Privacy Policy

Last Modified: 17 December, 2022



Humbl Solutions OÜ (hereinafter “we”, “us” or “our”) respects your right to privacy and takes our responsibilities in relation to the processing of personal data seriously. We do not collect or process personal data unnecessarily. This privacy policy (the “Policy”) together with our terms of service (the “Terms of Service”) sets out important information about your rights in relation to the processing of your personal data, and the basis on which any personal data we collect from you, or that you provide to us, will be processed in connection with your use of the website (“our Site” or “the Site”)



Under this Policy, and unless the circumstances otherwise require, we will be what’s known under the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) as the “controller” of the personal data you provide to us. This means that we determine the purposes and means of the processing of personal data we collect.



This privacy policy applies to information we collect:

  • on the Websites and your email communications with the Websites,

  • when you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this privacy policy.


Information you give us

Your Data. This is information about you which is consensually given by making a registration on our Site.

The information you give us may include:

  • Identity Data: your username and e-mail address;

  • Financial Data: your financial and credit card information, including bank account and payment card details, billing contact email address, and VAT number.


The Data We Collect About You

We may collect different kinds of personal data about you, depending on whether you chose to create an account with us.

Automatically Collected Information. With regard to each of your visits to our Site we will automatically collect the following information:

  • Technical Data: technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type, and version, time zone setting, browser plug-in types and versions, operating system and platform, how often you visit the Site and other performance data;

  • Usage Data: information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through, and from our site (including date and time), page response times, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page

No special categories of personal data: We do not require or collect any personal data that is your sensitive personal data or any special category of personal data under the GDPR


Our website uses cookies to enhance your browsing experience and to help us improve our website. Cookies are small text files that are stored on your device when you visit a website. They are widely used to make websites work more efficiently, as well as to provide website owners with information about how their website is being used.

We use Google Analytics 4 to collect information about how visitors use our website. Google Analytics 4 cookies are used to distinguish users and to collect information about how visitors use our website. The information collected by Google Analytics 4 cookies is anonymous and is used to create reports about the usage of our website.

By using our website, you consent to the use of cookies in accordance with this policy. You can disable cookies or delete them at any time through your browser settings. Please note that disabling cookies may affect your ability to access certain features of our website.


Social media

Based on our legitimate interests to be visible on the market, we might use social media features, so that it would be easier for you to share the information. Please note that these social media widgets may collect some information, such as IP addresses, even if you are not a member of that particular social media platform. 


Information of children

We do not knowingly collect personal information from children under the age of 14 or any other age that requires a consent or authorization for data processing from the holder of parental responsibility. If you are a parent or guardian and you are aware that your children have provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent when it is necessary, we take steps to remove that information from our servers.


What we do with your information

We will only use your personal information when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.

  • Where it is necessary for our legitimate interest (or those of a third party) and your interests and fundamental rights do not override those interests.

  • Where we need to comply with a legal or regulatory obligation.

We have set out below, in a table format, a description of the ways we plan to use your personal data and the legal basis we rely only on to do so. We have also identified our legitimate interests where appropriate:


Type of data

Legal basis for processing

To respond to your queries and to provide you with the information you request from us in relation to our products or Services.

Identity Data Technical Data Usage Data Public Data

Necessary for our legitimate interests (to respond to new or existing customer queries and grow our business) Performance of a contract with you

To set up and administer your account for the Services.

Identity Data

Performance of a contract with you

To provide the Services and perform our obligations arising from any contracts entered into between you and us.

Identity Data Financial Data Technical Data Usage Data

Performance of a contract with you

To manage payments, fees, and charges and to collect and recover money owed to us.

Identity Data Financial Data

Performance of a contract with you Necessary for our legitimate interests (to recover debts due to us)

To manage our relationship with you, including notifying you about changes to the Services, our Terms of Services or Privacy Policy.

Identity Data Technical Data Usage Data Public Data

Performance of a contract Necessary to comply with a legal obligation Necessary for our legitimate interests (to keep our records updated and to study how customers use our products and services).

To provide you with information about goods and services we offer that are similar to those that you have already purchased or enquired about.

Identity Data Technical Data Usage Data Public Data

Necessary for our legitimate interests (to develop our products or Services and grow our business)

Where you have given us your consent to do so, to provide you with information about other goods or services we feel may interest you.

Identity Data Technical Data Usage Data


To ensure that content is presented in the most effective manner for you and for your computer or device.

Identity Data Technical Data Usage Data

Necessary for our legitimate interests (to keep our Site and the Services updated and relevant and to develop and grow our business).

To administer and protect our business, our Site, the Services, and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.

Identity Data Technical Data Usage Data Public Data

Necessary for our legitimate interests (for running our business and as part of our efforts to keep our Site and the Services safe and secure)

To use data analytics to improve or optimize our Site, Services, marketing, customer relationships, and experiences

Technical Data Usage Data

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our Site and the Services updated and relevant, to develop and grow our business and inform our marketing strategy).

To allow you to participate in interactive features of the Services (including surveys), when you choose to do so.

Identity Data Technical Data Usage Data

Performance of a contract with you Necessary for our legitimate interests (to study how customers use our products or Services, to develop them and grow our business

To measure or understand the effectiveness of advertising we serve to you and others, and, where applicable, to deliver relevant advertising to you.

Identity Data Technical Data Usage Data

Necessary for our legitimate interests (to study how customers use our products or Services, to develop them, to grow our business, and to inform our marketing strategy).


How long we keep your information

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. This means that the period of time for which we store your personal data may depend on the type of data we hold.


Disclosure of your information

We do not share your personal information to third parties for marketing purposes without your explicit consent. To provide you with our services and to also meet our regulatory requirements, we may need to share your information with our business partners, suppliers, and sub-contractors, affiliated companies and other third party product and service providers.

You have the option to share your personal information stored on the website with the users in your friend list or with the companies you desire. By doing so, you acknowledge that you share your personal information willingly with these third parties. 


Security Measures

We take our security responsibilities seriously, using the most appropriate physical and technical measures, and require our partners to use the same standard of care. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access. These are described in more detail below.


Location of Servers and Accessibility

Your personal data is not stored locally but on a secure server which helps ensure your personal data is secure and private.


Data Storage

Your personal data is stored on secure servers hosted on a digital cloud solution. These servers are located in Frankfurt, Germany.  Humbl Solutions OÜ applies Standard Contractual Clauses as a valid mechanism for transferring data outside the European Union.


Data Encryption

Data is encrypted using SSL Certification when transmitted from our servers to your browser.

The data storing and security is handled by DigitalOcean managed databases service and we don't have any direct access to the database servers.


Your Personal Data and Your Rights


Accessing your Personal Data

You may request access at any time to a copy of the personal data we hold about you. Any such request should be submitted to us in writing and sent to [email protected] We will need to verify your identity in such circumstances and may request more information or clarifications from you if needed to help us locate and provide you with the personal data requested. There is usually no charge applied to access your personal data (or to exercise any of the other rights). However, if your request is clearly unfounded, repetitive, or excessive, we may charge a reasonable fee. Alternatively, we may refuse to comply with your request in these circumstances.


Right of Restriction

You may restrict us from processing your personal data in any of the following circumstances:

  • You have contested the accuracy of the personal data we hold on record in relation to you or for a period of time to enable us to verify the accuracy of the personal data;

  • The processing of your personal data is unlawful and you request the restriction of the use of personal data instead of its erasure;

  • We no longer require your personal data for the purpose of processing but you require this data for the establishment, exercise, or defense of legal claims; or

  • Where you have contested the processing (under Article 21(1) of the GDPR) pending the verification of our legitimate grounds.


Corrections or Erasure (Right to Rectification and Right to Be Forgotten)

If we hold personal data concerning you which are no longer necessary for the purposes for which they were collected or if you withdraw consent for us to process your personal data, you can request the deletion of this personal data. This right, however, will not apply where we are required to process personal data in order to comply with a legal obligation or where the processing of this information is carried out for reasons of public interest in the area of public health. If the personal information we hold about you is inaccurate, you may request to have your personal information updated and corrected.


Your Right to Object

You have the right to object to the processing of your personal data at any time:

  • For direct marketing purposes

  • For profiling, to the extent, it relates to direct marketing

  • Where we process your personal data for the purposes of legitimate interests pursued by us, except where we can demonstrate compelling legitimate grounds for this processing which would override your interests, rights, and freedoms or in connection with the enforcement or defense of a legal claim

Should this occur, we will no longer process your personal data for these purposes unless doing so is justified by a compelling legitimate ground as described above.


Data Portability

Where we process your personal data by automated means (i.e., not on paper) and this processing is based on your consent or required for the performance of a contract between us, you have the right to request from us a copy of your personal data in a structured, commonly used machine-readable format and, where technically feasible, to request that we transmit your personal data in this format to another controller.



Profiling is an automated form of processing of personal data often used to analyze or predict the personal aspects of an individual person. This could relate to a person’s performance at work, economic situation, health, personal preferences, reliability, behavior, location, or movements. An example of this would be where a bank uses an automated credit scoring system to assess and reject a loan application.

You have the right to be informed if your personal data will be subject to automated decision making, including profiling. You also have the right not to be subject to a decision based solely on the automated process, including profiling, where that decision impacts on your legal rights. There are some exceptions to this rule, where, for example, the decision is necessary for connection with the performance of a contract between us, is authorized by law, or where you have given your explicit consent to this automated processing. In this case, however, we do not engage in profiling or automated processing for profiling purposes.


Right to withdraw consent (when we process your data on the basis of consent)

In those cases where we process personal data on the basis of your consent (which we will never presume but which We shall have obtained in a clear and manifest manner from you), you have the right to withdraw your consent at any time and this, in the same manner as you shall have provided it to us.

Should you exercise your right to withdraw your consent we will determine whether at that stage an alternative legal basis exists for processing your personal data (for example, on the basis of a legal obligation to which we are subject) where we would be legally authorized (or even obliged) to process your personal data without needing your consent and if so, notify You accordingly.

When we ask for such personal data, you may always decline, however should you decline to provide us with necessary data that we require to provide requested services, We may not necessarily be able to provide you with such services (especially if consent is the only legal ground that is available to us).


The Right to lodge a Complaint

You also have the right to lodge complaints with the appropriate Data Protection Supervisory Authority. The competent authority in Estonia is the Estonian Data Protection Inspectorate. We kindly ask that you please attempt to resolve any issues You may have with us first (even though, as stated above, You have a right to contact the competent authority at any time).


Personal Rights

The rights described in this section are personal rights and are exercisable only by the individual person (or data subject) concerned. If we receive any such request or communication directly from your customers and/or in relation to Your End Customer Data, we will refer the matter to you and cooperate in providing such reasonable assistance as may be required to enable you, as a controller, to respond to the matter. This will be described in more detail in the Terms of Service or the other relevant contract between us.


Changes to this policy

Any changes made to this Policy from time to time will be published at the Site.

Any material or other change to the data processing operations described in this Policy which is relevant to or impacts on you or your personal data will be notified to you in advance by email. In this way, you will have an opportunity to consider the nature and impact of the change and exercise your rights under the GDPR in relation to that change (e.g., to withdraw consent or to object to the processing) as you see fit.