PRIVACY POLICY

INTRODUCTION AND DATA COMMITMENT
Dubs is committed to protecting the privacy and security of the data entrusted to us by our clients, partners, and platform users. This Privacy Policy explains how Dubs collects, uses, discloses, and safeguards information in connection with the Dubs platform, DubOS coordination software, and our electric fleet operations.
We process data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the Singapore Personal Data Protection Act (PDPA). By using the Dubs platform, you acknowledge the practices described in this policy.

1. INFORMATION WE COLLECT
   We collect information necessary to deliver and continuously improve our city logistics services. This includes:
   • Customer Contact Data: names, job titles, email addresses, phone numbers, and billing information of authorised account users.
   
   • Operational Data: delivery addresses, cargo details, route data, GPS and telemetry data from fleet vehicles, carrier and handover records, proof-of-delivery timestamps, and DubOS platform events.
   
   • Emissions and Compliance Data: vehicle emissions readings, fuel and energy consumption metrics, and CSRD-relevant environmental data generated through fleet operations.
   
   • Platform Usage Data: login activity, feature usage, API call logs, and interaction data used to maintain security and improve the platform.
   
   • Integration Data: data exchanged via ERP, procurement, or third-party system integrations as configured by you.
   We do not knowingly collect personal data beyond what is reasonably necessary to perform our services.
   
   

2. HOW WE USE YOUR INFORMATION
   Dubs processes data for the following purposes:
   • Service Delivery: coordinating fleet operations, optimising routes in real time via DubOS, managing multi-carrier logistics, and providing proof-of-delivery confirmation.
   
   • Predictive Analytics: forecasting delivery times, identifying operational risks, and improving fleet efficiency through AI-driven modelling.
   
   • Regulatory Compliance: generating CSRD-compliant emissions reports, supporting urban delivery compliance, and filing necessary customs or regulatory declarations on your behalf.
   
   • Account and Billing Management: processing transactions, managing user accounts, and communicating service updates or contractual notices.
   
   • Platform Security and Integrity: detecting and preventing unauthorised access, fraud, and misuse of the platform.
   
   • Product Improvement: using aggregated, anonymised operational data to develop and enhance Dubs services, DubOS capabilities, and predictive models.
   
   We process personal data on the legal bases of contractual necessity, legitimate interests (including platform security and service improvement), legal obligation, and, where required, your consent.
   
   

3. SHARING AND DISCLOSURE OF INFORMATION
   We share data only to the extent strictly necessary to deliver our services or as required by applicable law. This includes:
   • Carriers and Fleet Partners: sharing relevant shipment and route data with vehicle operators and logistics partners involved in your operations.
   
   • Regulatory and Customs Authorities: disclosing information required by port authorities, customs agencies, or urban delivery regulators as mandated by law.
   
   • Technology Subprocessors: sharing data with trusted infrastructure providers (cloud hosting, analytics, security monitoring) under appropriate data processing agreements.
   
   • Legal Compliance: disclosing data when required by court order, regulatory investigation, or other legal process, subject to applicable confidentiality obligations.
   
   Dubs does not sell, rent, or trade personal data to third parties for marketing or commercial purposes. Any third-party subprocessors are contractually bound to process data only on Dubs’ instructions and in accordance with applicable data protection law.
   
   

4. INTERNATIONAL DATA TRANSFERS
   As a global city logistics operator, Dubs may transfer data across jurisdictions to facilitate service delivery. Where personal data is transferred outside the European Economic Area (EEA), we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent mechanisms under applicable law.
   
   You may request further information about the safeguards in place for international transfers by contacting our Data Protection Officer.
   
   

5. DATA SECURITY AND RETENTION
   Dubs implements industry-standard technical and organisational security measures to protect data against unauthorised access, disclosure, alteration, or destruction. These include encryption in transit and at rest, access controls, audit logging, and regular security assessments.
   
   Data is retained only for as long as necessary to fulfil the purposes described in this policy, to meet our contractual obligations to you, or as required by applicable law or regulatory frameworks. Operational and emissions data required for CSRD reporting purposes is retained in accordance with EU regulatory retention obligations.
   
   In the event of a personal data breach that poses a risk to your rights and freedoms, Dubs will notify the relevant supervisory authority and affected individuals in accordance with applicable legal timelines.
   
   

6. YOUR DATA RIGHTS
   Depending on your jurisdiction, you may have the following rights in relation to your personal data:
   • Right of access: to obtain a copy of the personal data we hold about you.
   
   • Right to rectification: to request correction of inaccurate or incomplete data.
   
   • Right to erasure: to request deletion of your data where it is no longer necessary for the purposes for which it was collected.
   
   • Right to restriction: to request that we limit processing of your data in certain circumstances.
   
   • Right to data portability: to receive your data in a structured, machine-readable format.
   
   • Right to object: to object to processing based on legitimate interests or for direct marketing purposes.
   
   • Right to withdraw consent: where processing is based on consent, to withdraw it at any time without affecting the lawfulness of prior processing.
   
   To exercise any of these rights, please contact our Data Protection Officer at dubs@dubs.fi. We will respond within the timeframes required by applicable law.
   
   

7. COOKIES AND TRACKING TECHNOLOGIES
   The Dubs platform uses cookies and similar tracking technologies to maintain session security, remember user preferences, and analyse platform usage. You can manage cookie preferences through your browser settings or our in-platform consent management tool. Note that disabling certain cookies may affect platform functionality.
   
   

8. UPDATES TO THIS POLICY
   Dubs may update this Privacy Policy from time to time to reflect changes in our services, data practices, or applicable law. The updated policy will be posted on our website with a revised effective date. Where changes are material, we will notify you by email or in-platform notice. Your continued use of the platform following the effective date constitutes acceptance of the updated policy.
   
   

9. CONTACT AND DATA PROTECTION OFFICER
   If you have any questions, concerns, or requests regarding this Privacy Policy or Dubs’ data practices, please contact our Data Protection Officer:
   
   Email: dubs@dubs.fi
   
   For complaints that remain unresolved, you have the right to lodge a complaint with your local data protection supervisory authority. EU/EEA users may contact the supervisory authority in their country of residence or the lead supervisory authority for Dubs’ EU operations.