A landing page per adSave my seat
All Legal Documents

Privacy Policy

Humblytics — humblytics.com — app.humblytics.com

1. General Information on Data Processing

This privacy policy describes the collection and use of personal data in connection with the use of our website humblytics.com ("Website") and our web application app.humblytics.com ("web app") in accordance with the requirements of the General Data Protection Regulation ("GDPR"). Processing activities that are not covered by this privacy policy may be supplemented by further privacy policies that must be noted separately.

1.1 Person Responsible

Responsible person in the sense of the GDPR is

Humblytics

14985427 CANADA INC.

("humblytics"/"we"/"us")

19 Bathurst Street,

Toronto, Ontario, M5V 0N2,

Canada

1.2 Data Protection

If you have any questions about the collection, processing, or use of your personal data, or if you wish to exercise your rights under data protection law, please contact us by email at: [email protected]

1.3 Affected Party Rights and Supervisory Authority

You may exercise the following rights:

  • Right of access by the data subject (Art. 15 GDPR),
  • Right to rectification (Art. 16 GDPR),
  • Right to erasure ('right to be forgotten', Art. 17 GDPR),
  • Right to restriction of processing (Art. 18 GDPR),
  • Right to data portability (Art. 20 GDPR),
  • Right to object (Art. 21 GDPR),

If we process your data on the basis of your consent, you have the right to revoke your consent at any time with effect for the future (Art. 7 para. 3 GDPR).

To exercise your rights, you can contact us by e-mail at [email protected].

Please note that in this case we will need to verify your identity and therefore identify you by appropriate means. The processing of your request and the identification of your person is based on Art. 6 para. 1 lit. c GDPR.

You may at any time pursuant to Art. 77 GDPR, file a complaint with a supervisory authority, e.g. with the competent supervisory authority of the federal state in which you reside or with the authority responsible for us.

1.4 Processing of Data, Purpose and Legal Basis

We process your personal data in accordance with the provisions of the GDPR and other applicable data protection laws. In particular, your data will be processed on the basis of the following legal grounds:

  • Art. 6 para. 1 lit. a GDPR - your consent,
  • Art. 6 para. 1 lit. b GDPR - contract performance or pre-contractual measures,
  • Art. 6 para. 1 lit. c GDPR - fulfillment of a legal obligation,
  • Art. 6 para. 1 lit. e GDPR - public interest or exercise of official authority,
  • Art. 6 para. 1 lit. f GDPR - legitimate interests.

Several legal bases may apply to a single processing activity. You will receive further information in the context of the several processing activities mentioned below.

1.5 Retention Period

We will take all reasonable steps to ensure that your personal data is processed only for the period required by the purpose of processing in each case. If the retention period is not specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for retention ceases to apply. Personal data will not be deleted if retention is required by law, for example under tax law. Furthermore, we may store your personal data until the expiry of the statutory limitation periods (usually 3 years; in individual cases, however, up to 10 years or longer), provided that this is necessary for the assertion, exercise or defense of legal claims.

1.6 Data Security

To protect the security of your data during transmission, we use technical and organizational security measures, in particular the encryption of our website to prevent unauthorized access by third parties. Our security measures are continuously improved and adapted according to technological developments.

1.7 Transmission to Service Providers

We use service providers for the provision of our offers. These service providers act only according to our instructions and are contractually obligated to comply with the provisions of Art. 28 GDPR.

1.8 Data Transfer to Third Countries

Unless otherwise stated below, your data will not be transferred to a third country outside the European Union. Your personal data will only be transferred to third countries if the requirements of Art. 44-49 GDPR are met (this includes in particular the conclusion of the standard contractual clauses adopted by the EU Commission, binding corporate rules and adequacy decisions by the EU Commission).

1.9 No Obligation to Provide Data / No Profiling

There is no legal or contractual obligation to provide us with data. However, some services can only be provided if the necessary data is provided by you. Your personal data will not be used for automated individual decision-making including profiling.

2. Website

Our website offers different areas with different functionalities for the visitor, which are described in more detail below.

2.1 Server Log Files

Nature and purpose of data processing:

When you access our website, information of a general nature is automatically collected. This information, known as server log files, includes: IP address, name of access provider, browser type, browser software version and browser language, operating system, date and time of access, content of access, amount of data transferred, access status (successful transfer/error), website(s) to which access was redirected, websites visited.

The processing is carried out for the following purposes: to ensure a connection to the website without malfunctions, to ensure seamless use of our website, to evaluate the system security and stability.

Legal basis:

The processing is carried out pursuant to Art. 6 para. 1 lit. f GDPR based on our legitimate interest in hosting the website and as well as improving and monitor the security, stability and functionality of the website.

Recipient:

The recipient of the data is a technical service provider responsible for the operation and maintenance of our website. As a processor, the service provider is obliged to process the data only within the scope of our instructions.

Retention period:

The server log files are deleted after 14 days at the latest.

2.2 Newsletter

Nature and purpose of data processing:

You have the option to subscribe to an email newsletter that includes information on product updates, upgrades, tariff options, additional features, and other news. In addition, we may send newsletters with purely informational content, such as version changes, security aspects, and legal information, for the purpose of keeping you informed. For this purpose, we need to process your email address. This data is processed in order to send you this information.

Legal basis:

The processing is based on your consent (Art. 6 para. 1 lit. a GDPR) or, where the information is necessary for the performance of the contract (Art. 6 para. 1 lit. b GDPR).

Right to withdraw consent:

You have the right to withdraw your consent at any time and thereby object to the use of your data with effect for the future (e.g., by clicking the unsubscribe link in one of our newsletters).

Recipients:

The recipient of the data is a technical service provider. As a processor, the service provider is contractually obliged to process the data only in accordance with our instructions.

Data transfers to third countries:

Data is generally processed within the EU. Any transfer to a third country will only take place where appropriate safeguards are implemented to ensure an adequate level of data protection, such as an adequacy decision by the European Commission or Standard Contractual Clauses approved by the European Commission.

Retention period:

We process your data until you unsubscribe from our newsletter, withdraw your consent, or request us to delete the data within 30 days. The data used for newsletters that are sent on the basis of an existing contract will no longer be used for this type of processing once the contractual relationship has ended.

2.3 Contact Form

Nature and purpose of processing:

In order to provide you with the best possible support when using our services, we offer you the option to contact us via contact form, email, through the support chat or email. In this context, we may process your IP address, email address, name, and the content of your inquiry.

Legal basis:

The data is processed for the performance of pre-contractual measures (Art. 6 para. 1 lit. b GDPR). In addition, the processing is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in providing our customers with straightforward customer service.

Recipient:

The recipient of the data is a technical service provider. As a processor, the service provider is obligated to process the data only in accordance with our instructions.

Data transfer to third countries:

Data is generally processed within the EU. Any transfer to a third country will only take place where appropriate safeguards are implemented to ensure an adequate level of data protection, such as an adequacy decision by the European Commission or Standard Contractual Clauses approved by the European Commission.

Retention period:

The data will be deleted once it is no longer required. The necessity of retention is reviewed at regular intervals.

2.4 Website Analytics

Nature and purpose of data processing:

This website uses our own privacy-friendly analytics technology to analyze general usage patterns and improve the functionality, security, and user experience of our website. Reports are generated on site activity without identifying individual users. We do not set cookies or use local storage identifiers. Instead, anonymization takes place via a one-way hash of IP addresses and device characteristics, with raw IP addresses being discarded immediately. The data is not used to create user profiles, nor is it shared with third parties.

Legal basis:

The processing is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in understanding how our website is used.

Recipients:

Generally, data is processed by us. Only for specific services, such as hosting, do we rely on processors who act strictly on our instructions. These processors are located within the EU and are bound by contract to comply with applicable data protection laws.

Retention period:

Raw IP addresses are discarded immediately after anonymization and are not stored. The anonymized data is retained only for as long as necessary to analyze usage patterns and improve the functionality, security, and user experience of our website.

2.5 Advertising Pixel — Geo-Restricted to United States

Nature and purpose of data processing:

For visitors located in the United States only, we use the Meta Pixel (operated by Meta Platforms, Inc.) to measure the effectiveness of our advertising campaigns on Facebook and Instagram. The pixel detects page visits and a small set of conversion events (form submissions, pricing-page views, comparison-page views) and sends this information to Meta. The pixel sets a first-party cookie ("_fbp") on humblytics.com to allow Meta to attribute these events to ad clicks.

The Meta Pixel does NOT fire for visitors outside the United States. Visitor country is detected via a country-code lookup at page load, and the pixel script is not loaded for non-US visitors. As a result, no Meta Pixel cookies are set and no data is transmitted to Meta for visitors located in the EU, UK, or anywhere else outside the United States. This decision was made deliberately to keep our cookieless promise intact for visitors in jurisdictions with strict cookie-consent requirements (GDPR, ePrivacy, UK PECR).

We do not upload customer email addresses, customer lists, or any customer-identifying data to Meta.No matching, no custom audiences from our customer database, no exclusion lists from Stripe. The pixel sees only the events fired in the visitor's browser session.

Legal basis (US visitors only):

The processing is based on our legitimate interest in measuring advertising effectiveness for the audience we target. Because the pixel is not active for EU/UK/EEA visitors, GDPR Art. 6 and ePrivacy/PECR consent requirements do not apply to those visitors.

Recipients:

Meta Platforms, Inc. (1601 Willow Road, Menlo Park, California 94025, USA). Their privacy policy is at facebook.com/privacy/policy.

Opt-out:

US visitors who prefer not to be tracked by the Meta Pixel can opt out via Meta's ad-preference controls at facebook.com/adpreferences/ad_settings or by using a tracker-blocking browser extension. Disabling the pixel does not affect site functionality.

Retention period:

The first-party "_fbp" cookie has a 90-day expiry. Event data sent to Meta is retained according to Meta's own retention policies — see their privacy policy linked above.

2.7 US State Privacy Rights (California, Colorado, Connecticut, Virginia, Utah, Texas, Oregon, and others)

Nature and purpose:

This section describes the rights available to residents of US states with comprehensive privacy laws, and how to exercise them. Because our advertising tags (Meta Pixel and Google Ads, described in Sections 2.5 and 2.6) are active only for US visitors, this section is primarily relevant to those visitors.

"Sharing" / "sale" disclosure:

The Meta Pixel and Google Ads conversion tag transmit page-view and conversion-event information to Meta and Google, respectively, for the purpose of measuring and optimising our advertising. Under the California Privacy Rights Act (CPRA), this activity is considered "sharing" of personal information for cross-context behavioural advertising. We do not "sell" personal information for monetary consideration, we do not transmit any directly identifying information (email, name, phone, address), and we do not knowingly process the personal information of consumers under the age of 16 for sharing.

Your rights:

Depending on the state in which you reside, you may have the following rights with respect to your personal information:

  • Right to know what personal information we collect, use, and share
  • Right to access a copy of the personal information we hold about you
  • Right to request correction of inaccurate personal information
  • Right to request deletion of your personal information
  • Right to opt out of the sharing of your personal information for cross-context behavioural advertising
  • Right to limit the use and disclosure of sensitive personal information (we do not collect sensitive personal information via the website)
  • Right to non-discrimination for exercising any of the above rights

These rights are available to residents of California, Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, Delaware, Iowa, Indiana, Tennessee, New Jersey, New Hampshire, Minnesota, Maryland, Kentucky, and Rhode Island under their respective comprehensive privacy statutes. The specific scope and definitions vary by state; the mechanisms below apply to all of them.

How to opt out of sharing:

  1. Global Privacy Control (GPC) — automatic. If your browser sends the GPC signal (Brave and DuckDuckGo enable it by default; Firefox supports it via a setting; Chrome supports it via extensions such as Privacy Badger), our website detects the signal and suppresses both the Meta Pixel and the Google Ads tag for your session. No further action is required.
  2. Meta ad-preference controls. Opt out of Meta's use of off-platform activity for advertising at facebook.com/adpreferences/ad_settings.
  3. Google ad-settings controls. Opt out of Google personalised advertising at adssettings.google.com.
  4. Browser tracker-blocking extensions. Extensions such as uBlock Origin, Privacy Badger, or Ghostery will block both tags entirely.

How to exercise know / delete / correct / limit rights:

To exercise your right to know, access, delete, correct, or limit the use of your personal information, email [email protected] with the nature of your request and the state in which you reside. We will respond within the statutory deadline for your state (45 days for most jurisdictions, with one 45-day extension where permitted). We may need to verify your identity by matching information you provide against records we hold for your account. You may use an authorised agent to submit a request on your behalf; we may require written authorisation and verification of the agent's identity as permitted by law.

Non-discrimination:

We will not deny services, charge different prices, or provide a different level or quality of service because you exercised a privacy right.

3. Processing in Connection with the Web Application

You may register for our web application. In this context, your data will be processed as follows:

3.1 Processing, Purpose, Legal Basis and Retention Period

Account and Authentication Data

For the use of our web application, we process account and authentication data (name, e-mail address, login credentials) for the purpose of providing the service and customer dashboards (Art. 6 para. 1 lit. b GDPR). The data is stored for the duration of the contractual relationship, until the expiry of the regular statutory limitation period or, where required, for the applicable statutory retention periods thereafter.

Anonymized Analytics Data

For the purpose of operating and improving our services, usage data is anonymized at the earliest possible stage and the anonymized data is used for analysis. The legal basis for the anonymisation is our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR, namely to ensure the functionality, stability and optimisation of our services. Personal data is not stored; it is immediately anonymized and therefore deleted in its identifiable form.

Email Marketing and Automated Reports

For the purpose of providing our services, we send necessary emails such as registration confirmations, password resets, billing information, or contractual reports. This processing involves your email address and name and is based on Art. 6 para. 1 lit. b GDPR (performance of a contract).

In addition, we may use your contact details to inform you about updates, new features, or similar information in order to foster customer engagement. When you receive these marketing emails, we may track your interactions including:

  • Email open rates
  • Click-through rates on links within emails
  • Device information (device type, operating system, email client)
  • Time and date of interactions

This tracking helps us improve our communications and measure campaign effectiveness. The processing of marketing emails and associated tracking is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and applicable ePrivacy regulations. You can withdraw your consent at any time by using the unsubscribe link in our emails or by contacting us directly.

Personal data is stored for as long as you maintain your account or unless statutory retention periods apply. Marketing tracking data is retained for the duration of your consent or until you withdraw it.

Internal Admin Dashboard Data

For the purpose of customer support, debugging and service improvement, we process internal admin dashboard data (such as account status, usage records and error logs). The legal basis is our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR, namely to ensure the proper functioning, security and optimisation of our services. Data is retained while the account is active and may also be stored until the expiry of the regular statutory limitation period.

Payment and Subscription Data

For the purpose of processing payments and managing subscriptions, we process payment and subscription data (such as billing address, payment details, subscription status and transaction records). The legal basis is Art. 6 para. 1 lit. b GDPR (performance of a contract). In addition, certain data may be retained to comply with statutory accounting and tax retention requirements. Data are stored for the duration of the contractual relationship, until the expiry of the regular statutory limitation period or, where required, for the applicable statutory retention periods thereafter.

Support Data

For the purpose of processing support requests and providing customer service, we process support data (such as name, e-mail address, account information and the content of your request). The legal basis is Art. 6 para. 1 lit. b GDPR (performance of a contract), insofar as the request relates to the fulfilment of contractual obligations, and Art. 6 para. 1 lit. f GDPR (legitimate interest) in all other cases, namely our interest in responding to inquiries and improving our services. Data are stored for the duration of the contractual relationship, until the expiry of the regular statutory limitation period or, where required, for the applicable statutory retention periods thereafter.

3.2 Recipients and Location of Processing

All personal data are generally processed within the European Union. Recipients are service providers acting as data processors on our behalf. With all such processors, data processing agreements (DPAs) have been concluded in accordance with Art. 28 GDPR. Should a transfer to a third country occur, it will only take place if adequate safeguards are in place to ensure an appropriate level of data protection, such as an adequacy decision by the European Commission or Standard Contractual Clauses approved by the European Commission.

4. Data Processing on Our Social Media Pages

Our social media pages allow us to communicate with you and provide you with interesting information. Through your comments, shared images, messages and reactions, we may receive further data from you, which we process to communicate with you. If you use social media on multiple devices, data may be analyzed across devices.

In addition, social media site providers may also use cookies and tracking technologies to analyze and improve their services.

We operate pages on the following social media channels:

When you visit our social media pages, data is processed both by us and by the respective social media provider as the responsible party.

The respective social media provider assumes the data protection obligations towards you as a user, such as providing information about data processing, and is the contact for your rights. This results from the fact that such a provider has direct access to the relevant information on the social media site and the processing of your data.

Data processing is carried out with your consent or for the purpose of responding to your inquiry (Art. 6 para. 1 lit. a, b GDPR) or on the basis of legitimate interest in improving services and external presentation (Art. 6 para. 1 lit. f GDPR).

When using these social media platforms, the data may also be processed outside the EU.

5. Changes to the Privacy Policy

We reserve the right to adapt this privacy policy so that it always complies with the current legal requirements or to make changes in our privacy policy concerning our offers. This privacy policy was created by simpliant.eu.