Data & Privacy
Privacy Policy
This Privacy Policy describes how Dubs Oy processes personal data when providing the Dubs services (also later referred to as the Service) to our end-users (“User”) such as you, and when you visit our website. The purpose of this privacy policy is to provide you with information about how your personal data is processed.
The controller for the processing described in this privacy policy is Dubs Oy:
Company name: Dubs Oy
Business ID: 3211544-3
Address: Sienitie 16, 00760 Helsinki
Email: dubs@dubs.fi
Personal data processed and sources of data
We collect two types of information regarding our users: (i) user data and (ii) analytics data. The types of personal data we process depends on whether you are a user of the Service or a visitor on our website.
User data includes data such as:
(i) Name and contact information (such as email address and phone number)
(ii) User credentials to the Service
(iii) Usage data relating to your use of the Service
(iv) Settings and preferences
(v) Communications with us
(vi) Data concerning the consent you might have given us
User data is primarily received from you during the registration process, through your use of the Service or through your interactions with us (such as through our website). Some personal data might also be generated as a result of you using our Services, such as through your communication with us.
Analytics data includes data such as:
(i) IP address
(ii) Device and browser type, version, and operating system
(iii) Time of visit and activities on the Service
(iv) Language settings
Analytics data is collected automatically as you use the Service or visit our website. Although analytics data does not usually include any direct identifiers (such as a name), sometimes individuals can be identified from it, either alone or when combined or linked with other data, or when you consent to direct identifying.
Purposes and legal basis of processing
To provide the Service (legal basis: legitimate interest)
We process personal data in order to offer the Service and to run and maintain our business. We use the data for example to provide access to and functionalities of the Service, to prevent fraud and misuse, and to ensure the security and reliability of the Service.
For customer relationship management and communication (legal basis: legitimate interest)
We process personal data to manage relationships with our customers and the users of the Service and to communicate about the Service.
For our legal obligations (legal basis: compliance with a legal obligation)
We process personal data to enable us to fulfil our obligations under law. This includes data processed for complying with our bookkeeping obligations and providing information to relevant authorities.
For service development and analytics (legal basis: legitimate interest and consent)
We process information regarding your use of the Service to improve the quality of our service, for example by analysing trends in how the Service is used. Where possible, we will do this using only aggregate data from groups of users. In some instances, individual users may be identifiable, which is why we handle any such data as personal data.
For marketing the Service (legal basis: consent)
We process personal data for marketing purposes and to advertise our Services. The marketing is based on the use of cookies and similar technologies and does not directly identify individuals.
Legal basis for the processing
We primarily process personal data based on our legitimate interests to provide the Service and to ensure its functionality and security as described above. Some of the processing is based on our legal obligations. The processing that is related to analytics and marketing and relies on cookies is based on your consent.
International transfers
We process personal data primarily within the European Economic Area (EEA). However, if some of our service providers operate globally, and due to this, personal data is also processed outside the EEA, we will take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which it is processed. Measures for this include European Commission adequacy decisions, Standard Contractual Clauses and additional safeguards implemented by our service providers.
Recipients of personal data
Your personal data is shared to the following groups of recipients:
Our service providers: We use service providers to run the Service, and these companies process personal data on our behalf. When engaging with service providers, we ensure, through agreements, that they are bound by contractual obligations that give protection to your data equal to our own commitments and obligations.
Your personal data may also be shared with the relevant authorities in case we have a legal obligation to do so or to comply with a court order or a verdict.
We may also share your personal data with third parties when we have your consent to do so.
Retention of personal data
We do not store personal data longer than is legally permitted and necessary for the purposes set out in this Privacy Policy. The storage period depends on the nature of the information and the purposes of processing. The maximum period may therefore vary per use.
For instance, we process your personal data generally for as long as you have an account on the Services. Some data may also be stored after you no longer have an account (such as data required to fulfil our legal obligations).
When the storage of personal data is no longer necessary for the purpose for which it was initially collected, we may continue storing the data only as long as such processing is required by law or is reasonably necessary for our legal obligations or legitimate interests such as claims handling, bookkeeping, internal reporting, reconciliation purposes and direct marketing.
Cookies
We use cookies and similar technologies on our website to ensure its proper functioning,
enhance your user experience, and analyse website traffic. Cookies are small text files that
are stored on your device when you visit our website.
We use both essential and non-essential cookies on our website:
Essential cookies are necessary for the basic functioning and security of the website. These
cookies enable core features such as page navigation, secure access to areas of the site,
and remembering your cookie settings. The website cannot function properly without these
cookies.
Non-essential cookies are used to enhance your experience, analyse how our website is
used, and support our marketing efforts. These cookies are only placed on your device with
your prior consent.
You can manage your cookie preferences at any time through the cookie settings available
on our website.
Your rights
Right to access
You have a right to access the personal data processed by us. This means that you may contact us and we will inform you what personal data we have collected and processed regarding you and the purposes such data are used for.
Right to withdraw consent
When the processing is based on your consent, including explicit consent, you may withdraw the consent at any time by contacting us through the contact details provided in this Privacy Policy.
Right to correct
You have the right to have incorrect, imprecise, incomplete, outdated, or unnecessary personal data we have stored corrected or completed. You have the right to update for example your contact information or your other personal data.
Right to deletion
You may also ask us to delete your personal data from our systems. We will comply with such a request unless we have a legitimate ground to not delete the data.
Right to restriction of processing
You may request us to restrict the processing of personal data for example when your data erasure, rectification or objection requests are pending and/or when we do not have legitimate grounds to process your data.
Right to object
You may have the right to object on grounds relating to your particular situation to the processing of your personal data based on our legitimate interest. We will comply with such objection unless we have a legitimate ground not to.
Right to data portability
You have the right to receive the personal data you have provided us in a structured and commonly used format, and to transmit that data to another controller, where technically feasible.
How to use your rights
All the above-mentioned rights may be exercised by contacting us at dubs@dubs.fi. Please note that some of the rights are subject to additional requirements and may not be applicable in each case. If the rights are not applicable, we will provide reasons for this as a part of our response to your request of exercising your rights.
In case you consider our processing of personal data to be inconsistent with the applicable data protection laws, a complaint may be lodged with your local supervisory authority for data protection.
We may reject requests that are unreasonably repetitive, excessive, or manifestly unfounded.
