Privacy Policy

Updated 7/8/2024

In accordance with Article 13 and Article 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”), we inform you that:

1. Data Controller

The administrator of personal data is TAM LABS SPÓŁKA Z OGRANICZONĄ ODPOŚCIALNOŚĆ (hereinafter referred to as “Administrator” or “Tubbly” depending on the context), entered in the register of entrepreneurs of the National Court Register by the District Court in M.ST. WARSAW, XII COMMERCIAL DIVISION, under KRS number: 0001070536, NIP: 5252981359, REGON: 527013380, with its registered office in Warsaw at ul. Twardej 18, with e-mail address hello@tubbly.io

2. Data Subjects

The Administrator processes personal data: persons using the Administrator's websites or contractors of the Administrator, persons using the Tubbly App (within the meaning adopted in the Terms of Use of Tubbly App), representatives of contractors, persons contacting the Administrator.
Personal data processed by the Administrator include:
- personal data of Tubbly App Users: email address, username,
- personal data of persons contacting the Administrator through the contact form in the Tubbly App or on websites belonging to Tubbly or by e-mail: name, surname, company name, e-mail address or username,
- data of persons who wish to receive the Administrator's newsletter: e-mail address.

3. Purposes and legal bases for the processing of personal data.

Personal data will be processed for the purposes of:
a) your use of the Tubbly App;
b) sending the newsletter;
(c) issuing and storing accounting and tax documents;
d) Marketing;
e) implementation of promotional programs organized by the Administrator;
(f) contact persons sending inquiries or messages to the Administrator via the Tubbly App, Tubbly websites or by e-mail;
The legal bases for the processing of personal data are:
a) Article 6 (1) (a) GDPR, i.e. consent — in case of completing the registration form in the Tubbly App to use the application;
b) Article 6 (1) (c) GDPR, i.e. legal obligation — in the case of issuing an invoice or other accounting/tax document and storing them in accounting/tax documentation and in the case of recruitment;
c) Article 6 (1) (f) of the GDPR, i.e. the legitimate interest of the Controller consisting in the possibility of establishing and pursuing claims by the Administrator and defending against claims;
d) Article 6 (1) (f) of the GDPR, i.e. the legitimate interest of the Controller consisting in organizing and carrying out promotional programs organized by the Administrator.

4. Recipients of personal data

Personal data may be made available to entities authorized under the provisions of generally applicable law, in particular to institutions authorized to control the Administrator's activities or to institutions entitled to obtain personal data on the basis of legal provisions, as well as to entities providing services in the field of outsourcing accounting processes to the Administrator, auditors, legal or tax advisors and IT service providers.
Access to personal data is available only to persons for whom there is a justification for such access in view of the tasks performed and the services provided. All persons authorized to process personal data are obliged to maintain the confidentiality of the data and protect it from disclosure to unauthorized persons.
The Administrator may disclose personal data processed by him for the purposes described in this privacy policy to entities dependent on the Administrator. Disclosure is for internal management purposes only (e.g. for accounting purposes, for centralised customer management, etc.).

5. Data retention period

Your personal data will be stored by:
- the period of execution of the agreement for the provision of electronic services and the pre-sale of Tokens;
- and their expiration by the end of the limitation period for possible claims;
- or for a period resulting from the relevant provisions of law;
- or the period of validity of the Administrator's promotional programs;
- or in the case of data processing for marketing purposes until the withdrawal of consent;
- or for the duration of the recruitment.
In case of consent to the processing of personal data in recruitment processes carried out in the future, the data will be processed until the consent is withdrawn, but not longer than a year.In the event of a claim by the person concerned, the period of storage and processing of his personal data may be extended if this is necessary for the consideration of the claim and possible defense against such a claim.

6. Rules for the collection of personal data

Providing personal data is voluntary, but necessary for: conclusion and execution of an agreement on an agreement for the provision of services by electronic means, participation in promotional programs.

7. Source of data

The Controller obtains personal data directly from data subjects or from the Controller's contractors.

8. Rights related to the processing of personal data

The data subject may exercise the following rights:
a) the right to request access to your personal data, as well as to receive a copy thereof,
b) the right to rectify their personal data,
c) the right to delete your personal data,
d) the right to restrict the processing of personal data,
e) the right to object to the processing of personal data — it is necessary to indicate the particular situation which, in your opinion, justifies the cessation of processing,
f) the right to data portability — if the Controller has obtained personal data on the basis of your consent or contract,
the right to withdraw consent to the processing of personal data for a specific purpose — if the basis for the processing of your personal data is consent,
g) the right to lodge a complaint with the supervisory authority in connection with the processing of personal data by the Administrator — the supervisory authority is the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warszawa.

9. Safeguards

The controller takes appropriate technical and organizational measures to protect your personal data. Your personal data is only available to persons who need it for the purposes and tasks described in this privacy policy (e.g. HR staff, IT system administrators). All such persons are obliged to treat personal data confidentially and only in accordance with applicable laws and regulations on the protection of personal data. The data is transmitted to us in an unencrypted form, using an open, cross-border network accessible to everyone. However, the Controller has implemented security measures to protect data from unauthorized access and ensure the authenticity of the website, data integrity and confidentiality of data transmitted via the internal network of the group (Intranet).

10. Transfer of personal data to third countries and international organisations

Personal data may be transferred to third countries outside the European Economic Area (“EEA”) In other cases, the Controller transfers personal data in accordance with the requirements of the GDPR, including in Article 46 of the GDPR, in particular on the basis of standard contractual clauses.

11. Automated decision making, including profiling

The Administrator may make decisions based on automated processing, including profiling based on personal data of persons using the Website. In other cases, the Controller does not make automated decision-making, including decisions resulting from profiling based on your personal data.

12. Contact Details

You can contact the Administrator by e-mail by sending an e-mail to the following address: hello@tubbly.io
A person who has made a request or request regarding the processing of his or her personal data, as part of the exercise of his or her rights, may be asked to answer a number of questions that will enable verification of his or her identity.