This privacy policy (the “Policy”) for Software Mansion S.A. (“Company,” “we,” “us,” or “our”), describes how and why we might collect, store, use, and/or share (“process”) your information when you use our products and/or services (“Services”), such as when you:

• Visit our website typegpu.com, or any website of ours that links to this Policy
• Engage with us in other related ways ― including any sales, marketing, or events related to typegpu.com

By using the Services, you are consenting to the collection and use of your personal data in accordance with this Privacy Policy. Please do not access or use the Services if you do not consent to the collection and use of your information as outlined in this Privacy Policy.

Questions or concerns?

Understanding this Policy will help you comprehend your rights and choices regarding your privacy. If you disagree with our methods and practices, do not access our Services. For any questions or issues, please contact us at [email protected]. If there are any capitalized terms in this Policy that are not defined, then those terms will have the meaning defined in your agreement with us.

Definitions

The following definitions are used throughout this Privacy Policy:

Software Mansion Website means typegpu.com and all of its subdomains.

Personal Data means any data relating to an identified or identifiable natural person.

Usage Data refers to personal information collected from visitors during their interaction with our public-facing website. This may include contact details voluntarily provided through forms, IP addresses, cookies, and other similar identifiers that help us understand and communicate with users, improve our services, and fulfill requests.

All other capitalized terms used in this Privacy Policy shall have the same meaning as defined in article 4 GDPR (such as personal data, controller, processor, data subject, and others), unless defined otherwise in this definition clause.

What Usage Data We Process and Why

We use Usage Data to provide Services to you and to carry out necessary functions of our business as a communications service provider. We do not sell your end users’ personal information and we do not share your end users’ information with third parties for those third parties’ own business interests. End user personal information we process when you, our customer, use our Services generally consists of audio, video, text message, and IP address information. The specific information and other end user personal information we process and the reasons we process it, depends on how you use our Services.

How We Process Your Personal Information

“Personal information” or “personal data” includes an array of information. In general, we interpret it to mean any information that relates to an identifiable, living individual person. In some jurisdictions, legal distinctions are drawn between “controllers” and “processors” of personal data. Controllers determine the purposes and means of processing personal data, whereas processors are entities that process personal data on behalf of the controller according to their instructions. A processor does not make decisions about personal information; it only processes personal information on behalf of a controller based on the controller’s instructions. We process your personal information as a visitor of typegpu.com — information that we refer to as Usage when you visit our public-facing website like typegpu.com. If you are a visitor to our website (by which we mean any website that links back to this Policy in its footer), we collect a minimal amount of data about you (depending on how much you’ve chosen to share with us). This might be as little as an IP address or a cookie, and it might be your contact information. We also consider this Usage.

Information You Share Directly

On certain parts of our public-facing websites, you may be able to fill out forms to request contact from us, sign up for newsletters, or participate in surveys. The personal information requested on these forms will vary depending on the purpose of the form. We will ask for information that is necessary to fulfill your request, such as your email address if you want to receive a newsletter or if you want to be contacted by a member of our team. We may also ask for additional information to better understand our customers, such as, your company name, or your job title. Our team keeps a record of all communication with customers, including contact information and any other details shared during the conversation. This information is used to help us improve our services, provide training to our team members, and manage our ongoing relationships with customers. It is important to be mindful of what information you share with these teams, as we store a record of these communications. To protect your privacy, it is best to avoid sharing sensitive personal information unless it is necessary for the teams to assist you. We will take appropriate measures to protect any sensitive information that is shared with us.

Marketing information

We may use your email address to send you information about other Software Mansion Services or events in which we think you may be interested, if you opt-in to receive such communication. You can opt-out at any time through your marketing preferences page by clicking the “unsubscribe” link at the bottom of any marketing email you receive from us. You can also contact us to communicate your choice to opt out. Please note that it may take up to three days to remove your contact information from our marketing communications lists, so you may receive correspondence from us for a short time after you make your request.

We may also use publicly-available information about you that we have gathered through services like LinkedIn, or we may obtain information about you or your company from third-party providers. We use this information to help us understand our customer base better, such as your industry, the size of your company, and your company’s website URL.

How long your personal data will be kept and maintained

Software Mansion will store your User Data as long as needed to provide you with our Services and to operate our business. If you ask Software Mansion to delete specific personal information from your User Data, we will honor this request unless deleting that information prevents us from carrying out necessary business functions. We do not store the data from the contact form for longer than necessary to respond to you and keep in touch with you (if you wish so).

Data Subject Rights

You have the following rights regarding your personal data:

• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You can ask us to correct any inaccurate or incomplete information.
• Right to Erasure (Right to be Forgotten): Under certain conditions, you may request the deletion of your personal data.
• Right to Restrict Processing: You can request the limitation of processing of your personal data under specific circumstances.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transfer that data to another controller
• Right to Object: In some cases, you may object to the processing of your personal data.
• Right to be Informed: You have the right to be provided with clear, transparent and easily understandable information about how we process your personal data.
• Withdrawal of Consent: In accordance with Article 13(2)(c) of the GDPR, you have the right to withdraw your consent to the processing of your personal data at any time. As a visitor to this website, you can easily adjust or withdraw your consent directly via the consent banner provided on the site. Alternatively, if you prefer, you may contact the website operator using the contact details provided in this privacy policy. Please note that withdrawing your consent does not affect the lawfulness of any processing carried out before your withdrawal.

To exercise these rights, please contact us at [email protected]. We will exercise your rights only after receiving your written request to exercise a particular right indicated above and only after confirming the validity of your identity.

Your requests shall be fulfilled, or fulfilment of your requests shall be refused by specifying the reasons for such refusal, within one month from the date of submission of the request meeting our internal rules and GDPR. The period may be extended by two further months if the request is related to a great scope of personal data or other simultaneously examined requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay. A response to you will be provided in a form of your choosing as the requester.

• We may refuse to satisfy your request if the exceptions and/or limitations to the exercise of data subjects’ rights set out in the GDPR apply, and/or if your request is found to be manifestly unfounded or disproportionate. If we refuse to satisfy your request, we will give you our reasons for such refusal in writing.

Cookies and Tracking Technologies

We may use common information-gathering tools such as cookies, web beacons, pixels and other similar tracking technologies to automatically collect information as you navigate our websites or when you interact with emails we send to you.

Cookies

A cookie is a small piece of data stored on your device when you visit a website. Cookies allow us to identify your device as you navigate our websites. This makes navigating and interacting with our websites more efficient, easy and meaningful for you. By themselves, cookies do not identify you specifically. Rather, they recognize your web browser. So, unless you identify yourself specifically to us, we don’t know who you are just because you visited our website. We use persistent cookies. Session cookies are cookies that disappear from your computer or browser when you turn off your computer. Persistent cookies stay on your computer even after you’ve turned it off. These cookies enable core functionality such as security, network management, and accessibility and are necessary for our websites to function properly.

We use the following cookies:

Strictly necessary

Strictly necessary cookies allow core website functionality such as user login and account management. The website cannot be used properly without strictly necessary cookies.

Performance

Performance cookies are used to see how visitors use the website, eg. analytics cookies. Those cookies cannot be used to directly identify a certain visitor.

Targeting

Targeting cookies are used to identify visitors between different websites, eg. content partners, banner networks. Those cookies may be used by companies to build a profile of visitor interests or show relevant ads on other websites.

Global Compliance

Our approach to privacy compliance is a global one. No matter where you are located, we remain committed to abiding by all applicable data protection laws.

Regions Requiring a Legal Basis for Processing Personal Information

If you are from a region that requires a legal basis for processing personal data (such as the EEA or the UK), our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you only where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person, such as in the case where we request personal information from you in the context of a government audit or in response to a request from law enforcement. If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact information provided below. Broadly speaking, we use the Usage Data to further our legitimate interests to:

• understand who our customers and potential customers are and their interests in the Services;
• manage our relationship with you and other customers;
• analyze user behavior, optimize performance, and enhance the user experience;
• provide customer support and maintain a record of correspondence;
• help detect, prevent, or investigate security incidents, fraud and other abuse or misuse of our Services.

United States

California Consumer Access and Deletion Rights

For those customers that would like more information about our use of Customer Account Data or Customer Usage Data, you have the ability to request:

• that we provide details about the categories of personal information that we collect about you, including how we collect and share it;
• that we provide you access to the personal information we collect about you; and
• that we delete the personal information we have about you.

Please be aware that when you ask us for these things, we will take steps to verify that you are authorized to make the request. You must be a resident of California to make this request. The California Code of Regulations defines a “resident” as:

1. every individual who is in the State of California for other than a temporary or transitory purpose and
2. every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose

We have collected the following categories of personal information in the past twelve (12) months:

• Identifiers
• geolocation data
• Internet or other similar network activity

Other regions

Some countries, other than the EEA, UK, and United States, also have specific privacy notice requirements, and we address those requirements in our general privacy sections above.

International data transfers

We may need to transfer your personal information to our affiliates, contractors, service providers, and to third parties in various countries and jurisdictions around the world. In each case, we take care to use appropriate safeguards to ensure your personal information remains protected.

Data transfers to the United States and elsewhere. When you use our cloud dashboard, or our other Services, personal information of you and your end users processed by Software Mansion may be transferred to the United States, where our primary processing facilities are located, and possibly to other countries where we or our service providers operate. These transfers will often be made in connection with routing your communications in the most efficient way.

Safeguards for data transfers. Software Mansion employs appropriate safeguards for cross-border transfers of personal data, as required by applicable local law.

Transfers from other countries. When we transfer personal information outside countries other than those in the EEA, the UK, and Switzerland, we strive to comply with the cross-border data transfer rules of those countries, such as by cooperating with that country’s data protection authority or providing a written agreement to each customer that meets the data protection requirements of the country.

Security Information

How We Secure Personal Information

We use appropriate security measures designed to protect the security of your personal information both online and offline. These measures vary based on the sensitivity of the personal information we collect, process and store and the current state of technology. We also take measures to ensure service providers that process personal data on our behalf also have appropriate security controls in place. When we transfer data across borders, we also take supplementary measures to ensure that data is protected. Please note that no service is completely secure. While we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.

How we use personal information for security purposes

We may collect and use Usage Data to detect, prevent, or investigate security incidents, fraud, or abuse and misuse of our platform and Services. In addition, we may also use records containing end user personal information to debug, troubleshoot, or investigate security incidents; to detect and prevent spam or fraudulent activity; and to detect and prevent network exploits and abuse. We may anonymize personal information and use it for our legitimate business needs, and, where allowed by law, this may include records containing end user personal information.

Handling disputes

If you have a dispute with us relating to our data protection practices, you can raise your concern or dispute by contacting us via email at [email protected]. For individuals in the EEA, the UK, or Switzerland, you have additional rights to make a complaint to a competent data protection authority or commence proceedings in a court of competent jurisdiction in accordance with applicable data protection laws. You have the right to lodge a complaint with a competent supervisory authority, if you believe that your personal data is processed in a way that violates your rights and legitimate interests stipulated by applicable legislation. You may apply in accordance with the procedures for handling complaints that are established by the Personal Data Protection Office (UODO) of the Republic of Poland and which may be found by this link: https://uodo.gov.pl/.

Changes to our Privacy Policy

We may change this Policy from time to time, and if we do, the most current version will be available on our website with the date at the top indicating when it was last updated. Any changes will take effect immediately upon their publication on our Website. We may update this policy periodically and will publish the latest version on our website with an effective date.

Processing personal data for marketing and commercial purposes

1. Why we process your personal data We process your personal data for direct marketing and commercial purposes, including providing you with commercial information relating to our offer and events we organize. Your personal data is then subject to processing according to your consent (art. 6 par. 1 pt. a. of GDPR). The legal basis for contacting you via email is the Act of 18 July 2002 on the provision of services by electronic means (Journal of Laws of 2002, No. 144 pos. 1204). You are able to withdraw your consent anytime (without affecting the legality of the processing which was carried out on the basis of consent prior to its withdrawal) by sending an email to the address you were contacted from, or [email protected].

2. Who we disclose your personal data to We process personal data in an IT system partially based on cloud computing solutions belonging to external providers. This applies to email hosting, server hosting, well as application software. Whenever such processing involves transferring your data outside EEA (Where GDPR laws do not apply), it is done in accordance with legal instruments provided for by GDPR, ensuring adequate protection of your rights and freedoms. Detailed information on this subject you can find in privacy policies posted by suppliers on their websites. If you wish, you can obtain a set of useful links from us

3. How long your personal data will be kept and maintained We strive to keep your data up-to-date. Therefore, we contact you at least once every 12 months in order to catch up. If for some reason we are unable to contact you during this period, your personal data will be deleted after 12 months from obtaining consent for their processing.

4. How your personal data gets obtained You have answered our posting using our web form, by sending an email or by contacting us directly. Therefore, the first bunch of data we get directly from you. We might, however, wish to supplement them with our assessment of your suitability for a specific position by means of competence tests.

5. Automated processing and profiling We process your data by profiling. Profiling shall mean any form of automated processing of personal data by the Software Mansion, which involves the use of personal data to assess certain personal factors, in particular to analyse or forecast preferences, interests, credibility, behaviour, location or movement of the Client.