Updated 15th July 2020.
This Privacy Notice is issued by Chaos Czech a.s., a joint-stock company incorporated under the laws of Czech Republic, seated at Karlovo namesti 288/17, 120 00 Prague, Czech Republic (hereinafter only as “we” or “us”).
We recognize the importance of protecting information collected about you and have adopted this Privacy Notice to inform you about how we process your personal data when you visit our websites or use our products, applications or services (jointly as the “services”). This Privacy Notice defines our institutional approach to personal data processing and data protection and outlines your rights and obligations related to the processing.
Some of our services may provide additional privacy terms that amend or expand provisions of this Privacy Notice. In such case, additional terms take precedence over this Privacy Notice.
This Privacy Notice is applicable in situations when we process your personal data on our own behalf. By the wording of the regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, General Data Protection Regulation (“GDPR”), it means that we act as a “Controller” in respect to your personal data. The notion of personal data is defined by the GDPR, but basically means any information relating to an identified or identifiable natural person, for example: name, date of birth, residential address, online identifiers such as IP address.
We may also process personal data on behalf of someone else, as a processor. This Privacy Notice does not apply in such situations.
We process information about you in different ways. Mainly, we obtain personal data directly from you, usually when you register to our services, register to online forums that we administer, or when we provide you services. Certain data is collected automatically, for example when you interact with our services, such as applications or websites. Additionally, we might process personal data when you register to our newsletter, participate in a survey, voting poll, or a consumer competition. In some cases, we may receive or verify information about you from third parties or public resources.
From the information you provide us, we process only personal data to the extent that is necessary for the purpose of the processing. Personal data are processed by automated means, or manually.
Apart from personal data, we collect anonymous information. We might use personal data and anonymous information to generate aggregate information. Anonymous and aggregate information do not identify you as an individual. We may share these types of information with third parties without restrictions.
We collect the following types of information:
Provided by you when you purchase a product or a service from us or when you request such product or service, whether on our websites, through applications or via our representatives, including your identification and contact information (name, surname and your job title, when you act as a representative of a legal person, or name, surname, date of birth, ID number, residential address, country of residence, phone number, email address of a natural person). If you make a direct purchase from us, we may collect accounting data related to the transaction, such as bank account number and billing address;
Information relevant to administration of licenses that you obtain from us, such as serial license number, request key and password. If you apply for a student license or another special category license on our offer, we may require a proof of your status, such as a copy of your student ID or confirmation of enrolment;
Provided to us when you create a user’s account on our websites or community forums, which may include identification information such as name, surname and/or username, country of residence, contact information and password;
Information that you post on our websites. Our websites and applications may offer chat, comments section, community environment, or other tools with non-restricted audience. Please, note that if you provide information about you when you use any of these features, that information will be publicly displayed. We do not require you to disclose your personal data publicly. We have no obligation to keep private any information that you have made available to other users or viewers. To request removal of your information from our forums or websites, please follow the rules of such forum if available, or contact us via contact details available here;
Content, communications, and other types of information you provide us when you engage with our applications, or when you communicate with us directly;
Provided when you interact with our applications and websites, such as your device identifier, IP address, user agent, websites you visited prior to coming to our website. We may use logins, Cookies, device information and IP addresses to identify you and log your use, subject to applicable laws (see more in our Cookie Notice).
Providing your personal data is voluntary, but at the same time, without some of your personal data we would not be able to deliver you products or services that you request. When the processing is permitted directly by law, we do not ask for your consent. Nevertheless, we are obliged to disclose purposes of the processing and put forward legal bases which entitle us to process personal data if such information is not evident from the processing itself.
Without your explicit consent, we process personal data when it is necessary for the performance of a contract. That is, when the personal data are needed to conclude a purchase, license, or another agreement and perform it.
Furthermore, we process personal data when we are obliged to do so directly by law, for example personal data related to financial transactions and accounting, or information provided to public bodies if requested by a court order or a similar measure.
When our or third parties’ legitimate interests are concerned, we process personal data in pursuance of such interests, unless they are overridden by your interests, fundamental rights, and freedoms. In our legitimate interests, we may process personal data to detect a fraud software and software piracy, to create anonymized data sets, perform product usage analytics, check your credit before ordering services, collect debts, send you a limited marketing communication if you are our customer, and in other circumstances to prevent a damage or mitigate a risk of loss to our property, tangible or intangible assets. If you do not agree with the processing that is based on legitimate interests, you have the right to object to it.
Beyond these limits, we may process personal data with your consent. In such circumstances, we will explain to you the purpose and extent of the processing, so you can knowingly and willingly decide to grant us your consent or not. From time to time, we may ask you to take part in surveys, consumer competitions or voting polls. Your decision not to grant us a consent will not have any negative impact on the services that we provide you or products that you have purchased.
Our primary goals in collecting your personal data are to:
When you order a product or a service from us, we collect your identification information and other transaction information in order to process your order and deliver the requested product or service. This may include steps prior to concluding (typically) the purchase, service, or license agreements, responding to your inquiries and providing you with billing information. Additionally, we may process usage data and location data to validate your identity as necessary to perform our contract with you and provide the relevant online service.
If you are our customer, we may send you payment notices, confirm registration to the user’s accounts, communicate changes to the products or services we provide you, resolve your complaints and for another, contract-related, purposes. As these communications are not marketing-related, but merely an integral part of our business relationship, you cannot opt-out of receiving them.
Identification and contact information are processed with provision of our product support services. Most of the software-related inquiries are managed through our online helpdesk forum, where end users may issue tickets and track their status. Whenever you submit a data file to support your issue (such as a render, scene, etc.), we will process it solely to resolve the relevant issue and improve our products or services. Without your direct consent, we do not transfer your data to third parties.
We keep a gallery of works created in our applications, such as renders, scenes, or videos representing both the authors and capabilities and features of our applications. Our Corona Renderer Gallery contains a collection of renders created in Corona Renderer. If you submit your work with us, we may offer to publish it in the gallery or promote it by other means. We may also wish to use it for presentation, marketing, or testing purposes. Subject to the foregoing, we will propose relevant license terms and conditions guiding such use of your works.
If you are our customer, we are entitled to address you by email or postal address even without your explicit consent, in order to inform you about offers of our products and services which are similar or relate to the products or services that you have already purchased from us (for example, new versions of applications, plugins or software packages, webinars, seminars and events). We may ask for your feedback regarding products or services that you purchased or webinar, seminar, or another event that you attended. You are entitled to unsubscribe from this form of communication through unsubscription link provided in each such communication, or directly by contacting us using the contact details available here.
We may anonymize personal data to create anonymized data sets, which could then be used to improve our products and services or products and services of our affiliates and partners.
We may process usage data, location data, identification, and contact information to detect, prevent or otherwise address fraud software and software privacy. We also check the validity of the license during the term of your service. We do this not only to protect our rights, but also third parties’ and your rights and legitimate interests.
Some functions on our websites (such as comments section of our community forums and weblogs) may be accessible only for registered users. Registration process requires you to fill in certain identification and contact information to create a user’s account. We process the data in order to enable and provide the services.
Apart from the mandatory personal data on the registration forms, you may be allowed to personalize your user profile by adding voluntary information to your user profile, such as profile image or additional contact information. While disclosing additional personal data on your user profile may help to improve your communication with other users or even promote your online profile, be aware that we are not liable for any misuse of your personal data in such cases. All the data not expressly required to be filled in shall be considered within this category.
We may offer you an opportunity to perform a benchmark test via our software, such as Corona Benchmark. Corona Benchmark is a free to use, standalone application developed by us to measure the computation speed of your computer. When you perform the test, we process data necessary in order to run benchmark, such as usage data (IP address, hardware information, application version). Additionally, you may decide to publish your results on our website alongside your username. Performing a benchmark and publishing your personal data is voluntary.
From time to time, we may ask you to participate in a survey, consumer competition or a voting poll. Participation in such activities is voluntary. Unless stated otherwise by terms and conditions of such activity, we will process personal data solely to the extent that is necessary to go ahead with such activity pursuant to its purpose. Certain personal data such as contact details may be required in this context to register to vote or o take part in a survey. No personal data will be disclosed to other participants or to the public unless agreed otherwise.
If you wish to keep up with the latest product features, be informed about new products or services, and see special offers, you are welcome to sign up to our newsletter. If you change your mind, you may easily unsubscribe at any time, by clicking to the unsubscription link contained in each newsletter. You can find the newsletter subscription form on our websites.
The subscription form determines what personal data are processed in order to deliver newsletters. When subscribing, we store your IP address, as well as the date and time of the registration. Before the registration process is completed, we will verify the validity of your email address. Unless the registration process for the newsletter is successfully completed, we will not use your email address for any other reasons than the verification of its validity.
In order to support our ongoing development efforts and provide you with a better user experience we may collect IP address and non-personal technical data about the way you use our products. This is sometimes called “Product Usage Analytics”.
By collecting the data we can, for example:
You can opt-out of product usage data collection at any time directly via the Preferences menu within our applications;
The categories of non-personal data that we collect consist of:
You can save the exact list of the non-personal data being transferred to us into a file using a special tool from within our applications. This tool can be accessed through the Preferences menu.
The data is transferred to our servers through the network by encrypted means. Obtaining your IP address is necessary to establish connection with our servers. For statistical purposes, we deduce country and city where the IP originates. We do not try to trace your exact geolocation from the IP address, nor do we make attempts to match the IP address with other data we may have about you (for example the data you give us when you buy a license).
If you apply for a vacancy in our company, we collect and process your personal data during the recruitment procedure. Generally, we will need to know your name, surname, gender, contact details (email address, phone number), details of your qualifications, skills, experience, and employment history. We also process additional information that you include in your CV or complementary documentation. If you are a foreigner, we may ask for information about your entitlement to work in the country. We process your personal data only in relation to the job vacancy that you applied for.
We may ask for your consent with keeping your personal data in our database in order to consider you for relevant vacancies that may be opened in the future and contact you with an offer if we think that you might be interested. The consent is valid for three years, unless expressly agreed otherwise. You have a right to withdraw from the consent anytime.
Unless you have agreed that we may keep your personal data for future vacancies, we will remove your personal data from our database, along with submitted documents in a reasonable time after the vacancy has been filled. Nevertheless, some personal data (such as name, surname, date of birth, state of residence/address, education, and employment history) could be integrated to the reports that have been put together during the evaluation procedure in order to choose the right candidate. We keep these reports to protect our rights and interests against any claims or administrative inspections for the limitation periods.
You are always entitled to know what personal data we process about you. For more information on your rights, go here.
We will not share your personal data outside of our company except in limited circumstances, including:
In certain circumstances, we may ask for your consent with transfer of your personal data to third parties, or you may directly instruct us to share the personal data with a selected third parties. This includes situations when we wish to share your data for marketing campaigns, or when you direct us to share your personal data with third-party websites or social network platforms.
We use third-party service providers, who assist us in course of our business activities, especially in providing the services to you. Without these sub-processors, it might not be possible for us to provide you the services in the expected quality or quantity. Sub-processors process your personal data on our behalf, only in the scope and for the purposes determined by us or required by law. We make sure that we cooperate only with reputable sub-processors whose privacy policies meet statutory regulations and our own data protection standards, so we can ensure appropriate level of protection of your personal data irrespective of whether we use sub-processors or not.
We use the following categories of sub-processors:
The information collected about you may be accessed by or shared with members of Chaos Group, who may perform administration, cloud storage, product support, accounting, marketing, or similar activities on our behalf.
We may share your personal data with law enforcement officials, government agencies, or other authorities when necessary to comply with legal process or regulation or to meet national security requirements.
We may disclose personal data when we believe it is necessary to respond to claims asserted against us, enforce or administer our agreements and terms, for fraud prevention, risk assessment, and to protect the rights, property or safety of us, our business partners, or customers.
We engage with resellers who sell our products and services. Resellers act in their own name and under their own responsibility when reselling our products and services.
We use an e-commerce platform to sell and deliver our products, which is provided by Bright Market, LLC d/b/a FastSpring, seated at 801 Garden Street, Santa Barbara, California 93101, United States (“FastSpring”). FastSpring’s technology provides (among other things) payment processing, billing, taxation, and subscription management solution.
FastSpring acts in its own name and is responsible for administrative and financial tasks that come with the online purchase and delivery of our products. FastSpring operates a retail store which is accessible from our websites via a link. The retail store is co-branded with FastSpring’s branding.
Please, note that when you buy a product or service from a reseller or FastSpring, we are not party to the purchase agreement of such a product or service. We do, however, keep all intellectual property rights to our products and services.
In connection with your purchase of a product or service through the reseller or FastSpring, we may receive some of your contact and identification information, especially in order to enable you access to the purchased products or services, to register and activate products or services, and to facilitate product support and after-sales service. We do not have access to payment details such as bank account numbers, credit card information and online payment details.
The privacy policies of our resellers and FastSpring govern how those parties use and protect your personal data. FastSpring’s privacy statement is available here: https://fastspring.com/privacy/. To see more about FastSpring’s e-commerce platform, click here: https://fastspring.com/platform-overview/.
Our websites may contain links to third-party websites and services. Please remember that when you use a link to go from our websites to other websites or you request a service from a third party, this Privacy Notice no longer applies to these third-party websites and third-party service providers unless we are acting as joint controllers in respect of your personal data with such third party. Your browsing and interaction on any other websites, or your dealings with any other service provider, is subject to that service provider’s own rules and policies. We do not monitor, control, or endorse the privacy practices of any third parties.
Our websites may integrate with social networking services. You understand that we do not control such services and are not liable for the way in which they operate. While we may provide you with the ability to use such services in connection with our websites, we are doing so merely as an accommodation.
We keep your personal data only for the period that is necessary in respect to the purpose of the processing. Typically, we keep personal data for the length of any contractual relationship and after the end of the relationship until the expiry of the limitation periods, in order to protect us from legal claims and administer our business. Certain personal data are kept in order to fulfil regulatory obligations, in that case, processing periods are determined by statutory obligations.
When we no longer need to use personal data, we will delete them from our systems and records or take steps to anonymize the data.
You have the right to obtain confirmation that we process personal data about you. If we, indeed, process personal data about you, you have the right to access the personal data, including relevant information about the processing, such as purposes and period of the processing, source of the personal data and, if we disclose the personal data to third parties, categories of the recipients.
You have the right to correct and update inaccurate personal data that we hold about you. Taking into consideration the purposes of the processing, you may also ask us to have incomplete personal data about you completed.
You have the right to request that we delete your personal data without undue delay in certain circumstances, such as (a) when the data is no longer necessary for the purpose for which it was originally collected, (b) when you have withdrawn your consent on which the processing is based and there is no other legal ground for the processing, (c) when you have objected to the processing based on our or third-party legitimate interest and there are no overriding legitimate grounds for the processing, or (d) generally, when there is a provision of law prohibiting us to carry on with the processing.
You have the right to object to the processing of your personal data including profiling, which is based on our legitimate interests or legitimate interests of third parties. Unless we demonstrate in response to your objection compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims, we shall no longer process the personal data.
Where we process personal data for direct marketing purposes, you have the right to object to the processing of your personal data for such purpose, including profiling based on this ground. After receiving your objection, we shall no longer process your personal data for the direct marketing purposes.
When you (a) have objected to our use of personal data, but it is necessary to verify whether we have overriding legitimate grounds to use them, or (b) when you have contested the accuracy of your personal data, for a period enabling us to verify the accuracy, or (c) the processing is unlawful but you decide to request restriction instead of erasure, or (d) when we no longer need the personal data for the purposes of processing, but you require us to keep them for the establishment, exercise or defense of your legal claims, you have the right to request restriction of the processing.
Restriction of the processing means that after receiving your objection and until the restriction is lifted, we are not entitled to process your personal data for other purposes than establishment, exercise, or defense of legal claims, otherwise only with your consent.
Right of data portability applies solely to the personal data that are processed by automated means based on your consent or on the grounds of performance of a contract. In respect to such personal data, you have the right to receive them in a structured, commonly used and machine-readable format. Where technically feasible, you shall have the right to have the personal data transmitted directly from one controller to another.
If the processing is based on your consent, you are entitled to withdraw your consent at any time. After we receive your withdrawal, we will cease the processing which was based on your consent. Please, be advised that sometimes we process personal data for more purposes and withdrawing your consent is without prejudice to the processing of your personal data which is not based on your consent.
In order to protect your personal data from loss, unauthorized use, access, or disclosure, we implement reasonable technical, administrative and physical measures. Access to your personal data is restricted only to employees or authorized third parties who need to know that information in order to perform their designated tasks. We have implemented internal procedures guarding data processing in our company. Third parties processing personal data on our behalf are contractually bound to protect personal data in similar ways to us and to treat them confidentially
We do not engage in automated decision-making or profiling.
Our websites and services are not intended to be used by children. We do not knowingly process personal data of children without appropriate parental or guardian consent. If you believe we may have collected personal data from someone under the applicable age of consent in your country without proper consent, please let us know using the contact details available here.
If you have any questions about this Privacy Notice, any concerns or complaints regarding personal data processing or wish to report a possible breach of your privacy, please send us an email, or write us using the contact information below.
Chaos Czech a.s.
Karlovo namesti 288/17
120 00 Prague
Czech Republic
If you have any complaint or concerns regarding how we process your personal data, or if you want to report a breach of your personal data, you can contact us through the contact details available here.
We will aim to ensure that your complaint is resolved in timely and appropriate manner.
If you are not satisfied with our answer or proposed solution, you have a right to submit your complaint with our supervisory body, which is The Office for personal data protection, Pplk. Sochora 27, 170 00 Prague, Czech Republic, (www.uoou.cz).
We may update this Privacy Notice from time to time. If we do so, we will post the revised version here, with an updated revision date. If we make material changes to our Privacy Notice, we may also notify you by other means prior to the changes taking effect, such as by posting a notice on our websites or sending you a notification.
© Chaos Czech a.s. 2021. All rights reserved.
