Home » Privacy Policy

Privacy Policy

Hubbub Labs GDPR Policy 2024, In Accordance with GDPR

Hubbub Labs is committed to protecting the privacy and security of the personal data of our clients, partners, employees, and other individuals. This policy outlines the measures we take to comply with the General Data Protection Regulation (GDPR) and ensures that all personal data we collect, process, and store is handled with care, respect, and transparency.

Core GDPR Principles

We align our practices with the core principles of GDPR, which include:

  • Lawfulness, Fairness, and Transparency: Personal data is processed lawfully, fairly, and transparently.
  • Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
  • Data Minimization: Only data that is necessary for the purposes outlined is collected.
  • Accuracy: Data is kept accurate and up-to-date.
  • Storage Limitation: Personal data is retained only for as long as necessary.
  • Integrity and Confidentiality: Appropriate security measures are in place to protect personal data.
  • Accountability: Hubbub Labs takes responsibility for GDPR compliance, with a dedicated compliance officer in place (George Chilton, CMD).

Definition of Personal Data

Under the GDPR, personal data refers to any information relating to an identified or identifiable natural person. Examples include:

  • Contact information: names, addresses, telephone numbers, email addresses.
  • Financial information: payment details, billing addresses.
  • Sensitive personal data: health information, religious beliefs (processed only with explicit consent or legal basis).
  • Technical data: IP addresses, cookies, geolocation data, and browser/device identifiers.

Data Collection and Processing

Hubbub Labs collects and processes personal data for legitimate and lawful purposes, such as:

  • Providing services to clients.
  • Fulfilling contractual obligations.
  • Communicating with clients, partners, and stakeholders.

We ensure that:

  • Individuals are informed about the data being collected and its purpose through privacy notices.
  • Personal data is collected only when necessary and relevant to the specified purposes.

Data Storage and Security

Hubbub Labs stores personal data on secure servers and employs robust security measures, including:

  • Encrypted storage for sensitive documents
  • Secure and encrypted password management.
  • Multi-factor authentication for system access.
  • Alerts for unusual login activity.
  • Website and server maintenance, including security patches.

In the event of a data breach:

  • We will notify the relevant Data Protection Authority (DPA) within 72 hours.
  • Affected individuals will be promptly informed with recommendations for protective actions.

Data Sharing and Transfers

Hubbub Labs will share personal data with third parties only:

  • When necessary to provide our services.
  • When required by law.
  • With processors that demonstrate GDPR compliance through Data Processing Agreements (DPAs).

For transfers outside the EU/EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs).
  • Adequacy decisions by the European Commission.

We do not share sensitive personal information related to finances, health, or religious beliefs. Where necessary, consent is obtained before sharing.

Data Retention

Hubbub Labs retains personal data only for as long as necessary to fulfill the purposes for which it was collected. Specific retention periods include:

  • Contact Information: Deleted within one month of a deletion request, with confirmation sent.
  • Job Applicant CVs: Retained only during the hiring process and deleted once the position is filled or the process ends.
  • Client Contacts: Deleted when the individual leaves the client organization.
  • Mailing Lists: Double opt-in required, with an easy unsubscribe option.
  • Project-Specific Data: Deleted after the project concludes unless otherwise agreed.

Regular audits of our databases are conducted to ensure compliance.

Data Subject Rights

Under GDPR, individuals have the right to:

  • Access their personal data.
  • Rectify inaccuracies.
  • Request erasure (“right to be forgotten”).
  • Restrict or object to data processing.
  • Request data portability.
  • Withdraw consent at any time (for data processed on the basis of consent).

Requests should be sent to info@hubbublabs.com. We will respond within one month of receiving a valid request.

Cookies and Tracking

Where cookies or similar technologies are used, Hubbub Labs:

  • Provides clear, upfront information about their use.
  • Ensures explicit consent is obtained where required.
  • Allows users to manage their cookie preferences at any time.

Policy Review and Accountability

This policy is reviewed annually or whenever there are significant changes to legal requirements or business practices. Hubbub Labs ensures all employees handling personal data receive GDPR training and adhere to this policy.

Contact Information

If you have any questions about this policy or how Hubbub Labs processes personal data, please contact us at:

info@hubbublabs.com
Carrer de Rocafort 122, E-1, 08015, Barcelona, Spain 

(00 34) 672661609

UPDATE: Last reviewed November, 2024