Customer and Marketing Database Privacy Statement
Hublet Oy (”Hublet”, “we” or “us”) respects your privacy and is dedicated to protecting the privacy of persons (“you”) using Hublet’s webpages and all services provided by Hublet (“Services”).
Personal data, data subject, controller and other key terms are defined in the General Data Protection Regulation (2016/679, “GDPR”). Hublet complies with the GDPR in all processing of personal data in conjunction with other applicable national data protection legislation (“data protection legislation”). We are committed to protecting the privacy of data subjects and to complying with the GDPR, applicable data protection laws and other applicable national laws.
1. Who we are – “Controller” Contact Information
Business ID: 2631894-9
Address: Itälahdenkatu 22 B, 00210 Helsinki, Finland
Website address: https://gethublet.com
2. Legal Basis and Purpose of the Processing of Personal Data
We process personal data only for necessary purposes, as set out below. We process personal data in accordance with the applicable data protection legislation. The legal basis for the processing of your personal data is, where not stated otherwise or another legal basis is otherwise applicable, the performance of providing our Services to you. We can also process your personal data where we have a legitimate interest to do so, such as for marketing purposes. Where we rely on legitimate interests as a reason and legal basis for processing personal data, we have considered whether or not those interests are overridden by the rights and freedoms of the data subjects and we have concluded that they are not.
Where the processing is such that your consent is required by the applicable legislation, we will state so and obtain your consent, and this will be the legal basis for the processing. However, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. If such withdrawal means that we are no longer able to provide the Services to you, we may cease to provide the Services.
Personal data will be processed for the following purposes:
- Customer service and communication
- Provision, design and development of the Services
- Measuring customer satisfaction
- Marketing, including market research, other marketing promotion and analysis, and the production of statistics and the measurement of marketing effectiveness
- Improving the user experience of our Services and tracking user traffic
- Handling inquiries related to Services
- Prevention of abuse
3. Personal Data Processed and Sources of Information
While the provisioning of certain personal data is necessary for the use of our services, certain personal data is provided voluntarily. Personal data may be updated and supplemented by collecting data from private and public sources, such as commercially available directories and websites.
Personal data and non-personal data are collected directly from you, such as through registration or by logging the activities in the Services. This data may include:
|Category of personal data||Examples of information content|
|Customer information: Information gathered at registration*||Name, email address, payment information and other customer-identifying information.|
|Technical behavioural data and identification data||Monitoring the data subject’s web behaviour and use of Services, for example by means of cookies or similar technical identification data. Examples of data that can be collected include unique device identifiers, IP addresses, device software version numbers and identifiers, and rough location information via GPS, IP address or mobile networks.|
|Rights management of the data subject, such as consents and prohibitions||Marketing prohibitions and consents. Communication and measures relating to the rights of the data subject (see the rights of the data subject below).|
|Other (additional) information provided voluntarily||Preferences related to the contract or marketing / marketing event. Other additional information provided in contacts or appointments.|
*sections thus marked are necessary to provide the Services and fulfil legal obligations. Furthermore, the blocking or the non-provisioning of certain personal data may affect the proper functioning of the Services or Hublet may not be able to provide the Services if said data is not provided.
If you do not provide Hublet the required information, this may mean that We are not able to provide the Services to you, perform the contract necessary for the provisioning of the Services or to comply with Hublet’s legal obligations.
In addition to personal data, Hublet will collect non-personal data relating to you. This information includes either anonymous or anonymized data or data linked to personal data that is generated during the use of the Services, such as actions in the Services and access times.
4. Retention of Personal Data
|Personal Data||Retention period or criteria used to determine the period|
|Information you give to us||As long as necessary to fulfill the purpose personal data has been gathered for or as required by applicable laws.|
|Technically gathered data||As long as necessary to fulfill the purpose personal data has been gathered for or as required by applicable laws.|
5. Recipients of Personal Data
The personal data may also be disclosed to third parties if required under any applicable law or regulation or order by competent authorities, and to investigate possible infringing use of the services as well as to ensure the safety of the Services. In addition, personal data may have to be disclosed in connection with legal proceedings or for similar dispute resolution purposes.
Hublet may use a variety of service providers and other partners to process data, such as IT-services, Customer Relationship Management services, and Analytics services. The third parties may change. These third parties process information only on behalf of and for the benefit of Hublet.
Some of the services used by Hublet for processing personal data may operate outside the territory of the European Union (EU) or the European Economic Area (EEA). Thus, personal data can be transferred regularly outside the EU and the EEA. In case personal data is transferred outside EU/EEA, such transfers are either made to a country that is deemed to provide a sufficient level of privacy protection by the European Commission or transfers are carried out by using appropriate safeguards such as the standard data protection clauses adopted or otherwise approved by the EU Commission.
We will provide more information regarding the processing and third parties upon request.
6. Protection of Personal Data
We use appropriate technical, administrative and organizational security measures to protect personal data against unauthorized access, disclosure, destruction or other unauthorized processing.
All parties processing personal data have a duty of confidentiality in matters related to the processing of personal data. Access to personal data is restricted to those employees who need it to perform their duties. Employees and other processors of personal data have personal usernames and passwords. We also require our service providers to have appropriate methods in place to protect personal data.
Nevertheless, considering the cyber threats in modern day online environment, we cannot give full guarantee that our security measures will prevent illegally and maliciously operating third parties from obtaining access to personal data or absolute security of the personal data during its transmission or storage on our systems.
7. Rights of the Data Subjects and Supervisory Authority
Right to access
You have the right to contact us, and we will inform you what Personal Data we have stored regarding you, and the purposes such data is used for.
Right to rectification
You have the right to have us correct any incorrect, incomplete, outdated, or unnecessary personal data stored about you by contacting us at the email address provided herein.
Right to erasure
You may also ask us to delete your personal data from our systems. We will comply with such request unless we have a legitimate ground to not delete the data. After the data has been deleted, we may not immediately be able to delete all residual copies from all of our systems. Such copies shall be deleted as soon as reasonably possible.
Right to Object or Restrict Processing
You may object to certain use of personal data when such processing is based on legitimate interest, including direct marketing or profiling. You may opt-out of receiving promotional emails by following the instructions in those emails. If you opt-out, we may still send you non-promotional customer information, such as emails about your account, providing our services and products or our ongoing relationship with you.
You may request that we restrict processing of certain personal data. Your personal data will then only be stored and not processed otherwise; this may however lead to fewer possibilities to use the Services. If such restriction means that we are no longer able to provide the Services to you, we shall be entitled to stop providing the Services.
Right to data portability
You have the right to receive personal data provided by you to us in a structured, commonly used format. We provide no guarantee that this information will be compatible, relevant or useful to any other service.
Withdrawal of consent
You can deny any direct marketing and withdraw your consent regarding electronic direct marketing. You can always withdraw any other consent including parental consent.
How to exercise your rights
Right to lodge a complaint with the supervisory authority
In case you consider our processing activities of your Personal Data to be inconsistent with the General Data Protection Regulation (GDPR) (EU) 2016/679, you have the right to complain to the applicable data protection supervisory authorities.
9. Additional Information
You can at any time change or withdraw your consent from the Cookie Declaration on our website.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.