Effective date: 25.05.2018
We take privacy very seriously.
Being an EU-based company, we must comply with the EU general data protection regulation (the „GDPR“) when processing the personal data.
If you have any questions concerning how we process your personal data, you can contact us at firstname.lastname@example.org or by post using our registered seat address above.
WHY DO WE PROCESS YOUR PERSONAL DATA?
Generally, we need to process personal data in order to:
- provide the Services to our clients;
- meet our legal or contractual obligations;
- pursue legitimate interests of us or our clients.
In order to provide the Service to our clients, we typically process personal data about users of our clients for the following purposes:
|Purpose||Legal basis||Our position & explanation|
|Campaign performance analysis||Legitimate interest pursuant to the Art. 6(1)(f) of the GDPR (determined by our clients)||As part of our Service we analyze performance of various online marketing campaigns for clients’ games or similar products in order to select the correct channel for their audience. Since this processing happens strictly under clients’ instruction and on their behalf, we act as processors on behalf of our clients being controllers. Although determining the purpose and legal basis of processing is controller’s responsibility, most of our clients are relying on their legitimate interests as game developers when analyzing campaign performance for their games.|
For avoidance of doubts, the above activities may entail processing of anonymous data not necessarily linkable to an individual. We would nevertheless like to be transparent about what we do with data generally. If you are our potential client and you are interested to know more about how we approach the above, please contact us at email@example.com and request Privacy Memorandum for our Service. This is our company presentation in respect to the personal data, GDPR and e-Privacy.
In order to meet our legal or contractual obligations and in order to pursue our own legitimate interests, we might process personal data about our clients (their employees) or visitors of our websites and social media profiles for the following purposes:
|Purpose||Legal basis||Our position & explanation|
|Maintaining social media profiles||Legitimate interest pursuant to the Art. 6(1)(f) of the GDPR||We maintain several business profiles on social media platforms where you can interact or communicate with us. By doing so, we act as a controller pursuing its own legitimate interest: increasing company/brand awareness in the online environment. We might process your personal data via our social media profiles when you write to us, comment, like or share our posts. Your provision of personal data via social media to us is voluntary. Please read relevant privacy policies to better understand processing of your personal data by providers of social media platforms. We only have a typical admin control over the personal data processed by us via our own company profiles. We assume that by using these social media platforms, you understand that your personal data might be processed for other purposes and that your personal data might by transferred to other third countries and third parties by providers of social media platforms. You can currently find us on Facebook and Twitter.|
|Legal compliance||Compliance with legal obligations pursuant to the Art. 6(1)(c) of the GDPR||We need to comply with various legal obligations in the field of billing, tax & accounting, security of personal data, employment, handling data subject requests, consumer protection and similar which might entail processing of your personal data. Although these might be regarded as separate purposes of processing, in all cases we act a controller complying with legal/statutory obligations stemming from the local law.|
|Legal enforcement||Legitimate interest pursuant to the Art. 6(1)(f) of the GDPR||From time to time, we might need to pursue a legal claim, ask for compensation or off-court settlement, keep evidence for potential dispute, manage, keep and perform legal contracts, request legal advice from external advisors, report illegal activity to law enforcement authorities or otherwise protect our legitimate legal interests (i.e. enforcing our legal rights). In doing so, we act as a controller.|
HOW DO WE COLLECT YOUR PERSONAL DATA?
Generally, we collect personal data on the behalf of our clients as a processor therefore your personal data are provided to us by original controllers. We can also collect your personal data from you directly e.g. by communication with you, conclusion of contract, activity on social media platforms or sending us a message via forms on our website. Such provision of data is voluntary and if it relates to a contract, it might be contractual requirement or a requirement necessary to enter into a contract.
WHO ARE RECIPIENTS OF YOUR PERSONAL DATA?
We take the confidentiality of your personal data very seriously and have policies in place to ensure that your data is only shared with authorized personnel at our company or a verified/authorized third party. Our staff might have access to your personal data on a strictly need-to-know basis typically governed and limited by function, role and department of the particular employee. We also use sub-contractors to support us in providing the Service who might process personal data for us. We ensure that selection of our sub-contractors and any processing of personal data by them is compliant with the GDPR. Categories of recipients of user personal data (processed on behalf of our clients) are hosting or cloud services providers as is explained in detail in our data processing agreement. As regards the other purposes, the recipients of personal data might be:
- hosting or cloud services providers;
- providers of standard software equipment (such as Microsoft and Google);
- marketing and analytics software service providers;
- social media platform operators;
- billing, accounting and legal advisors;
- public authorities if required based on local law;
- authorized personnel of the above.
In case that we are processors of your personal data we do not appoint another sub-processor unless we have prior approval of the controller.
WHAT COUNTRIES DO WE TRANSFER YOUR PERSONAL DATA TO?
By default, we seek not to transfer your personal data outside the EU and/or European Economic Area where not necessary. However, some of our sub-contractors or the above-mentioned recipients of personal data might be based or their servers might be located in the United States of America (U.S.). As such, US is regarded a third party not ensuring adequate level of protection. However, companies certified under the EU-US Privacy Shield mechanism according to the Commission (EU) are regarded as ensuring adequate level of protection. Any transfer of personal data outside the European Economic Area is done by us only under strict compliance with the GDPR. We ensure the third-party recipients are either certified under the EU-US Privacy Shield, concluded EU model clauses with us or follow equivalent safeguards in place.
HOW LONG DO WE STORE YOUR PERSONAL DATA?
We must not and we do not want to store your personal data for longer than necessary for the given purpose of processing. Due to this legal requirement but also due to technical and financial aspects of data storage we actively delete data where no longer necessary. Retention periods are either provisioned in respective laws or are set out by us in our internal policies. When processing of your personal data is based on consent and you decide to withdraw your consent, we do not further process your personal data for the specific purpose. However, it does not exclude the possibility that we process your personal data on different legal grounds especially due to our legal obligations. General retention periods for the above purposes of processing are as follows:
|Client purposes||All retention periods for client purposes (campaign performance analysis) are determined by our clients. We can only keep such personal data during the term of our data processing agreement after which we must return or erase all personal data about clients’ users. However, we might erase personal data even sooner, if the client instructs us to do so for example if the client does not regard storing such data no longer necessary for the given purposes. This might be the case when client processes personal data about potential users who eventually do not purchase a license from the client. In that case, we delete all data related to the users after 30 days.|
|Statistics||Only as long and only if other purposes of processing are relevant.|
|Maintaining social media profiles||Until you or us actively delete your message, comment, profile or you request deletion of your data. We delete private messages on our profile once a year.|
|Legal compliance||Generally 5 years or as long as necessary to comply with the local law.|
|Legal enforcement||Generally 3 years or during the pending legal proceedings.|
WHAT RIGHTS DO YOU HAVE?
Please note, that if you are our clients’ user, we are contractually entitled to handle your data subject request when they relate to clients’ purposes. These should be addressed to your controller (our client). If we process your personal data as a controller, you have so-called data subject rights under the Article 15 to 22 of the GDPR. Among others, you have:
- right to request access to your personal data according to Article 15 GDPR;
- right to rectification according to Article 16 GDPR;
- right to erasure of personal data according to Article 17 GDPR;
- right to restriction of processing according to Article 18 GDPR;
- right to object to processing according to Article 21 GDPR; and
- the right to data portability according to Article 20 GDPR.
However, these are not absolute rights which only exist if the relevant conditions are met. For example, right for erasure does not apply in case such personal data is required for compliance with legal obligation (legal compliance) or for the establishment, exercise or defense of legal claims (legal enforcement). Please contact us if you have a general query about your data subject rights.
You have the right to withdraw your consent at any time. (Please note we do not rely on consent.)
You have right to object to any processing that is based on legitimate interest or public interest including to profiling pursuant to the Article 21 GDPR.You also have a right to object to any direct marketing processing of your personal data including profiling.
(Please note we do not rely on public interest.)
You have a right to lodge a complaint related to personal data to the relevant data protection supervisory authority. Please note that our competent data protection authority is the Office for Protection of Personal Data of the Slovak Republic.
When enforcing your data subject rights, please be as explicit and detailed as possible. Otherwise, we might respond with request to clarify a generic, vague or too general requests which in turn delays getting the information you request.
Please read relevant privacy policies to better understand processing of your personal data by providers of social media platforms. We only have a typical admin control over the personal data processed by us via our own company profile. We assume that by using these social media platforms, you understand that your personal data might be processed for other purposes and that your personal data might by transferred to other third countries and third parties by providers of social media platforms.