Get our new ebook and turn your organic success into long-term revenue! Download now

Privacy

Policy

This privacy policy explains how we process personal data at SuperScale s. r. o. and affiliated companies belonging to SuperScale Group. SuperScale Group represents any and all of following companies: (i) SuperScale s. r. o., with its registered seat at Bottova 2A , Bratislava 811 09, Slovakia, company ID No. (IČO): 47 523 697, registered in the Commercial Registry kept by Bratislava I District Court, Section Sro, insert No. 94037/B; (ii) SUPERSCALE UK LTD, with its registered seat at C/O Fieldfisher Riverbank House, 2 Swan Lane, London, United Kingdom, EC4R 3TT, company number 13791757; (iii) SuperScale CZ, s.r.o., with registered seat at Dlouhá 730/35, Old Town, 110 00 Prague 1, Czech Republic, ID No. (IČO): 14177501 (jointly and each hereinafter referred to as “SuperScale”, “we” or “us”). Being based in the EU, we must comply with the EU general data protection regulation (the „GDPR“) and local legislation when processing the personal data. You may find GDPR’s text here.

Please note, that SuperScale s.r.o. has merged with SuperScale sp. z.o.o., with its registered seat at Grzybowska 87, 00-844 Warsaw, Poland registered in the register of entrepreneurs of the National Court Register kept by the District Court for Warsaw in Warsaw, XIII. Commercial Division under KRS No. 0000510468 and due to the merger the SuperScale sp. z.o.o. was dissolved and SuperScale s. r. o. became its legal successor.

OUR PURPOSE AND VALUES

In SuperScale, we are passionate gamers and analysts at heart, who know how to unlock a game’s true potential based on data. We believe the key to highest growth is understanding your data and being able to identify growth opportunities based on players’ behavior and market trends hidden in data.

We pursue our commitment to doing business honestly, ethically, and with respect for one another. The way we do our business is focused on and promote following:

  • We conduct honestly and ethical in all internal and external relationships.
  • We act with integrity, competence, diligence, respect, and in an ethical manner with the public, clients, prospective clients, employers, employees, or colleagues.
  • We protect all confidential, personal, and proprietary information regarding us, our business partners, and customers.
  • We support internal reporting of any violations and actions in conflict with this Code of Conduct.
  • We do business in compliance with applicable law, regulations, and directives.

This Code underpins our ability to behave in a manner consistent with our values. The aim of our Code of Conduct is not to replace the legislation, and in any case, our Code of Conduct conflicts with local legislation, the legislation takes precedence.

We may change this Code of Conduct from time to time by posting the most current Privacy Policy and its effective date on our website.

1. What is your legal position when processing personal data?

When we provide analytic, marketing, big data or advisory services to our clients (e.g. game developers) (the “Services”), we process personal data in position of data processor of our clients as controllers. With regard to Services, our clients can conclude a contract and a data processing agreement with any entity belonging to SuperScale Group (the “Contracting entity”). Contracting entity within providing Services for clients uses its affiliates belonging to SuperScale Group as sub-processors based on data processing agreement and our internal data protection policies. 

We also act as data controllers in relation to data we process for our own purposes for example in the marketing, HR, legal, statistics, administrative and compliance area (see below). In respect to our own purposes SuperScale Group concluded the so-called joint controllers’ agreement under Article 26 of the GDPR and within such purposes we act as joint controllers. We regard SuperScale Group as part of one group or one family and often our joint activities (e.g. marketing campaigns) relate to SuperScale brand and not the individual entity. Also, staff of all SuperScale Group collaborates and cooperates together. The essence of the joint controllers’ agreement is following: 

  • SuperScale Group collaborate in joint processing activities related to all below mentioned SuperScale’s purposes;  
  • We have established a single contact point for data subjects, as per this privacy policy; 
  • Internally, data subject request are primarily handled by SuperScale s. r. o. (Slovakia); 
  • Our main establishment is located in Slovakia;
  • SuperScale Group share data for the internal administrative purposes (as per recital 48 of the GDPR); 
  • SuperScale Group may conclude agreements with processors also on behalf / for the benefit of SuperScale Group; 

 

Because we process personal data as both processors and controllers, this privacy policy is addressed both to our clients but also to visitors of our websites or social media profiles. We may also use additional information and more specifying information to fully deal with our information obligations under the GDPR.

2. Where you may contact us in gdpr issues?

If you have any questions concerning how we process your personal data, you can contact us at [email protected] or by post using our registered seat addresses above (SuperScale s. r. o., Bottova 2A, Bratislava 811 09, Slovakia). We have not appointed data protection officer, but we have internally appointed a number of persons responsible for data protection agenda in general. We also use external legal advisors in this respect. 

Please note that when the processing concerns provision of the Services, we are not entitled to handle or respond to your request on behalf of our clients. If you have questions about how our clients (e.g. game developers) use your data (including via us), please get in touch with them. We can only forward your requests to them.  

3. For what purposes and on what legal basis we process personal data?

We process the personal data for the following purposes of processing and on the following legal basis: 

In order to provide the Services, we process personal as a data processor on behalf of our clients (e.g. game developers). The purpose and legal basis of such processing is determined individually by each client and not but us. However, our clients generally describe the purpose of processing as: 

  • product improvement purposes, e.g. improvement, development, maintenance and testing of the app/software and its new features or updates; 
  • direct marketing communication, conducting marketing campaigns and related marketing analytics; or
  • raising awareness about the organization, its products and services online. 

In general, our clients process personal data about their users and gamers on the basis of their consent, contract concluded with them or on the basis of their legitimate interests. However, this is not our concern. Please check the privacy policy of a particular game developer to see the details. The above information is only illustrative, for the perspective clients or interested gamers. 

As a controller, we process personal data for the following (compatible) purposes: 

  • Maintaining adequate level of security (security). We consider security of our assets, property, staff and generally our informational security to be both our legal obligation pursuant to the Art. 6(1)(c) of the GDPR as well as our legitimate interests pursuant to the Art. 6(1)(f) of the GDPR (underlined above). Based on our legitimate interest on security, we monitor usage of our systems internally to detect breach of the internal policies, unauthorized operations in our systems or harmful bots, codes or conduct. This purpose involves adoption of adequate security measures, their periodic assessment and review.  
  • Direct marketing communication & raising brand awareness online (marketing). We consider processing of personal data for direct marketing our legitimate interests pursuant to the Art. 6(1)(f) of the GDPR (underlined above) as confirmed by recital 47 of the GDPR. However, where required by ePrivacy or other legal regulations (such as Slovak Act on Electronic Communications), we rely on data subject consent pursuant to the Art. 6(1)(a) of the GDPR instead. This purpose is related to direct marketing communication of SuperScale products for example via our own marketing campaigns, newsletters, events, blogs as well as raising brand awareness through our social media profiles, online interaction with users, maintaining our websites and publication of team or event photos where allowed.  
  • Establishment, exercise or defence of legal claims (legal agenda). As any business, we have a legal agenda. Therefore, from time to time we must pursue our legal claims, ask for compensation or settlement and keep legal evidence, request legal advice from external advisors, ensure compliance with regulations, get represented by legal advisors in court, criminal, administrative or other proceedings or report to law enforcement authorities or otherwise. We do this on the basis of our legitimate interests pursuant to the Art. 6(1)(f) of the GDPR (underlined above) or on the basis of contract performance pursuant to the Art. 6(1)(b) of the GDPR in case of limited contract enforcement. 
  • Tax, billing & accounting. In order to comply with tax, billing & accounting regulations we must process certain limited scope of personal data. We do this because we are obliged to do so pursuant to the Art. 6(1)(c) of the GDPR. 
  • Contract performance. We conclude number of legal contracts with SuperScale Group and other businesses which serve to support our essential business activities. We need to enforce, perform and manage contracts and we do that based on our legitimate interests pursuant to the Art. 6(1)(f) of the GDPR (underlined above) or based on contract performance pursuant to the Art. 6(1)(b) of the GDPR. Our legitimate interest on contract performance also includes situations where personal data about personnel, staff or contacts is processing in B2B contract. This purpose also covers any pre-contractual negotiation or processing data via most contact forms on our website because as stems from Article 6(1)(b) GDPR: “…or in order to take steps at the request of the data subject prior to entering into a contract.” Based on consent pursuant to the Art. 6(1)(a) of the GDPR we keep CVs and motivation letters of prospective business partners for periods after the applied position has been closed, to be able to get back to you in future.
  • Personnel & payroll purposes. In relation to our internal staff, we are obliged to process certain limited data by the employment, commercial, social deductions and insurance regulations pursuant to the Art. 6(1)(c) of the GDPR. We also rely on contract performance pursuant to the Art. 6(1)(b) of the GDPR when it comes to contracts with personnel and pre-contractual relationships. Based on consent pursuant to the Art. 6(1)(a) of the GDPR we keep CVs and motivation letters of prospective candidates for periods after the applied position has been closed, to be able to get back to you in future. 
  • Benefits for business partners. On the basis of data subject consent to the Art. 6(1)(a) of the GDPR we provide personal data of our business partners and / or employees to 3rd party benefits providers. 
  • Statistics. We keep anonymous or aggregated statistics like number of clients, campaigns or users, costs saved, average conversion rate and similar. We make sure such statistics are not personal data, however, these statistics might be made by conversion from the personal data about our clients. In line with Art. 89 of the GDPR, statistical processing is performed on this basis of any of above-mentioned legal bases. 

4. What personal data do we process?

We only process personal data which is necessary in scope of type to for the purposes of processing explained above. We believe this entails typical categories of personal data in relation to typical business purposes of processing. Systematic processing of special categories of personal data under Article 9 of the GDPR is not present at SuperScale. However, we cannot exclude the possibility of such processing in relation to the personnel and payroll purposes if the law and the specific situation require us to do so for example in relation to the data relating to health. We also do not process personal data relating to criminal convictions and offences under Article 10 of the GDPR. Therefore, for the most purposes we only process the basic identification and contact personal data including typical communication data and content. As regards marketing, we process data typically collected by using business features of social media and website analytics software solutions such as data pushed through the cookies, website browsers and advertisement identifiers. We believe such processing – regardless of whether we have actual access to such information or not – includes elements of profiling but not individual decision-making.

As regards the personal data we process as processors within provision of the Services, we cannot globally define the exact scope of data processed because this is determined by our clients (controllers) in the respective data processing agreements. However, in typical scenario we process data described in relation to marketing above in conjunction with aggregated performance analysis of game usage and in-game data provided to us by the controller. Generally, we look into how users interact with game’s features and subsequently advice the game developer how to improve the game both in terms of revenue generated as well as in terms of user experience, retention, loyalty and other performance indicators. These activities are (in principle) aggregated and not focused on a particular individual. We nevertheless understand that this still entails processing of personal data.

5. How do we collect your personal data?

In relation to the Services we provide, we collect personal data on the behalf of our clients as a processor/sub-processor therefore your personal data are typically provided to us by original controllers. This is typically within the context of the relationship between game player and game developer being contractual parties. The provision of data here is therefore voluntary.

We can also collect your personal data from you directly when we act as controller. For example, by communication with you, by conclusion of contract with you, via activity on social media or sending us a message via forms on our website (e.g. applying for position with us). Such provision of data is voluntary and if it relates to a contract, it might be contractual requirement or a requirement necessary to enter into a contract. Since the activities which lead to provision of your data to us we believe are voluntary, you should not be in a position where you have to provide the data to us.

As regards other contact forms on our website and business cooperation offers published on third party websites, we expect conclusion of a contract with you or your company and therefore we regard this communication as a pre-contractual communication. As part of contractual or personnel & payroll purposes, we do not request your consent because we rely on contract performance or our legitimate interest. The only difference is with the consent at the careers page, in where you can – voluntarily – grant us consent to keep your data longer, even if the position you applied for is closed. This is the same for employment and business relationship positions. This is not mandatory meaning that if you do not grant us this consent, we should delete your information after the open position you applied for is closed. You can revoke this consent at any time, and we will not keep your data any more provided we do not have if from other reasons (e.g. concluded contract).

6. Who are recipients of your personal data?

We take the confidentiality of your personal data very seriously and have policies in place to ensure that your data is only shared with authorized staff (internal recipients) or a verified/authorized third party. Our staff or internal contractors might have access to your personal data on a strictly need-to-know basis typically governed and limited by function, role and department of the particular employee. We have also put in place policies and procedures that ensure we separate data per client where possible. We also use sub-contractors to support us in providing Services which might process personal data for us. We ensure that selection of our sub-contractors and any processing of personal data by them is compliant with the GDPR. Categories of recipients of user personal data (processed on behalf of our clients) are hosting or cloud services providers as is explained in detail in our data processing agreement. As regards the other purposes, the recipients of personal data might be:

  • SuperScale Group based on the joint-controller agreement including our staff, personnel, directors or other internal contractors and their invoicing entities; 
  • hosting or cloud services providers (Amazon, Google, Digital Ocean, Salesforce, AirTable, Calendly, Expandrive);
  • providers of standard software solutions (such as Microsoft, Amazon and Google, Slack, AirTable, Tableau, IDrive Inc. (Remote PC), Asana, Zoom, Harvest, Tulip, Slite, Workable, DocuSign, Toggl, Adobe, Teamviewer, WordPress);
  • providers of creative and coding software solutions (such a PyCharm (JetBrains), Docker, Ubuntu, Python Software Foundation, Dashlane, WebPack, Anaconda, Figma Blueastacks, Postman, DbVis Software AB, Krisp Technologies, Inc. win.rar GmbH);
  • marketing and analytics software service providers and social media platform operators (such as Google and Meta, LinkedIn, Twitter, SnapChat, Zapier, App Annie);
  • providers of cybersecurity tools and solutions (JumpCloud, ESET, Dashlane, Check Point Security VPN, Perimeter 81, Data Dog);
  • billing, accounting and legal advisors;
  • public authorities if required based on local law (we will share personal data outside of SuperScale only that access, use, preservation, or disclosure of the data is reasonably necessary to meet any applicable law, regulation, legal process, or enforceable governmental request);
  • authorized personnel of the above.

When we act as processors of our clients (controllers), we process personal data provided to us in number of applications under the clients’ name and account on their behalf. We do not consider this appointment of another sub-processor by us, but rather as exchange of data between the same-level processors based on controller’s instruction. 

  • Sub-processors. As a data processor, SuperScale is not entitled to appoint another sub-processor or a third party to process the Personal Data without the Client’s prior consent or general authorization. Prior consent or notification of the Client is not needed for using of the Affiliates and approved Subcontractors under the MSAs, provided SuperScale ensures that data processing agreement adequate with this DPA is concluded with such sub-processors.

7. What countries do we transfer your personal data to?

By default, we do not to transfer your personal data outside the European Economic Area where not necessary. As a rule, we seek to have all cloud and servers located in the EEA. However, some of our sub-contractors or the above-mentioned recipients of personal data might be based or their servers might be co-located in the United States of America (USA). After the Court of Justice of the EU abolished the EU-US Privacy Shield in July 2020, USA is again regarded a third party not ensuring adequate level of protection. Any transfer of personal data outside the European Economic Area is done by us only under strict compliance with the GDPR. We ensure the third-party recipients in non-adequate countries concluded the EU standard contractual clauses (EU SCC) with us or follow equivalent safeguards such binding corporate rules (BCRs). EU SCC are now concluded with all above US-based sub-contractors or recipients (such as Google, Facebook, Amazon, Microsoft). All EU SCC concluded must not deviate from the template approved by the Commission (for controller-processor transfers). We seek to adopt additional safeguards where we believe the 3rd country partner might be subject to US surveillance laws that were viewed disproportionate by the Court of Justice of the EU. 

For transparency and more detailed information please see the following: 

 

Supplier 

Supplier’s privacy policy

Transfer mechanism 

Adobe Systems Software Ireland

Adobe Privacy Policy

EU SCC with DPA available upon request here

AirTable

AirTable Privacy Policy

DPA with EU SCC as confirmed here DPA available upon request – [email protected]

Altassian (Jira, Confluence)

Altassian Privacy Policy

DPA with EU SCC 

Amazon Web Services EMEA SARL

Amazon Privacy Policy

EU SCC – with Data Processing Addendum (“DPA”) available here 

Anaconda, Inc.

Anaconda Privacy Policy

EU SCC available upon request

apilayer Data Products GmbH

Apilayer Privacy Policy

EU based

App Annie Europe Limited

App Annie Privacy Policy

EU SCC – available upon request to [email protected]  (https://www.appannie.com/en/legal/privacy/#transfers_to_other_countries)

AppLovin Corporation

AppLovin Privacy Policy

EU SCC available upon request

AppTweak

AppTweak Privacy Policy

EU SCC available upon request

Asana, Inc.

Asana Privacy Policy

EU SCC with DPA – available here 

Binary Confidence s.r.o.

Binary Confidence Privacy Policy

EU based

Bluestacks

BlueStacks Privacy Policy

EU SCC available upon request

Calendly, LLC

Calendly Privacy Policy

EU SCC with DPA available here 

citadelo, s.r.o.

Citadelo Privacy Policy

EU based

CloudFare, Inc.

CloudFare Privacy Policy

 EU SCC with DPA available here 

Dashlane

Dashlane Privacy Policy

EU SCC – with DPA – available here 

Datadog, Inc

Datadog Privacy Policy

EU SCC available upon request

DbVis Software AB

DbVis Software Privacy Policy

EU based (Sweden)

Digital Ocean

Digital Ocean Privacy Policy

EU SCC – available here 

DocuSign

DocuSign Privacy Policy

BCR available here 

Elasticsearch, Inc.

Elasticsearch Privacy Policy

EU SCC available upon request

ESET 

ESET Privacy Policy

Standard Contractual Clauses, Binding Corporate Rules or another appropriate safeguard – Data Processing Terms available here 

ExpanDrive

ExpanDrive Privacy Policy

Meta

Meta Privacy Policy

EU SCC – available here 

Figma, Inc.

Figma Privacy Policy

EU SCC available upon request

Freshworks Inc. (Fresh Sevice)

Freshworks Privacy Policy

EU SCC available upon request

Google Cloud EMEA Limited

Google Cloud EMEA Privacy Policy

EU SCC – available here 

GitHub Inc.

GitHub Privacy Policy

EU SCC with DPA available here

Harvest

Harvest Privacy Policy

EU SCC – available here 

Hi Bob Ltd.

Hi Bob Privacy Policy

EU SCC available upon request

Hotjar Ltd.

Hotjar Privacy Policy

EU based

Hootsuite

Hootsuite Privacy Policy

EU SCC available upon request

JumpCloud Inc.

JumpCloud Privacy Policy

EU SCC with DPA – available here 

Krisp Technologies, Inc.

Krisp Technologies Privacy Policy

EU SCC with DPA available upon request

LinkedIn Ireland Unlimited Company

LinkedIn Privacy Policy

EU SCC with DPA available here 

Microsoft Ireland Operations Limited (including Visual Studio Code, TypeScript)

Microsoft Privacy Policy

EU SCC – available here 

miniExtensions, LLC

miniExtensions Privacy Policy

DPA with EU SCC

NestJS

NestJS Privacy Policy

OpenJS Foundation (WebPack)

OpenJS Privacy Policy

EU SCC available upon request to [email protected]

Perimeter 81

Perimeter 81 Privacy Policy

EU SCC with DPA available here 

Postman

Postman Privacy Policy

EU SCC as confirmed here 

PyCharm (JetBrains)

PyCharm Privacy Policy

EU SCC with DPA available here

Python Software Foundation

Python Privacy Policy

EU SCC available upon request

IDrive Inc. (Remote PC)

IDrive Privacy Policy

EU SCC available upon request

RStudio

RStudio Privacy Policy

EU SCC available upon request

RealtimeBoard, Inc. dba Miro

RealtimeBoard Privacy Policy

DPA with EU SCC

Sentry

Sentry Privacy Policy

DPA with EU SCC

Slack Technologies Limited

Slack Technologies Privacy Policy

EU SCC – available here 

Slite Inc

Slite Privacy Policy

EU SCC available upon request 

SnapChat

SnapChat Privacy Policy

EU SCC with DPA available here 

Tablueau 

SFDC Ireland Ltd. (SalesForce)

Tablueau Privacy Policy

SFDC Ireland Privacy Policy

EU SCC with DPA available here; BCR (SalesForce): 

Teamviewer

Teamviewer Privacy Policy

EU SCC as confirmed here

Tempo ehf.

Tempo ehf Privacy Policy

Toggl Technology Limited

Toggl Technology Privacy Policy

EU SCC with DPA available here 

Tulip

Tulip Privacy Policy

EU SCC available upon request : [email protected]m (https://tulip.co/privacy-policy/)

Ubuntu

Ubuntu Privacy Policy

EU SCC available upon request

Unity Software Inc.

Unity Privacy Policy

EU SCC available upon request

Zapier, Inc

Zapier Privacy Policy

EU SCC with DPA available here 

ZoomSphere (MicroMedia s.r.o.)

ZoomSphere Privacy Policy

EU based

Zoom Video Communications Inc.

Zoom Privacy Policy

EU SCC – information available here 

win.rar GmbH

WinRAR Privacy Policy

EU based (Germany -Berlin)

WordPress

(AUTOMATTIC)

WordPress Privacy Policy

EU SCC with DPA available upon request here 

Workable Software Private Company

Workable Privacy Policy

EU SCC as stated in DPA available here 

8. How long do we store your personal data?

We must not and we do not want to store your personal data for longer than necessary for the given purpose of processing. Due to this legal requirement but also due to technical and financial aspects of data storage we actively delete data where no longer necessary. Retention periods are either provisioned in respective laws, data processing agreements, instructions of our controllers or are set out by us in our internal policies. When processing of your personal data is based on consent and you decide to withdraw your consent, we do not further process your personal data for the specific purpose. However, it does not exclude the possibility that we process your personal data on different legal grounds especially due to our legal obligations. General retention periods for the above purposes of processing are as follows:

  • Maintaining adequate level of security. Throughout duration of the business relationship and/or usage of our internal systems. We aim to delete security logs where kept once every 3 years, in case these are needed for the legal agenda. 
  • Direct marketing communication & raising brand awareness online (marketing). Until you or us actively delete your message, comment, profile or until you object against direct marketing or revoke consent. We delete private messages on our profile and non-active marketing data once every 3 years. 
  • Establishment, exercise or defence of legal claims (legal agenda). During the legal dispute, negotiation, or settlement, during court, administrative or criminal proceedings (can generally be from 2 to 7 years) or until the relevant limitation period has not passed, which depending on type of legal claim may generally be from 2 to 10 years (Slovak law). 
  • Tax, billing & accounting. Generally, 10 years (for Slovak accounting documents) as of the accounting year in which the tax, billing or account documentation originated. 
  • Contract performance. Generally, 3 years after termination of the contract or pre-contractual communication, unless required longer for legal agenda. 2 years after the applied position has been closed, provided the prospected business partner consented to it.
  • Personnel & payroll purposes. In relation to our internal staff, we are obliged to process certain limited data by the employment, commercial, social deductions and insurance regulations pursuant to the Art. 6(1)(c) of the GDPR. General retention period is 10 years from end of the employment relationship, unless the applicable law does not provide longer periods for certain documents (in some cases up to 70 years from employee’s date of birth under Slovak law). 2 years after the applied position has been closed, provided the prospect consented to it. 
  • Benefits for business partners. Until withdrawal of the data subject consent or end of business cooperation.
  • Statistics. Only as long and only if other purposes of processing are relevant. As soon as the data is not personal, GDPR does not apply and retention periods are unlimited. 

All retention periods related to the personal data we process for our clients (controllers) are determined by our clients. We can only keep such personal data during the term of our data processing agreement after which we must return or erase all personal data about clients’ data subjects. However, we might erase personal data even sooner, if the client instructs us to do so for example if the client does not regard storing such data no longer necessary for the given purpose. Please also see storage period for cookies we use on our websites (below). 

9. What rights do you have as the data subject?

When we process your personal, you have data subject rights under the Article 15 to 22 of the GDPR. Among others, you have:

  • right to request information and access to your personal data according to Article 15 GDPR;
  • right to rectification of inaccurate data (and completion of incomplete data) according to Article 16 GDPR;
  • right to erasure of personal data according to Article 17 GDPR (right to be forgotten);
  • right to restriction of processing according to Article 18 GDPR;
  • notification right regarding rectification, erasure or restriction according to Article 19 GDPR; 
  • the right to data portability according to Article 20 GDPR.
  • right to object against processing according to Article 21 GDPR; and
  • right not to be subject to individual decision making according to Article 22 GDPR (which we do not undertake). 

However, these are not absolute rights which only exist if the relevant conditions are met. For example, right for erasure does not apply in case such personal data is required for compliance with legal obligation (legal compliance) or for the establishment, exercise or defence of legal claims (legal enforcement). The only absolute right is right to object against direct marketing under Article 21 (2) of the GDPR which is not linked to any further condition and we must always comply with such objection. Please contact us if you have a general query about your data subject rights. 

We must explicitly bring to your attention the following information:

As regards consent: “You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.”

As regards right to object: “You have right to object to any processing that is based on legitimate interest or public interest (we do not rely on public interest) including to profiling pursuant to the Article 21 GDPR. You also have a right to object to any direct marketing processing of your personal data including profiling.”

You have also a right to lodge a complaint to the relevant data protection supervisory authority. Please note that our lead supervisory data protection authority is the Slovak Data Protection Authority (www.dataprotecton.gov.sk). 

When enforcing your data subject rights, please be as explicit and detailed as possible. Otherwise, we might respond with request to clarify a generic, vague or too general requests which in turn delays getting the information you request. As mentioned above, if you are our clients’ user, we are not entitled to handle your request. These should be addressed to the controller (our client, i.e. game developer).

10. How we use cookies?

For further information please see our Cookie Policy.

11. How we use social networks?

Please read relevant privacy policies to better understand processing of your personal data by providers of social media platforms. We only have a typical admin control over the personal data processed by us via our own company profile. We assume that by using these social media platforms, you understand that your personal data might be processed for other purposes and that your personal data might by transferred to other third countries and third parties by providers of social media platforms.

FACEBOOK / INSTAGRAM (META)

In connection with the processing of statistical data on the use of our Facebook and Instagram profile, we have the status of a joint controller with Meta, while basic information on the agreement of joint controllers pursuant Art. 26 (1) and (2) can be found here: https://www.facebook.com/legal/terms/page_controller_addendum  

Our social media add-ons are integrated on our website. You will recognize them by the Facebook / Instagram logo on the website. When you visit our website, Meta receives information that you have visited our website with your IP address. If you click on the Facebook / Instagram icon available on our website while you are signed in and / or registered to your Facebook / Instagram account, the content of the website is redirected to your Facebook / Instagram profile. Consequently, Meta may associate your visit to your website with your user account. Data is transferred regardless of whether you have a Facebook / Instagram account or not. Please note that when using our website, we have no influence on the data collected and the data processing processes, and we also do not know the overall scope of the data being collected, the purpose of the processing or the data processing. of such data. Meta stores your information about you as user profiles and uses it for your own advertising, market research, and / or customizing your services and tools to registered users. Such evaluation is performed in order to inform other Facebook / Instagram users of your activities on our website. You are entitled to object against the creation of such user profiles, and you must contact Facebook to lodge an objection against that processing. We always recommend you sign out of your Facebook / Instagram account, especially to avoid associating your online activity with your profile. For more information about the purpose and scope of your data discovery and processing by Meta, please visit the Meta Privacy Statement at Instagram Data Policy and Facebook Privacy Policy    

We would also like to inform you that we can use the services provided by Meta Platforms Ireland Limited, which are labelled as “data file custom audiences” – the management of the audience for advertising campaigns, and may combine the data we process with personal data processed in Facebook and “measurement and analytics”, in which Meta processes personal data on our behalf to measure the performance and reach of our advertising campaigns and provide us with user reports that have seen and responded to our advertising content. Therefore, this processing of your personal data may occur if you interact with our advertising content or our websites as you use your Facebook-based user profile. In such cases, we use Meta as the processor, using the following legal safeguards to process your personal data: https://www.facebook.com/legal/terms/businesstoolshttps://www.facebook.com/legal/terms/dataprocessing.

If the above-described processing of personal data interferes with you, you can object to it or you can also use the available self-regulatory tools developed for the online marketing sector, available here: http://www.aboutads.info/choices or www.youronlinechoices.eu. These online tools allow you to automatically identify and delete third-party digital identifiers (including those from Facebook or Instagram) in your browser, thereby preventing your personal data from being processed. 

LINKEDIN

Our website also has an integrated plug-in of the LinkedIn social network, which is operated by LinkedIn Company, Inc., 1000 W Maude Sunnyvale, CA 94085, USA. SuperScale has no influence on the processing of your personal data by the LinkedIn as controller of this social network nor control except common administration of our LinkedIn profile. For more information on the processing of your personal data, you can read the LinkedIn Privacy Policy. 

We can use LinkedIn also as our processor during support the sales, recruiting, marketing, educational or other business practices aimed on increasing awareness of SuperScale in online environment towards relevant professional audience based on this Data Processing Addendum.

TWITTER

Our website also has an integrated plug-in of the Twitter social network, which is operated by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A. SuperScale has no influence on the processing of your personal data by the Twitter as controller of this social network nor control except common administration of our Twitter profile  For more information on the processing of your personal data, you can read the Twitter Privacy Policy.

12. What happens in case of changes to this Privacy Policy?

We may change this Privacy Policy from time to time by posting the most current Privacy Policy and its effective date on our website. In case we change this privacy policy substantially, we may bring such changes to your attention by explicit notice on our websites or by email.

Our website might contain links to other websites and/or services of different providers than us. We are not responsible for content, changes, amendments and provision of websites or services of different providers than us including other Privacy Policies of third parties. This Privacy Policy does not apply on the processing of personal data during browsing or using websites or services of different providers than us.

 

SuperScale s. r. o.

SUPERSCALE UK LTD

SuperScale CZ, s.r.o.

March 2023