This Privacy Notice aims to explain how we collect, use, and safeguard your personal information in a clear and approachable manner. Our goal is to ensure that you feel confident and secure while sharing your personal information with us. We want you to know that we handle your data responsibly and ethically, always with your best interests in mind.
"Data Protection Laws" refers to the UK GDPR, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any other applicable European Union legislation relating to Personal Data. The "UK GDPR" is the retained version of the General Data Protection Regulation 2016/679 as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018, and sits alongside the Data Protection Act 2018. "Personal Data" refers to any information identifying an individual or information relating to an individual that an organisation can identify (directly or indirectly) from that data alone or in combination with other identifiers that it Processes. It includes Special Category Data and pseudonymised Personal Data, but excludes anonymous data or data that has had the identity of an individual permanently removed. "Process or Processing" refers to any activity that involves the use of Personal Data - including obtaining, recording or holding the data, or carrying out any operation or set of operations on the data such as organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring Personal Data to third parties.
Our legal entity name is B Holdings Limited, incorporated in England & Wales with registration number 15222311 and registered address at 71-75 Shelton Street, London WC2H 9JQ. We are registered with the Information Commissioner's Office (ICO), the data protection supervisory authority in England & Wales. Our ICO registration reference is ZB663159. Data Protection Laws establish the roles of data controller (an organisation that determines when, why and how to Process Personal Data) and data processor (an organisation that Processes Personal Data on behalf of a data controller). When Bubbl is delivering its services to its customers, it is operating as a data processor.
Bubbl provides a geo-location plugin that enhances existing mobile applications by enabling real-time user engagement through location-based interactions. Customers can create virtual fences (geo-fences) to deliver location-aware push notifications, images, videos and surveys to end-users when they enter or exit these defined areas. Bubbl's platform facilitates in-location engagement by integrating its plugin into mobile applications, allowing customers to communicate dynamically with their end-users based on physical location. This supports the delivery of pre-built notifications and media, helping businesses engage with end-users contextually and effectively.
We collect various types of Personal Data based on our relationship with you. Categories include: Identity & Contact Data (first name, last name, title, phone number and email address); Technical & Usage Data (IP addresses, browser type and version, time zone settings, location and website interaction information); Profile Data (professional background, organisation and contracts entered into with us); Special Category Data (information revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, health conditions, sexual orientation, or biometric/genetic data); Transaction & Financial Data (transactions, invoices and payment details); and Communications & Marketing Data (cookie preferences and marketing communication preferences).
Under Data Protection Law, there are several lawful grounds for Processing Personal Data. The lawful grounds we rely upon are: Consent (where you have freely given specific, informed and unambiguous agreement via a clear positive action); Contract (where Processing is necessary to enter into or perform a contract); Legitimate Interests (where Processing is necessary for our legitimate interests or those of a third party, except where overridden by your interests or fundamental rights); and Legal Obligation (where Processing is necessary for compliance with a legal obligation to which we are subject). Where we rely on Consent as the lawful grounds in a specific situation, we do not rely on any other legal grounds in that situation.
In the course of our business we interact with several categories of individuals. Prospective and existing website users: we collect Identity & Contact Data, Technical & Usage Data and Communications & Marketing Data, automatically when browsing our website or directly provided, on the basis of Consent or Legitimate Interests.
Prospective employees: we collect Identity & Contact Data, Profile Data, Special Category Data and Technical & Usage Data, via our website, directly or from third parties such as background screening providers, on the basis of Consent or Contract and Legitimate Interests.
Prospective and existing third-party suppliers: we collect Identity & Contact Data, Profile Data, Special Category Data and Technical & Usage Data, via our website or directly provided, on the basis of Consent or Contract, Legitimate Interests and Legal Obligation.
Prospective and existing customers: we collect Identity & Contact Data, Profile Data, Transaction & Financial Data, Technical & Usage Data, Communications & Marketing Data, automatically and directly provided, on the basis of Consent or Contract, Legitimate Interests and Legal Obligation.
End users of our customers: we collect only a unique identification number, time and location stamps when within a virtual fence determined by our customer. This number is not your IP address - it is generated by the relevant application store (e.g. Google Play). We act as a Data Processor following our customer’s instructions.
We strive to provide you with choices regarding the use of your Personal Data, particularly in relation to your Marketing & Communications Data. You will receive marketing from us if you have requested information or purchased our product and have not opted out. Before sharing your Personal Data with any third party for marketing purposes, we will obtain your opt-in Consent. You can request us or third parties to stop sending marketing messages at any time by contacting us and withdrawing your Consent. Opting out of marketing messages will not affect messages necessary to fulfil a contract we have with you.
We may aggregate data - such as statistical or demographic data - for purposes including research and analysis. Aggregated data may be generated from your Personal Data, but is not classified as Personal Data under Data Protection Laws, as it does not directly or indirectly disclose your identity. If we merge or associate aggregated data with your Personal Data in a manner that could identify you, we will treat the combined data as Personal Data and manage it in accordance with this Privacy Notice. We may also anonymise your Personal Data for research or statistical purposes. Once anonymised, it is impossible to trace the data back to you, and we may utilise this information without further notification.
We disclose your Personal Data only when necessary. Categories of third parties with whom we share your Personal Data include: Technology providers (companies offering support and software products essential for business operations); Professional advisors (law firms, banks, payment providers, and accountancy firms engaged for business purposes); Governmental agencies and regulators (Companies House, HMRC, and the ICO, with whom we must engage for business operations and compliance); and Prospective business partners (third parties with whom we may negotiate to sell, transfer, or merge parts of our business or assets, or explore potential acquisitions or mergers in the future).
We ensure that Personal Data is always transferred safely and securely. Whenever your Personal Data is transferred outside of the UK and/or the EEA, we protect it by: (a) only transferring your Personal Data to organisations outside of the UK and/or the EEA if we have entered into specific contracts with them that ensure your Personal Data receives the same level of protection as in the UK and/or the EEA; and (b) only transferring your Personal Data to countries that have been deemed to provide an adequate level of protection, as endorsed by the ICO and determined by the European Commission.
We have implemented appropriate technical and organisational measures, including encryption (where necessary), to protect your Personal Data from accidental loss, falsification, unauthorised access, alteration, or disclosure. Access to your Personal Data is restricted to authorised personnel and relevant third parties who need it for business purposes. We have developed comprehensive policies, plans, and procedures to address both suspected and confirmed Personal Data breaches. We require all third parties to respect the security of your Personal Data and to treat it in accordance with Data Protection Laws, and enter into contractual agreements with all third parties (except regulators and governmental authorities) which include appropriate data protection clauses.
We will retain your Personal Data only for as long as necessary to fulfil the purposes for which it was collected, including meeting legal, regulatory, tax, accounting or reporting requirements. When determining appropriate retention periods, we consider the amount, nature, and sensitivity of the data; potential risks of unauthorised use or disclosure; purposes for Processing; and applicable legal, regulatory, tax, accounting or other obligations. In certain circumstances, we may retain Personal Data for a longer period - such as in the event of a complaint or if we reasonably believe there is potential for litigation related to our relationship with you.
You have specific rights concerning the Personal Data we handle about you: Right to access (request access to and copies of your Personal Data); Right to rectification (ask us to correct inaccuracies or incomplete information); Right to erasure (request deletion of your Personal Data under certain circumstances, though complete deletion may not always be possible if there is an ongoing contractual relationship); Right to restrict Processing (request restriction under specific conditions, such as when reviewing accuracy or assessing a deletion request); Right to object (object to Processing, particularly where based on Legitimate Interests or for direct marketing purposes); and Right to data portability (request to receive, transfer or copy your Personal Data to another data controller where Processing is based on Consent or contract and is automated). If you are dissatisfied with our approach, you have the right to lodge a complaint with the ICO via www.ico.org.uk. To exercise any of these rights, please contact us at info@bubbl.tech. There is no charge for accessing your Personal Data or exercising these rights, though we reserve the right to charge a reasonable fee or decline requests that are clearly unfounded, repetitive or excessive. We aim to address all legitimate requests within one month.
We believe that complying with Data Protection Laws is critical to building trust with our customers, stakeholders and the public. We are committed to acting transparently and responsibly at all times. We have implemented a data protection compliance program encompassing notices, policies, procedures, and technical security controls. In our operations, we comply with the following principles: we only Process Personal Data lawfully, fairly and in a transparent manner; we only collect Personal Data which is adequate, relevant and limited to what is necessary; we ensure Personal Data is accurate and kept up to date; we ensure Personal Data is not kept in a form that permits identification of individuals for longer than necessary; and we ensure Personal Data is processed securely using appropriate technical and organisational measures. Since inception, we have embedded privacy considerations into the design and development of our services and systems, employing privacy-enhanced technologies, conducting data protection impact assessments, and integrating privacy into Bubbl’s culture and practices.
We have conducted an assessment of our organisation under Data Protection Laws and have determined that we are not required, at this stage, to appoint a data protection officer. This is because we do not conduct regular and systemic monitoring of individuals on a large scale and neither do we conduct large-scale Processing of Special Category Data. We will review our determination on a regular basis and will appoint a data protection officer if necessary. Despite not having a dedicated data protection officer, we remain fully committed to safeguarding the privacy and security of your Personal Data. You can contact us at info@bubbl.tech with any data protection questions and concerns.