About Scaleo. We are Owly Labs s.r.o., ID No.: 276 34 051, VAT No.: CZ27634051, with its registered office at V přístavu 1585/10, 170 00 Prague, Czech Republic, registered in the Commercial Register maintained by the Municipal Court in Prague under file No. C 120368. We provide a SaaS system that is used to structure, monitor, analyze and manage data for affiliate marketing purposes, which is called "Scaleo". More information on how the Scaleo works is available on our website https://scaleo.io.
Privacy Policy. Protecting Users` privacy is very important to us. This Policy has been prepared to provide the Users with essential information regarding the processing of the Personal Data. Please read this Policy carefully. It complies with the GDPR and explains what Personal Data is processed, the reasons for the processing, how we handle the processing, and how we retain the Personal Data.
Contact. The Users can contact us at any time using these details: [email protected]
This Policy. This Policy applies to situations where we act as the Controller (mostly if the User uses the Scaleo, visits our Website, or communicates directly with us). This Policy also explains how you can object to certain uses of information about you and how you can access and update certain information about you. If you do not agree with this Policy, do not access or use the Scaleo or our Website or interact with any other aspect of our business.
DefinitionsDefinitions. To make the text easier to read, we have prepared definitions of the terms we use in this Policy. If Users encounter other terms in this Policy, which is not specified above, such terms then have a meaning defined in our Terms, available from https://www.scaleo.io/terms.
The "Controller" or "we/us" is our company, Owly Labs s.r.o. We are the entity which determines the purposes and means of the Personal Data processing.
The "GDPR" refers to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
The "Personal Data" is any information about the natural person using the Scaleo or the Website (the User), or communicating with us, that can either directly identify them or possibly identify them indirectly with the use of other Personal Data we have available about the User.
The "Policy" refers to this Privacy Policy.
The "Processor" refers to other entities we may use when providing the Scaleo, such as cloud software providers or entities that help us to protect the Scaleo or provide our services. During this cooperation, such entities may process the Personal Data Users have provided to us, based on instructions we give them.
The "User" or "you" is the natural person to whom the Personal Data is related, mostly our (potential) customer or a visitor of our Website.
What is Our Role in the Processing of the Personal Data?We as the Controller:
We as the data processor:
Reasons. We may process the User’s Personal Data for several reasons. Users will find important information about the Personal Data processing on our part in this part of the Policy.
User of the website. When using our Website, Personal Data is processed by us in the following way:
What is the legal basis for the processing? | Why? | How long? | What Personal Data? |
---|---|---|---|
CONSENT Article 6.1 a) GDPR or LEGITIMATE INTEREST Article 6.1 f) GDPR | Provision of the basic functions of our Website, analytics, improvements of our Services etc., with the help of cookies. Preferences can be set in the cookie bar. | The period of processing varies depending on the cookie type, see below the cookie table. | Information about the User’s visit of the Website may include IP address, the date and time of the visit, operation system, language settings, history of behavior on the Website, data concerning mobile phone etc. |
LEGITIMATE INTEREST Article 6.1 f) GDPR | Defending against and tracing attacks by hackers, protecting our Website. | The IP addresses are stored for no more than 1 month. | To protect against attacks, we store the IP addresses of all users who access our Website. The logs created are only used to monitor security breaches and are only viewed when such an event takes place. |
TAKING STEPS PRIOR TO ENTERING INTO A CONTRACT Article 6.1 b) GDPR | Processing of the User`s data when he/she completes our contact form on the Website or gives us information on personal meetings, if in relation with a possible entering into a contract together. | Closed inquiries are deleted regularly, but no later than 3 years of the date of the inquiry. | Basic identification data (e.g., name, surname) Contact details (e.g., e-mail address, phone number) Information from our communications (other information included in the contact form or an e-mail message, or by other means of communication) |
LEGITIMATE INTEREST Article 6.1 f) GDPR | Dealing with other inquiries or questions not directly related to entering into a contract together. | Closed inquiries are deleted regularly, but no later than 3 years of the date of the inquiry. | Basic identification data (e.g., name, surname) Contact details (e.g., e-mail address, phone number) Information from our communications (other information included in the contact form or an e-mail message, or by other means of communication) |
User of the Services. If the User chooses to enter into a contract with us and use our Services, we will process the User’s Personal Data only to the extent necessary to provide the Services in accordance with the Terms of Service.
What is the legal basis for the processing? | Why? | How long? | What Personal Data? |
TAKING STEPS PRIOR TO ENTERING INTO A CONTRACT or LEGITIMATE INTEREST Article 6.1 f) GDPR | Provision of basic functions of our Website, the Demo, analytics, improvements of our Services. The User can set preferences in the cookie bar. | The period of processing varies depending on the cookie type, see below the cookie table. | Information about the User’s visit of the Website may include IP address, the date and time of the access, operation system, language settings, history of behavior on the Website, data concerning the mobile phone, etc. |
TAKING STEPS PRIOR TO ENTERING INTO A CONTRACT AND THE PERFORMANCE OF THE CONTRACT Article 6.1 b) GDPR | Provision of the Free Trial, so that the User can try the Services. | For the duration of the Free Trial and in the case of upgrading to the full version for the term of the Agreement and for a subsequent period of 3 years after the termination of the Agreement. | Basic identification data (e.g., name, surname) Contact details (e.g., e-mail address, phone number) Billing details and bank details Logging into the Master Account and actions taken with respect to the Master Account (e.g., the information filled in by the User in the Master Account, the time of signing up, the date of the last profile update) Information from our communication |
THE PERFORMANCE OF THE CONTRACT | Conclusion and execution of the Agreement to start using the Services to the fullest extent. Creation and maintenance of the Master Account in the extent necessary to provide all the features of the Service. Provision of any other agreed upon Services (e.g., dealing with service requests) | For the term of the Agreement and potentially for some time period afterwards, if we agree to let you export data from the Master Account. | Basic identification data (e.g., name, surname) Contact details (e.g., e-mail address, phone number) Billing details and bank details Logging into the Master Account and actions taken with respect to the Master Account (e.g., the information filled in by the User in the Master Account, the time of signing up, the date of the last profile update) Information about our Agreement (e.g., how is the Agreement fulfilled by both parties, how was the remuneration calculated, etc.). Cookies and IP address, activity data (including information about device, operating system and browser) Information from our communication |
LEGAL REQUIREMENTS Article 6.1 c) GDPR | Sometimes we must process Personal Data when the law requires us to do so. This concerns mainly accounting and tax regulations. | For the period required by the legislation (normally 10 years from the end of the financial year in which the tax/accounting event occurred) | Basic identification data (e.g., name, surname) Contact details (e.g., e-mail address, phone number) Billing details and bank details |
LEGITIMATE INTEREST Article 6.1 f) GDPR | Where we believe it is necessary to protect our legal rights, interests and the interests of others, we may use the Personal Data in connection with legal claims, compliance, regulatory or audit functions. | For the period of up to 16 years, which corresponds to the longest statute of limitations period (15 years) and one extra year to deal with any potential disputes brought upon by you. | Basic identification data (e.g., name, surname) Contact details (e.g., e-mail address) Information about our Agreement (e.g., how is the Agreement fulfilled by both parties, how was the remuneration calculated etc.). |
The Controller does not process any special categories of Personal Data.
We may transfer Personal Data to other parties, mainly to ensure that we can operate effectively. However, we transfer a very limited amount of data.
Processors. We only engage verified Processors with whom a written agreement has been concluded, ensuring that they offer at least the same level of guarantees as those provided to the User as per this Policy. We use mainly the following service providers and partners:
Employees and contractors. The Controller may make the User's Personal Data available to its employees and contractors who provide services related to the processing of Personal Data as described herein.
Legal obligations. The Controller may disclose Personal Data to third parties, other than the Processors mentioned above, if required by law or in response to lawful requests from public authorities or pursuant to a court order in connection with legal proceedings.
Outside EEA transfers. For personal data that falls under the scope of GDPR, please note that cross border transfers to our Processors or other entities may include countries outside of the European Economic Area (EEA). We take steps to ensure all Personal Data is transferred only where adequate protection is given. Where we transfer Personal Data outside of the EEA to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will be under an agreement that covers the EU requirements for the transfer of personal data outside the EEA, such as the European Commission approved standard contractual clauses.
What About Minors?Prohibited. The Controller’s Services are available only to individuals who are 18 years of age or older. The Controller does not knowingly process the Personal Data of children or minors under this age limit. If the Controller becomes aware that it has received Personal Data from a child or minor without parental or legal consent, appropriate steps will be taken to promptly delete such information.
Do We Really Need the Personal Data?Necessity. The Controller strives to process the least amount of Personal Data necessary. To use the Services or access the Website, certain Personal Data may be required, typically including basic identification and contact details. If the User does not wish to provide this Personal Data, they should refrain from using the Website or the Services.
What about data security?Measures. The Controller implements commercially reasonable technical, administrative, and organizational measures to protect the Users` Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. However, as no method of data transmission is 100% secure or error-free, the Controller advises the User to exercise caution when deciding which Personal Data to share.
The Controller adopted and is committed, in particular, to comply with the following measures:
1. Technical measures
2. Organizational measures
The Users have the following rights concerning the processing of the Personal Data:
The Controller will not process Personal Data using automated individual processing that would have legal effects on the User as a data subject or affect User in a similarly significant way.
What About Cookies?Cookies. We also use cookies and may process some Personal Data in that regard. A cookie is a small piece of data that our Website stores on the User’s device, and accesses each time they visit, so that we can understand how they use our Website. This helps us to serve content based on the preferences of the User’s. Cookies can be divided into essential, preference, analytical and marketing cookies.
We collect these specific cookies:
Type | Name | Purpose | Expiration |
---|---|---|---|
Technical | _cf_bm | Cloudflare cookie used for bot management and to differentiate between bots and humans. | 30 days |
Technical | __cfruid | Used by Cloudflare for rate limiting and managing traffic. | 30 days |
Technical | _cfuid | Used by Cloudflare for identifying trusted web traffic. | 30 days |
Technical | cf_clearance | Cloudflare cookie used to ensure access to the site after passing a CAPTCHA or security check. | 30 days |
Technical | admin_auth | Used for managing authentication for administrators or logged-in users. | 30 days |
Technical | october_session | Related to session management for users on the site, possibly linked to the October CMS. | 30 days |
Technical | lang | Stores user language preferences, typically used for internationalized content display. | 30 days |
Technical | referrer_user_id | Used to track the ID of a referring user, potentially for affiliate marketing or referral tracking. | 30 days |
Conclusion
This Policy may only be amended in writing. Users will be informed of any changes via the Website. It is recommended that Users review this Policy regularly. The User’s continued use of the Services constitutes acceptance of any changes to the Policy.
This Policy is effective as of 05.11.2024.