Privacy Policy

Last Updated: August 6, 2025

This Privacy Policy explains how SEASON3 GROUP OÜ (referred to as “Aventu,” “we,” “us,” or “our”) collects, uses, and shares personal data when you interact with our services. It applies when you visit our website (including aventu.io and any site linking to this policy), use our Aventu mobile application, or engage with us in other ways (for example, making inquiries, subscribing to communications, or participating in events)[1]. By using our services, you acknowledge you have read and understood this Policy. If you have any questions or concerns about our data practices, contact us at privacy@aventu.io.

Data Controller and Scope

SEASON3 GROUP OÜ, located in Tallinn, Estonia, is the organization responsible for determining the purposes and means of processing your personal data (the “data controller”)[2][3]. This policy covers all personal data processing by Aventu in connection with our consumer offerings (such as the Aventu interactive audiobook app for kids and related websites) as well as business contacts (e.g. authors, libraries, or other partners) and job applicants. It does not apply to any services where we act as a mere data processor on behalf of another data controller – in such cases, that controller’s privacy policy will govern[4].

Personal Data We Collect and How We Use It

We collect various types of personal data depending on how you interact with Aventu. We are committed to collecting only the data that is necessary for each purpose, in line with the principle of data minimization. Below, we describe the categories of individuals we collect data from, the types of data involved, and the purposes for which we use it.

Website Visitors

When you visit our websites (such as aventu.io) without logging in or registering, we may collect limited data automatically in order to operate and secure the site. This includes technical identifiers and usage information such as your device or browser type, operating system, IP address, and pages viewed or clicked[5]. We process this usage data to deliver the website correctly, maintain IT security, and analyze web traffic (for example, to count visits or detect abuse). We may use cookies and similar tracking technologies to remember your preferences and gather analytics on how our site is used[6]. For details on how we use cookies, please see our separate Cookie Policy.

Legal Basis: For strictly necessary data (e.g. to load the site or ensure security), our legal basis is our legitimate interest in operating a secure and functional website. For any non-essential tracking (such as analytics cookies), we rely on your consent, obtained via our cookie consent banner, in accordance with applicable law.

Registered Users of the Aventu App

If you create an Aventu account or use our interactive audiobook app, we will ask you to provide certain personal data to set up and administer your account[7][8]. This typically includes your name, email address, and login credentials (such as a username and password) for authentication. We collect this information so that we can create and manage your user account, provide you with the Aventu services you request, and personalize your experience. We may also collect in-app usage data like your interactions with audiobook content or voice commands, solely to enable the app’s interactive features and to improve our services (e.g. by analyzing which stories are most popular, with aggregated statistics) – we do not use this data to profile you for marketing.

If you choose to register or log in via a third-party social media account (such as Facebook or X/Twitter), we will receive personal data from that provider that you authorize sharing with us[9]. This typically includes your name and email and possibly other profile information you have made public on that platform. We use this information to simplify your login/registration process and provide the Aventu services; we do not post anything to your social media or use your friend lists or contacts without your consent. Please review your social account privacy settings for more details on what data may be shared.

We may also process technical and device information from the app to ensure it functions properly. For example, with your permission, the Aventu mobile app might access your device’s microphone (to receive voice commands) or Bluetooth (for certain audio accessories)[10]. You can always control these permissions via your device settings. Additionally, the app may collect device identifiers and system information (like device model, OS version, and IP address) automatically[5]. This information is used for providing the service, troubleshooting, and enhancing compatibility and security of our app across different devices.

Legal Basis: We process registered users’ data primarily as necessary for the performance of our contract with you – i.e. to provide the Aventu app and its features that you have requested[11]. Some processing (like service improvement or security monitoring) is based on our legitimate interests in running and protecting our service, balanced with your rights[12]. Where we request optional data or permissions (for example, accessing certain device features) we rely on your consent, which you can withdraw at any time by changing your app or device settings.

Newsletter Subscribers

If you sign up to receive our newsletter or marketing communications (for example, by providing your email on our website to receive updates), we collect your contact details such as name and email address. We will use this information to send you the requested newsletters or updates, which may include news about Aventu products, features, events, or offers. We may also track whether you open our emails or click links, in order to understand engagement with our communications and refine our content strategy (often this tracking is done via small images or unique links in the emails).

Legal Basis: We rely on your consent to send direct marketing emails. You have the right to withdraw your consent at any time – every marketing email from us includes an unsubscribe link to opt out easily. Once you unsubscribe, we will stop sending you the newsletter. We may retain your email in a suppression list thereafter to ensure we honor your opt-out decision going forward, as permitted by law (this is a legitimate interest to prevent accidental re-subscription).

Sales and Contact Inquiries

When you contact us or make an inquiry – for example, by filling out a contact form on our site, emailing us at an Aventu address, or calling our number – we collect whatever personal information you choose to provide. This typically includes your name, contact information (email, phone), organization, and the content of your message. If you request a product demo or information about partnering with Aventu (such as as an author or library), we will also note details about your interest or project needs. We use this information to communicate with you and respond to your request – for instance, to answer your questions about Aventu, provide technical support, or discuss a potential business opportunity. We may also keep a record of communications to track our interactions and improve our customer service.

Legal Basis: For general inquiries and demo requests, our processing is based on legitimate interests – specifically, our interest in responding to prospective customer or partner inquiries and growing our business, which we consider to be balanced with your expectation to receive a reply when you contact us. If your inquiry could lead to entering into a contract (for example, you are negotiating to become a client or partner), we may also process your data as necessary pre-contractual steps at your request. In all cases, we will only use the information you provide for the purposes of addressing your inquiry or request.

Job Applicants

If you apply for a job at Aventu, whether through an online application form, via email, or through a recruitment service, we will collect and process personal data in order to evaluate your candidacy. This may include your contact details, resume/CV, cover letter, employment history, education, qualifications, and any other information you submit as part of your application. We will use this data to assess your skills and suitability for the position, communicate with you through the recruitment process, and fulfill any legal or contractual requirements in hiring (for example, verifying your right to work or conducting background/reference checks if applicable). We will treat the information you provide confidentially and use it strictly for recruitment purposes.

If your application is successful, some of your data will become part of your employee record (and you will receive a separate employee privacy notice at that time, if applicable). If you are not hired for the role, we will not retain your application data longer than necessary. By default, we will delete or anonymize personal data of unsuccessful candidates after the recruitment process is completed. Typically, this occurs within about 6 months of the position being filled, as there is no longer a need to retain the data once a hiring decision has been made[13]. If we would like to keep your application on file for future opportunities, we will ask for your consent to retain it for a longer period; if you do not consent, your data will be deleted as stated.

Legal Basis: Processing job applicant data is necessary to take steps at the request of the data subject prior to potentially entering into an employment contract (GDPR Art. 6(1)(b)). We also rely on legitimate interests to manage our recruitment process efficiently and hire qualified personnel, ensuring this is not overridden by your rights[14][15]. Certain processing may be required for us to comply with legal obligations (e.g. verifying immigration/work status or accommodating disabilities in the hiring process)[16]. Where we retain applicant data for future roles, we will obtain your consent to do so, which can be withdrawn at any time[17].

Legal Bases for Processing

We only process your personal data when we have a valid legal basis under applicable data protection laws (like the EU General Data Protection Regulation). This section explains the legal grounds we rely on for the processing activities described above[18]:

  • Consent: In cases where we ask for your consent, we will process your data only for the specific purpose you agreed to. For example, we seek consent to send marketing emails or to use non-essential cookies. You have the right to withdraw consent at any time, and we will honor your choice going forward[11].
  • Performance of a Contract: When we process data that is necessary to fulfill our contract with you (or to take steps at your request before entering a contract), we rely on this legal basis. This includes providing the Aventu app and related services you signed up for, and handling user account data or customer support in connection with our Terms of Service[11].
  • Legitimate Interests: We may process personal data as needed for the legitimate interests of our business or third parties, provided such interests are not overridden by your fundamental rights and freedoms[12]. We have a legitimate interest, for example, in understanding how our services are used so we can improve them, in securing our platforms, in responding to inquiries, and in promoting our services to interested business partners[12]. If we rely on this basis, we will consider and minimize any impact on you, and you have the right to object to processing as described below.
  • Legal Obligation: If processing is necessary for us to comply with a legal obligation, we will do so on this basis[19]. This can include retaining records for tax and accounting purposes, disclosing data when required by law enforcement or regulatory authorities, or fulfilling privacy rights requests in accordance with the law.
  • Vital Interests: In rare cases, we may need to process personal data to protect someone’s vital interests – essentially, to protect life or safety. For instance, this could apply in an emergency involving an imminent threat to an individual’s well-being[20]. (This basis is unlikely to apply in the context of Aventu’s typical services, and is mentioned here for completeness.)

Note: If you are located in the EU, EEA, UK, or Switzerland, Aventu acts as a data controller for the personal data described in this policy[2]. If we ever process data on behalf of another organization (as their data processor), we will do so under a contract with them, and that organization’s privacy notice will govern in those situations[4].

Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website to provide and improve our services. For example, we (and third-parties acting on our behalf) may set cookies to remember your preferences, enable core site functionality, analyze traffic patterns, and deliver relevant content or advertisements[6]. Some cookies are essential for the site to operate (and do not require consent), while others (like analytics or advertising cookies) are used only if you consent via our cookie banner. We also use third-party analytics services such as Google Analytics to understand how users interact with our site and app, which involves setting cookies or similar identifiers[21]. The data collected via analytics may include your device identifiers, browser type, pages visited, time spent, and other usage statistics, but it generally does not directly identify you, and we do not allow Google or others to use this data for their own purposes beyond providing us these analytics[21].

For detailed information about the cookies and trackers we use and your choices in controlling them, please refer to our Cookie Policy (available on our website). Through the cookie consent manager, you can at any time adjust your preferences to accept or reject optional cookies. You can also use browser settings to remove or block cookies, as described in our Cookie Policy.

Sharing of Personal Data

We do not sell your personal data to third parties. However, we may share personal data with third parties in certain circumstances, as needed to achieve the purposes described in this Policy. Any sharing is done in compliance with data protection law and, where applicable, under appropriate data processing agreements. The main categories of recipients include:

  • Service Providers (Processors): We share personal data with trusted third-party companies that perform services on our behalf and under our instructions. These include, for example, cloud hosting providers (for storing our website/app data), IT infrastructure services, analytics providers, email delivery services, customer support platforms, and similar vendors. These service providers are bound by confidentiality and data processing agreements to only use your data for the purposes we specify and to protect it. For instance, we may use Google Analytics to track usage of our site, in which case Google acts as our processor to provide aggregate analytics – you can opt out of such tracking as noted above[21].
  • Business Partners and Affiliates: If you are interacting with Aventu as a potential business partner (for example, as an author or a library interested in our platform), we might share your contact details or inquiry with affiliated entities or authorized partners of Aventu in order to pursue or support the collaboration. We may also share limited information with co-organizers if we host an event or promotion in conjunction with another organization. In all such cases, we will only share what is necessary and will ensure appropriate safeguards or agreements are in place. We do not share your personal data with any third parties for their own marketing use without your explicit consent.
  • Legal Compliance and Protection: We may disclose personal data to government authorities, regulators, law enforcement, or other third parties if required to do so by law or legal process, or if we have a good-faith belief that such disclosure is reasonably necessary to (i) comply with a legal obligation or request; (ii) enforce our Terms and other agreements; or (iii) protect the rights, property, or safety of Aventu, our users, or the public. If we receive requests for user data, we will carefully review them and only provide data when legally compelled.
  • Corporate Transactions: In the event of a prospective or actual business transaction involving Aventu – such as a merger, acquisition, financing, sale of company assets, or transition of service to another provider – personal data may be disclosed or transferred to the acquiring or successor entity as part of the deal[22]. In such cases, we will ensure the recipient commits to respect personal data in a manner consistent with this Privacy Policy or inform you and obtain any required consent. If a change of ownership occurs, we will notify users of the new controller and any changes to data processing.

Aside from the above, personal data may be shared with individuals within our company (such as staff or contractors on a need-to-know basis) and with your consent, we can share information with any other third party that you direct us to. Whenever we share data, we take care to do so securely. If any personal data is transferred to a third party outside the European Economic Area, we will follow the rules explained in the next section on international transfers.

International Data Transfers

Aventu is based in the European Union (Estonia), and we generally store and process personal data on servers located within the EU/EEA. However, some of our service providers or partners may be located in other countries. If your personal data is transferred to a country outside the EEA, UK, or Switzerland that is not deemed to have “adequate” data protection by the European Commission, we will ensure appropriate safeguards are in place to protect your information in compliance with GDPR requirements.

These safeguards typically include using the European Commission’s Standard Contractual Clauses (SCCs), which are contractual commitments that oblige the recipient to protect your data according to EU privacy standards[23]. In some cases, transfers to certain countries may be covered by an adequacy decision. For example, personal data transfers to the United States can be made to organizations that participate in the EU-U.S. Data Privacy Framework, which the EU has deemed to provide an adequate level of protection[24]. Where we transfer data to a U.S. service provider that is certified under this framework, such transfers are permitted without additional authorization[23]. For other U.S. transfers or transfers to countries without an adequacy decision, we will rely on SCCs or other valid transfer mechanisms (such as binding corporate rules or derogations under GDPR Article 49, if applicable)[23].

We will also evaluate, on a case-by-case basis, whether additional supplementary measures are needed to ensure that the transferred data enjoys an equivalent level of protection as in the EU. You can contact us (see “Contact Us” below) if you have questions about the specific safeguards in place for transferring your data across borders, or if you would like to obtain a copy of them.

Data Retention

We will retain personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law[25]. In practice, this means:

  • User Accounts: If you have an Aventu account, we retain your personal data while your account is active. You can delete your account or request deletion at any time. After account deletion (or if your account becomes inactive), we will remove or anonymize personal data associated with your profile, generally within 6 months after the account’s deletion or last use[26], unless we are required to keep it longer (for example, to comply with legal obligations or resolve disputes). Basic account history (e.g. records of transactions or consents) may be kept as needed for legal/accounting purposes beyond account deletion, but we will not use it for new purposes.
  • Newsletter Subscribers: If you unsubscribe from our mailing list, we will promptly stop sending you communications. We may keep your email on a do-not-contact list indefinitely to ensure we do not accidentally send you further emails (as allowed by law), but otherwise we will delete or anonymize personal data related to our newsletter subscribers that is no longer needed.
  • Inquiries and Business Contacts: For individuals who contact us with questions, demos, or business inquiries, we retain your information for as long as is necessary to respond and follow up, and for a reasonable period thereafter. Typically, we may keep inquiry data (including email correspondence) for up to 1–2 years in case you have further questions or to keep context for any ongoing business relationship. If an inquiry results in a contract or you become a customer/partner, your data will then be retained under the relevant customer relationship (and subject to applicable retention requirements, which may be longer). If no further interaction occurs, we will delete or archive the communications after the appropriate period.
  • Job Applicants: Personal data collected during recruitment will be retained for the duration of the recruitment process. If you are not hired, we will delete your applicant data within roughly 6 months after the decision, as noted above, since the purpose (hiring for that role) will have been fulfilled[13]. If you consent to remain in our talent pool for future job openings, we may retain your data for a longer period (typically up to 1–2 years, or as specified when we seek your consent). You are free to withdraw such consent at any time, and we will then delete your data. For hired candidates, we will retain relevant personal data as part of your employment record, in accordance with our employee data retention policies and legal requirements.

In all cases, when the retention period expires or the purpose is achieved, we will either securely delete your personal data or anonymize it (so that it can no longer be linked to you)[27]. If it is not feasible to immediately delete data from backup systems, we will isolate and protect the data until deletion is possible[27]. Please note that certain information may be retained longer if necessary to comply with legal obligations (such as maintaining financial records or proof of consent), resolve disputes, or enforce our agreements. We continually review our retention practices to ensure they are justified and comply with applicable laws.

Data Security

We take the security of personal data very seriously. Aventu has implemented appropriate technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction[28]. These measures include access controls limiting who within our team can access personal information, encryption and secure protocols for data in transit (e.g., HTTPS on our website), and security features in our application and infrastructure to prevent and detect potential vulnerabilities. We also require our service providers to adhere to strict data protection and security standards.

While we strive to safeguard your information, please be aware that no system can be guaranteed 100% secure[29]. Cyber threats continue to evolve, but we monitor our systems for possible attacks and regularly assess our security measures to maintain a high level of protection. We encourage you to use strong passwords, protect your login credentials, and use our services within a secure environment (for example, avoid using public computers to access your account)[30]. In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the appropriate authorities as required by law.

Your Data Protection Rights

As an individual, especially if you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have certain rights regarding your personal data under the GDPR and other applicable data protection laws. Aventu is committed to upholding these rights. You may exercise the following rights free of charge (subject to some conditions and exceptions under law):

  • Right to Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to request a copy of the data we hold about you, as well as information about how we use it[31].
  • Right to Rectification: You have the right to have inaccurate personal data corrected or completed if it is incomplete[32]. If you have an Aventu account, you can also update certain information by logging in and editing your profile.
  • Right to Erasure: You have the right to request deletion of your personal data in certain circumstances (also known as the “right to be forgotten”)[32]. For example, you can ask us to erase data if it’s no longer needed for the purposes for which it was collected, or if you withdraw consent and we have no other legal basis to continue processing. Please note this right is not absolute – sometimes we may retain limited information where required by law or if another lawful basis applies.
  • Right to Restrict Processing: You have the right to ask us to restrict (pause) the processing of your personal data under certain conditions[32]. For instance, if you contest the accuracy of the data or have objected to processing (see below), you can request restriction while the issue is being resolved. When processing is restricted, we will still store your data but not use it further until the restriction is lifted.
  • Right to Data Portability: For data that you have provided to us and that we process by automated means based on your consent or on a contract, you have the right to obtain that data in a structured, commonly used, machine-readable format, and to have it transmitted to another controller where technically feasible[32]. In practice, this could include basic account information you provided to us.
  • Right to Object: You have the right to object to our processing of your personal data in certain situations. Notably, you can object at any time to personal data being used for direct marketing purposes, and we will honor all such opt-out requests. You may also object when the processing is based on our legitimate interests (or those of a third party), and you feel it impacts your rights – we will then re-evaluate our reasons and stop processing unless we have a compelling legitimate ground that overrides your rights or it’s needed for legal claims[33].
  • Right not to be Subject to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects or similarly significant effects for you[34]. Aventu does not currently carry out any such automated decision-making without human involvement. We will inform you and ensure lawful bases (such as your explicit consent) if this policy ever changes.
  • Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing already carried out, but it means we will stop the specific processing going forward. For example, you can unsubscribe from our emails or turn off an optional feature in the app, and we will cease the related data processing once you withdraw consent.

To exercise any of your data subject rights, please contact us using the contact details provided in this Policy. You can email us at privacy@aventu.io with your request. We may need to verify your identity (for instance, by asking for information to confirm it’s you) before executing the request, to ensure we protect your data from unauthorized access. We will respond to your request as soon as possible and within the timeframe required by law. If we cannot fulfill your request (due to a legal exception), we will explain the reasons in our response.

Finally, you also have the right to lodge a complaint with a data protection supervisory authority. If you believe we have infringed your privacy rights or GDPR obligations, you can contact the supervisory authority in the EU Member State where you reside, work, or where the issue occurred[35]. For example, our lead authority in Estonia can be contacted, or you may reach out to your national Data Protection Authority. In the UK, this would be the Information Commissioner’s Office (ICO)[35]; in Switzerland, the Federal Data Protection and Information Commissioner[36]. We would, however, appreciate the chance to address your concerns directly before you do so – please feel welcome to contact us with any complaints or issues, and we will do our best to resolve them.

Automated Decision-Making and Profiling

As of the date of this Policy, Aventu does not use your personal data to carry out any fully automated decision-making processes that have legal or similarly significant effects on you. In other words, we do not use algorithms or profiling to make decisions about you without any human review that would materially affect your rights (for example, we do not conduct automated credit scoring, hiring decisions, or personalized rejections without human involvement). We also do not engage in automated profiling for marketing or advertising purposes in a way that would significantly affect you – any personalization of content in our app (such as story recommendations) is based on general age group suitability and user choices, not hidden profile building.

If this policy changes in the future and we introduce automated decision-making that affects you, we will ensure such processing is done in compliance with GDPR Article 22 and other applicable laws (which may include obtaining your explicit consent or providing an opt-out), and we will update this Privacy Policy to inform you about the logic and envisaged consequences of such processing. You will always have the rights described above with respect to automated decisions, including the right to request human intervention.

Updates to This Privacy Policy

We may update this Privacy Policy from time to time in response to evolving legal, technical, or business developments. When we make changes, we will post the updated policy on our website and adjust the “Last Updated” date at the top. If we make any material changes to how we handle personal data, we will take appropriate measures to inform you, which may include prominently posting a notice of the changes on our site or directly notifying you via email or in-app message[37]. We encourage you to review this Policy periodically to stay informed about how we are protecting your information[38]. Your continued use of our services after the effective date of an updated Privacy Policy will constitute your acknowledgment of the changes. Of course, if the changes require consent (e.g. for a new purpose), we will obtain that consent as needed.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please do not hesitate to contact us. You can reach our privacy team by email at privacy@aventu.io. You may also contact us by postal mail at the following address:

SEASON3 GROUP OÜ (Aventu)
Ahtri tn 12,
10151 Tallinn,
Estonia[39]

We will gladly assist with any inquiries or issues you may have about your privacy and data protection.

This Privacy Policy is provided in English. In case of any translation of this Policy into another language, the English version shall prevail to the extent there is any conflict.