one-on-one meeting

Humbol Application Privacy Policy

Version 1.4

Date: 1.12.2022

This Privacy Policy is applicable to personal data processed by Humbol Inc (“Humbol”, “we” or “us”) relating to the users of our leadership platform (the “Service”).

This Privacy Policy is also applicable to personal data processed by us with regard to the representatives of our customer organizations when such data is processed in connection with the provision of the Service. All of the aforementioned data subjects are hereinafter collectively referred to as “Users” or “you”. This Privacy Policy governs solely the Service and the data processing carried out by Humbol in connection therewith. As regards the processing of personal data in connection with our marketing and sales activities or the provision of the website, or otherwise outside the scope of the Service, please refer to our Website Privacy Policy available at

In relation to the provision of the Service, we also operate as a data processor for our customer organizations, in which case the customer organization is regarded as the data controller. This means that we process personal data based on contracts on behalf of our customers and not for our own purposes. As a data controller, the customer has full control and responsibility on what personal data it decides to enter in the Service and under what legal basis it has the right to process and transfer it to Humbol, including acquiring necessary consents, if required. Humbol does not review the data entered into the Service by the customer organization. We do not use any personal data submitted to the Service by the members of our customer organizations (the “End-User Data”) for any sales and/or marketing purposes.

We are committed to processing personal data in compliance with this Privacy Policy and applicable laws. This Privacy Policy contains information about what personal data we collect, what are the key principles of processing the data, and what rights you have relating to your personal data.


The data controller relating to processing of personal data pursuant to this Privacy Policy is:

Humbol Inc (business identity code: 3190489-7)
Wolffintie 36 M 10, 65200 Vaasa, Finland
Data Protection Officer: Jyri Kytömäki


We collect two types of information concerning our Users: (i) User Data; and (ii) Analytics Data.

User Data is primarily received directly from the Users or the representative of the relevant customer (such as the customer’s admin user of the Service) or 3rd parties who are entered to the Service as Users by the Customer. Analytics Data is collected automatically as you use the Service. Although we do not normally use Analytics Data to identify individuals, sometimes individuals can be recognized from it, either alone or when combined or linked with other data. In such situations, Analytics Data shall also be considered to be personal data under applicable laws, and we will treat the combined data as personal data.

User Data and Analytics Data typically consist of the following categories of data. This data is either inputted directly by the User or synchronized by the organization from an integrated solution:

User Data
  • Name
  • Email address
  • Phone numbers
  • Profile picture
  • Data from scheduled interactions such as notes, actions, calendar events, skills, goals, and feedback
  • Organisation information, such as title or role, department, team, and location
Analytics Data
  • Pseudonymised user identifier
  • Time of visit
  • Browser type and version
  • Action and action related pseudonymised identifiers
  • IP address
  • Geographical location
  • Browser type
  • Referral source
  • Length of visits
  • Pages viewed


We use cookies to provide our Service. Cookies are small text files that are placed on a web user’s computer and are designed to hold a modest amount of data particular to a User. We may use cookies to develop our Service. If you do not wish to receive cookies, you may set your web browser to disable them. Please note that most browsers accept cookies automatically. If you disable cookies, you should understand that our Service may not function correctly.


Legal grounds for processing

In relation to the provision of the Service, we primarily process personal data on a contractual basis. For individuals acting as representatives of our customer organizations, personal data is primarily processed based on our legitimate interest whilst fulfilling our contractual obligations towards the organizations they represent.

We may also process personal data based on our legitimate interests, for example in connection with analytics. When choosing to use your data on the basis of our legitimate interests, we carefully weigh our own interests against your right to privacy.

In certain cases, you may be requested to grant your consent for the processing of your personal data. In this event, the legal ground for such processing is your consent. You may withdraw your consent at any time.

Purposes of processing

We collect, store and process personal data only for predefined purposes. We also always make sure that there is at least one legal basis for processing personal data. The main purposes and the applicable legal basis for processing personal data are:

To provide our Service. We collect and process personal data to be able to offer the Service to our Users and to run and maintain our operations. Personal data may be processed in order to carry out our contractual obligations towards an individual User or towards the organization the User represents. The legal basis for this processing is our legitimate interest and contract between Humbol and the customer.

For our legal obligations. We process personal data to enable us to administer and fulfill our obligations under law. This includes data processed for complying with our accounting obligations and providing information to relevant authorities. The legal basis for this processing is to ensure compliance with our legal obligations.

For claims handling and legal processes. We may process personal data in relation to claims handling, debt collection, and legal processes. We may also process data for the prevention of fraud, misuse of our Service and for data, system and network security. The legal basis for this processing is our legitimate interest.

For communication. We may process personal data for the purpose of contacting our Users regarding our Service, including handling of support requests and customer feedback as well as notifying Users about the Service. The legal basis for this processing is our legitimate interest.

For quality improvement and trend analysis. We may process information regarding your use of the Service to improve the quality thereof, for example by analyzing any trends in the use of our Service. Similarly, we may process any feedback provided by you to improve our operations in general. Where possible, we will do this using only aggregated, non-personally identifiable data. The legal basis for this processing is mainly our legitimate interest.


Personal data is mainly stored in electronic format and only authorized personnel within our organization have access to the data.

We also use third-party service providers for data storage (e.g. cloud storage), digital marketing, processing of payments, and other processing of personal data. In these situations, we make sure we have a written contract with each respective service provider with minimum data processing provisions. We will also otherwise ensure that the confidentiality of personal data is secured, and data is otherwise processed and transferred lawfully. Some of these service providers include, at the date of writing this policy, HubSpot, Amazon AWS, and Pandadoc.

We may also disclose or transfer personal data to fulfill legal obligations or when a legal authority requires a disclosure. We may also disclose personal data if we are a party of a business sale, such as a merger or an acquisition.


We store personal data on servers located in the European Union (“EU”) provided by Amazon Web Services. By default, personal data is not transferred outside the EU. However, in certain situations data may be transferred outside the EU, if our service provider is located there. To the extent personal data is transferred to a country outside of the EU/EEA, we will use the required established mechanisms that allow the transfer to our service providers in those countries, such as the Standard Contractual Clauses approved by the European Commission.


We will not store personal data for a longer period than is necessary for its purpose or required by contract or law. The retention periods for personal data may vary based on its purpose and the situation. The retention periods may also be based on applicable laws (e.g. accounting, tax laws, employment contracts act). We may also update data from time to time. With respect to the End-User Data, it is each customer’s responsibility to plan and supervise the data retention periods for such data.

Personal data is stored and secured in accordance with general industry standards and practices. We consider and keep personal data confidential. Subcontractors that we use for processing personal data are selected also based on their data security measures. For our own systems and data storage, we use only well-established service providers and robust software tools. Access to personal data is also protected with user-specific logins, passwords and user rights. Our premises are also safe and secure.


Your Microsoft or Google account is used for authentication to ensure you have the necessary credentials to use Humbol. We do not access or store your Microsoft or Google password in our database. To have the ability to book meetings with your colleagues we need access to your calendar. In this case, we only access the calendar events that are created through Humbol. Your profile picture from your Microsoft or Google account is stored on our servers for convenience

Google APIs
Humbol’s use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Microsoft API’s
Humbol’s user of information received from Microsoft APIs will adhere to the Microsoft APIs terms of use.


Right to access

You have the right to confirm whether we are processing your personal data and also to know what data we have about you. 

Right to withdraw consent

If we process personal data based on your consent, you can at any time withdraw your consent by contacting us. Withdrawing a consent may lead to fewer possibilities to use our Service. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to rectify

You have the right to request that we correct any inaccurate or outdated personal data we have about you by contacting us. 

Right to prohibit direct marketing

You have the right to request that your personal data is not processed for direct marketing purposes.

Right to unsubscribe marketing communications

You may unsubscribe from receiving our marketing communications at any time by clicking the “unsubscribe” link located on the bottom of our emails or by contacting us. 

Right to object

If we process your personal data based on public interest or our legitimate interest, you have the right to object processing of your data, to the extent that there is no such significant other reason that would override your rights or the processing is not necessary for handling legal claims. Please notice that in this situation we may not be able to serve you anymore.

Right to restriction of processing

You may request us to restrict processing of personal data for example when your data erasure, rectification or objection requests are pending and/or when we do not have legitimate grounds to process your data. This may however lead to fewer possibilities to use our Service. 

Right to data portability

If we process your personal data based on your consent or fulfillment of a contract, you have the right to require transfer of the data you have provided to us to another service provider in a commonly used electronic format.

How to use the rights

You can execute and use your rights by contacting us by sending email to In such case, we ask you to provide us your name, contact details, phone number as well as something that we can use to verify your identity, such as written and signed (and scanned) request, or a copy of your personal ID, but without social security number and other such information that we don’t need. If you consider that the processing of your personal data is not lawful, you can always also make a notification to a supervisory authority (in Finland tietosuojavaltuutetun toimisto).


We may update this Privacy Policy when our operations change or develop. Also, changes in law may make it necessary to update this Privacy Policy. The changes become valid once we have published them in the form of an updated privacy policy. Therefore, please visit this page and read this Privacy Policy from time to time.