Privacy policy

Privacy Policy

This is the online privacy policy of Cellense s.r.o., a limited liability company established under Slovak laws, with its registered seat at Zálužická 1, Bratislava 821 01, Slovak  Republic, company ID no. (IČO): 47 523 697, registered in the Commercial Registry, kept by Bratislava I District Court under Section Sro, Insert No. 94037/B (hereinafter referred to as or “we” or “us”).

This privacy policy explains how we process personal data about users (data subjects) of our clients (typically data controllers) when providing our clients with our services known as “BuffPanel” and “Cellense (the “Services”). From this reason, this privacy policy is addressed mainly to our clients and their users but also to visitors of our websites or social media profiles. When providing the Services to our clients, we typically act as their data processors.

We take privacy very seriously. Being an EU-based company, we must comply with the EU general data protection regulation (the „GDPR) when processing the personal data.

Contact us

If you have any questions concerning how we process your personal data, you can contact us at privacy@cellense.com or by post using our registered seat address above.

Why we process your personal data?

Generally, we need to process personal data in order to:

provide the Services to our clients;
meet our legal or contractual obligations;
pursue legitimate interests of us or our clients.  

In order to provide the Services to our clients, we typically process personal data about users of our clients for the following purposes:

Purpose

Legal basis

Our position & explanation

Campaign performance analysis

Legitimate interest pursuant to the Art. 6(1)(f) of the GDPR (determined by our clients)

As part of our BuffPanel service we analyze performance of various online marketing campaigns for clients’ games or similar products in order to select the correct channel for their audience. Since this processing happens strictly under clients’ instruction and on their behalf, we act as processors on behalf of our clients being controllers. Although determining the purpose and legal basis of processing is controller’s responsibility, most of our clients are relying on their legitimate interests as game developers when analyzing campaign performance for their games.

Product improvement

Legitimate interest pursuant to the Art. 6(1)(f) of the GDPR (determined by our clients)

As part of our Cellense service we provide advisory services to our clients as regards the improvement of the game or similar product or its features. Since this processing happens strictly under clients’ instruction and on their behalf, we act as processors on behalf of our clients being controllers. Although determining the purpose and legal basis of processing is controller’s responsibility, most of our clients are relying on their legitimate interests as game developers when improving their products.

Marketing campaigns

Consent Art. 6 (1) a) of the GDPR (determined by our clients)

As part of our Cellense service we provide advisory or supportive services as regards conducting targeted marketing activities such as assisting with ordering or managing targeted marketing campaigns on behalf of the client mostly via social networks. Since this processing happens strictly under clients’ instruction and on their behalf, we act as processors on behalf of our clients being controllers. Although determining the purpose and legal basis of processing is controller’s responsibility, most of our clients are relying on their legitimate interests as game developers when conducting marketing campaigns.

Statistics

Article 89 of the GDPR

Acting as a controller, we would like to keep anonymous or aggregated statistics like number of clients, campaigns or users, costs saved, average conversion rate and similar. We make sure such statistics are not personal data, however, these statistics might be made by conversion from the personal data about our clients’ users. We believe this is a legitimate privacy non-intrusive means of processing personal data. In order to inform our clients’ users about this purpose, we must contractually request our clients to put certain wording into their privacy policy, as explained below.

For avoidance of doubts, the above activities may entail processing of anonymous data not necessarily linkable to an individual. We would nevertheless like to be transparent about what we do with data generally. If you are our potential client and you are interested to know more about how we approach the above, please contact us at privacy@cellense.com and request Privacy Memorandum for either BuffPanel or Cellense services. This is our company presentation in respect to the personal data, GDPR and e-Privacy.

In order to meet our legal or contractual obligations and in order to pursue our own legitimate interests, we might process personal data about our clients (their employees) or visitors of our websites and social media profiles for the following purposes:

Purpose

Legal basis

Our position & explanation

Maintaining social media profiles

Legitimate interest pursuant to the Art. 6(1)(f) of the GDPR

We maintain several business profiles on social media platforms where you can interact or communicate with us. By doing so, we act as a controller pursuing its own legitimate interest: increasing company/brand awareness in the online environment. We might process your personal data via our social media profiles when you write to us, comment, like or share our posts. Your provision of personal data via social media to us is voluntary. Please read relevant privacy policies to better understand processing of your personal data by providers of social media platforms. We only have a typical admin control over the personal data processed by us via our own company profiles. We assume that by using these social media platforms, you understand that your personal data might be processed for other purposes and that your personal data might by transferred to other third countries and third parties by providers of social media platforms. You can currently find us on Facebook, XXX

Legal compliance

Compliance with legal obligations pursuant tothe Art. 6(1)(c) of the GDPR

We need to comply with various legal obligations in the field of billing, tax & accounting, security of personal data, employment, handling data subject requests, consumer protection and similar which might entail processing of your personal data. Although these might be regarded as separate purposes of processing, in all cases we act a controller complying withlegal / statutory obligations stemming from the local law.

Legal enforcement

Legitimate interest pursuant to the Art. 6(1)(f) of the GDPR

From time to time, we might need to pursue a legal claim, ask for compensation or off-court settlement, keep evidence for potential dispute, manage, keep and perform legal contracts, request legal advice from external advisors, report illegal activity to law enforcement authorities or otherwise protect our legitimate legal interests (i.e. enforcing our legal rights). In doing so, we act as a controller.

How we collect your personal data?

Generally, we collect personal data on the behalf of our clients as a processor therefore your personal data are provided to us by original controllers. We can also collect your personal data from you directly e.g. by communication with you, conclusion of contract, activity on social media platforms or sending us a message via form on our website. Such provision of data is voluntary and if it relates to a contract, it might be contractual requirement or a requirement necessary to enter into a contract.

Who are recipients of your personal data?

We take the confidentiality of your personal data very seriously and have policies in place to ensure that your data is only shared with authorized personnel at our companyor a verified/authorized third party. Our staff might have access to your personal data on a strictly need-to-know basis typically governed and limited by function, role and department of the particular employee. We also use sub-contractors to support us in providing the Services who might process personal data for us. We ensure that selection of our sub-contractors and any processing of personal data by them is compliant with the GDPR. Categories of recipients of user personal data (processed on behalf of our clients) are hosting or cloud services providers as is explained in detail in our data processing agreement. As regards the other purposes, the recipients of personal data might be:

Hosting or cloud services providers;  
Providers of standard software equipment (such as Microsoft and Google);
Marketing and analytics software service providers;
Social media platform operators;
Billing, accounting and legal advisors;
Public authorities if required based on local law;
Authorized personnel of the above.

In case that we are processors of your personal data we do not appoint another sub-processor unless we have prior approval of the controller.

What countries do we transfer your personal data to?

By default, we seek not to transfer your personal data outside the EU and/or European Economic Area where not necessary. However, some of our sub-contractors or the above-mentioned recipients of personal data might be based or their servers might be located in the United States of America (U.S.). As such, US is regarded a third party not ensuring adequate level of protection. However, companies certified under the EU-US Privacy Shield mechanism according to the Commission (EU) are regarded as ensuring adequate level of protection. Any transfer of personal data outside the European Economic Area is done by us only under strict compliance with the GDPR. We ensure the third-party recipients are either certified under the EU-US Privacy Shield, concluded EU model clauses with us or follow equivalent safeguards in place.

How long we store your personal data?

We must not and we do not want to store your personal data for longer than necessary for the given purpose of processing. Due to this legal requirement but also due to technical and financial aspects of data storage we actively delete data where no longer necessary. Retention periods are either provisioned in respective laws or are set out by us in our internal policies. When processing of your personal data is based on consent and you decide to withdraw your consent, we do further not process your personal data for the specific purpose. However, it does not exclude the possibility that we process your personal data on different legal grounds especially due to our legal obligations.General retention periods for the above purposes of processing are as follows:

Purpose

Retention period

Client purposes

All retention periods for client purposes (campaign performance analysis, product improvement and marketing campaigns) are determined by our clients. We can only keep such personal data during the term of our data processing agreement after which we must return or erase all personal data about clients’ users. However, we might erase personal data even sooner, if the client instructs us to do so for example if the client does not regard storing such data no longer necessary for the given purposes. This might be the case when client processes personal data about potential users who eventually do not purchase a license from the client. In that case, we delete data about them even soon – after 30 days.

Statistics

Only as long and only if other purposes of processing are relevant.

Maintaining social media profiles

Until you or us actively delete your message, comment, profile or you request deletion of your data. We delete private messages on our profile once a year.

Legal compliance

Generally 5 years or as long as necessary to comply with the local law.

Legal enforcement

Generally 3 years or during the pending legal proceedings.

What rights do you have?

Please note, that if you are our clients’ user, we are contractually entitled to handle your data subject request when they relate to clients’ purposes. These should be addressed to your controller (our client). If we process your personal data as a controller, you have so-called data subject rights under the Article 15 to 22 of the GDPR. Among others, you have:

• right to request access to your personal data according to Article 15 GDPR;

• right to rectification according to Article 16 GDPR;

• right to erasure of personal data according to Article 17 GDPR;

• right to restriction of processing according to Article 18 GDPR;

• right to object to processing according to Article 21 GDPR; and

• the right to data portability according to Article 20 GDPR.

However, these are not absolute rights which only exist if the relevant conditions are met. For example, right for erasure does not apply in case such personal data is required for compliance with legal obligation (legal compliance) or for the establishment, exercise or defense of legal claims (legal enforcement). Please contact us if you have a general query about your data subject rights.

You have the right to withdraw your consent at any time. (Please note we do not rely on consent.)

You have right to object to any processing that is based on legitimate interest or public interest including to profiling pursuant to the Article 21 GDPR. You also have a right to object to any direct marketing processing of your personal data including profiling.

(Please note we do not rely public interest.)

You have a right to lodge a complaint related to personal data to the relevant data protection supervisory authority. Please note that our competent data protection authority is the Office for Protection of Personal Data of the Slovak Republic (www.dataprotection.gov.sk).

When enforcing your data subject rights, please be as explicit and detailed as possible. Otherwise, we might respond with request to clarify a generic, vague or too general requests which in turn delays getting the information you request.

External websites

Our website might contain links to other websites and / or services of different providers than us. We are not responsible for content and provision of websites or services of different providers than us. This privacy policy does not apply on the processing of personal data during browsing or using websites or services of different providers than us.

Cookies

When processing your personal data, operating our websites or generally providing or supporting our Services we may use cookies and similar technologies. Specifically, we use these technologies for client purposes and for general analysis of our website traffic. You have a control about the use of cookies via setting of your internet browser, where you can disable cookies at any time.

Social networks

Please read relevant privacy policies to better understand processing of your personal data by providers of social media platforms. We only have a typical admin control over the personal data processed by us via our own company profile. We assume that by using these social media platforms, you understand that your personal data might be processed for other purposes and that your personal data might by transferred to other third countries and third parties by providers of social media platforms.

Changes to this privacy policy

We may change this privacy policy from time to time by posting the most current privacy policy and its effective date on our website. In case we change this privacy policy substantially, we may bring such changes to your attention by explicit notice on our websites or by email.