Privacy Policy (Hublet App)

Hublet Oy (”Hublet”, “we” or “us”) respects your privacy and is dedicated to protecting the privacy of persons (“you”) using Hublet’s webpages and all services provided by Hublet (“Services”). This Privacy Policy helps you to understand what Personal Data we collect, and how we use it. Personal Data refers to information, which allows a person to be directly or indirectly identified as an individual person.

This Privacy Policy applies to your use of Hublet App ("Hublet Device Manager" in Google Play Store) and you should read it before using the Services. If you do not agree to the terms of the Privacy Policy, you should not use the Services.

If you are a minor in your country of residence, please seek parental consent before using the Services. If you are a minor, please do not attempt to access or use our Services (if not explicitly otherwise stated in the relevant service) or send any information about yourself to us. Hublet will not knowingly collect personal data of anyone who is under the age of majority under the applicable law of the country where the Service is being offered. If you believe that we might have any personal data from or about a child under the age of majority, please contact us at privacy@hublet.fi.

Personal data, data subject, controller and other key terms are defined in the General Data Protection Regulation (2016/679, “GDPR”). The company complies with the GDPR in all processing of personal data in conjunction with other applicable national data protection legislation (“data protection legislation”). We are committed to protecting the privacy of data subjects and to complying with the GDPR, applicable data protection laws and other applicable national laws. Our Services may also contain links to external websites and services operated by other organizations that we do not manage. This privacy policy is not applicable to their use, so we encourage you to review the privacy policies that apply to them. We are not responsible for the privacy policies of other websites or external services (even if you access them using the links on our website). We provide these links only as additional information to better serve you.

1. Controller and Contact Information

Hublet Oy
Business ID: 2631894-9
Address: Itälahdenkatu 22 A, 00210 Helsinki, Finland
Email: privacy@hublet.fi

2. Legal Basis and Purpose of the Processing of Personal Data

We process personal data that is necessary only for the purposes set out below. We process personal data in accordance with the applicable data protection legislation. The legal basis for the processing of your personal data is, where not stated otherwise or another legal basis is otherwise applicable, the performance of the contract for providing our Services to you. We can also process your personal data where we have a legitimate interest to do so, such as for marketing purposes. Where we rely on legitimate interests as a reason and legal basis for processing personal data, we have considered whether or not those interests are overridden by the rights and freedoms of the data subjects and we have concluded that they are not.

Where the processing is such that your consent is required by the applicable legislation, we will state so and obtain your consent, and this will be the legal basis for the processing. However, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. If such withdrawal means that we are no longer able to provide the Services to you, we may cease to provide the Services.

Personal data will be processed for the following purposes:

3. Data Processed and Sources of Information

Hublet App and tablet contents are managed by users of Hublet Manager, not the person who is using the tablet and the app. The only personal information collected from the Hublet App user is the card number and authentication password. Personal and non-personal data collected and processed by Hublet is mainly collected directly from you. Hublet will only collect such data that is relevant for the purposes described in this privacy policy, including information you give to us, and technically gathered information when you use our Services.

Personal data and non-personal data are collected directly from you, such as through registration or by logging the activities in the Services. This data may include:

Category Data type Description
Personal info Library card number or other ID Card information (library card or other similar ID) to authenticate user’s tablet loan
Authentication password Authentication password related to the card (only temporarily stored during authentication process)
App activity App interactions Information about how a user interacts with the app. For example, the number of times they visit a page or sections they tap on.
Installed apps Information about the apps installed on a user's device.
App info and performance Crash logs Crash log data from your app. For example, the number of times your app has crashed, stack traces, or other information directly related to a crash.
Diagnostics Information about the performance of your app. For example battery life, loading time, latency, framerate, or any technical diagnostics.
Other app performance data Any other app performance data not listed here.
Device or Other IDs Device or Other IDs Identifiers that relate to an individual device, browser or app. For example, an IMEI number or MAC address.
Location, Photos and videos, Financial info, Health and fitness, Messages, Audio files, Files and docs, Web browsing Not collected

If you do not provide Hublet the required information, this may mean that We are not able to provide the Services to you, perform the contract necessary for the provisioning of the Services or to comply with Hublet’s legal obligations.

In addition to personal data, Hublet will collect non-personal data relating to you. This information includes either anonymous or anonymized data or data linked to personal data that is generated during the use of the Services, such as actions in the Services and access times.

4. Retention of Personal Data

The personal data we collect is retained for the period necessary to fulfil the purposes outlined in this privacy policy unless a longer retention period is required by law. Thereafter, the personal data will be deleted within a reasonable timeframe or rendered anonymous. The retention periods depend on the purpose of the processing and type of the information. Personal data and retention periods are listed in the table below:

Personal Data Retention period or criteria used to determine the period
Information you give to us As long as necessary to fulfill the purpose personal data has been gathered for or as required by applicable laws.
Borrowing related information you give us This information is gathered and held for thirty (30) days following the return of the device, to ensure safety of the device and possible dispute resolution.
Technically gathered data As long as necessary to fulfill the purpose personal data has been gathered for or as required by applicable laws.

Hublet keeps the personal data for as long as necessary for the performance of a contract and as required by retention requirements set out by applicable laws and regulations. Where Hublet keeps the personal data for other purposes than those of the performance of a contract, such as for bookkeeping, Hublet keeps the data only if necessary and/or mandated by laws and regulations for the respective purpose.

5. Recipients of Personal Data

Hublet processes personal data in accordance with applicable data protection legislation. Hublet App will not disclose personal data to third parties.

Some of the services used by Hublet for processing personal data may operate outside the territory of the European Union (EU) or the European Economic Area (EEA). Thus, personal data can be transferred regularly outside the EU and the EEA. In case personal data is transferred outside EU/EEA, such transfers are either made to a country that is deemed to provide a sufficient level of privacy protection by the European Commission or transfers are carried out by using appropriate safeguards such as the standard data protection clauses adopted or otherwise approved by the EU Commission.

We will provide more information regarding the processing upon request.

6. Protection of Personal Data

We use appropriate technical, administrative and organizational security measures to protect personal data against unauthorized access, disclosure, destruction or other unauthorized processing. Firewalls, secure equipment rooms, proper access control, controlled provision of access and monitoring of use, and the use of encryption technologies are also in use. The servers are located in the EU. Network services are protected by a HTTPS connection, which encrypts communications.

All parties processing personal data have a duty of confidentiality in matters related to the processing of personal data. Access to personal data is restricted to those employees who need it to perform their duties. Employees and other processors of personal data have personal usernames and passwords. We also require our service providers to have appropriate methods in place to protect personal data.

Nevertheless, considering the cyber threats in modern day online environment, we cannot give full guarantee that our security measures will prevent illegally and maliciously operating third parties from obtaining access to personal data or absolute security of the personal data during its transmission or storage on our systems.

7. Rights of the Data Subjects and Supervisory Authority

Right to access

You have the right to contact us, and we will inform you what Personal Data we have stored regarding you, and the purposes such data is used for.

Right to rectification

You have the right to have us correct any incorrect, incomplete, outdated, or unnecessary personal data stored about you by contacting us at the email address provided herein.

Right to erasure

You may also ask us to delete your personal data from our systems. We will comply with such request unless we have a legitimate ground to not delete the data. After the data has been deleted, we may not immediately be able to delete all residual copies from all of our systems. Such copies shall be deleted as soon as reasonably possible.

Right to Object or Restrict Processing

You may object to certain use of personal data when such processing is based on legitimate interest, including direct marketing or profiling. You may opt-out of receiving promotional emails by following the instructions in those emails. If you opt-out, we may still send you non-promotional customer information, such as emails about your account, providing our services and products or our ongoing relationship with you.

You may request that we restrict processing of certain personal data. Your personal data will then only be stored and not processed otherwise; this may however lead to fewer possibilities to use the Services. If such restriction means that we are no longer able to provide the Services to you, we shall be entitled to stop providing the Services.

Right to data portability

You have the right to receive personal data provided by you to us in a structured, commonly used format. We provide no guarantee that this information will be compatible, relevant or useful to any other service.

Withdrawal of consent

You can deny any direct marketing and withdraw your consent regarding electronic direct marketing. You can always withdraw any other consent including parental consent.

How to exercise your rights

These rights may be used by sending an e-mail to the addresses set out in this Privacy Policy. Your identity will be verified before the information is given out, which is why we may have to ask for necessary additional details. We will respond to the request within a reasonable amount of time and, where possible, within one month of the request and the verification of your identity. If your request cannot be met, the refusal shall be communicated to you in writing. Hublet may reject requests that are unreasonably repetitive, excessive, or manifestly unfounded.

Right to lodge a complaint with the supervisory authority

In case you consider our processing activities of your Personal Data to be inconsistent with the General Data Protection Regulation (GDPR) (EU) 2016/679, you have the right to complain to the applicable data protection supervisory authorities.

8. Changes to this Privacy Policy

Hublet may make changes to this privacy policy at any time by giving a notice on the website and/or by other applicable means. The data subjects are highly recommended to review the privacy policy on our website every now and then. If the data subject objects to any of the changes to this privacy policy, the data subject should cease using the services, where applicable, and the data subject can request that we remove the personal data, unless applicable laws require us to retain such personal data. Unless stated otherwise, the then-current privacy policy applies to all personal data we process at the time.

This privacy policy has been updated on September 26th 2023.