Rubreek PrivacyPolicy
Last updated: January 15, 2025
At Rubreek Limited ('Rubreek,' 'we,' 'us,' or 'our'), we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, share, and safeguard your information when you use our platform, websites, and services (collectively, the 'Service').
Our Commitment to Quality Feedback
At Rubreek, we are committed to quality feedback and the protection of user privacy. By using any part of the platform and its services, you're agreeing to uphold all our policies and standards in all your interactions. These rules, policies and standards ensure everyone benefits from constructive, respectful feedback that genuinely improves products.
1. Data Controller
Foighne Ventures Limited (trading as Rubreek) is the data controller responsible for the processing of your personal data. We are based in Ireland and comply with the European Union's General Data Protection Regulation (GDPR) and other applicable data protection laws. By using our Service, you acknowledge that you have read and understood this Privacy Policy.
If you have any questions or concerns about our privacy practices or this Privacy Policy, please contact our Data Protection Officer by sending a support ticket from your dashboard.
2. Information We Collect
We collect information that you provide directly to us, information from third parties, and information that we automatically collect when you use our Service. We process this data in accordance with the legitimate purposes outlined in this policy and only for as long as necessary to fulfill these purposes.
| Category | Data Types | Purpose | Legal Basis | Retention |
|---|---|---|---|---|
| Account Information | Name, email address, username, password (encrypted), profile picture, professional background | Account creation and management, authentication, platform communications | Contract Performance, Legitimate Interest | Account duration plus 12 months after deletion |
| Payment Information | Payment method details, transaction history, billing address | Processing payments, token purchases, redemptions, fraud prevention | Contract Performance, Legal Obligation | 7 years (financial records) |
| Platform Activity | Feedback provided/received, token transactions, project submissions | Core service functionality, token economy management, quality control | Contract Performance, Legitimate Interest | Account duration |
| Usage Data | Login timestamps, session duration, features used, pages viewed | Service improvement, troubleshooting, security monitoring | Legitimate Interest | 24 months |
| Communications | Support inquiries, feedback responses, direct messaging content | Customer support, dispute resolution, platform integrity | Contract Performance, Legitimate Interest | 36 months |
| Device Information | IP address, browser type, device type, operating system | Security, fraud prevention, service optimization | Legitimate Interest | 12 months |
| Marketing Data | Email engagement, communication preferences | Service updates, promotional communications | Consent | Until consent withdrawal or account deletion |
3. How We Use Your Information
We use your personal information for the following purposes, each of which has a defined legal basis under the GDPR:
Providing and Improving Our Services
We use your information to operate, maintain, and improve our platform, including processing transactions, managing accounts, facilitating feedback exchanges, and developing new features.
Legal basis: Contract Performance, Legitimate Interests
Communication
We use your contact information to communicate with you about your account, respond to inquiries, send service updates, and provide customer support.
Legal basis: Contract Performance, Legitimate Interests
Transaction Processing
We use payment and transaction information to process purchases, redemptions, and manage our token economy.
Legal basis: Contract Performance
Security and Fraud Prevention
We use your information to protect our platform, detect and prevent fraudulent transactions, abuse, and other illegal activities.
Legal basis: Legitimate Interests, Legal Obligation
Analytics and Platform Improvement
We analyze usage patterns and platform performance to improve our service, optimize user experience, and develop new features.
Legal basis: Legitimate Interests
Marketing and Communications
With your consent, we use your information to send promotional communications, newsletters, and information about new features or services.
Legal basis: Consent
Legal Compliance
We use and retain information as required to comply with applicable laws, regulations, legal processes, or governmental requests.
Legal basis: Legal Obligation
Automated Decision Making and Profiling
We may use automated systems to analyze your information to improve our services, prevent fraud, and provide personalized experiences. These processes may include:
- Quality scoring of feedback provided on the platform
- Fraud detection and security monitoring
- Matching users with relevant feedback opportunities
Under GDPR, you have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. If you believe an automated decision has affected you significantly, please contact our Data Protection Officer to request human review.
4. Sharing Your Information
International Transfers
As an Irish company operating a global service, your information may be transferred to and processed in countries outside of the European Economic Area (EEA). When we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place, such as the European Commission's Standard Contractual Clauses, to protect your information and comply with applicable data protection laws.
5. Data Security
We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it from unauthorized access, disclosure, alteration, or destruction. These measures include:
Encryption
All data transmitted between your device and our servers is encrypted using TLS. Sensitive information like passwords and payment details are encrypted at rest.
Access Controls
Strict access controls limit who can access your data within our organization. Access is granted on a need-to-know basis.
Secure Infrastructure
Our platform is hosted on secure, enterprise-grade cloud infrastructure with industry-standard security practices and regular security updates.
Monitoring & Testing
We conduct regular security monitoring and penetration testing to identify and address potential vulnerabilities before they can be exploited.
While we implement industry-standard security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee the absolute security of your information. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us using the ticketing system on your dashboard.
6. Your Data Protection Rights
Under the GDPR and other applicable data protection laws, you have certain rights regarding your personal information. These rights include:
Right to Access
You have the right to request a copy of the personal information we hold about you and information about how we process it.
Right to Rectification
You have the right to request that we correct any inaccurate personal information we hold about you, or complete any incomplete information.
Right to Erasure
You have the right to request that we delete your personal information in certain circumstances, such as when the information is no longer necessary for the purposes for which it was collected.
Right to Restrict Processing
You have the right to request that we restrict the processing of your personal information in certain circumstances, such as when you contest the accuracy of the information.
Right to Data Portability
You have the right to receive your personal information in a structured, commonly used, and machine-readable format, and to transmit that information to another controller.
Right to Object
You have the right to object to the processing of your personal information in certain circumstances, such as when processing is based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent
Where processing is based on consent, you have the right to withdraw your consent at any time. This does not affect the lawfulness of processing based on your consent before its withdrawal.
How to Exercise Your Rights
You can exercise your data protection rights in the following ways:
Through Your Account: Many of your rights can be exercised directly through your account settings, where you can access, correct, and delete certain personal information.
Contact Our DPO: You can contact our Data Protection Officer by sending a support ticket from your account with the subject "Data Protection" to exercise any of your rights or to ask questions about your personal information.
We will respond to your request within one month of receipt. This period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of your request.
If we decide not to take action on your request, we will inform you of the reasons for not taking action and of your right to lodge a complaint with a supervisory authority and to seek a judicial remedy.
7. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, and to provide you with our services.
| Data Category | Retention Period | Reason |
|---|---|---|
| Account Information | Account duration + 12 months | Account recovery, service continuation, addressing inquiries |
| Payment Information | 7 years | Legal and financial compliance requirements |
| Platform Activity | Account duration | Service provision and platform functionality |
| Usage Data | 24 months | Service improvement and analytics |
| Communications | 36 months | Support continuity and dispute resolution |
| Device Information | 12 months | Security and fraud prevention |
| Marketing Data | Until consent withdrawal | Marketing communication based on consent |
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the data, whether we can achieve those purposes through other means, and applicable legal requirements.
In some circumstances, we may anonymize your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
8. Children's Privacy
Our Service is not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. If you are a parent or guardian and you believe that your child has provided us with personal information, please contact us immediately.
If we become aware that we have collected personal information from children without verification of parental consent, we will take steps to remove that information from our servers.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by:
- Posting a notice on our website
- Sending an email to the address associated with your account
- Displaying a notice when you log into our Service
The date the Privacy Policy was last updated is identified at the top of this page. You are encouraged to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information.
10. Complaints
If you have concerns about our handling of your personal information, we encourage you to contact us first from your dashboard. We will respond to your inquiry promptly and make every effort to resolve your concern satisfactorily.
If you are not satisfied with our response, you have the right to lodge a complaint with the Irish Data Protection Commission or another relevant data protection authority where you live, work, or where you believe an infringement has occurred.
Data Protection Commission (Ireland)
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland
Website: www.dataprotection.ie
11. Contact Us
If you have any questions about this Privacy Policy or our privacy practices, or if you wish to exercise your data protection rights, please contact us by logging into your account and submitting a support ticket.
We are committed to addressing your concerns and respecting your privacy rights. We will respond to your inquiry as quickly as possible, typically within 30 days.
Our Commitment to Your Privacy
At Rubreek, we believe that your privacy is fundamental. We are committed to being transparent about our data practices, providing you with control over your information, and continually improving our privacy measures. By using our Service, you trust us with your information, and we take that responsibility seriously. We appreciate your confidence in us and are committed to maintaining that trust.