Privacy Policy

Effective date: 1 January 2026 | Version: 1.0

Protecting your personal data is our priority. This document explains what data we collect, why we collect it, how we protect it, and what rights you have as a data subject under Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).

1. Data Controller

The data controller within the meaning of Article 4(7) GDPR is:

Condu s.r.o.
Business ID (IČO): 54987632
Registered in the Commercial Register of the Slovak Republic
E-mail: info@stillgame.sk

2. Personal Data We Collect

When using the STILL service, we process the following categories of personal data:

2.1 Registration Data (parent / legal guardian)

  • Email address — used as the login identifier and communication channel,
  • Display name — an optional name or nickname for personalisation.

2.2 Game Data

  • Game progress — levels, scores, achieved milestones, in-game decisions,
  • Game preferences — language settings, profile themes.

2.3 Technical Data

  • Device type — desktop/mobile/tablet (inferred from the User-Agent header),
  • Anonymous analytics data — pages visited, session duration (without IP address).

We do not collect sensitive personal data (health status, nationality, biometric data), device location, or direct personal data from children.

3. Legal Basis for Processing

We process your personal data on the following legal grounds:

  • Performance of a contract (Art. 6(1)(b) GDPR) — processing the email address and game progress is necessary to provide the service itself,
  • Legitimate interest (Art. 6(1)(f) GDPR) — anonymous analysis of user behaviour to improve game functionality. This interest does not override the interests or fundamental rights of data subjects,
  • Consent (Art. 6(1)(a) GDPR) — for marketing emails, if you have given explicit consent.

4. Purpose of Processing

We process your personal data for the following purposes:

  • providing and operating the STILL service,
  • managing the user account and authentication,
  • delivering service-related emails (confirmation email, password reset),
  • improving functionality and user experience,
  • fulfilling legal obligations.

5. Children and Personal Data

STILL is designed with child protection in mind. An account is created exclusively by a parent or legal guardian (a person over 18 years of age). We do not directly collect any personal identifying information from children.

The child's game profile is managed within the parent's account. If we learn that we have inadvertently obtained direct personal data from a child under 13, we will delete that data without delay.

6. Recipients of Personal Data

We do not sell or share your personal data with third parties for marketing purposes.

For email delivery we use the Resend service (Resend Inc., USA), which meets GDPR requirements through Standard Contractual Clauses (SCCs) in accordance with Art. 46 GDPR. Resend processes only the email address necessary to deliver a message.

The operator may be obliged to provide personal data to public authorities if required by applicable law.

7. Data Retention

  • Account data is retained for the duration of account activity and 30 days after deletion (backup period).
  • Game progress is retained for the entire lifetime of the account.
  • Anonymous analytics data is retained for a maximum of 24 months.
  • After the retention period, data is securely deleted or anonymised.

8. Your Rights

As a data subject you have the following rights under GDPR:

  • Right of access (Art. 15) — the right to obtain confirmation of whether we process your data and, if so, a copy of that data.
  • Right to rectification (Art. 16) — the right to have inaccurate or incomplete personal data corrected.
  • Right to erasure (Art. 17) — the right to request deletion of your personal data ("right to be forgotten").
  • Right to data portability (Art. 20) — the right to receive your data in a structured, commonly used format.
  • Right to object (Art. 21) — the right to object to processing based on legitimate interest.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

Send requests to exercise your rights to: info@stillgame.sk. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including communication encryption (TLS/HTTPS), password hashing (bcrypt), and regular security audits.

10. Cookies

We use only functional cookies that are essential for the operation of the service (authentication, storing language and colour theme preferences). We do not use advertising or third-party tracking cookies.

11. Supervisory Authority

You have the right to lodge a complaint with the supervisory authority:

Office for Personal Data Protection of the Slovak Republic
Hraničná 12, 820 07 Bratislava, Slovakia
Tel.: +421 2 3231 3214
Website: dataprotection.gov.sk

12. Changes to the Policy

We will notify you of material changes to this policy by email at least 14 days in advance. The current version is always available on this page.

13. Contact

info@stillgame.sk