Privacy Policy

Last updated on September 2, 2024

This privacy policy for Playmaker Software Ltd (doing business as Playmaker) ('we', 'us', or 'our'), describes how and why we might collect, store, use, and/or share ('process') your information when you use our services ('Services'), such as when you:

• Visit our website at https://www.playmaker.so, or any website of ours that links to this privacy policy
• Use of all related web or API based applications or downloaded desktop software, or any other software of ours that links to this privacy policy
• Download and use our mobile application (Playmaker), or any other application of ours that links to this privacy policy
• Engage with us in other related ways, including any sales, marketing, or events

Questions or concerns? Reading this privacy policy will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at privacy@playmaker.so

SUMMARY OF KEY POINTS

This summary provides key points from our privacy policy, but you can find out more details about any of these topics by clicking the link following each key point.

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. Learn more about personal information you disclose to us below.

Sensitive personal information processed (if applicable): The personal information transferred may concern the following sensitive categories of data:

• Sensitive financial data: e.g. payment information, credit card details, account numbers, PINs

Do we receive any information from third parties? We do not receive any information from third parties.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so. Learn more about how we process your information below.

In what situations and with which parties do we share personal information?  We may share information in specific situations and with specific third parties, including:

• Cloud infrastructure providers (e.g. AWS, DigitalOcean, CloudFlare, Hetzner)
• AI service providers (e.g. OpenAI, Anthropic, Google)

How do we keep your information safe? We have organizational and technical processes and procedures in place to protect your personal information, following ISO 27001 security standards. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Learn more about how we keep your information safe below.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Learn more about your privacy rights below.

How do you exercise your rights? The easiest way to exercise your rights is by contacting us at privacy@playmaker.so. We will consider and act upon any request in accordance with applicable data protection laws.

Want to learn more about what we do with any information we collect? Review the privacy policy in full below.

Personal information you disclose to us

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Sensitive Information. When necessary, with your consent or as otherwise permitted by applicable law, we process the following categories of sensitive information:

• Financial data - Payment information, credit card details, etc. processed as part of providing our Services.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information automatically collected

Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

The information we collect includes:

• Log and Usage Data. Log and usage data is service-related, diagnostic, usage and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called 'crash dumps'), and hardware settings).
• Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
• Location Data. We collect location data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.

2. HOW DO WE PROCESS YOUR INFORMATION?

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

• To facilitate account creation and authentication and otherwise manage user accounts.  We may process your information so you can create and log in to your account, as well as keep your account in working order.
• To deliver and facilitate delivery of services to the user. We may process your information to provide you with the requested service.
• To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
• To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.
• To fulfill and manage your orders. We may process your information to fulfill and manage your orders, payments, returns, and exchanges made through the Services.
• To enable user-to-user communications. We may process your information if you choose to use any of our offerings that allow for communication with another user.
• To request feedback. We may process your information when necessary to request feedback and to contact you about your use of our Services.
• To send marketing and promotional communications. We may process your information for our marketing purposes, if this is in accordance with your marketing preferences. You can opt out of our marketing emails at any time.
• To protect our Services. We may process your information as part of our efforts to keep our Services safe and secure, including fraud monitoring and prevention.
• To identify usage trends. We may process information about how you use our Services to better understand how they are being used so we can improve them.
• To save or protect an individual's vital interest. We may process your information when necessary to save or protect an individual's vital interest, such as to prevent harm.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

If you are located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, under certain circumstances, we may rely on the following legal bases to process your personal information:

• Consent: Where you have given us consent to process your personal information for specified purposes. You can withdraw your consent at any time.
• Performance of a Contract: Where we need to process your information in order to enter into or fulfil a contract with you.
• Legal Obligations: Where we need to process your information to comply with legal obligations.
• Vital Interests: Where processing is necessary to protect vital interests, such as to prevent threats to the safety of any person.
• Legitimate Interests: Where processing is necessary to achieve a legitimate interest that does not override your fundamental rights and freedoms, such as analysing and improving our Services, diagnosing technical issues, and understanding user interactions.

If you are located in Canada, we may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

We may need to share your personal information in the following situations:

• Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
• Vendors, Consultants, and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors, or agents ('subprocessors') who perform services for us or on our behalf and require access to such information to do that work. Subprocessors we use include:
  • Cloud infrastructure providers: Amazon Web Services (AWS), DigitalOcean, CloudFlare, Hetzner
  • AI service providers: OpenAI, Anthropic, Google

We require all subprocessors to respect the security of your personal data and to treat it in accordance with applicable laws. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

5. HOW LONG DO WE KEEP YOUR INFORMATION?

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

6. HOW DO WE KEEP YOUR INFORMATION SAFE?

We have implemented appropriate and reasonable technical and organizational security measures, adhering to ISO 27001 standards, designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that unauthorized access, hacking, data loss, or other breaches will never occur. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

7. DO WE COLLECT INFORMATION FROM MINORS?

We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records.

8. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this privacy policy unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this policy will require us keeping your personal information for longer than the period of time in which users have an account with us.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

9. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

10. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: In some regions, such as the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time.

11. DO VIRGINIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: Yes, if you are a resident of Virginia, you may be granted specific rights regarding access to and use of your personal information.

Virginia CDPA Privacy Notice

Under the Virginia Consumer Data Protection Act (CDPA):

"Consumer" means a natural person who is a resident of the Commonwealth acting only in an individual or household context. It does not include a natural person acting in a commercial or employment context.

"Personal data" means any information that is linked or reasonably linkable to an identified or identifiable natural person. "Personal data" does not include de-identified data or publicly available information.

"Sale of personal data" means the exchange of personal data for monetary consideration.

If this definition "consumer" applies to you, we must adhere to certain rights and obligations regarding your personal data.

The information we collect, use, and disclose about you will vary depending on how you interact with us and our Services.  To find out more, please visit the following sections above:

• Personal data we collect
• How we use your personal data
• When and with whom we share your personal data

Your rights with respect to your personal data:

• Right to be informed whether or not we are processing your personal data
• Right to access your personal data
• Right to correct inaccuracies in your personal data
• Right to request deletion of your personal data
• Right to obtain a copy of the personal data you previously shared with us
• Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects ("profiling")

We have not sold any personal data to third parties for business or commercial purposes. We will not sell personal data in the future belonging to website visitors, users, and other consumers.

Exercise your rights provided under the Virginia CDPA

More information about our data collection and sharing practices can be found in this privacy policy.

You may contact us by email at privacy@playmaker.so, or by referring to the contact details at the bottom of this document.

If you are using an authorized agent to exercise your rights, we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.

Verification process

We may request that you provide additional information reasonably necessary to verify you and your consumer's request. If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request.

Upon receiving your request, we will respond without undue delay, but in all cases, within forty-five (45) days of receipt. The response period may be extended once by forty-five (45) additional days when reasonably necessary. We will inform you of any such extension within the initial 45-day response period, together with the reason for the extension.

Right to appeal

If we decline to take action regarding your request, we will inform you of our decision and reasoning behind it. If you wish to appeal our decision, please email us at privacy@playmaker.so. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may contact the Attorney General to submit a complaint.

12. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

California residents are granted specific rights regarding access to their personal information.
'Shine The Light' Law (California Civil Code Section 1798.83)

Permits California residents to request and obtain information about personal data disclosure to third parties for direct marketing purposes.
Request can be made once a year, free of charge.
Information includes:

Categories of personal information disclosed
Names and addresses of third parties with whom information was shared

To make a request, submit in writing using the contact information provided.

Rights for Minors

California residents under 18 years with a registered account can request removal of unwanted publicly posted data.
To request removal:

Contact using provided information
Include associated email address and statement of California residency

Note: Data may not be completely removed from all systems (e.g., backups)

CCPA Privacy Notice
Definition of 'Resident'

Every individual in California for non-temporary/non-transitory purposes
Every individual domiciled in California who is outside the state for temporary/transitory purposes

More information available in the privacy policy
Contact: privacy@playmaker.so

Third-Party Sharing

Personal information may be disclosed to service providers under written contract
No personal information sold or shared with third parties in the preceding 12 months
No plans to sell or share personal information in the future

Your Rights
1. Right to Request Deletion

You can request deletion of your personal information, subject to legal exceptions

2. Right to Be Informed

You have the right to know about the collection, use, and sharing of your personal information

3. Right to Non-Discrimination

Exercising your privacy rights will not result in discrimination

4. Right to Limit Use and Disclosure of Sensitive Personal Information

You can direct the business to limit use of sensitive personal information to necessary Services

Verification Process

Identity verification required for requests
May involve matching information or additional verification methods

Other Privacy Rights

Object to processing of personal information
Request correction of inaccurate data
Designate an authorized agent to make requests

How to Exercise Your Rights
Contact us by email at privacy@playmaker.so or refer to the contact details at the bottom of the document.

13. DO WE MAKE UPDATES TO THIS NOTICE?

In Short:  Yes, we will update this policy as necessary to stay compliant with relevant laws.

We may update this privacy policy from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy policy frequently to be informed of how we are protecting your information.

We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

Sensitive categories of personal data processed (if applicable):

The personal data transferred concern the following special categories of data [Edit/add/remove from the below list as required]:

• Sensitive financial data: e.g. Payment information, credit card details, account numbers, PINs
• Account login information
• Contents of email or text messages

14. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this policy, you may contact our Data Protection Officer (DPO), Efecan Erdur, by email at efecan.erdur@playmaker.so, or contact us by post at:

Playmaker Software Ltd272 Bath Street, Glasgow, Scotland, G2 4JR

If you are a resident in the United Kingdom, we are the "data controller" of your personal information.  We have appointed Efecan Erdur to be our representative in the UK.  You can contact them directly regarding our processing of your information, by email at efecan.erdur@playmaker.so, or by post to:

Playmaker Software Ltd272 Bath Street, Glasgow, Scotland, G2 4JR

Annex 2: List of Subprocessors

Name: Purpose: Region:Amazon Web Services (AWS): Cloud infrastructure: European Economic Area
DigitalOcean: Cloud infrastructure: European Economic AreaCloudFlare: Cloud infrastructure: European Economic AreaHetzner: Cloud infrastructure: European Economic AreaOpenAI: AI services: United StatesAnthropic: AI services: United States
Google: AI services: United States

‍

‍

Last updated on September 2, 2024

This privacy policy for Playmaker Software Ltd (doing business as Playmaker) ('we', 'us', or 'our'), describes how and why we might collect, store, use, and/or share ('process') your information when you use our services ('Services'), such as when you:

• Visit our website at https://www.playmaker.so, or any website of ours that links to this privacy policy
• Use of all related web or API based applications or downloaded desktop software, or any other software of ours that links to this privacy policy
• Download and use our mobile application (Playmaker), or any other application of ours that links to this privacy policy
• Engage with us in other related ways, including any sales, marketing, or events

Questions or concerns? Reading this privacy policy will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at privacy@playmaker.so

SUMMARY OF KEY POINTS

This summary provides key points from our privacy policy, but you can find out more details about any of these topics by clicking the link following each key point.

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. Learn more about personal information you disclose to us below.

Sensitive personal information processed (if applicable): The personal information transferred may concern the following sensitive categories of data:

• Sensitive financial data: e.g. payment information, credit card details, account numbers, PINs

Do we receive any information from third parties? We do not receive any information from third parties.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so. Learn more about how we process your information below.

In what situations and with which parties do we share personal information?  We may share information in specific situations and with specific third parties, including:

• Cloud infrastructure providers (e.g. AWS, DigitalOcean, CloudFlare, Hetzner)
• AI service providers (e.g. OpenAI, Anthropic, Google)

How do we keep your information safe? We have organizational and technical processes and procedures in place to protect your personal information, following ISO 27001 security standards. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Learn more about how we keep your information safe below.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Learn more about your privacy rights below.

How do you exercise your rights? The easiest way to exercise your rights is by contacting us at privacy@playmaker.so. We will consider and act upon any request in accordance with applicable data protection laws.

Want to learn more about what we do with any information we collect? Review the privacy policy in full below.

Personal information you disclose to us

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Sensitive Information. When necessary, with your consent or as otherwise permitted by applicable law, we process the following categories of sensitive information:

• Financial data - Payment information, credit card details, etc. processed as part of providing our Services.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information automatically collected

Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

The information we collect includes:

• Log and Usage Data. Log and usage data is service-related, diagnostic, usage and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called 'crash dumps'), and hardware settings).
• Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
• Location Data. We collect location data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.

2. HOW DO WE PROCESS YOUR INFORMATION?

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

• To facilitate account creation and authentication and otherwise manage user accounts.  We may process your information so you can create and log in to your account, as well as keep your account in working order.
• To deliver and facilitate delivery of services to the user. We may process your information to provide you with the requested service.
• To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
• To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.
• To fulfill and manage your orders. We may process your information to fulfill and manage your orders, payments, returns, and exchanges made through the Services.
• To enable user-to-user communications. We may process your information if you choose to use any of our offerings that allow for communication with another user.
• To request feedback. We may process your information when necessary to request feedback and to contact you about your use of our Services.
• To send marketing and promotional communications. We may process your information for our marketing purposes, if this is in accordance with your marketing preferences. You can opt out of our marketing emails at any time.
• To protect our Services. We may process your information as part of our efforts to keep our Services safe and secure, including fraud monitoring and prevention.
• To identify usage trends. We may process information about how you use our Services to better understand how they are being used so we can improve them.
• To save or protect an individual's vital interest. We may process your information when necessary to save or protect an individual's vital interest, such as to prevent harm.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

If you are located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, under certain circumstances, we may rely on the following legal bases to process your personal information:

• Consent: Where you have given us consent to process your personal information for specified purposes. You can withdraw your consent at any time.
• Performance of a Contract: Where we need to process your information in order to enter into or fulfil a contract with you.
• Legal Obligations: Where we need to process your information to comply with legal obligations.
• Vital Interests: Where processing is necessary to protect vital interests, such as to prevent threats to the safety of any person.
• Legitimate Interests: Where processing is necessary to achieve a legitimate interest that does not override your fundamental rights and freedoms, such as analysing and improving our Services, diagnosing technical issues, and understanding user interactions.

If you are located in Canada, we may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

We may need to share your personal information in the following situations:

• Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
• Vendors, Consultants, and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors, or agents ('subprocessors') who perform services for us or on our behalf and require access to such information to do that work. Subprocessors we use include:
  • Cloud infrastructure providers: Amazon Web Services (AWS), DigitalOcean, CloudFlare, Hetzner
  • AI service providers: OpenAI, Anthropic, Google

We require all subprocessors to respect the security of your personal data and to treat it in accordance with applicable laws. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

5. HOW LONG DO WE KEEP YOUR INFORMATION?

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

6. HOW DO WE KEEP YOUR INFORMATION SAFE?

We have implemented appropriate and reasonable technical and organizational security measures, adhering to ISO 27001 standards, designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that unauthorized access, hacking, data loss, or other breaches will never occur. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

7. DO WE COLLECT INFORMATION FROM MINORS?

We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records.

8. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this privacy policy unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this policy will require us keeping your personal information for longer than the period of time in which users have an account with us.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

9. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

10. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: In some regions, such as the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time.

11. DO VIRGINIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: Yes, if you are a resident of Virginia, you may be granted specific rights regarding access to and use of your personal information.

Virginia CDPA Privacy Notice

Under the Virginia Consumer Data Protection Act (CDPA):

"Consumer" means a natural person who is a resident of the Commonwealth acting only in an individual or household context. It does not include a natural person acting in a commercial or employment context.

"Personal data" means any information that is linked or reasonably linkable to an identified or identifiable natural person. "Personal data" does not include de-identified data or publicly available information.

"Sale of personal data" means the exchange of personal data for monetary consideration.

If this definition "consumer" applies to you, we must adhere to certain rights and obligations regarding your personal data.

The information we collect, use, and disclose about you will vary depending on how you interact with us and our Services.  To find out more, please visit the following sections above:

• Personal data we collect
• How we use your personal data
• When and with whom we share your personal data

Your rights with respect to your personal data:

• Right to be informed whether or not we are processing your personal data
• Right to access your personal data
• Right to correct inaccuracies in your personal data
• Right to request deletion of your personal data
• Right to obtain a copy of the personal data you previously shared with us
• Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects ("profiling")

We have not sold any personal data to third parties for business or commercial purposes. We will not sell personal data in the future belonging to website visitors, users, and other consumers.

Exercise your rights provided under the Virginia CDPA

More information about our data collection and sharing practices can be found in this privacy policy.

You may contact us by email at privacy@playmaker.so, or by referring to the contact details at the bottom of this document.

If you are using an authorized agent to exercise your rights, we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.

Verification process

We may request that you provide additional information reasonably necessary to verify you and your consumer's request. If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request.

Upon receiving your request, we will respond without undue delay, but in all cases, within forty-five (45) days of receipt. The response period may be extended once by forty-five (45) additional days when reasonably necessary. We will inform you of any such extension within the initial 45-day response period, together with the reason for the extension.

Right to appeal

If we decline to take action regarding your request, we will inform you of our decision and reasoning behind it. If you wish to appeal our decision, please email us at privacy@playmaker.so. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may contact the Attorney General to submit a complaint.

12. DO WE MAKE UPDATES TO THIS NOTICE?

In Short:  Yes, we will update this policy as necessary to stay compliant with relevant laws.

We may update this privacy policy from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy policy frequently to be informed of how we are protecting your information.

We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

Sensitive categories of personal data processed (if applicable):

The personal data transferred concern the following special categories of data [Edit/add/remove from the below list as required]:

• Sensitive financial data: e.g. Payment information, credit card details, account numbers, PINs
• Account login information
• Contents of email or text messages

13. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this policy, you may contact our Data Protection Officer (DPO), Efecan Erdur, by email at efecan.erdur@playmaker.so, or contact us by post at:

Playmaker Software Ltd272 Bath Street, Glasgow, Scotland, G2 4JR

If you are a resident in the United Kingdom, we are the "data controller" of your personal information.  We have appointed Efecan Erdur to be our representative in the UK.  You can contact them directly regarding our processing of your information, by email at efecan.erdur@playmaker.so, or by post to:

Playmaker Software Ltd272 Bath Street, Glasgow, Scotland, G2 4JR

Annex 2: List of Subprocessors

Name: Purpose: Region:Amazon Web Services (AWS): Cloud infrastructure: European Economic Area
DigitalOcean: Cloud infrastructure: European Economic AreaCloudFlare: Cloud infrastructure: European Economic AreaHetzner: Cloud infrastructure: European Economic AreaOpenAI: AI services: United StatesAnthropic: AI services: United States
Google: AI services: United States

‍

‍