct business transfers (e.g., mergers, acquisitions), where Personal Data may be among transferred assets.

  • Train and improve our AI systems, including the chatbot, for better performance, bias mitigation, and accuracy, with your consent where required.

Use of Your Personal Data

Your data is processed by us and, where applicable, by third-party providers under strict Data Processing Agreements (DPAs). For example:

  • Our AI chatbot is powered by OpenAI, which processes interaction data per their privacy policy (https://openai.com/policies/privacy-policy).

  • We may use chatbot data for training internal AI models to improve performance and mitigate biases, with your consent where required.

  • We minimize data use and anonymize where possible, ensuring compliance with GDPR and the EU AI Act.

We implement human oversight for escalated chatbot queries and regularly audit datasets and responses for biases per EU AI Act requirements.

Data Storage and Protection

  • Storage: Data is stored on secure servers within the European Union.

  • Security: We use encryption (e.g., HTTPS, AES-256), role-based access controls, and regular audits to protect your data.

  • Retention: We retain Personal Data only for as long as necessary for the purposes outlined in this policy, or to comply with legal obligations. For example:

    • Chatbot logs are typically retained for 30 days for quality assurance, then deleted.

    • User account data is typically kept until you request deletion or after 2 years of inactivity.

    • Comments and metadata are stored indefinitely unless you request removal.

    • These periods may be adjusted based on operational needs, within GDPR limits.

  • Data Breach: If a breach occurs, we will notify you and authorities within 72 hours, as required by GDPR.

Cookies and Tracking Technologies

We use cookies and similar technologies (e.g., web beacons, tags, scripts) to improve your experience:

  • Essential Cookies: Enable core functionality (e.g., login support). Type: Session Cookies, Administered by: Us.

  • Functional Cookies: Save preferences (e.g., name, email for comments, stored for 1 year). Type: Persistent Cookies, Administered by: Us.

  • Analytics Cookies: Track site usage anonymously. Type: Persistent Cookies, Administered by: Third Parties.

  • Login Cookies: For logged-in users, we set temporary cookies (deleted on browser close) and persistent cookies (2 days, or 2 weeks with “Remember Me”). Type: Session/Persistent Cookies, Administered by: Us.

  • Editing Cookies: For article edits, a cookie with the post ID is stored for 1 day. Type: Persistent Cookies, Administered by: Us.

  • Cookies Policy/Notice Acceptance Cookies: Identify if you’ve accepted cookies. Type: Persistent Cookies, Administered by: Us.

  • Tracking and Performance Cookies: Track traffic and user behavior, linked to pseudonymous identifiers. Type: Persistent Cookies, Administered by: Third Parties.

  • Targeting and Advertising Cookies: Track browsing habits for relevant ads. Type: Persistent Cookies, Administered by: Third Parties.

You can manage preferences via your browser or our cookie consent tool. Refusing cookies may limit some Service functionalities. For more details, visit our Cookies Policy.

Third-Party Services

We share data with:

  • OpenAI: For chatbot functionality (see their privacy policy: https://openai.com/policies/privacy-policy).

  • Google Analytics: Tracks and reports website traffic, with opt-out available via the Google Analytics opt-out browser add-on (see: https://policies.google.com/privacy).

  • Facebook (Meta) Analytics: Tracks usage for personalized ads (see: https://www.facebook.com/privacy/explanation).

  • Gravatar: If you comment, your email hash may be shared to display your avatar (see: https://automattic.com/privacy/).

  • Spam Detection: Comments may be checked by an automated service.

  • Future AI Providers: We may use other AI services (e.g., xAI’s API) in the future. For details, visit https://x.ai/api.

All third parties comply with GDPR via DPAs. If you register or log in via Third-Party Social Media Services (e.g., Google, Facebook, Instagram, Twitter, LinkedIn), we may collect data associated with your account (e.g., name, email, activities), with your permission to use, share, and store it per this policy.

Embedded Content from Other Websites

Our site may include embedded content (e.g., videos, images) from third-party websites. These sites may collect data, use cookies, or track you, especially if logged into their services. Review their privacy policies for details, as we have no control over their practices.

Data Sharing and Transfers

  • We do not sell your data.

  • We may share your data with:

    • Service Providers: To monitor, analyze, or provide the Service (e.g., analytics, customer support).

    • Affiliates: Who honor this Privacy Policy.

    • Business Partners: To offer products, services, or promotions.

    • Other Users: If you share information in public areas (e.g., comments), it may be viewed or distributed publicly.

    • Business Transfers: In connection with mergers, acquisitions, or asset sales.

    • Law Enforcement: If required by law or to protect our rights, safety, or property.

  • If data is transferred outside the EU (e.g., to a third-party AI provider), we use Standard Contractual Clauses (SCCs) to ensure GDPR compliance.

Retention of Your Personal Data

We retain Personal Data only as long as necessary for the purposes outlined in this policy, or to comply with legal obligations, resolve disputes, or enforce agreements. Retention periods (e.g., 30 days for chatbot logs, 2 years for inactive accounts) are examples and may be adjusted within GDPR limits based on operational needs. Usage Data is retained for shorter periods for internal analysis, except when needed for security or functionality.

Delete Your Personal Data

You have the right to delete or request assistance in deleting your Personal Data. You can:

  • Update, amend, or delete your information via your Account settings.

  • Contact us at privacy@keelekool.ee to request access, correction, or deletion.

  • Use chatbot commands: “Download my data” for data exports or “Delete my data” for erasure.

We may retain certain information if legally required or for lawful purposes.

GDPR Privacy

Legal Basis for Processing Personal Data under GDPR

We process Personal Data under the following bases:

  • Consent: For specific purposes (e.g., chatbot data for AI training or improvement).

  • Performance of a Contract: For registration, course delivery, or other agreements.

  • Legal Obligations: To comply with applicable laws.

  • Vital Interests: To protect your or another person’s vital interests.

  • Public Interests: For tasks in the public interest.

  • Legitimate Interests: For purposes like improving services or ensuring security.

We can clarify the specific legal basis for any processing upon request.

Your Rights under the GDPR

As an EU resident, you have the right to:

  • Access: Request a copy of your Personal Data.

  • Rectification: Correct inaccurate or incomplete data.

  • Erasure: Request deletion of your data when no longer necessary.

  • Restrict Processing: Limit how we use your data.

  • Data Portability: Receive your data in a structured, machine-readable format.

  • Object: Oppose processing based on legitimate interests or for direct marketing.

  • Withdraw Consent: Stop data use where consent is the basis.

To exercise these rights, email privacy@keelekool.ee or use chatbot commands (“Download my data” or “Delete my data”). We’ll respond within 1 month and may verify your identity. You can also contact your local Data Protection Authority in the EEA if you have concerns.

AI Chatbot Interactions

Our AI chatbot assists with inquiries about English language courses, registration, and support. We:

  • Clearly disclose it’s an AI system at the start of each interaction.

  • Collect messages and metadata (e.g., timestamps, session identifiers).

  • Use this data to respond and, with consent, to improve and train our AI systems for better performance, bias mitigation, and accuracy.

You can withdraw consent or opt out of data use via the chatbot command “Stop data use”. We mitigate biases and ensure accuracy per the EU AI Act through human oversight and regular audits.

Children’s Privacy

Our Service does not address anyone under 13. We do not knowingly collect Personal Data from children under 13. If you are a parent or guardian and believe your child has provided us with Personal Data, contact us at privacy@keelekool.ee. We will remove such data if collected without parental consent. If parental consent is required by your country, we will obtain it before processing.

Links to Other Websites

Our Service may contain links to third-party websites not operated by us. We advise reviewing their privacy policies, as we have no control over their content or practices.

Changes to This Privacy Policy

We may update this policy periodically to reflect new services or legal requirements. Changes will be posted here, with notification via email or a website notice. The “Last updated” date will reflect changes. Review periodically for updates.

Contact Us

For questions or concerns:

  • Email: info@keelekool.ee

  • Website: https://www.keelekool.ee/contact