1. Data Controller
Dictionary Ltd. is the data controller responsible for your personal data under the General Data Protection Regulation (EU) 2016/679 ("GDPR"). We are committed to protecting your privacy and ensuring the security of your personal information.
Company Details:
Dictionary Ltd.
123 Language Avenue, Tech District
Dublin, D02 X285, Ireland
Email: privacy@dictionary.com
Phone: +353 1 234 5678
2. Data We Collect
We only collect personal data that is necessary for the purposes outlined in this policy. The types of data we collect include:
| Data Category | Examples | Purpose |
|---|---|---|
| Identity & Contact | Name, email, username, profile photo | Account creation & communication |
| Usage Data | Search queries, clickstream, time spent | Service improvement & personalization |
| Technical Data | IP address, device ID, browser type, OS | Security, analytics & compatibility |
| Payment Data | Billing address, payment token | Processing subscriptions |
3. Legal Basis for Processing
We rely on the following legal bases under GDPR Article 6 to process your personal data:
- Consent: Where you have explicitly opted-in to marketing, cookies, or optional features.
- Contract: To provide the Dictionary service, process payments, and fulfill your account requirements.
- Legitimate Interests: To improve our platform, prevent fraud, and conduct analytics, provided these do not override your fundamental rights.
- Legal Obligation: To comply with tax, anti-money laundering, and record-keeping laws.
4. How We Use Your Data
Your data is processed solely for:
- Delivering and maintaining the Dictionary application
- Providing customer support and responding to inquiries
- Personalizing your experience (e.g., saved words, preferences)
- Sending service updates, security alerts, and optional marketing (with consent)
- Analyzing usage patterns to improve performance and content
5. Data Sharing & Third Parties
We do not sell your personal data. We may share data only with trusted third-party processors who assist us in operating our services, including:
- Cloud Hosting: AWS & Cloudflare (infrastructure & CDN)
- Analytics: Google Analytics & Mixpanel (aggregated, anonymized)
- Payments: Stripe (PCI-DSS compliant processing)
- Support: Intercom (customer communication)
All processors are bound by Data Processing Agreements (DPAs) and must comply with GDPR standards.
6. Data Retention & Security
We retain your personal data only as long as necessary to fulfill the purposes outlined in this policy, or as required by law:
- Active accounts: Duration of subscription + 24 months
- Deleted accounts: Purged within 30 days
- Payment records: 7 years (tax compliance)
- Analytics data: Aggregated & anonymized after 14 months
We implement industry-standard security measures including AES-256 encryption at rest, TLS 1.3 in transit, regular penetration testing, and strict access controls. Incident response procedures are maintained to address breaches within 72 hours of discovery.
7. Your Rights Under GDPR
As a data subject, you have the following rights:
- Right of Access: Request a copy of the personal data we hold about you.
- Right to Rectification: Correct inaccurate or incomplete data.
- Right to Erasure: Request deletion of your data ("right to be forgotten").
- Right to Restrict Processing: Limit how we use your data in certain circumstances.
- Right to Data Portability: Receive your data in a structured, machine-readable format.
- Right to Object: Opt-out of processing based on legitimate interests or direct marketing.
- Right to Withdraw Consent: Revoke consent at any time without affecting the lawfulness of prior processing.
To exercise any right, contact our DPO at privacy@dictionary.com. We will respond within 30 days.
8. Cookies & Tracking Technologies
We use essential cookies to maintain your session and security. Optional cookies (analytics, personalization) require your explicit consent via our cookie banner. You can manage preferences at any time in your account settings or through browser controls. Third-party services may also set cookies subject to their own privacy policies.
9. International Data Transfers
Dictionary is headquartered in Ireland (EU). Your data may be processed in jurisdictions outside the EU where our service providers operate. We ensure adequate protection through:
- European Commission Adequacy Decisions
- Standard Contractual Clauses (SCCs)
- Binding Corporate Rules (BCRs) where applicable
10. Contact & Data Protection Officer
If you have questions about this policy, wish to exercise your rights, or need to report a concern, please contact:
Data Protection Officer
Email: dpo@dictionary.com
Postal: Dictionary Ltd., Data Protection Office, 123 Language Avenue, Dublin, Ireland
You also have the right to lodge a complaint with your local supervisory authority (e.g., the Data Protection Commission in Ireland).
11. Policy Updates
We may update this GDPR policy to reflect changes in legislation, our services, or business practices. Material changes will be communicated via email or in-app notification. The "Last Updated" date at the top of this page will reflect the current version. Continued use of our services constitutes acceptance of the updated policy.