When we provide analytic, marketing, big data or advisory services to our clients (e.g. game developers) (“Services”), we process personal data in position of data processor of our clients. As regards Services, our clients conclude a contract and a data processing agreement with SuperScale, s.r.o. which uses its sub-processors based on data processing agreement and our internal data protection policies.
We also act as data controllers in relation to data we process for our own purposes for example in the marketing, HR, legal, statistics, administrative and compliance area (see below). In respect to our own purposes SuperScale entities concluded the so-called joint controllers’ agreement under Article 26 of the GDPR. We regard both entities as part of one group or one family and often our joint activities (e.g. marketing campaigns) relate to SuperScale brand and not the individual entity. Also, staff of both SuperScale entities collaborates and cooperates together. The essence of the joint controllers’ agreement is following:
- Both SuperScale entities collaborate in joint processing activities related to all below mentioned SuperScale’s purposes;
- Internally, data subject request are primarily handled by SuperScale s. r. o. (Slovakia);
- Our main establishment is located in Slovakia;
- SuperScale entities share data for the internal administrative purposes (as per recital 48 of the GDPR);
- Each SuperScale entity may conclude agreements with processors also on behalf / for the benefit of the other SuperScale entity;
If you have any questions concerning how we process your personal data, you can contact us at [email protected] or by post using our registered seat addresses above (SuperScale s. r. o., Zálužická 1, Bratislava 821 01, Slovakia). We have not appointed data protection officer, but we have internally appointed a number of persons responsible for data protection agenda in general. We also use external legal advisors in this respect.
Please note that when the processing concerns provision of the Services, we are not entitled to handle or respond to your request on behalf of our clients. If you have questions about how our clients (e.g. game developers) use your data (including via us), please get in touch with them. We can only forward your requests to them.
FOR WHAT PURPOSES AND ON WHAT BASIS WE PROCESS PERSONAL DATA?
We process the personal data for the following purposes of processing and on the following legal basis:
In order to provide the Services, we process personal as a data processor on behalf of our clients (e.g. game developers). The purpose and legal basis of such processing is determined individually by each client and not but us. However, our clients generally describe the purpose of processing as:
- product improvement purposes, e.g. improvement, development, maintenance and testing of the app/software and its new features or updates;
- direct marketing communication, conducting marketing campaigns and related marketing analytics; or
- raising awareness about the organization, its products and services online.
As a controller, we process personal data for the following (compatible) purposes:
- Maintaining adequate level of security (security). We consider security of our assets, property, staff and generally our informational security to be both our legal obligation pursuant to the Art. 6(1)(c) of the GDPR as well as our legitimate interests pursuant to the Art. 6(1)(f) of the GDPR (underlined above). Based on our legitimate interest on security, we monitor usage of our systems internally to detect breach of the internal policies, unauthorized operations in our systems or harmful bots, codes or conduct. This purpose involves adoption of adequate security measures, their periodic assessment and review.
- Direct marketing communication & raising brand awareness online (marketing). We consider processing of personal data for direct marketing our legitimate interests pursuant to the Art. 6(1)(f) of the GDPR (underlined above) as confirmed by recital 47 of the GDPR. However, where required by ePrivacy or other legal regulations (such as the Polish Act on Provision of Electronic Services or Slovak Act on Electronic Communications), we rely on data subject consent pursuant to the Art. 6(1)(a) of the GDPR instead. This purpose is related to direct marketing communication of SuperScale products for example via our own marketing campaigns, newsletters, events, blogs as well as raising brand awareness through our social media profiles, online interaction with users, maintaining our websites and publication of team or event photos where allowed.
- Establishment, exercise or defence of legal claims (legal agenda). As any business, we have a legal agenda. Therefore, from time to time we must pursue our legal claims, ask for compensation or settlement and keep legal evidence, request legal advice from external advisors, ensure compliance with regulations, get represented by legal advisors in court, criminal, administrative or other proceedings or report to law enforcement authorities or otherwise. We do this on the basis of our legitimate interests pursuant to the Art. 6(1)(f) of the GDPR (underlined above) or on the basis of contract performance pursuant to the Art. 6(1)(b) of the GDPR in case of limited contract enforcement.
- Tax, billing & accounting. In order to comply with tax, billing & accounting regulations we must process certain limited scope of personal data. We do this because we are obliged to do so pursuant to the Art. 6(1)(c) of the GDPR.
- Contract performance. We conclude number of legal contracts with both individuals and other businesses which serve to support our essential business activities. We need to enforce, perform and manage contracts and we do that based on our legitimate interests pursuant to the Art. 6(1)(f) of the GDPR (underlined above) or based on contract performance pursuant to the Art. 6(1)(b) of the GDPR. Our legitimate interest on contract performance also includes situations where personal data about personnel, staff or contacts is processing in B2B contract. This purpose also covers any pre-contractual negotiation or processing data via most contact forms on our website because as stems from Article 6(1)(b) GDPR: “…or in order to take steps at the request of the data subject prior to entering into a contract.” Based on consent pursuant to the Art. 6(1)(a) of the GDPR we keep CVs and motivation letters of prospective business partners for periods after the applied position has been closed, to be able to get back to you in future.
- Personnel & payroll purposes. In relation to our internal staff, we are obliged to process certain limited data by the employment, commercial, social deductions and insurance regulations pursuant to the Art. 6(1)(c) of the GDPR. We also rely on contract performance pursuant to the Art. 6(1)(b) of the GDPR when it comes to contracts with personnel and pre-contractual relationships. Based on consent pursuant to the Art. 6(1)(a) of the GDPR we keep CVs and motivation letters of prospective candidates for periods after the applied position has been closed, to be able to get back to you in future.
- Benefits for business partners. On the basis of data subject consent to the Art. 6(1)(a) of the GDPR we provide personal data of our business partners to 3rd party benefits providers.
- Statistics. We keep anonymous or aggregated statistics like number of clients, campaigns or users, costs saved, average conversion rate and similar. We make sure such statistics are not personal data, however, these statistics might be made by conversion from the personal data about our clients. In line with Art. 89 of the GDPR, statistical processing is performed on this basis of any of above-mentioned legal bases.
WHAT PERSONAL DATA DO WE PROCESS?
We only process personal data which is necessary both in scope of type to for the purposes of processing explained above. We believe this entails typical categories of personal data in relation to typical business purposes of processing. Systematic processing of special categories of personal data under Article 9 of the GDPR is not present at SuperScale. However, we cannot exclude the possibility of such processing in relation to the personnel and payroll purposes if the law and the specific situation require us to do so for example in relation to the data relating to health. We also do not process personal data relating to criminal convictions and offences under Article 10 of the GDPR. Therefore, for the most purposes we only process the basic identification and contact personal data including typical communication data and content. As regards marketing, we process data typically collected by using business features of social media and website analytics software solutions such as data pushed through the cookies, website browsers and advertisement identifiers. We believe such processing – regardless of whether we have actual access to such information or not – includes elements of profiling but not individual decision-making.
HOW DO WE COLLECT YOUR PERSONAL DATA?
In relation to the Services we provide, we collect personal data on the behalf of our clients as a processor/sub-processor therefore your personal data are typically provided to us by original controllers. This is typically within the context of the relationship between game player and game developer being contractual parties. The provision of data here is therefore voluntary.
We can also collect your personal data from you directly when we act as controller. For example, by communication with you, by conclusion of contract with you, via activity on social media or sending us a message via forms on our website (e.g. applying for position with us). Such provision of data is voluntary and if it relates to a contract, it might be contractual requirement or a requirement necessary to enter into a contract. Since the activities which lead to provision of your data to us we believe are voluntary, you should not be in a position where you have to provide the data to us.
As regards other contact forms on our website and business cooperation offers published on third party websites, we expect conclusion of a contract with you or your company and therefore we regard this communication as a pre-contractual communication. As part of contractual or personnel & payroll purposes, we do not request your consent because we rely on contract performance or our legitimate interest. The only difference is with the consent at the careers page, in where you can – voluntarily – grant us consent to keep your data longer, even if the position you applied for is closed. This is the same for employment and business relationship positions. This is not mandatory meaning that if you do not grant us this consent, we should delete your information after the open position you applied for is closed. You can revoke this consent at any time, and we will not keep your data any more provided we do not have if from other reasons (e.g. concluded contract).
WHO ARE RECIPIENTS OF YOUR PERSONAL DATA?
We take the confidentiality of your personal data very seriously and have policies in place to ensure that your data is only shared with authorized staff (internal recipients) or a verified/authorized third party. Our staff or internal contractors might have access to your personal data on a strictly need-to-know basis typically governed and limited by function, role and department of the particular employee. We have also put in place policies and procedures that ensure we separate data per client where possible. We also use sub-contractors to support us in providing Services which might process personal data for us. We ensure that selection of our sub-contractors and any processing of personal data by them is compliant with the GDPR. Categories of recipients of user personal data (processed on behalf of our clients) are hosting or cloud services providers as is explained in detail in our data processing agreement. As regards the other purposes, the recipients of personal data might be:
- both SuperScale entities including our staff, personnel, directors or other internal contractors and their invoicing entities;
- hosting or cloud services providers (Amazon, Google, Digital Ocean, Salesforce, AirTable, Calendly, Expandrive );
- providers of standard software solutions (such as Microsoft, Amazon and Google, Slack, AirTable, Tableau, IDrive Inc. (Remote PC), Asana, Zoom, Harvest, Tulip, Slite, Workable, DocuSign, Toggl, Adobe, Teamviewer, WordPress);
- providers of creative and coding software solutions (such a PyCharm (JetBrains), Docker, Ubuntu, Python Software Foundation, Dashlane, WebPack, Anaconda, Figma Blueastacks, Postman, DbVis Software AB, Krisp Technologies, Inc. win.rar GmbH);
- marketing and analytics software service providers and social media platform operators (such as Google and Facebook, LinkedIn, SnapChat, Zapier, App Annie);
- providers of cybersecurity tools and solutions (JumpCloud, ESET, Dashlane, Check Point Security VPN, Perimeter 81, Data Dog)
- billing, accounting and legal advisors;
- public authorities if required based on local law (we will share personal data outside of SuperScale only that access, use, preservation, or disclosure of the data is reasonably necessary to meet any applicable law, regulation, legal process, or enforceable governmental request);
- authorized personnel of the above.
When we act as processors of our clients (controllers), we process personal data provided to us in number of applications under the clients’ name and account on their behalf. We do not consider this appointment of another sub-processor by us, but rather as exchange of data between the same-level processors based on controller’s instruction.
- Sub-processors. As a data processor, SuperScale is not entitled to appoint another sub-processor or a third party to process the Personal Data without the Client’s prior consent or general authorization. Prior consent or notification of the Client is not needed for using of the Affiliates and approved Subcontractors under the Work Orders, provided SuperScale ensures that data processing agreement adequate with this DPA is concluded with such sub-processors.
WHAT COUNTRIES DO WE TRANSFER YOUR PERSONAL DATA TO?
By default, we do not to transfer your personal data outside the European Economic Area where not necessary. As a rule, we seek to have all cloud and servers located in the EEA. However, some of our sub-contractors or the above-mentioned recipients of personal data might be based or their servers might be co-located in the United States of America (USA). After the Court of Justice of the EU abolished the EU-US Privacy Shield in July 2020, USA is again regarded a third party not ensuring adequate level of protection. Any transfer of personal data outside the European Economic Area is done by us only under strict compliance with the GDPR. We ensure the third-party recipients in non-adequate countries concluded the EU standard contractual clauses (EU SCC) with us or follow equivalent safeguards such binding corporate rules (BCRs). EU SCC are now concluded with all above US-based sub-contractors or recipients (such as Google, Facebook, Amazon, Microsoft). All EU SCC concluded must not deviate from the template approved by the Commission (for controller-processor transfers). We seek to adopt additional safeguards where we believe the 3rd country partner might be subject to US surveillance laws that were viewed disproportionate by the Court of Justice of the EU.
For transparency and more detailed information please see the following:
|Adobe||https://www.adobe.com/sk/privacy/policy.html||EU SCC with DPA available upon request here|
|AirTable||https://airtable.com/privacy||DPA with EU SCC as confirmed here
DPA available upon request – [email protected]
|Amazon||https://aws.amazon.com/privacy/||EU SCC – with Data Processing Addendum (“DPA”)
|Anaconda, Inc.||https://www.anaconda.com/privacy-policy||EU SCC available upon request|
|App Annie||https://www.appannie.com/en/legal/privacy/||EU SCC – available upon request to [email protected] (https://www.appannie.com/en/legal/privacy/#transfers_to_other_countries)|
|Asana||https://asana.com/terms#privacy-policy||EU SCC with DPA – available here|
|Bluestacks||https://www.bluestacks.com/terms-and-privacy.html#eu-privacy||EU SCC available upon request|
|Calendly||https://calendly.com/privacy||EU SCC with DPA available here|
|Dashlane||https://www.dashlane.com/privacy||EU SCC – with DPA – available here|
|Datadog, Inc||https://www.datadoghq.com/legal/privacy/||EU SCC available upon request|
|DbVis Software AB||https://www.dbvis.com/privacy/||EU based (Sweden)|
|Digital Ocean||https://www.digitalocean.com/legal/privacy-policy/||EU SCC – available here|
|DocuSign||https://www.docusign.com/company/privacy-policy||BCR available here|
|ESET||https://help.eset.com/ees/8/en-US/privacy_policy.html||Standard Contractual Clauses, Binding Corporate Rules or another appropriate safeguard –
Data Processing Terms available here
|https://www.facebook.com/policy.php||EU SCC – available here|
|Figma||https://www.figma.com/privacy/||EU SCC available upon request|
|https://policies.google.com/privacy?hl=en-US||EU SCC – available here|
|GitHub Inc.||https://docs.github.com/en/github/site-policy/github-privacy-statement||EU SCC with DPA available here|
|Harvest||https://www.getharvest.com/privacy-policy||EU SCC – available here|
|Check Point Security VPN||https://www.checkpoint.com/privacy/||EU SCCavailable upon request: [email protected] (https://www.checkpoint.com/privacy/#6)|
|JumpCloud||https://jumpcloud.com/privacy||EU SCC – available here|
|Krisp Technologies, Inc.||https://krisp.ai/privacy-policy/||EU SCC with DPA available upon request|
|https://www.linkedin.com/legal/privacy-policy||EU SCC with DPA available here|
|Microsoft including Visual Studio Code, TypeScript,||https://privacy.microsoft.com/en-us/privacystatement||EU SCC – available here|
|OpenJS Foundation (WebPack)||https://openjsf.org/wp-content/uploads/sites/84/2021/04/OpenJS-Foundation-Privacy-Policy-2019-11-15.pdf||EU SCC available upon request to [email protected]|
|Perimeter 81||https://www.perimeter81.com/legal/privacy||EU SCC with DPA available here|
|Postman||https://www.postman.com/legal/privacy-policy/||EU SCC as confirmed here|
|PyCharm (JetBrains)||https://www.jetbrains.com/legal/docs/privacy/privacy.html||EU SCC with DPA available here|
|Python Software Foundation||https://www.python.org/privacy/||EU SCC available upon request|
|IDrive Inc. (Remote PC)||https://www.remotepc.com/privacy_policy||EU SCC available upon request
|RStudio||https://www.rstudio.com/about/privacy-policy/||EU SCC available upon request
|Slack||https://slack.com/intl/en-sk/privacy-policy||EU SCC – available here|
|Slite||https://slite.slite.com/p/note/9f6aec3a-ad86-4646-8fbe-cfd883add9f8||EU SCC available upon request|
|SnapChat||https://snap.com/en-US/privacy/privacy-policy/||EU SCC with DPA available here|
|https://www.tableau.com/privacy||EU SCC with DPA available here BCR (SalesForce)|
|Teamviewer||https://www.teamviewer.com/en/gdpr/||EU SCC as confirmed here|
|Toggl||https://toggl.com/track/legal/terms/||EU SCC with DPA available here|
|Tulip||https://tulip.co/privacy-policy/||EU SCC available upon request : [email protected]
|Ubuntu||https://ubuntu.com/legal/data-privacy||EU SCC available upon request|
|Zapier, Inc||https://zapier.com/privacy||EU SCC with DPA available here|
|Zoom Video Communications||https://zoom.us/privacy||EU SCC – information available here|
|win.rar GmbH||https://www.win-rar.com/cookies.html?&L=17||EU based (Germany -Berlin)|
|https://automattic.com/privacy/||EU SCC with DPA available upon request here|
|Workable||https://automattic.com/privacy/||EU SCC as stated in DPA available here|
HOW LONG DO WE STORE YOUR PERSONAL DATA?
We must not and we do not want to store your personal data for longer than necessary for the given purpose of processing. Due to this legal requirement but also due to technical and financial aspects of data storage we actively delete data where no longer necessary. Retention periods are either provisioned in respective laws, data processing agreements, instructions of our controllers or are set out by us in our internal policies. When processing of your personal data is based on consent and you decide to withdraw your consent, we do not further process your personal data for the specific purpose. However, it does not exclude the possibility that we process your personal data on different legal grounds especially due to our legal obligations. General retention periods for the above purposes of processing are as follows:
- Maintaining adequate level of security. Throughout duration of the business relationship and/or usage of our internal systems. We aim to delete security logs where kept once every 3 years, in case these are needed for the legal agenda.
- Direct marketing communication & raising brand awareness online (marketing). Until you or us actively delete your message, comment, profile or until you object against direct marketing or revoke consent. We delete private messages on our profile and non-active marketing data once every 3 years.
- Establishment, exercise or defence of legal claims (legal agenda). During the legal dispute, negotiation, or settlement, during court, administrative or criminal proceedings (can generally be from 2 to 7 years) or until the relevant limitation period has not passed, which depending on type of legal claim may generally be from 2 to 10 years (Slovak law) or from 3 to 6 years (Polish law).
- Tax, billing & accounting. Generally, 5 years (for Polish accounting documents) or 10 years (for Slovak accounting documents) as of the accounting year in which the tax, billing or account documentation originated.
- Contract performance. Generally, 3 years after termination of the contract or pre-contractual communication, unless required longer for legal agenda.
- Personnel & payroll purposes. In relation to our internal staff, we are obliged to process certain limited data by the employment, commercial, social deductions and insurance regulations pursuant to the Art. 6(1)(c) of the GDPR. General retention period is 10 years from end of the employment relationship, unless the applicable law does not provide longer periods for certain documents (in some cases up to 50 years under Polish law or 70 years from employee’s date of birth under Slovak law).
- Benefits for business partners. Until withdrawal of the data subject consent or end of business cooperation.
- Statistics. Only as long and only if other purposes of processing are relevant. As soon as the data is not personal, GDPR does not apply and retention periods are unlimited.
All retention periods related to the personal data we process for our clients (controllers) are determined by our clients. We can only keep such personal data during the term of our data processing agreement after which we must return or erase all personal data about clients’ data subjects. However, we might erase personal data even sooner, if the client instructs us to do so for example if the client does not regard storing such data no longer necessary for the given purpose. Please also see storage period for cookies we use on our websites (below).
WHAT RIGHTS DO YOU HAVE?
When we process your personal, you have data subject rights under the Article 15 to 22 of the GDPR. Among others, you have:
- right to request information and access to your personal data according to Article 15 GDPR;
- right to rectification of inaccurate data (and completion of incomplete data) according to Article 16 GDPR;
- right to erasure of personal data according to Article 17 GDPR (right to be forgotten);
- right to restriction of processing according to Article 18 GDPR;
- notification right regarding rectification, erasure or restriction according to Article 19 GDPR;
- the right to data portability according to Article 20 GDPR.
- right to object against processing according to Article 21 GDPR; and
- right not to be subject to individual decision making according to Article 22 GDPR (which we do not undertake).
However, these are not absolute rights which only exist if the relevant conditions are met. For example, right for erasure does not apply in case such personal data is required for compliance with legal obligation (legal compliance) or for the establishment, exercise or defence of legal claims (legal enforcement). The only absolute right is right to object against direct marketing under Article 21 (2) of the GDPR which is not linked to any further condition and we must always comply with such objection. Please contact us if you have a general query about your data subject rights.
We must explicitly bright to your attention the following information:
As regards consent: “You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.”
As regards right to object: “You have right to object to any processing that is based on legitimate interest or public interest (we do not rely on public interest) including to profiling pursuant to the Article 21 GDPR. You also have a right to object to any direct marketing processing of your personal data including profiling.”
You have also a right to lodge a complaint to the relevant data protection supervisory authority. Please note that our lead supervisory data protection authority is the Slovak Data Protection Authority (www.dataprotecton.gov.sk). You are free to contact the Polish Data Protection Authority (www.uodo.gov.pl/en) if you feel your request is more relevant to Polish territory.
When enforcing your data subject rights, please be as explicit and detailed as possible. Otherwise, we might respond with request to clarify a generic, vague or too general requests which in turn delays getting the information you request. As mentioned above, if you are our clients’ user, we are not entitled to handle your request. These should be addressed to the controller (our client, i.e. game developer).
In addition, you can also manage ads related to cookies used on our services by rejecting service providers from the table above or by visiting the YourOnlineChoices website. Typically, when we show personalized ads on third-party websites, the AdChoices icon appears. Click this icon for specific guidance on how you can regulate your online preferences related to online ads.
For more information, visit the YourAdChoices website.
You can block the installation of statistical cookies by changing the cookie settings, browsing the website in anonymous mode or activating the “Do Not Track” feature in your browser. You can also block Google Analytics cookies using tools offered by Google. This tool can be found at: https://tools.google.com/dlpage/gaoptout. Alternatively, depending on the browser you are using, configure your settings and block certain types of cookies or cookies from specific sources, or display a message asking you to consent to any storage each time cookies are stored on your computer.
For more information about setting up and configuring your browser, see the “Help” menu or another specific part of your browser. Such as:
Internet Explorer: https://support.microsoft.com/cs-cz/products/windows?os=windows-10
For mobile devices, you can visit the following website:
In particular, we use the following cookies at www.superscale.com:
|Cookie name||Description of cookie purpose||Provider||Type||Expiry|
|NID||Registers a unique ID that identifies a returning user´s device. The ID is used for targeted ads (direct marketing) and marketing analytics.||google.com||HTTP||6 months|
|rc::a||This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website and also due to security.||google.com||HTML||Persistent|
|rc::b||This cookie is used to distinguish between humans and bots due to security.||google.com||HTML||Session|
|rc::c||This cookie is used to distinguish between humans and bots due to security.||google.com||HTML||Session|
|rc::d-#||This cookie is used to distinguish between humans and bots due to security.||google.com||HTML||Persistent|
|cookielawinfo-checkbox-necessary||This cookie determines whether the user has accepted the cookie consent box. This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category ‘Necessary’.||superscale.com||HTTP||1 day|
|cookielawinfo-checkbox-non-necessary||This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category ‘Non-necessary’.||superscale.com||HTTP||1 hour|
|_ga||This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site’s analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.||superscale.com/||HTTP||2 years|
|_gat||This cookie is used by Google Analytics to throttle request rate (same purpose as _ga).||superscale.com/||HTTP||1 day|
|_gid||This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.||superscale.com/||HTTP||1 day|
|_GRECAPTCHA||This cookie is used by Google Recaptcha service for its working.||superscale.com||HTTP||179 days|
|_grecaptcha||This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.||superscale.com||HTML||Persistent|
This service from Google Inc. is an analytics tool that stores information in cookies to generate statistics about traffic to our sites. This functionality is not indispensable for browsing and serves to monitor the website’s performance and improve it. When using Google Analytics, we do not process any personal information or other identifiers usable for indirect identification (e.g., IP address) of the data subjects. However, this does not mean that your personal data is not processed by Google Inc., the Google Analytics controller. The main cookie used by Google Analytics is the _ga file. More about the types of cookies used by Google Inc. you can learn here: https://policies.google.com/technologies/types?hl=en_US or see information above.
HOW WE USE SOCIAL NETWORKS
Please read relevant privacy policies to better understand processing of your personal data by providers of social media platforms. We only have a typical admin control over the personal data processed by us via our own company profile. We assume that by using these social media platforms, you understand that your personal data might be processed for other purposes and that your personal data might by transferred to other third countries and third parties by providers of social media platforms.
In connection with the processing of statistical data on the use of our Facebook profile, we have the status of a joint controller with Facebook, while basic information on the agreement of joint controllers pursuant Art. 26 (1) and (2) can be found here: https://www.facebook.com/legal/terms/page_controller_addendum
Our social media add-ons are integrated on our website. You will recognize them by the Facebook logo on the website. When you visit our website, Facebook receives information that you have visited our website with your IP address. If you click on the Facebook icon available on our website while you are signed in and / or registered to your Facebook account, the content of the website is redirected to your Facebook profile. Consequently, Facebook may associate your visit to your website with your user account. Data is transferred regardless of whether you have a Facebook account or not. Please note that when using our website, we have no influence on the data collected and the data processing processes, and we also do not know the overall scope of the data being collected, the purpose of the processing or the data processing. of such data. Facebook stores your information about you as user profiles and uses it for your own advertising, market research, and / or customizing your services and tools to registered users. Such evaluation is performed in order to inform other Facebook users of your activities on our website. You are entitled to object against the creation of such user profiles, and you must contact Facebook to lodge an objection against that processing. We always recommend you sign out of your Facebook account, especially to avoid associating your online activity with your profile. For more information about the purpose and scope of your data discovery and processing by Facebook, please visit the Facebook Privacy Statement at: https://www.facebook.com/policy.php
We would also like to inform you that we can use the services provided by Facebook Ireland Limited, which are labelled as “data file custom audiences” – the management of the audience for advertising campaigns, and may combine the data we process with personal data processed in Facebook and “measurement and analytics”, in which Facebook processes personal data on our behalf to measure the performance and reach of our advertising campaigns and provide us with user reports that have seen and responded to our advertising content. Therefore, this processing of your personal data may occur if you interact with our advertising content or our websites as you use your Facebook-based user profile. In such cases, we use Facebook as the processor, using the following legal safeguards to process your personal data: https://www.facebook.com/legal/terms/businesstools, https://www.facebook.com/legal/terms/dataprocessing.
If the above-described processing of personal data interferes with you, you can object to it or you can also use the available self-regulatory tools developed for the online marketing sector, available here: http://www.aboutads.info/choices or www.youronlinechoices.eu. These online tools allow you to automatically identify and delete third-party digital identifiers (including those from Facebook) in your browser, thereby preventing your personal data from being processed.
SuperScale sp. z.o.o.
SuperScale s. r. o.