Privacy

Policy

This privacy policy explains how we process personal data at SuperScale s. r. o. and affiliated companies belonging to SuperScale Group. SuperScale Group represents any and all of following companies: (i) SuperScale s. r. o., with its registered seat at Bottova 2A , Bratislava 811 09, Slovakia, company ID No. (IČO): 47 523 697, registered in the Commercial Registry kept by Bratislava I District Court, Section Sro, insert No. 94037/B; (ii) SUPERSCALE UK LTD, with its registered seat at C/O Fieldfisher Riverbank House, 2 Swan Lane, London, United Kingdom, EC4R 3TT, company number 13791757; (iii) SuperScale CZ, s.r.o., with registered seat at Dlouhá 730/35, Old Town, 110 00 Prague 1, Czech Republic, ID No. (IČO): 14177501 (jointly and each hereinafter referred to as “SuperScale”, “we” or “us”). Being based in the EU, we must comply with the EU general data protection regulation (the „GDPR“) and local legislation when processing the personal data. You may find GDPR’s text here.

Please note, that SuperScale s.r.o. has merged with SuperScale sp. z.o.o., with its registered seat at Grzybowska 87, 00-844 Warsaw, Poland registered in the register of entrepreneurs of the National Court Register kept by the District Court for Warsaw in Warsaw, XIII. Commercial Division under KRS No. 0000510468 and due to the merger the SuperScale sp. z.o.o. was dissolved and SuperScale s. r. o. became its legal successor.

1. What is your legal position when processing personal data?

When we provide analytic, marketing, big data or advisory services to our clients (e.g. game developers) (the “Services”), we process personal data in position of data processor of our clients as controllers. With regard to Services, our clients can conclude a contract and a data processing agreement with any entity belonging to SuperScale Group (the “Contracting entity”). Contracting entity within providing Services for clients uses its affiliates belonging to SuperScale Group as sub-processors based on data processing agreement and our internal data protection policies.

We also act as data controllers in relation to data we process for our own purposes for example in the marketing, HR, legal, statistics, administrative and compliance area (see below). In respect to our own purposes SuperScale Group concluded the so-called joint controllers’ agreement under Article 26 of the GDPR and within such purposes we act as joint controllers. We regard SuperScale Group as part of one group or one family and often our joint activities (e.g. marketing campaigns) relate to SuperScale brand and not the individual entity. Also, staff of all SuperScale Group collaborates and cooperates together. The essence of the joint controllers’ agreement is following:

SuperScale Group collaborate in joint processing activities related to all below mentioned SuperScale’s purposes;
We have established a single contact point for data subjects, as per this privacy policy;
Internally, data subject request are primarily handled by SuperScale s. r. o. (Slovakia);
Our main establishment is located in Slovakia;
SuperScale Group share data for the internal administrative purposes (as per recital 48 of the GDPR);
SuperScale Group may conclude agreements with processors also on behalf / for the benefit of SuperScale Group;

Because we process personal data as both processors and controllers, this privacy policy is addressed both to our clients but also to visitors of our websites or social media profiles. We may also use additional information and more specifying information to fully deal with our information obligations under the GDPR.

2. Where you may contact us in gdpr issues?

If you have any questions concerning how we process your personal data, you can contact us at [email protected] or by post using our registered seat addresses above (SuperScale s. r. o., Bottova 2A, Bratislava 811 09, Slovakia). We have not appointed data protection officer, but we have internally appointed a number of persons responsible for data protection agenda in general. We also use external legal advisors in this respect.

Please note that when the processing concerns provision of the Services, we are not entitled to handle or respond to your request on behalf of our clients. If you have questions about how our clients (e.g. game developers) use your data (including via us), please get in touch with them. We can only forward your requests to them.

3. For what purposes and on what legal basis we process personal data?

We process the personal data for the following purposes of processing and on the following legal basis:

In order to provide the Services, we process personal as a data processor on behalf of our clients (e.g. game developers). The purpose and legal basis of such processing is determined individually by each client and not but us. However, our clients generally describe the purpose of processing as:

product improvement purposes, e.g. improvement, development, maintenance and testing of the app/software and its new features or updates;
direct marketing communication, conducting marketing campaigns and related marketing analytics; or
raising awareness about the organization, its products and services online.

In general, our clients process personal data about their users and gamers on the basis of their consent, contract concluded with them or on the basis of their legitimate interests. However, this is not our concern. Please check the privacy policy of a particular game developer to see the details. The above information is only illustrative, for the perspective clients or interested gamers.

As a controller, we process personal data for the following (compatible) purposes:

Maintaining adequate level of security (security). We consider security of our assets, property, staff and generally our informational security to be both our legal obligation pursuant to the Art. 6(1)(c) of the GDPR as well as our legitimate interests pursuant to the Art. 6(1)(f) of the GDPR (underlined above). Based on our legitimate interest on security, we monitor usage of our systems internally to detect breach of the internal policies, unauthorized operations in our systems or harmful bots, codes or conduct. This purpose involves adoption of adequate security measures, their periodic assessment and review.

Direct marketing communication & raising brand awareness online (marketing). We consider processing of personal data for direct marketing our legitimate interests pursuant to the Art. 6(1)(f) of the GDPR (underlined above) as confirmed by recital 47 of the GDPR. However, where required by ePrivacy or other legal regulations (such as Slovak Act on Electronic Communications), we rely on data subject consent pursuant to the Art. 6(1)(a) of the GDPR instead. This purpose is related to direct marketing communication of SuperScale products for example via our own marketing campaigns, newsletters, events, blogs as well as raising brand awareness through our social media profiles, online interaction with users, maintaining our websites and publication of team or event photos where allowed.

Establishment, exercise or defence of legal claims (legal agenda). As any business, we have a legal agenda. Therefore, from time to time we must pursue our legal claims, ask for compensation or settlement and keep legal evidence, request legal advice from external advisors, ensure compliance with regulations, get represented by legal advisors in court, criminal, administrative or other proceedings or report to law enforcement authorities or otherwise. We do this on the basis of our legitimate interests pursuant to the Art. 6(1)(f) of the GDPR (underlined above) or on the basis of contract performance pursuant to the Art. 6(1)(b) of the GDPR in case of limited contract enforcement.

Tax, billing & accounting. In order to comply with tax, billing & accounting regulations we must process certain limited scope of personal data. We do this because we are obliged to do so pursuant to the Art. 6(1)(c) of the GDPR.

Contract performance. We conclude number of legal contracts with SuperScale Group and other businesses which serve to support our essential business activities. We need to enforce, perform and manage contracts and we do that based on our legitimate interests pursuant to the Art. 6(1)(f) of the GDPR (underlined above) or based on contract performance pursuant to the Art. 6(1)(b) of the GDPR. Our legitimate interest on contract performance also includes situations where personal data about personnel, staff or contacts is processing in B2B contract. This purpose also covers any pre-contractual negotiation or processing data via most contact forms on our website because as stems from Article 6(1)(b) GDPR: “…or in order to take steps at the request of the data subject prior to entering into a contract.” Based on consent pursuant to the Art. 6(1)(a) of the GDPR we keep CVs and motivation letters of prospective business partners for periods after the applied position has been closed, to be able to get back to you in future.

Personnel & payroll purposes. In relation to our internal staff, we are obliged to process certain limited data by the employment, commercial, social deductions and insurance regulations pursuant to the Art. 6(1)(c) of the GDPR. We also rely on contract performance pursuant to the Art. 6(1)(b) of the GDPR when it comes to contracts with personnel and pre-contractual relationships. Based on consent pursuant to the Art. 6(1)(a) of the GDPR we keep CVs and motivation letters of prospective candidates for periods after the applied position has been closed, to be able to get back to you in future.

Benefits for business partners. On the basis of data subject consent to the Art. 6(1)(a) of the GDPR we provide personal data of our business partners and / or employees to 3^rd party benefits providers.

Statistics. We keep anonymous or aggregated statistics like number of clients, campaigns or users, costs saved, average conversion rate and similar. We make sure such statistics are not personal data, however, these statistics might be made by conversion from the personal data about our clients. In line with Art. 89 of the GDPR, statistical processing is performed on this basis of any of above-mentioned legal bases.

4. What personal data do we process?

We only process personal data which is necessary in scope of type to for the purposes of processing explained above. We believe this entails typical categories of personal data in relation to typical business purposes of processing. Systematic processing of special categories of personal data under Article 9 of the GDPR is not present at SuperScale. However, we cannot exclude the possibility of such processing in relation to the personnel and payroll purposes if the law and the specific situation require us to do so for example in relation to the data relating to health. We also do not process personal data relating to criminal convictions and offences under Article 10 of the GDPR. Therefore, for the most purposes we only process the basic identification and contact personal data including typical communication data and content. As regards marketing, we process data typically collected by using business features of social media and website analytics software solutions such as data pushed through the cookies, website browsers and advertisement identifiers. We believe such processing – regardless of whether we have actual access to such information or not – includes elements of profiling but not individual decision-making.

As regards the personal data we process as processors within provision of the Services, we cannot globally define the exact scope of data processed because this is determined by our clients (controllers) in the respective data processing agreements. However, in typical scenario we process data described in relation to marketing above in conjunction with aggregated performance analysis of game usage and in-game data provided to us by the controller. Generally, we look into how users interact with game’s features and subsequently advice the game developer how to improve the game both in terms of revenue generated as well as in terms of user experience, retention, loyalty and other performance indicators. These activities are (in principle) aggregated and not focused on a particular individual. We nevertheless understand that this still entails processing of personal data.

5. How do we collect your personal data?

In relation to the Services we provide, we collect personal data on the behalf of our clients as a processor/sub-processor therefore your personal data are typically provided to us by original controllers. This is typically within the context of the relationship between game player and game developer being contractual parties. The provision of data here is therefore voluntary.

We can also collect your personal data from you directly when we act as controller. For example, by communication with you, by conclusion of contract with you, via activity on social media or sending us a message via forms on our website (e.g. applying for position with us). Such provision of data is voluntary and if it relates to a contract, it might be contractual requirement or a requirement necessary to enter into a contract. Since the activities which lead to provision of your data to us we believe are voluntary, you should not be in a position where you have to provide the data to us.

As regards other contact forms on our website and business cooperation offers published on third party websites, we expect conclusion of a contract with you or your company and therefore we regard this communication as a pre-contractual communication. As part of contractual or personnel & payroll purposes, we do not request your consent because we rely on contract performance or our legitimate interest. The only difference is with the consent at the careers page, in where you can – voluntarily – grant us consent to keep your data longer, even if the position you applied for is closed. This is the same for employment and business relationship positions. This is not mandatory meaning that if you do not grant us this consent, we should delete your information after the open position you applied for is closed. You can revoke this consent at any time, and we will not keep your data any more provided we do not have if from other reasons (e.g. concluded contract).

6. Who are recipients of your personal data?

We take the confidentiality of your personal data very seriously and have policies in place to ensure that your data is only shared with authorized staff (internal recipients) or a verified/authorized third party. Our staff or internal contractors might have access to your personal data on a strictly need-to-know basis typically governed and limited by function, role and department of the particular employee. We have also put in place policies and procedures that ensure we separate data per client where possible. We also use sub-contractors to support us in providing Services which might process personal data for us. We ensure that selection of our sub-contractors and any processing of personal data by them is compliant with the GDPR. Categories of recipients of user personal data (processed on behalf of our clients) are hosting or cloud services providers as is explained in detail in our data processing agreement. As regards the other purposes, the recipients of personal data might be:

SuperScale Group based on the joint-controller agreement including our staff, personnel, directors or other internal contractors and their invoicing entities;
hosting or cloud services providers (Amazon, Google, Digital Ocean, Salesforce, AirTable, Calendly, Expandrive);
providers of standard software solutions (such as Microsoft, Amazon and Google, Slack, AirTable, Tableau, IDrive Inc. (Remote PC), Asana, Zoom, Harvest, Tulip, Slite, Workable, DocuSign, Toggl, Adobe, Teamviewer, WordPress);
providers of creative and coding software solutions (such a PyCharm (JetBrains), Docker, Ubuntu, Python Software Foundation, Dashlane, WebPack, Anaconda, Figma Blueastacks, Postman, DbVis Software AB, Krisp Technologies, Inc. win.rar GmbH);
marketing and analytics software service providers and social media platform operators (such as Google and Meta, LinkedIn, Twitter, SnapChat, Zapier, App Annie);
providers of cybersecurity tools and solutions (JumpCloud, ESET, Dashlane, Check Point Security VPN, Perimeter 81, Data Dog);
billing, accounting and legal advisors;
public authorities if required based on local law (we will share personal data outside of SuperScale only that access, use, preservation, or disclosure of the data is reasonably necessary to meet any applicable law, regulation, legal process, or enforceable governmental request);
authorized personnel of the above.

When we act as processors of our clients (controllers), we process personal data provided to us in number of applications under the clients’ name and account on their behalf. We do not consider this appointment of another sub-processor by us, but rather as exchange of data between the same-level processors based on controller’s instruction.

Sub-processors. As a data processor, SuperScale is not entitled to appoint another sub-processor or a third party to process the Personal Data without the Client’s prior consent or general authorization. Prior consent or notification of the Client is not needed for using of the Affiliates and approved Subcontractors under the MSAs, provided SuperScale ensures that data processing agreement adequate with this DPA is concluded with such sub-processors.

7. What countries do we transfer your personal data to?

By default, we do not to transfer your personal data outside the European Economic Area where not necessary. As a rule, we seek to have all cloud and servers located in the EEA. However, some of our sub-contractors or the above-mentioned recipients of personal data might be based or their servers might be co-located in the United States of America (USA). After the Court of Justice of the EU abolished the EU-US Privacy Shield in July 2020, USA is again regarded a third party not ensuring adequate level of protection. Any transfer of personal data outside the European Economic Area is done by us only under strict compliance with the GDPR. We ensure the third-party recipients in non-adequate countries concluded the EU standard contractual clauses (EU SCC) with us or follow equivalent safeguards such binding corporate rules (BCRs). EU SCC are now concluded with all above US-based sub-contractors or recipients (such as Google, Facebook, Amazon, Microsoft). All EU SCC concluded must not deviate from the template approved by the Commission (for controller-processor transfers). We seek to adopt additional safeguards where we believe the 3^rd country partner might be subject to US surveillance laws that were viewed disproportionate by the Court of Justice of the EU.

For transparency and more detailed information please see the following:

Supplier	Supplier’s privacy policy	Transfer mechanism
Adobe Systems Software Ireland	https://www.adobe.com/sk/privacy/policy.html	EU SCC with DPA available upon request here
AirTable	https://airtable.com/privacy	DPA with EU SCC as confirmed here DPA available upon request – [email protected]
Altassian (Jira, Confluence)	https://www.atlassian.com/legal/privacy-policy	DPA with EU SCC
Amazon Web Services EMEA SARL	https://aws.amazon.com/privacy/	EU SCC – with Data Processing Addendum (“DPA”) available here
Anaconda, Inc.	https://www.anaconda.com/privacy-policy	EU SCC available upon request
apilayer Data Products GmbH	https://www.ideracorp.com/Legal/APILayer/PrivacyStatement	EU based
App Annie Europe Limited	https://www.appannie.com/en/legal/privacy/	EU SCC – available upon request to [email protected] (https://www.appannie.com/en/legal/privacy/#transfers_to_other_countries)
AppLovin Corporation	https://www.applovin.com/privacy/	EU SCC available upon request
AppTweak	https://www.apptweak.com/en/legal/privacy-policy	EU SCC available upon request
Asana, Inc.	https://asana.com/terms#privacy-policy	EU SCC with DPA – available here
Binary Confidence s.r.o.	https://www.binaryconfidence.com/privacy-and-data-protection-policy/	EU based
Bluestacks	https://www.bluestacks.com/terms-and-privacy.html#eu-privacy https://www.bluestacks.com/terms-and-privacy.html#eu-privacy	EU SCC available upon request
Calendly, LLC	https://calendly.com/privacy	EU SCC with DPA available here
citadelo, s.r.o.	https://citadelo.com/en/privacy-policy/	EU based
CloudFare, Inc.	Privacy policy	EU SCC with DPA available here
Dashlane	https://www.dashlane.com/privacy	EU SCC – with DPA – available here
Datadog, Inc	https://www.datadoghq.com/legal/privacy/	EU SCC available upon request
DbVis Software AB	https://www.dbvis.com/privacy/	EU based (Sweden)
Digital Ocean	https://www.digitalocean.com/legal/privacy-policy/	EU SCC – available here
DocuSign	https://www.docusign.com/company/privacy-policy	BCR available here
Elasticsearch, Inc.	https://www.elastic.co/legal/privacy-statement	EU SCC available upon request
ESET	https://help.eset.com/ees/8/en-US/privacy_policy.html	Standard Contractual Clauses, Binding Corporate Rules or another appropriate safeguard – Data Processing Terms available here
ExpanDrive	https://www.expandrive.com/privacy-policy/
Meta	https://www.facebook.com/policy.php	EU SCC – available here
Figma, Inc.	https://www.figma.com/privacy/	EU SCC available upon request
Freshworks Inc. (Fresh Sevice)	https://www.freshworks.com/privacy	EU SCC available upon request
Google Cloud EMEA Limited	https://policies.google.com/privacy?hl=en-US	EU SCC – available here
GitHub Inc.	https://docs.github.com/en/github/site-policy/github-privacy-statement	EU SCC with DPA available here
Harvest	https://www.getharvest.com/privacy-policy	EU SCC – available here
Hi Bob Ltd.	https://www.hibob.com/privacy/privacy-policy/	EU SCC available upon request
Hotjar Ltd.	https://www.hotjar.com/legal/policies/privacy/	EU based
Hootsuite	https://www.hootsuite.com/legal/privacy	EU SCC available upon request
JumpCloud Inc.	https://jumpcloud.com/privacy	EU SCC with DPA – available here
Krisp Technologies, Inc.	https://krisp.ai/privacy-policy/	EU SCC with DPA available upon request
LinkedIn Ireland Unlimited Company	https://www.linkedin.com/legal/privacy-policy	EU SCC with DPA available here
Microsoft Ireland Operations Limited (including Visual Studio Code, TypeScript)	https://privacy.microsoft.com/en-us/privacystatement	EU SCC – available here
miniExtensions, LLC	https://miniextensions.com/privacy/	DPA with EU SCC
NestJS	https://learn.nestjs.com/p/privacy
OpenJS Foundation (WebPack)	https://openjsf.org/wp-content/uploads/sites/84/2021/04/OpenJS-Foundation-Privacy-Policy-2019-11-15.pdf	EU SCC available upon request to [email protected]
Perimeter 81	https://www.perimeter81.com/legal/privacy	EU SCC with DPA available here
Postman	https://www.postman.com/legal/privacy-policy/	EU SCC as confirmed here
PyCharm (JetBrains)	https://www.jetbrains.com/legal/docs/privacy/privacy.html	EU SCC with DPA available here
Python Software Foundation	https://www.python.org/privacy/	EU SCC available upon request
IDrive Inc. (Remote PC)	https://www.remotepc.com/privacy_policy	EU SCC available upon request
RStudio	https://www.rstudio.com/about/privacy-policy/	EU SCC available upon request
RealtimeBoard, Inc. dba Miro	https://miro.com/legal/privacy-policy/	DPA with EU SCC
Sentry	https://sentry.io/privacy/	DPA with EU SCC
Slack Technologies Limited	https://slack.com/intl/en-sk/privacy-policy	EU SCC – available here
Slite Inc	https://slite.slite.com/p/note/9f6aec3a-ad86-4646-8fbe-cfd883add9f8	EU SCC available upon request
SnapChat	https://snap.com/en-US/privacy/privacy-policy/	EU SCC with DPA available here
Tablueau SFDC Ireland Ltd. (SalesForce)	https://www.tableau.com/privacy https://www.salesforce.com/company/privacy/	EU SCC with DPA available here; BCR (SalesForce):
Teamviewer	https://www.teamviewer.com/en/gdpr/ https://www.teamviewer.com/en/privacy-policy/	EU SCC as confirmed here
Tempo ehf.	https://www.tempo.io/privacy-policy
Toggl Technology Limited	https://toggl.com/track/legal/terms/	EU SCC with DPA available here
Tulip	https://tulip.co/privacy-policy/	EU SCC available upon request : [email protected]m (https://tulip.co/privacy-policy/)
Ubuntu	https://ubuntu.com/legal/data-privacy	EU SCC available upon request
Unity Software Inc.	https://unity.com/legal/privacy-policy	EU SCC available upon request
Zapier, Inc	https://zapier.com/privacy	EU SCC with DPA available here
ZoomSphere (MicroMedia s.r.o.)	https://www.zoomsphere.com/privacy	EU based
Zoom Video Communications Inc.	https://zoom.us/privacy	EU SCC – information available here
win.rar GmbH	https://www.win-rar.com/cookies.html?&L=17	EU based (Germany -Berlin)
WordPress (AUTOMATTIC)	https://automattic.com/privacy/	EU SCC with DPA available upon request here
Workable Software Private Company	https://www.workable.com/privacy	EU SCC as stated in DPA available here

8. How long do we store your personal data?

We must not and we do not want to store your personal data for longer than necessary for the given purpose of processing. Due to this legal requirement but also due to technical and financial aspects of data storage we actively delete data where no longer necessary. Retention periods are either provisioned in respective laws, data processing agreements, instructions of our controllers or are set out by us in our internal policies. When processing of your personal data is based on consent and you decide to withdraw your consent, we do not further process your personal data for the specific purpose. However, it does not exclude the possibility that we process your personal data on different legal grounds especially due to our legal obligations. General retention periods for the above purposes of processing are as follows:

Maintaining adequate level of security. Throughout duration of the business relationship and/or usage of our internal systems. We aim to delete security logs where kept once every 3 years, in case these are needed for the legal agenda.

Direct marketing communication & raising brand awareness online (marketing). Until you or us actively delete your message, comment, profile or until you object against direct marketing or revoke consent. We delete private messages on our profile and non-active marketing data once every 3 years.

Establishment, exercise or defence of legal claims (legal agenda). During the legal dispute, negotiation, or settlement, during court, administrative or criminal proceedings (can generally be from 2 to 7 years) or until the relevant limitation period has not passed, which depending on type of legal claim may generally be from 2 to 10 years (Slovak law).

Tax, billing & accounting. Generally, 10 years (for Slovak accounting documents) as of the accounting year in which the tax, billing or account documentation originated.

Contract performance. Generally, 3 years after termination of the contract or pre-contractual communication, unless required longer for legal agenda. 2 years after the applied position has been closed, provided the prospected business partner consented to it.

Personnel & payroll purposes. In relation to our internal staff, we are obliged to process certain limited data by the employment, commercial, social deductions and insurance regulations pursuant to the Art. 6(1)(c) of the GDPR. General retention period is 10 years from end of the employment relationship, unless the applicable law does not provide longer periods for certain documents (in some cases up to 70 years from employee’s date of birth under Slovak law). 2 years after the applied position has been closed, provided the prospect consented to it.

Benefits for business partners. Until withdrawal of the data subject consent or end of business cooperation.

Statistics. Only as long and only if other purposes of processing are relevant. As soon as the data is not personal, GDPR does not apply and retention periods are unlimited.

All retention periods related to the personal data we process for our clients (controllers) are determined by our clients. We can only keep such personal data during the term of our data processing agreement after which we must return or erase all personal data about clients’ data subjects. However, we might erase personal data even sooner, if the client instructs us to do so for example if the client does not regard storing such data no longer necessary for the given purpose. Please also see storage period for cookies we use on our websites (below).

9. What rights do you have as the data subject?

When we process your personal, you have data subject rights under the Article 15 to 22 of the GDPR. Among others, you have:

right to request information and access to your personal data according to Article 15 GDPR;
right to rectification of inaccurate data (and completion of incomplete data) according to Article 16 GDPR;
right to erasure of personal data according to Article 17 GDPR (right to be forgotten);
right to restriction of processing according to Article 18 GDPR;
notification right regarding rectification, erasure or restriction according to Article 19 GDPR;
the right to data portability according to Article 20 GDPR.
right to object against processing according to Article 21 GDPR; and
right not to be subject to individual decision making according to Article 22 GDPR (which we do not undertake).

However, these are not absolute rights which only exist if the relevant conditions are met. For example, right for erasure does not apply in case such personal data is required for compliance with legal obligation (legal compliance) or for the establishment, exercise or defence of legal claims (legal enforcement). The only absolute right is right to object against direct marketing under Article 21 (2) of the GDPR which is not linked to any further condition and we must always comply with such objection. Please contact us if you have a general query about your data subject rights.

We must explicitly bring to your attention the following information:

As regards consent: “You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.”
As regards right to object: “You have right to object to any processing that is based on legitimate interest or public interest (we do not rely on public interest) including to profiling pursuant to the Article 21 GDPR. You also have a right to object to any direct marketing processing of your personal data including profiling.”

You have also a right to lodge a complaint to the relevant data protection supervisory authority. Please note that our lead supervisory data protection authority is the Slovak Data Protection Authority (www.dataprotecton.gov.sk).

When enforcing your data subject rights, please be as explicit and detailed as possible. Otherwise, we might respond with request to clarify a generic, vague or too general requests which in turn delays getting the information you request. As mentioned above, if you are our clients’ user, we are not entitled to handle your request. These should be addressed to the controller (our client, i.e. game developer).

10. How we use cookies?

For further information please see our Cookie Policy.

11. How we use social networks?

Please read relevant privacy policies to better understand processing of your personal data by providers of social media platforms. We only have a typical admin control over the personal data processed by us via our own company profile. We assume that by using these social media platforms, you understand that your personal data might be processed for other purposes and that your personal data might by transferred to other third countries and third parties by providers of social media platforms.

Facebook / Instagram (Meta)

In connection with the processing of statistical data on the use of our Facebook and Instagram profile, we have the status of a joint controller with Meta, while basic information on the agreement of joint controllers pursuant Art. 26 (1) and (2) can be found here: https://www.facebook.com/legal/terms/page_controller_addendum

Our social media add-ons are integrated on our website. You will recognize them by the Facebook / Instagram logo on the website. When you visit our website, Meta receives information that you have visited our website with your IP address. If you click on the Facebook / Instagram icon available on our website while you are signed in and / or registered to your Facebook / Instagram account, the content of the website is redirected to your Facebook / Instagram profile. Consequently, Meta may associate your visit to your website with your user account. Data is transferred regardless of whether you have a Facebook / Instagram account or not. Please note that when using our website, we have no influence on the data collected and the data processing processes, and we also do not know the overall scope of the data being collected, the purpose of the processing or the data processing. of such data. Meta stores your information about you as user profiles and uses it for your own advertising, market research, and / or customizing your services and tools to registered users. Such evaluation is performed in order to inform other Facebook / Instagram users of your activities on our website. You are entitled to object against the creation of such user profiles, and you must contact Facebook to lodge an objection against that processing. We always recommend you sign out of your Facebook / Instagram account, especially to avoid associating your online activity with your profile. For more information about the purpose and scope of your data discovery and processing by Meta, please visit the Meta Privacy Statement at Instagram Data Policy and Facebook Privacy Policy

We would also like to inform you that we can use the services provided by Meta Platforms Ireland Limited, which are labelled as “data file custom audiences” – the management of the audience for advertising campaigns, and may combine the data we process with personal data processed in Facebook and “measurement and analytics”, in which Meta processes personal data on our behalf to measure the performance and reach of our advertising campaigns and provide us with user reports that have seen and responded to our advertising content. Therefore, this processing of your personal data may occur if you interact with our advertising content or our websites as you use your Facebook-based user profile. In such cases, we use Meta as the processor, using the following legal safeguards to process your personal data: https://www.facebook.com/legal/terms/businesstools, https://www.facebook.com/legal/terms/dataprocessing.

If the above-described processing of personal data interferes with you, you can object to it or you can also use the available self-regulatory tools developed for the online marketing sector, available here: http://www.aboutads.info/choices or www.youronlinechoices.eu. These online tools allow you to automatically identify and delete third-party digital identifiers (including those from Facebook or Instagram) in your browser, thereby preventing your personal data from being processed.

LinkedIn

Our website also has an integrated plug-in of the LinkedIn social network, which is operated by LinkedIn Company, Inc., 1000 W Maude Sunnyvale, CA 94085, USA. SuperScale has no influence on the processing of your personal data by the LinkedIn as controller of this social network nor control except common administration of our LinkedIn profile. For more information on the processing of your personal data, you can read the LinkedIn Privacy Policy.

We can use LinkedIn also as our processor during support the sales, recruiting, marketing, educational or other business practices aimed on increasing awareness of SuperScale in online environment towards relevant professional audience based on this Data Processing Addendum.

Twitter

Our website also has an integrated plug-in of the Twitter social network, which is operated by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A. SuperScale has no influence on the processing of your personal data by the Twitter as controller of this social network nor control except common administration of our Twitter profile For more information on the processing of your personal data, you can read the Twitter Privacy Policy.

12. What happens in case of changes to this Privacy Policy?

We may change this Privacy Policy from time to time by posting the most current Privacy Policy and its effective date on our website. In case we change this privacy policy substantially, we may bring such changes to your attention by explicit notice on our websites or by email.

Our website might contain links to other websites and/or services of different providers than us. We are not responsible for content, changes, amendments and provision of websites or services of different providers than us including other Privacy Policies of third parties. This Privacy Policy does not apply on the processing of personal data during browsing or using websites or services of different providers than us.

SuperScale s. r. o.

SUPERSCALE UK LTD

SuperScale CZ, s.r.o.

March 2023

Cookie	Duration	Description
__cfruid	session	Cloudflare sets this cookie to identify trusted web traffic.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional	1 year	The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Performance".
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
visitor_id971653	10 years	Used by Pardot to provide protection against hackers.
visitor_id971653-hash	10 years	Used by Pardot to provide protection against hackers.

Cookie	Duration	Description
_calendly_session	21 days	Calendly, a Meeting Schedulers, sets this cookie to allow the meeting scheduler to function within the website and to add events into the visitor’s calendar.
_gaexp	1 month 6 days 9 hours 24 minutes	Google Analytics installs this cookie to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_PSXVCB6R9N	2 years	This cookie is installed by Google Analytics.
_gat_UA-173282740-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
pardot	past	The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.

Cookie	Duration	Description
uuid	never	MediaMath sets this cookie to avoid the same ads from being shown repeatedly and for relevant advertising.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Policy

Let's work together