Privacy Policy

Last Updated: 12 December 2025

This Privacy Policy explains how Vārdu vārti SIA (“we”, “our”, “us”) collects, uses, stores, and protects personal data when individuals (“Clients”, “you”, “your”) use the Oratastic website and Services. Oratastic is a trading name of Vārdu vārti SIA. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Latvian data protection laws.

1. Data Controller

The Data Controller responsible for your personal data is: Vārdu vārti SIA Registration No. 40103875142 VAT No. LV40103875142 Address: Avotu iela 33–13, Rīga, LV-1009, Latvia Email: info@oratastic.eu

2. Categories of Personal Data We Collect

We collect and process the following categories of personal data:

2.1. Data you provide to us directly

  • Full name
  • Email address
  • Login credentials
  • Communication content (emails, support requests)

2.2. Payment-related data (processed by Stripe)

  • Payment status
  • Partial payment information
  • Billing history

We do not receive or store full credit card details.

2.3. Automatically collected data

  • Device information
  • IP address
  • Browser and system data
  • Time of access
  • Language preference
  • Cookie identifiers
  • Information needed to enforce the two-device limit

2.4. Learning activity data

  • Progress data
  • Completed lessons
  • Course recommendations
  • Personalisation and profiling indicators

2.5. Company Agreement data

  • Voucher activation status
  • Voucher usage periods
  • Company-contact correspondence

3. Legal Bases for Processing

We process personal data under the following GDPR legal bases:

3.1. Contract performance (Article 6(1)(b))

For:

  • Account registration
  • Providing access to free and paid courses
  • Processing subscription payments
  • Issuing and managing vouchers
  • Personalised course delivery where necessary for service provision

3.2. Consent (Article 6(1)(a))

For:

  • Analytics cookies and marketing cookies
  • Email marketing (with double opt-in)
  • Personalisation features not strictly necessary for the service

You may withdraw consent at any time.

3.3. Legal obligations (Article 6(1)(c))

For:

  • Tax and accounting records
  • Consumer protection requirements
  • Responding to lawful requests from authorities

3.4. Legitimate interests (Article 6(1)(f))

For:

  • Security and fraud prevention
  • Enforcing the two-device limit
  • Improving our platform
  • Preventing misuse of our Services
  • Maintaining business relations with Company Clients

We balance these interests against your rights and freedoms.

4. How We Use Personal Data

We use your data for the following purposes:

  • To provide access to the Oratastic platform
  • To process payments and manage subscriptions
  • To deliver personalised content, learning paths, and difficulty adjustments
  • To recommend courses or materials based on your activity
  • To manage your account and maintain learning progress
  • To communicate about service updates, new content, or changes
  • To deliver marketing communications (only with consent)
  • To enforce terms, prevent misuse, and ensure platform security
  • To conduct analytics, improve functionality, and optimise user experience

5. Personalisation and Profiling

Oratastic uses three forms of personalisation:

5.1. Basic personalisation

Recommending materials, estimating difficulty, and tailoring the learning experience.

5.2. Automated profiling

Analysing your behaviour and progress to:

  • Suggest appropriate content;
  • Adjust learning pathways;
  • Identify areas for improvement.

This profiling does not produce legal or similarly significant automated decisions.

5.3. Profile-based marketing (requires consent)

We may send targeted offers or recommendations based on your behaviour and course history.

You may opt out at any time.

6. Cookies and Tracking Technologies

Oratastic uses:

  • Strictly necessary cookies (without consent)
  • Analytics cookies (with consent)
  • Marketing/retargeting cookies (with consent)
  • Performance cookies (with consent)
  • A/B testing cookies (with consent)

Full details are provided in our Cookie Policy and Cookie Settings.

7. Data Sharing

We do not sell personal data.

We share data only when necessary with trusted processors:

7.1. Payment processor

Stripe – subscription processing and billing.

7.2. Analytics services

Google Analytics, and potentially additional analytics tools in the future.

7.3. Hosting provider

Cloudways hosting service.

7.4. Email service

Google Mail (and in future, optional email delivery providers such as SendGrid or Mailchimp, subject to policy updates).

7.5. Company Clients

If access is provided via a Company Agreement, we may share:

  • Activation status;
  • Progress overview (only in anonymised or aggregated form unless otherwise agreed).

All third-party processors operate under binding data processing agreements compliant with GDPR.

8. International Data Transfers

Some processors (e.g., Google, Stripe) may store data outside the European Union.

Transfers are protected by:

  • EU Standard Contractual Clauses (SCCs),
  • Adequacy decisions (where applicable),
  • Additional safeguards required by GDPR.

9. Data Retention

We retain personal data only as long as necessary for the purposes described.

9.1. Account data

Stored while the account is active + 2 years after last activity.

9.2. Payment and accounting data

Stored for 5 years to comply with Latvian tax laws.

9.3. Analytics data

Stored for 14 months, unless user withdraws consent earlier.

9.4. Communication records

Emails and customer service correspondence stored for 3 years.

9.5. Device tracking data

Stored for 1 year for fraud prevention and device-limit enforcement.

9.6. Personalisation/profiling data

Stored until account deletion or 2 years of inactivity.

9.7. Voucher-related data

Stored until voucher expiry (12-month activation window + usage period) + 2 years.

9.8. Request for deletion

Data may be deleted earlier upon your request unless we are legally required to retain it.

10. Your GDPR Rights

You have the following rights:

  • Right to access
  • Right to rectification
  • Right to erasure (“right to be forgotten”)
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Right to withdraw consent at any time
  • Right not to be subject to decisions based solely on automated processing

To exercise any rights, contact: info@oratastic.eu

You may also lodge a complaint with the Latvian Data State Inspectorate or another EU supervisory authority.

11. Security Measures

We implement appropriate technical and organisational measures including:

  • Encryption of data in transit
  • Secure hosting infrastructure
  • Access limitation and authentication controls
  • Monitoring and prevention of suspicious activities
  • Regular updates and maintenance of systems

However, no system is completely secure, and we cannot guarantee absolute protection.

12. Children’s Privacy

Our Services are intended for individuals aged 16 and above. We do not knowingly collect data from individuals under 16. If we become aware of such data, we will delete it promptly.

13. Changes to This Privacy Policy

We may update this Policy from time to time. Significant changes will be communicated via the website or email. Continued use of the Services constitutes acceptance of the updated Policy.

14. Contact

For questions about this Privacy Policy or your data, contact us at: info@oratastic.eu Vārdu vārti SIA Avotu iela 33–13, Rīga, LV-1009, Latvia

Oratastic

info@oratastic.eu | +371 28 909 450

Copyright © 2026 Oratastic, Valodu Māja