Privacy Policy

This Privacy Policy ("Policy") governs the terms and conditions under which Superface s.r.o., with its registered office at Rohanské nábřeží 670/19, Karlín, 186 00 Prague 8, Czech Republic registered in the Commercial Register maintained by Municipal Court in Prague under File No. C332866 ("Company"), processes personal data in connection with the activities and services concerning the operation of the website superface.ai and other websites or social media profiles run and managed by the Company ("Websites").

We respect the confidentiality of your personal data and always proceed in accordance with the provisions of Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR"), and follow this Policy. The Company uses this Policy to inform you about how, for what purposes and to what extent the Company uses your personal data and what information about you as a user of the Websites the Company may process.

1. Definitions

"Personal data" means any information relating to a data subject; "Data subject" means any identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2. Legal ground, purpose and extent of the processing of your personal data

Our Company may process your personal data for the following legal grounds and for the following purposes:

a. Provision and improvement of and support for our Websites

Our Company processes various information about your online activity, e.g. the time of access to our Websites, the time spent on our websites, conversions (i.e. completed activity on our Websites), etc., for the purposes of technical support and improvement of our Websites as well as monitoring of functionalities thereof under the lawful ground of legitimate interest (operation of the Websites, statistical purposes and data security).

b. Contact forms

If you use the contact forms on our Websites for your queries relating to our Company's services, we process the personal data provided by you. For the above purposes, our Company processes your personal data under the lawful ground of negotiation and performance of a contract and legitimate interest.

c. Order forms

If you use the order forms on our Websites for the order of any software (trial) license, we process the personal data provided by you. For the purposes of fulfilment of your order from the side of our Company, our Company processes your personal data under the lawful ground of negotiation and performance of a contract.

d. Cookies

Our Company uses cookie files, listed below, which may contain your personal data (e.g. your IP address or the configuration of your browser and computer). Our Company uses cookies on the basis of our legitimate interest (proper operation of the Websites, statistical purposes) or your consent that you express via the cookies settings displayed to you in a banner during your first visit to our Websites.

e. Newsletter

If you subscribe to our newsletter, our Company processes your e-mail address in order to provide you with the respective news in the manner described below. Our Company processes your e-mail address for the newsletter purposes based on you consent, which you can withdraw at any time. Our Company sends newsletter for the following purposes:

1. informational bulletins;

2. segmentation forms to select the visitors who may be invited to early access stage of Company's products; and

3. invitation to early access stage of Company's products.

The Company may track your response to the newsletter sent under points 2. and 3. above.

f. AI Models

Our AI Agent apps utilizes AI models provided by OpenAI.

1. Data Shared with AI Models

We share data provided by the API providers with these AI models. This data may include personal data.

2. Purpose of Sharing Data with AI Models

The primary purpose of sharing data with AI models is to automate tasks such as updating customer data in CRM system. For example, the AI model may analyze email and, based on that data, udpate customer data in CRM system. This automation helps improve efficiency and reduce manual work of AI Agent user.

3. Usage and Impact on Users

The AI models use the shared data to perform the specific tasks. The impact on users includes increased efficiency in task execution, as well as a reduction in manual workload. However, users should be aware that data processed by AI models may be used to inform and improve future AI functionalities.

4. User Control and Opt-Out Options

Users have the option to run their own private AI models in Microsoft Azure if they prefer not to share their data with OpenAI models. This provides users with greater control over their data and the AI processes that utilize it. Instructions for setting up and using private AI models can be found in our user documentation.

5. Ensuring Responsible and Ethical Use of Data

We are committed to ensuring the responsible and ethical use of data by AI models. This includes:

  • Implementing data minimization practices to ensure only necessary data is shared.
  • Regularly reviewing and updating our data protection measures to comply with industry standards and regulations.
  • Providing transparency about how data is used and the benefits of AI automation.
  • Allowing users to opt out of data sharing with AI models and offering alternative solutions.

We continuously monitor and assess our AI models to ensure they operate within ethical guidelines and do not compromise user privacy or data security.

3. What sources do we collect your personal data from?

We collect your personal data from multiple sources:

a. Data collected from you as the data subject

We primarily collect the personal data about you that you provide voluntarily yourself (e.g.in the consent to the personal data processing) or the data that we acquire in connection with your queries, comments, requests, etc.

b. Cookies

Your personal data also come from cookies, which are small text files that are created by the web server and saved into your device through your browser. We use cookies in connection with your activity on our Websites and with other online activities. Cookies help our Company make our online services more user friendly, efficient and secure, and may also be used to implement certain user features.

c. Web analytics tools

Our Websites also use online web analytics services and social plugins for the purposes of continuously optimising the user interface and to maximise its userfriendliness. These automatically collected data are not tied to data from other sources. However, we reserve the right to back-check these data if we are notified of a specific risk of their misuse.

d. Log files

Our Company and the providers hosting our Websites use their databases to log data about each access to the server where the online presentation of our Websites is located. Hence whenever you visit our Websites, your web browser automatically sends certain information to the Websites server to enable communication between your browser and the server. This information is then saved in the so-called logfiles.

e. Google Analytics

Our Company uses the Google Analytics plugin from Google Ireland Limited, Gordon House Barrow Street Dublin 4, D04E5W5 Ireland ("Google"). The Google Analytics plugin analyses your use of our Websites as well as other online activities and connects the data generated by Google Analytics with the cookies of our Company. However, as our Company has activated the IP address anonymisation feature, your IP addressed is anonymised once the data enters the Google Analytics collection network.

You can prevent the collection of the data generated by the cookies files and their use by Google Analytics by downloading and installing the plugin available a gaoptout. For detailed information about the terms and conditions and the privacy policy please see www.google.com/analytics/terms/gb.html and https://policies.google.com/privacy.

f. Google Ads

Our company also uses Google Ads from Google, which helps us determine how effective the clicks on our ads with regard to the desired customer behaviour -- e.g. purchases, phone calls, app downloads, newsletter subscriptions, etc. For detailed information about the terms and conditions and the privacy policy please se google adds.

g. Twitter

Features of the Twitter service are integrated on our Websites. These features are offered by Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland. By using Twitter and the "Re-Tweet" function, the websites you visit will be linked to your Twitter account and made known to other users. Data is also transferred to Twitter. As the provider of our Websites, we are not aware of the content of the transmitted data and their use by Twitter. For more information, see the Twitter privacy policy.

You can change the privacy settings at Twitter in the account settings unde settings

h. Google User Data

The Superface app's use of information received, and the app's transfer of information to any other app, from Google APIs will adhere to Google API Services User Data Policy, including Limited Use Requirements.

To the extent that any data from your Google Gmail, Google Calendar, Google Drive or Google Sheets account to which you provide the Superface app access constitutes Personal Data under this Privacy Policy, it will be subject to the provisions of this Privacy Policy. Notwithstanding anything else in this Privacy Policy, if you provide the Superface app access to data from your Google Gmail, Google Calendar, Google Drive or Google Sheets account, the app's use of that data will be subject to these additional restrictions:

  • This data will be used only to provide user-facing features that are prominent in the app’s user interface.
  • This data will be transferred to others only as necessary to provide these user-facing features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.
  • This data will not be used for serving advertisements.
  • This data will be read by humans only in the following cases:
    • As part of the app's user interface, as controlled by your Superface privacy settings
    • If we obtain your affirmative agreement to view specific data from your account
    • If it is necessary for security purposes (such as investigating a bug or abuse)
    • If it is necessary to comply with applicable law
    • As necessary for internal operations, provided that the data have been aggregated and anonymized

If you are interested in the specific source of the processing of your personal data, you may use the contact details provided below to submit your query to us.

4. Recipients of your personal data

Subject to the applicable legislation, our Company transmits your personal data to third parties (recipients) for the purpose of further processing, which parties process the personal data under a data processing agreement.

In particular, the above-mentioned recipients of the personal data include the following categories of recipients:

  • entities from to the company group to which our Company belongs;
  • administrators of our Websites;
  • IT services providers and relay server operators;
  • external legal counsel and debt collection agencies;
  • social network operators;
  • marketing software providers;
  • law enforcement authorities, courts, administrative authorities where our Company is so obliged by the legislation.

5. Personal data processing period

We process personal data only for as long as the personal data are necessary for the achievement of the purpose of their processing. As soon as the purpose of the processing is achieved and there is no other purpose for which we would be authorised to process the personal data, we erase the personal data.

As regards personal data processed on the basis of your consent, we also erase your personal data if you withdraw your consent to the processing of your personal data.

If we process the personal data on the basis of legitimate interest and you object to their processing and unless there is are any prevailing legitimate grounds for the processing, your personal data will also be erased after we inform you about this fact.

6. Transfer of data to third countries

Your personal data might be also transferred to relay server operators and other IT services operators outside the European Union and the EEA countries. In such case, our Company has taken adequate measures to secure that your personal data are processed incompliance with GDPR.

7. Your rights as a data subject

As a data subject you have the following rights: i. Right to be informed ii. Right of access to personal data iii. Right to rectification iv. Right to erasure ('right to be forgotten') v. Right to restriction of processing vi. Right to data portability vii. Right to object viii. Right not to be subject to a decision based solely on automated processing, including profiling ix. The right to lodge a complaint with the Office for Personal Data Protection or other relevant supervisory authority in connection with the processing of personal data

Except for the right to submit a complaint to the Office for Personal Data Protection or other relevant supervisory authority in connection with the processing of personal data, you may exercise all the rights listed above by making a request using any manner specified below. We will inform you about the action taken on your request within one month of receipt of your request and no later than within three months of receipt of your request if that period has been extended on reasoned grounds.

a. Right to be informed

We will always use this Policy and other notice, if required, to inform you in a concise, transparent, intelligible and easily accessible manner about the processing of your personal data from the moment we obtain personal data from you. If we do not obtain personal data from you directly, we will provide you the information within a reasonable period after obtaining them, but within one month at the latest, unless the provision of such information proves impossible or would involve a disproportionate effort (e.g. we have no contact information about you).

b. Right of access to personal data

You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed. If we process your personal data, we will provide you with the information that you request or that we are required to provide by the law.

c. Right to rectification

You have the right to the rectification of any inaccurate personal data concerning you and, taking into account the purposes of the processing, to have incomplete personal data completed, including by means of providing a supplementary statement. We communicate any rectification of personal data to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. We will inform about those recipients if you request it.

d. Right to erasure / right to be forgotten

We will erase your personal data without undue delay where one of the following grounds applies: i. your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; ii. you withdraw the consent on which the processing is based and there is no other legal ground for their processing; iii. you object to the processing of your personal data and there are no overriding legitimate grounds for the processing or you object to the processing of your personal data for the purposes of direct marketing; iv. your personal data have been unlawfully processed; v. your personal data have to be erased to comply with a legal obligation under European Union or Member State law to which the Company is subjected; vi. your personal data have been collected in relation to the offer of information society services to a child.

The above does not apply to the extent that the processing of the personal data is required by applicable laws.

e. Right to restriction of processing

You have the right to restrict your personal data processing in the following cases: i. the accuracy of the personal data is contested by you; in this case, the processing is restricted for a period enabling us to verify the accuracy of the personal data; ii. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; iii. we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; iv. you have exercised your right to object the processing of the personal data; in this case, the processing is restricted until we determine whether our legitimate grounds override your legitimate interests.

As a result of restricted processing of personal data, we may continue to store the relevant personal data but they may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State. In such cases you will be informed before the restriction of processing is lifted.

f. Right to data portability

You have the right to receive your personal data processed by us provided that one of the following conditions is met: i. the personal data are processed for a specific purpose on the basis of your consent; ii. the personal data is processed by automated means; iii. if the personal data are from a special category processed for one or more specified purposes on the basis of your explicit consent; or iv. the processing of the personal data is necessary for the performance of a contract to which you are a party or in order to execute precautions accepted at your request prior to entering into a contract.

g. Right to object

As regards the processing of personal data under the legal ground of legitimate interest of our Company, you may object to the processing of your personal data on grounds relating to your particular situation described in the objection. You may object by using the contact details provided below. You have the right to object at any time to the processing of personal data for direct marketing purposes.

h. Right not to be subject to a decision based solely on automated processing, including profiling

We process your personal data with respect for your right not to be subject to a decision based solely on automated processing which significantly affects you, including profiling (i.e. any form of automated processing of personal data consisting of the use of personal data to analyse, predict or evaluate certain aspects concerning you -- e.g. your economic situation, interests, etc.).

i. Right to file a complaint

If you disagree with the way we have handled your request, you may file a complaint with the Office for Personal Data Protection (Úřad pro ochranu osobních údajů): i. by electronic means at posta@uoou.cz; ii. by phone at +420 234 665 111; or iii. in writing to Pplk. Sochora 27, 170 00 Prague 7, Czech Republic,

or with another competent supervisory authority of a Member State.

8. Exercising your rights and obtaining more information about the processing of your personal data

In order to exercise your rights specified above or make any queries regarding this Policy or the processing of your personal data, please use the following contact details:

Company contacts

  • Postal address: Superface s.r.o., Rohanské nábřeží 670/19, Karlín, 186 00 Praha 8
  • Telephone: +420 724 020 361
  • E-mail: gdpr@superface.ai

Data Protection Officer contacts

  • Name: Radek Novotný
  • E-mail: radek.novotny@superface.ai
  • Postal address: Superface s.r.o., Rohanské nábřeží 670/19, Karlín, 186 00 Praha 8

This Privacy Policy is effective as of 12.1.2024

Superface s.r.o.