Privacy policy
The Introduction
This Privacy Policy (the “Policy”) is meant to notify the users of the website https://evoplay.careers (the “Website”) information about the processing of their personal data. Privacy of our clients, users, and counterparties’ representatives is very important for us; thus, we’ve done every effort to deliver the information about the data processing in a clear, transparent and accessible manner. Please read this Policy prior to your use of the Website.
Who we are?
Evoplay is a leading software development company (the “Company”, “we”, “us”, “our”) having its office in Cyprus, Poland and Ukraine. Company’s team of developers and the head office are located at: 28 Oktovriou & Aimiliou Chourmouziou, Lophitis Business Centre I, 4th Floor, Flat/Office No. 403, 3035, Limassol, Cyprus.
We are the “controller” in the meaning of Article 4(7) of EU Regulation 2016/679 (the “GDPR”).
In case of any questions relating to this Policy or other privacy matters, please, do not hesitate to contact our Privacy Team via e-mail address [email protected].
What data we collect
Automatically-collected data. When you use the Website, we automatically collect the following data:
- Information about your device, web browser and operating system;
- Your IP address;
- Information about your use of the Website like which pages you’ve visited or clicked on, or other information about your use of the Website.
The source of these data: we receive these data from your web browser’s requests, from cookies (please read our Cookie Policy), pixels this Website contains, and your user agent.
Contact data. When you communicate with us via the Website or available contact details, we collect the following data:
- Your name;
- Your e-mail address;
- Other information you provide in your message.
Research data. If you place your contact details to contact us for business purposes, we make some research in order to understand the context of our future communication. This research covers only the data available on public sources (social media, data found in search engines and your organisation’s website etc.) These data include:
- The sector you work in or engaged in;
- Name of your company or organization and information about your company (sector, geography, size etc.);
- Information about you (your job role, background etc.)
For what purposes and under what legal grounds we process your data
Under the GDPR, we have to name you the legal basis/ground for each purpose of processing your personal data. Please, read Article 6 of the GDPR to find out more about legal bases.
Administer and protect the Website. We use automatically-collected data to:
- Protect the Website from cyberattacks, fraud etc.
- Diagnose any problems with the Website;
- Understand any problems with the Website or our digital infrastructure.
Legal ground: our legitimate interest to administer and protect this Website.
Provide this Website and tailor it for our users. We use automatically-collected data to:
- Provide this Website to its users and tailor it for the device of a particular user, for example, we use the information about your device to provide you with the Website tailored for your device.
Legal ground: our legitimate interest to provide this Website in the best way to our audience.
Anonymize your data and use it for statistics, analysis and research. We anonymize your data and use these data to better understand our users and develop our Website and Company.
Legal ground: our legitimate interest to know our research our audience via anonymized data.
Communicate with you. We use your contact data, research data, and some parts of automatically-collected data to contact you. Without these data, we would not be able to communicate with you.
A) Before the start of our communication, we use your IP address and research data to understand the background of our future communications and your organisation needs. In plain language, we make some pre-negotiation research to understand your organisation and the context of our communication.
Legal ground: our legitimate interest to have information about you and your organization to understand the context of our future communication.
B) If you contact us for a business purpose, we use the abovementioned data to contact you on this purpose.
Legal ground: our legitimate interest to communicate with organisations’ representatives for business purposes.
C) If you contact us to on legal matters (for example, to implement your data subject’s rights), we use your data to respond to your request.
Legal ground: legal obligation to which the Company is subject.
D) If you contact us for other purposes: we use the data available for us to reply to your message (depending on the context of your communication).
Legal ground: legitimate interest to communicate with general audience about the Website.
Provide you with our newsletter. If you contacted via the interface of the Website, we may use your email address to send you our newsletter. You can always unsubscribe from the newsletter by the interface of our email.
Legal ground: legitimate interest to provide our contacts with the news about the Company’s products and services.
How long we process your data
Automatically collected data of our Website visitors, the contact data of who we do not have, are stored no longer than 26 (twenty-six) months from the moment of your last visit to the Website. If you contacted us, your contact data and research data are stored no longer as necessary for the purposes of the processing. When the purposes are reached, your data will be erased (for example, if the purpose of our communication is achieved and your data are no longer required by us). If you have additional questions relating to the storage period of your data, please do not hesitate to contact us.
With whom we share your data
Here you can find the recipients of your data. Please note that some recipients are established in countries outside European Economic Area (EEA). The GDPR requires each controller that transfers personal data to a country other than EEA country to notify individuals about the GDPR’s legal mechanism applicable to each transfer/series of transfers. Thus, in this chapter we will specify to you the legal mechanism which secures each transfer when naming a recipient or category of the recipients.
The recipients of your data are:
Contractors and subcontractors of the Company. We engage third parties (both companies and individuals) to run and operate our business. From this follows that some of these third parties have access to your personal data. Please note that the processing of your data by these parties is secured by proper agreements which oblige these recipients to process your data in compliance with this Policy and applicable law; these agreements also include all the necessary technical and organisational measures to achieve confidentiality of your data. The legal mechanism used to secure transfers to the non-EEA person: if this contractor or subcontractor is established in a country other than EEA country and this country is not a subject of the Adequacy Decision of the European Commission, we use Standard Contractual Clauses to secure these transfers.
Cloud Providers. This category includes Amazon Web Services, the legal name Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg. Please read Amazon AWS Privacy Notice and AWS GDPR Data Processing Addendum to receive more information about the processing of your personal data.
Google. We use services provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, California, 94043 and its EU representative Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Dublin, 368047, Ireland. These include Google Analytics, Google reCAPTCHA, Google Workspace, and Google Tag Manager (process only aggregated data). The legal mechanism used to secure transfers to the Google LLC: Standard Contractual Clauses. Please read Google’s Privacy Policy, Google Ads Data Processing Terms and Google Data Processing Amendment to Google Workspace to find out more about the processing of personal data by Google and read DPAs, which include Standard Contractual Clauses, concluded with Google.
HubSpot. We use services provided by HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA. We use Hubspot’s services to administer our business development, sales, marketing etc. The legal mechanism used to secure transfers to the HubSpot, Inc.: Standard Contractual Clauses. Please read HubSpot Privacy Policy and HubSpot Data Processing Agreement to find out more about the processing of personal data by HubSpot and read DPA, which includes Standard Contractual Clauses, concluded with HubSpot.
Cloudflare. We use services provided by Cloudflare, Inc., 101 Townsend St. San Francisco, CA 94107. Cloudflare’s services are used to protect the Website and our digital infrastructure. The legal mechanism used to secure transfers to Cloudflare, Inc.: Standard Contractual Clauses. Please read Cloudflare Privacy Policy and Cloudflare Data Processing Addendum to find out more about the processing of personal data by Cloudflare and read DPA, which includes Standard Contractual Clauses, concluded with Cloudflare.
Mailchimp. We use services provided by The Rocket Science Group LLC d/b/a Mailchimp, 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USA. Mailchimp’s services help us to deliver e-mails to the receivers of these e-mails. Please read Mailchimp’s Privacy Policy and Data Processing Addendum to find out more about the processing of personal data by Mailchimp and read DPA, which includes Standard Contractual Clauses, concluded with Mailchimp.
Your rights
The GDPR grants you a number of rights. In order to have any of these rights implemented, please contact us. You have the right to access, rectification, erasure (“right to be forgotten”), restriction of processing, data portability and the right to object.
If you’ve provided your consent to the processing of your personal data, you have the right to withdraw your consent at any time.
If you are unsatisfied with the manner we process your personal data, you can contact us via [email protected] and describe your problem or complaint. Additionally, under the GDPR, you have the right to lodge a complaint either:
- With the supervisory authority of the jurisdiction where our EU company resides: the Commissioner for Personal Data Protection of the Republic of Cyprus, the website of the Commissioner http://www.dataprotection.gov.cy/;
- With the supervisory authority of the Member State of your habitual residence or place of work. You can find the list of EU supervisory authorities on the Website of the European Data Protection Board: https://edpb.europa.eu/edpb_en.
Changes to this Policy
We may change this Policy from time to time. In case of changes, we will revise this Policy and change its effective date. In case if we have your personal data and these changes add the new conditions of the processing of your personal data, we will notify you about the changes via your contact detail before the entry into force of the new Policy.
Effective date: 01 August 2023.