Privacy policy

Introduction and Controller Details

Welcome to the Privacy Policy of SavageTech GmbH (“SavageTech”,”we”,”us”), SavageTech GmbH is a company registered in Germany (HRB 263395 B) with its registered office at Sandhauser Straße 1, 13505 Berlin. We are committed to protecting your personal data and handling it in compliance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, GDPR). This Privacy Policy explains how we collect, use, and protect personal data when you visit our website (https://savagetech.gg) or use our Savage Overlay gamification service, and it outlines your rights under the GDPR. For any privacy-related inquiries or requests, you can contact us at info@savagetech.gg.

Data Collection on our Website

When you browse our public website, we do not collect any personal data unless you choose to provide it. We do not use any cookies for analytics or tracking, and we do not utilize services like Google Analytics or other marketing trackers. Our site is designed to protect your privacy by not profiling or monitoring visitor’s behavior. We only process the minimum technical information necessary to serve the website (such as your IP address and browser information in server logs) for legitimate interests of IT security and performance; such technical logs are used solely for maintaining and securing the site and are periodically deleted. We do not attempt to identify visitors from this data, and no personal profiling is performed.

Aside from the scheduling feature described below, our website does not ask you to enter personal information. Simply viewing our site will typically not require you to provide any personal data, and we do not gather personal identifiers about you in the process.

SavageTech's website does not include third-party analytics scripts, advertising trackers, or social media tags. We do not use cookies beyond those that might be essential for basic functionality.

Appointment Scheduling via Calendly

Our website provides an option for you to book a meeting or demo with us via Calendly. If you choose to schedule a meeting using the Calendly Overlay on our site, you will be voluntarily providing personal data in order to set up that appointment. SavageTech itself does not collect this data directly; instead, the information is collected and processed by the Calendly service on our behalf.

Through the Calendly booking form, you will be asked to enter certain details so we can schedule and prepare for the meeting. This typically includes:

Name
Email address
Company and/or Brand
Role/Title
Preferred meeting data and time

You may optionally provide any additional information relevant to the meeting when booking. Providing such additional information is completely voluntary. The above information is the only personal data our website requests, and it is used exclusively for scheduling and preparing for your meeting.

The information you enter for appointment is transmitted directly to Calendly, which organizes our meeting calendar. Calendly stores this data for us and makes it available to SvageTech’s team members who will meet with you. We will use your provided name and email to send you meeting confirmation, reminders, or follow-up information regarding the scheduled meeting. We do not use the data from Calendly for any marketing or unrelated purposes.

Calendly is a third-party scheduling platform provided by Calendly, LLC, based at 1315 Peachtree St NE, Atlanta, GA 30309, USA. When you input your data into the scheduling form, that data is stored on Calendly’s secure servers, not on our website. Calendly acts as a data processor on our behalf for this appointment service, meaning they only process your data under our instructions to facilitate the scheduling. We have entered into a Data Processing Agreement (DPA) with Calendly to ensure your data protection and security measures. This DPA includes the European Comission’s Standard Contractual Clauses (SCC) to legally safeguard any transfer of your data to Calendly’s servers in the USA.

When you provide your information to schedule a meeting, the processing of that personal data is necessary to take steps at your request prior to entering into a contract, per Art 6 I Lit. b GDPR. You are asking us to set up a meeting, and we need to use your data to arrange and honor that request. If you do not provide this information, we would be unable to schedule the meeting. In some cases, we may also rely on legitimate interest as per Art. 6 I lit. f GDPR as a basis – our legitimate interest in communicating with potential clients or partners – but only insofar as such interest is not overridden by your rights. Given that you actively choose to submit this data for scheduling, the primary basis remains the performance of the meeting request, Art. 6 I lit. b.

We do not share the Calendly appointment data with any third parties beyond Calendly itself. Within SavageTech, only relevant staff will access your information, and solely for the purpose of the meeting. We will not add you to any mailing list or send you marketing material just because you booked a meeting. After the meeting, we may retain minimal information about the meeting (see Data Retention below), but we will not use it for unrelated purposes.

Using Calendly is optional – if you prefer not to use the Calendly scheduling tool or do not wish to provide the above information, you may contact us directly (for example, via email at info@savagetech.gg) to arrange a meeting or ask questions.

Use of the Savage Overlay as Gamification Service

We provide a gamification overlay service (the “Savage Overlay”) which is integrated into online casino platforms to enhance user engagement. SavageTech generally acts as a data processor (within the meaning of Article 28 GDPR) on behalf of the casino operator, who remains the primary controller of all player data related to the gaming account. For this purpose, SavageTech has concluded a Data Processing Agreement with each casino operator.

However, because you also agree to our Enduser Terms when using the Overlay, SavageTech and the casino operator may, for certain pseudonymized overlay data, act as joint controllers pursuant to Article 26 GDPR. In this limited scope, both parties share responsibility for safeguarding your data and ensuring compliance with applicable data protection laws.

If you are a player using the Savage Overlay while playing on a participating casino, this section explains how personal data is handled in that context. Importantly, SavageTech acts solely as the technical service provider for the Overlay, and the casino operator maintains control over your core account and gaming data. In practice, this means the casino operator is the primary controller of your personal data related to your gambling activities, and SavageTech only processes pseudonymized data necessary to run the overlay’s features.

When you participate in the Overlay, we do not receive any directly identifying personal information such as your real name, address, or casino account details from the operator. The data we process is limited to what is necessary for the gamification functionality and is pseudonymized to protect your identity. This typically includes:

A unique user identifier like a coded ID or token that represents you in our system without revealing your identity.

Gameplay/interaction events related to the Overlay, such as when you place a wager, when you level up, earn “Savage Coins”, unlock achievements etc. For example, the Overlay will receive data about the bets you place only in quantitative terms (e.g. wager amount, game ID) in order to calculate your gamification progress, award virtual points or items, and trigger Overlay events. We do not receive or store details of your financial transactions beyond what’s needed for the game-like calculations – for instance, the Overlay might know that you bet a certain amount at a certain time (to calculate “damage” to a monster), but your actual casino bets and outcomes remain within the casino’s systems. Your real money gambling data (bets, wins/losses, balances) remains with the casino operator and is not collected by SavageTech.

This includes your in-game statistics and status within the Overlay – e.g. your current level, points (Savage Coins) balance, achievements, inventory of virtual items, leaderboard ranking, etc. These are generated as part of the Overlay experience. None of this information reveals your real-world identity; it is tied only to your pseudonymous user ID.

When the Overlay runs, certain technical information like device/browser type or session IDs may be processed temporarily to ensure the service works properly. This is analogous to how any online service functions, and we handle such data under our legitimate interest to keep the Overlay secure and functional. We do not use this for profiling – it’s just used for delivering the service (for example, making sure the overlay content displays correctly in your browser or resolving technical issues).

We process the above data exclusively to operate and provide the gamification features of the Overlay to you. In practice, this means using the pseudonymized data to update your progress, administer the overlay’s game logic, and provide you with an engaging experience as you play. SavageTech is only the technical facilitator - we provide the software layer that sits on top of the casino’s platform. We do not use Overlay data for any independent marketing or analysis of individual players. The data is not used to make decisions about you outside of the Overlay context. All in-game rewards and points are virtual and for entertainment purposes only, as described in our Enduser Terms. We do not profile users beyond the necessary calculations of the game mechanics, and no automated decisions producing legal or significant effects are made about you - the overlay might automatically level you up or grant a virtual prize based on predefined criteria, but these have no real-word impact on your rights of finances.

The Overlay is offered to you by your casino operator in partnership with SavageTech. In data protection terms, the casino operator remains responsible for your overall user account and gambling data, and likely acts as the primary data controller for any personal information involved in your gaming. SavageTech operates under contract with the casino and, for the overlay data we handle, we may function as a data processor on behalf of the casino. However, since you also explicitly agree to our Enduser Terms when using the Overlay, SavageTech can be seen as a joint controller for the limited pseudonymized data we process. We want to reassure you that all sensitive personal and financial data about your casino play stays with the casino - SavageTech never receives your real name, address, payment information, or any government-issued IDs or documents from the operator. We also do not receive raw gameplay data beyond what’s needed for the Overlay. The casino essentially sends us just enough data points to run the overlay game logic, and those data points are tagged only with your pseudonymous user ID.

Given this setup, SavageTech cannot readily identify you personally from the data we process in the Overlay - we do not know your name or contact info when you’re playing via pseudonym. If needed, the casino operator could potentially link the pseudonymous Overlay ID back to your casino account (since they generated it), but that mapping is not available to SavageTech. This means that, from our perspective, your overlay data is highly protected and treated in a way that minimizes privacy impact.

We do not share the overlay usage data with any third parties outside of the casino-operating context. The data is used internally by our overlay system and is also available to the casino operator (since they have oversight of the gamification program for their players). For example, the operator can see your levels or rewards to manage promotions, but this is part of their own platform’s integration. SavageTech does not sell or transfer overlay data to advertisers or any unrelated parties. We may compile aggregated statistics (e.g. overall usage metrics) to improve our service or report to the operator on performance, but these aggregates contain no information that identifies any individual player.

The data processing for the Overlay is necessary for the performance of a contract. When you choose to participate in the Overlay, a contractual relationship is established for providing you the overlay service. We process your data to fulfill our obligations under that contract - namely, to provide the gamification features as promised. Additionally, the casino operator has a legitimate interest Art 6 I Lit. f GDPR in offering this gamification feature to enhance user experience, and SavageTech has a legitimate interest in processing the data to ensure the Overlay functions correctly as a technical service. These legitimate interests align with your interests in using a fun overlay feature, and we ensure that processing is done in a proportionate, privacy-preserving way.

If you decide you no longer want to participate in the Overlay, you are free to stop using the gamification feature. You may opt–out the Overlay anytime.

Both SavageTech and the casino operator implement appropriate technical and organizational measures to protect the data involved in the Overlay. Pseudonymizing the data is one such measure – it ensures that even if someone accessed our overlay databases, they could not easily tie the records back to an individual’s real identity without information held by the casino.

Data Retention and Storage

We only keep personal data for as long as necessary to fulfill the purposes described in this policy, and in accordance with applicable laws and contractual obligations. This section explains how long your data is stored and where.

Calendly appointment Data

If you schedule a meeting via Calendly, the personal data you submit (name, email, etc. for the appointment) is stored on Calendly’s systems. SavageTech does not separately download or store this information outside Calendly’s platform, except perhaps in our Email or calendar system in the form of the meeting invite itself. Calendly retains the data in your account (and our account) as part of the scheduling records. According to Calendly’s policies, personal data is kept only as long as reasonably necessary to provide the service and for related legitimate purposes. In general, this means your scheduling information will remain in our Calendly dashboard and calendar until it is no longer needed – for example, if the meeting has passed and we have no further need for the information, we may delete the event and associated data. You may also request us to delete your appointment information after the meeting; we will then remove it from Calendly (to the extent possible) and/or instruct Calendly to delete it via their system. Calendly’s default data retention practices (as a data processor) will also apply – for more details, you can refer to Calendly’s Privacy Notice which states that they retain personal data only as long as necessary to fulfill the purposes for which it was collected or as required by law.

We emphasize that we do not keep Calendly-derived personal data indefinitely. If you had a meeting with us, we might retain basic contact information (e.g. your name, email) in our business records or CRM to follow up on the business relationship, but only if relevant and lawful (for instance, if you become a customer or partner, we’ll handle your info under those contexts). Otherwise, if the meeting was a one-off and doesn’t lead to further business, we will not use your data for any ongoing purpose. Any calendaring emails or invites in our email system will typically be archived or deleted in line with our email retention routine.

Overlay Data

We host and store overlay data primarily within the European Union using trusted cloud providers. However, some of our service providers may process or access data from outside the EU. In such cases, we ensure that appropriate safeguards are in place, including the use of Standard Contractual Clauses (SCCs) as approved by the European Commission, and supplementary measures where necessary, to ensure your data receives an adequate level of protection in accordance with the GDPR.

In providing the Overlay, we rely on reputable infrastructure providers such as MongoDB Atlas, Hetzner GmbH and Microsoft Azure.

With all external technical providers, SavageTech has concluded Data Processing Agreements under Article 28 GDPR to ensure that they process personal data exclusively on our behalf, follow our documented instructions, and maintain appropriate security and confidentiality safeguards.

Furthermore, if SavageTech’s contract with the casino operator ends (for instance, the casino no longer uses our overlay), we either return all player overlay data to the operator or securely delete it, according to the terms of our Data Processing Agreement with that operator. We do not retain overlay personal data indefinitely or for longer than necessary. Any data that must be kept for a certain time (e.g. for resolving disputes or complying with minimum record-keeping obligations) will be retained only for that duration and then deleted. For example, our contract might require that we retain certain logs for X months for audit purposes – but after that period, those logs would be erased or fully anonymized.

Storage Security

All personal data we store, whether via Calendly or in our overlay databases) is protected with appropriate security measures. Calendly stores data in reputable cloud servers and implements security and encryption measures. SavageTech’s service providers involved in hosting or storage are bound by confidentiality and security obligations as well.

International Data Transfers

SavageTech is based in Germany and, whenever possible, we store and process data within the European Economic Area. However, some of the services we use entail international data transfers:

Calendly (USA): As noted, if you schedule a meeting, your data will be transferred to Calendly’s servers in the United States. The United States are currently not covered by an EU adequacy decision, so to protect your data during such transfers, we rely on the Standard Contractual Clauses (SCCs) as approved by the European Commission. Calendly’s DPA incorporates these SCC, committing Calendly to uphold EU privacy standards even when data is stored in the US. This means your scheduling data receives a level of protection essentially equivalent to EU standards, despite being processed in the US. In addition, Calendly has implemented supplementary measures and maintains a high level of security. You can review Calendly’s data protection terms on their website.

Overlay data transfers: Our overlay service generally does not involve data transfers outside the EEA, since we aim to host data in the region. In cases where the casino operator or our infrastructure for the overlay is located outside the EEA (for example, if we use a cloud server or a backup in a third country, or if a casino partner is in a non-EU country), we will ensure that appropriate safeguards are in place. Typically, this again would mean using SCC or operating under an adequacy decision. For instance, if we ever needed to transfer pseudonymized overlay data to a server in the US or another country, we would implement SCCs with the relevant data processor or ensure the recipient is certified under a recognized framework that grants adequate protection. As of the date of this Policy, we do not routinely transfer overlay personal data outside of EU-hosted systems. If that changes, we will update this Policy and, if required, seek consent or provide additional notice.

In all cases, we comply with the GDPR requirements for international data transfers. Our goal is to ensure your personal information is protected no matter where in the world it is processed. If you have questions about international transfer mechanisms or want to obtain a copy of the relevant safeguards, feel free to contact us.

Your Rights under GDPR

As a data subject in the EU, you have various rights regarding your personal data. SavageTech respects and upholds these rights. Below is a summary of your core data subject rights:

Right of Access (Art 15 GDPR): You have the right to obtain confirmation whether we are processing your personal data, and if so, to request a copy of the data we hold about you, as well as information on how we use it. This allows you to understand and verify the lawfulness of our processing. We will provide you with a copy of your personal data undergoing processing upon request.

Right to Rectification (Art 16 GDPR): If you believe that any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or update it without undue delay.

Right to Erasure (“Right to be Forgotten”, Art. 17 GDPR): You have the right to request that we delete your personal data in certain circumstances. This right is not absolute, but you can exercise it, for example, if the data is no longer needed for the purposes it was collected, or if you withdraw consent and there is no other legal ground for processing, or if you object to processing and we have no overriding legitimate grounds to continue.

Right to Restriction Processing (Art. 18 GDPR): In certain situations, you can ask us to restrict (pause) the processing of your personal data. This could apply if you contest the accuracy of the data, or if the processing is unlawful but you prefer restriction to erasure, or if we no longer need the data but you need it for establishment or defense of legal claims, or if you have objected to processing. During a restriction period, we will store your data securely and not actively process it.

Right to Data Portability (Art. 20 GDPR): You have the right to receive the personal data you have provided to us in a structured, commonly used, machine-readable format, and to have that data transmitted to another controller where technically feasible. This typically applies to data processed by automated means under consent or contract. In our context, data portability might be most relevant to Calendly appointment data: if you wanted the info you gave us (name, contact, etc.) in a portable form, we can export that for you. For the overlay, since the data is pseudonymized and tied to a particular casino environment, portability is less straightforward; however, if you request it, we will do our best to provide your overlay stats in a suitable format. Note that portability does not mean we delete your data; it’s about you obtaining a copy to reuse elsewhere. Also, it specifically covers data you provided to us (directly or through your actions) – it might not cover derived data or data that isn’t personally identified.

Right to Object (Art. 21 GDPR): You have the right to object to our processing of your personal data at any time when the processing is based on our legitimate interests. 6 I Lit. f GDPR for a task in the public interest Art. 6 I Lit. e GDPR, including profiling based on those grounds.If you object and we cannot demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, we will cease the processing of your data for those purposes. In context, you may object to our use of your data in the overlay (which we process under legitimate interest/contract) – for example, if you feel our gamification processing impacts you and you want it stopped, or object to any analytics (though we don’t do tracking analytics). You can also object to any direct marketing, though currently we do not process your data for marketing without consent. If you raise an objection, we will review it seriously. In cases where our processing is based on compelling grounds (or legal claims), we may continue, but we will inform you of that decision. Otherwise, we will honor your objection and, for instance, not process your data further in the manner to which you objected.

Right to Withdraw Consent (Art 7 III GDPR): In the event we rely on consent for any processing (for example, if in the future we ask for your consent to use certain cookies or to send a newsletter), you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing that occurred before you withdrew, but once withdrawn, we will stop the processing that was based on consent. Currently, our website processing is not based on consent (as we do not collect data by default, and for Calendly/Overlay we rely on contract or legitimate interests), but if, for example, you gave consent for a particular optional feature, you can revoke it at any time by contacting us or using any provided opt-out mechanism.

Right to Lodge a Complaint (Art. 77 GDPR): If you believe your data protection rights have been violated by us, you have the right to file a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or where the alleged infringement occurred. For example, you may choose to contact the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz), which is the supervisory authority relevant for our German headquarters. Alternatively, you can reach out to your local Data Protection Authority. We would, however, appreciate the chance to address your concerns directly before you do this – so please consider contacting us first so we can try to resolve the issue amicably.

Our services are intended exclusively for adults (18 years and older). We do not knowingly collect or solicit personal data from minors. If you are under 18 years old, please do not use the Overlay or submit any personal information to us. Should we become aware that we have inadvertently received personal data from a minor without verified parental consent, we will delete such data without delay.

Parents or guardians who believe that their child’s data may have been provided to us are encouraged to contact us so we can remove it promptly.

We will not charge you for exercising these rights (all requests are generally free of charge), and we will respond to legitimate requests without undue delay and within one month as required by GDPR (this timeframe may be extended by two further months for complex requests, but we will inform you if that is the case). To protect your privacy, we might need to verify your identity before fulfilling certain requests (to ensure that we don’t disclose or delete data to the wrong person). If you are making a request via the casino operator (for overlay data), we might work with them to correctly identify you since, as noted, our overlay data may not contain your direct identifiers.

To exercise any of your rights, you can contact us at Info@SavageTech.gg. Please clearly state what right you wish to exercise and provide relevant details.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or the way your personal data is handled by SavageTech, please do not hesitate to reach out:

Email: Info@SavageTech.gg

Postal Mail: SavageTech GmbH, Sandhauser Straße 1, 13505 Berlin

We take your privacy inquiries seriously and will reply as promptly as we can – typically within a few business days. If you contact us to exercise your GDPR rights (as outlined above), we may ask you to verify your identity or provide additional information to process your request, as a security measure.

Updates to this Privacy Policy

We may update or revise this Privacy Policy from time to time, in example to reflect changes in our services or to ensure compliance with new legal requirements. When we make changes, we will post the update Policy on our website at SavageTech.gg/privacy and update the “Last Update” date on the top. If changes are significant, we may also provide a more prominent notice. We encourage you to review this Policy periodically to stay informed about how we are protecting your information. Your continued use of our website or Overlay service after any modifications or indicates your acceptance of the updated terms.

Governing Law and Jurisdiction

This Privacy Policy, and any disputes arising out of or related to it, shall be governed by the laws of Germany. SavageTech is a German company and we operate under German data protection law in conjunction with EU GDPR. By using our website or services, you acknowledge that any privacy or data protection disputes will be resolved under German law. Any claims or proceedings concerning this Policy or our handling of personal data shall be brought before the competent courts of Berlin, Germany, unless otherwise required by applicable consumer protection or data protection laws.

Thank you for reading our Privacy Policy. We value your trust and are dedicated to safeguarding your privacy. If you have any questions or need further clarification, please contact us at Info@SavageTech.gg.