Privacy Policy

Last updated on September 3, 2025

§ 1 General Provisions

1. This Privacy Policy sets out the processing principles and methods of data protection, including personal data of persons using the Rublon software platform, website and application (hereinafter jointly: “Rublon”), processed by Rublon sp. z o.o. with headquarters in Zielona Góra at Stanisława Wyspiańskiego Street 11, 65-036 Zielona Góra, Poland entered into the Register of Entrepreneurs maintained by the District Court in Zielona Góra, VIII Business Department of the National Court Register at KRS number: 3011, NIP: 9730702133, share capital: 200,000.00 PLN, e-mail: support@rublon.com (hereinafter: “Rublon” or “Controller”).
2. Rublon collects, processes and uses the data of the Rublon’s customers and website users (hereinafter jointly: “Users”), including personal data.
3. Controller pays special attention to protecting and respecting Users’ rights, with particular emphasis on ensuring the right to protection of privacy and free disposal of personal data by the User.
4. Controller makes every effort to secure Users’ personal data, but at the same time recommends Users to use Rublon responsibly.

§ 2 Personal Data

1. The controller of Users’ personal data is Rublon sp. z o.o. with headquarters in Zielona Góra at Stanisława Wyspiańskiego Street 11, 65-036 Zielona Góra, Poland, entered into the Register of Entrepreneurs maintained by the District Court in Zielona Góra, VIII Business Department of the National Court Register at KRS number: 3011, NIP: 9730702133, share capital: 200,000.00 PLN, e-mail: support@rublon.com.
2. Users’ personal data relate to:
   • data collected as a result of their voluntary provision (e.g. when completing the registration form, creating and using an account in Rublon, subscribing to the newsletter, using other functionalities of Rublon) such as: name, surname, phone number, email address;
   • User’s geolocation, i.e. the place where User is located (this data can be collected using MaxMind’s GeoIP technology);
   • data related to the use of Rublon (e.g. data regarding the dates of use of Rublon, the time of its use);
   • data of the mobile device used by the User (manufacturer, device model, operating system, version);
   • payment data (e.g. credit card number) if the User is a Customer within the meaning of Terms of Service.

§ 3 Access to Data from a Mobile Device

1. The Rublon Authenticator app may, with the consent of the User, receive access to the camera of a User’s mobile device, which allows the User to scan QR codes using Rublon Authenticator, which enables the use of authentication methods needed to log in to accounts protected by Rublon.
2. The User may allow the Rublon Authenticator app to send push notifications, which enables the use of the Mobile Push authentication method that may be used to verify logins to accounts protected by Rublon.
3. The User provides separate consent for the Rublon Authenticator app to use the access referred to in sections 1-2. Access is revoked by uninstalling the Rublon Authenticator app.
4. Rublon may also collect information about mobile devices on which the User runs the Rublon Authenticator app. The collection of information is necessary in order to display data about users’ mobile devices in the Rublon Admin Console and to provide additional services, such as the Device Health service.
5. The information collected includes: the phone number, device name set by the User, device manufacturer, name and version of the operating system, screen resolution as well as additional technical information, depending on the permissions granted by the User.

§ 4 Purpose and Time of Data Processing

1. The processing of Users’ personal data takes place for the purpose of:
   • conclusion and implementation of the agreement for the provision of electronic services specified in the Terms of Service (art. 6, section 1, let. b of the GDPR);
   • statistics and analysis of Users, which is the Controller’s legitimate interest (art. 6, section 1, let. f of the GDPR);
   • contact with the User, which is the Controller’s legitimate interest (art. 6, section 1, let. f of the GDPR);
   • conducting marketing activities through the newsletter (art. 6, section 1, let. a of the GDPR);
   • notifying about career opportunities (art. 6, section 1, let. a of the GDPR);
   • archival and documentary evidence for the purpose of securing information that can be used to prove certain facts and to establish, investigate or defend against claims, which constitutes the Controller’s legitimate interest to protect the property interest of the Controller (art. 6, section 1, let. f of the GDPR).
2. Personal data may be made available to entities providing IT services to the Controller and entities providing accounting and billing services.
3. The time of processing personal data by the Controller depends on the purpose of processing:
   • conclusion and implementation of the agreement for the provision of electronic services specified in the Terms of Service is processed by the Controller for the period of agreement implementation and the period necessary to pursue own claims or defend against claims raised against Controller in connection with the agreement;
   • keeping statistics and analysis of Users’ for a period of 3 years from the date of collection;
   • personal data processed in order to contact the User are processed for a period of 1 year from the end of correspondence;
   • marketing activities until consent is withdrawn, and after the withdrawal of consent, until the expiration of the statute of limitations for claims related to marketing conducted through the newsletter, in particular for the purpose of proving certain facts, such as grant of consent for the newsletter subscription and the moment of its withdrawal;
   • notifying about career opportunities until consent is withdrawn or the purpose of processing is achieved, but no longer than for a period of 3 years;
   • archival and documentary evidence until the expiration of the statute of limitations for claims that may arise in connection with the services provided by the Controller or the use of the Controller’s website.

§ 5 Data Transfer

1. The Controller may use IT service providers that have their headquarters outside of the European Union. Therefore, User’s data may be transferred there. The Controller uses entities that ensure an adequate level of data protection and process personal data on the basis of Standard Contractual Clauses adopted by the European Commission, referred to in art. 46 of the GDPR, concluded between the Controller and this entity.
2. Downloading the Rublon Authenticator app from Google Play or the Apple App Store means for the User that Google LLC or Apple Inc., respectively will process their personal data. Google LLC and Apple Inc. are personal data controllers separate from the Controller.

§ 6 Users’ Rights

1. The User who is the data subject has the following rights:
   • the right to access personal data and the right to receive a copy – the User may request from the Controller information whether their data is processed, and in the case of confirmation, the User may request the Controller to obtain access to them. The User may also request the Controller to provide a copy of their processed personal data. Provision of subsequent copies of data may require the User to pay a fee related to administrative costs;
   • the right to request the rectification of personal data – User can request the rectification on their incorrect personal data by the Controller, or can request the completion of incomplete personal data, having regard to the purposes of the processing;
   • the right to request the erasure of personal data – the User may request the Controller to delete personal data related to them in a situation that at least one of the following cases occurs:
     • personal data is no longer needed in relation to the purposes for which it was collected or otherwise processed;
     • personal data is processed contrary to the provisions of law;
     • personal data was unlawfully processed;
     • User’s consent, which is the basis for data processing in accordance with art. 6 section 1 let. a GDPR, and at the same time there is no other legal basis for the processing of personal data;
     • User objects to the processing of personal data pursuant to art. 21 section 1 GDPR, and at the same time there are no valid legitimate grounds for processing that override the interests, rights and freedoms of the data subject, or grounds for establishing, pursuing or defending claims; or if the User objects to the processing of personal data pursuant to art. 21 section 2 GDPR;
     • an obligation to delete personal data has been imposed on the Controller, resulting from applicable European Union regulations;
   • the right to request restriction of the processing of personal data – the User may request the Controller to restrict processing of personal data related to them in a situation that at least one of the following cases occurs:
     • The User contests the accuracy of personal data – for a period enabling the Controller to check the correctness of this data;
     • the processing is unlawful, and the User opposes the erasure of the personal data and requests the restriction of their use instead;
     • Controller no longer needs the personal data for the purposes of the processing, but they are required by the User for the establishment, exercise or defence of legal claims;
     • User has objected to processing pursuant to art. 21 section 1 GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject;
   • the right to transfer personal data;
   • the right to object to the processing of personal data;
   • the right to lodge a complaint with a supervisory authority – in Poland it is the President of the Office for Personal Data Protection.
2. In order to exercise any of the rights referred to above, the User may submit a request to the Controller in writing to the address of Rublon sp. z o. o with headquarters in Zielona Góra at Stanisława Wyspiańskiego Street 11, 65-036 Zielona Góra, Poland, or via email to the address support@rublon.com.
3. Providing data is voluntary, but without the provision, it will be impossible to provide services or contact the Controller.

§ 7 Cookies and Tools used within the Website

1. As part of the functionality of Rublon’s website, small files called cookies are used. These files are saved by the server on the end user’s computer. Using cookies should be understood as their storage and access to them by the Controller.
2. Cookies are IT data, in particular text files, which are stored in the User’s end device and are intended for the use of websites. Cookies usually contain the name of the website they come from, the time they are stored on the end device, content (e.g. action identifiers) and a unique number.
3. Cookies are used for the following purposes:
   • adapting the content of the website to the User’s preferences and optimizing the use of the website. In particular, these files allow to recognize the User’s device and properly display the website, adapting it to his needs and preferences;
   • creating statistics and analyses regarding the use of the website.
4. As part of the website, two basic types of cookies are used: “session” (session cookies, session storage) and “permanent” (persistent cookies, local storage). Session cookies are temporary files that are stored on the User’s device until the session expires (e.g., leaving the website, deleting them by the User, or turning the software off). Persistent cookies are stored in the User’s device for the time specified in the cookie file parameters or until they are deleted by the User.
5. The use of cookies does not cause any configuration changes on the end user’s device and the software installed on this device.
6. The default settings of web browsers usually allow the saving of cookies on end user’s devices. These settings can be changed by User.
7. The User may define the conditions for the use of cookies by means of the software (web browser) settings installed on their end device. The change may involve a partial or complete limitation of the possibility of saving cookies on the user’s end device.
8. Controller informs that, in accordance with the provisions of the Telecommunications Law, the end user’s consent to the storage of information or access to information already stored in the end user’s telecommunications end device may also be expressed by the user using the software settings installed in the end device used by him. Therefore, if the user does not want to express such consent, he should change the settings of the web browser.
9. Detailed information on changing browser settings regarding cookies and their removal can be obtained on the official website of a specific browser. In particular, the above information can be found at the following website addresses:
   • Firefox web browser;​
   • Chrome web browser;
   • Internet Explorer web browser;
   • Microsoft Edge web browser;​
   • Opera web browser;​
   • Safari web browser.
10. Controller uses the following tools:
    • Google Analytics and Tag Manager tools, which are used to analyze website statistics;
    • Facebook Pixel tool, which is an analytical tool that helps to measure the effectiveness of advertisements based on the analysis of actions taken by end users on the website, which in turn allows for conducting more effective advertising campaigns;
    • Wistia, Vidyard and Google Fonts tools displaying content hosted from external platforms. Wistia may help in measuring viewer and user engagement with the media visible on a website;
    • Inspectlet tool, which is a session recording and heat mapping service that is used to display the areas of the website that Users interact with most frequently. Inspectlet makes it possible to monitor and analyze web traffic and keep track of User behaviour;
    • LiveChat tool, which allows Users to interact with third-party live chat platforms directly from the website, in order to contact Rublon’s sales and support teams;
    • Freshdesk tool, which allows storage, tracking, response and management of support queries;
    • Cloudflare tool, which allows to distribute website content using servers located across different countries in order to optimize the performance;
    • LinkedIn Insight Tag, Pipedrive and Leadfeeder tools, which allow analyzing visits to the website thanks to reports on the website audience and/or advertisements performance.

Rublon-Privacy-Policy-v4 (30 Oct 2024)