• Home
  • Incubation programs
    Start
    For startups at the idea stage
    Launch
    For startups with a (semi) developed product
  • Incubation criteria
  • Who we are
  • Contact us
Apply here
Apply here

GDPR Compliance

LATEST UPDATE: OCTOBER 1, 2022

Introduction

Jubile Venture Capital and Software Development company, Jubile Tech Incubator Ltd., a UK Limited company with registration number 14363692 and official address Kemp House, 160 City Road, EC1V2NX, London, United Kingdom (collectively, “Jubile” / "Jubile Startup Builder" / "Jubile Tech Incubator" / “we” / “our” / “us”). We respect and protect the privacy of our users, and are accountable for personal information under our control. Jubile's mission is to help non-technical entrepreneurs bring the concepts to reality by helping them develop functional and useful products that help the world become a better place. Central to this mission is our commitment to being transparent about data collection, management, and sharing.

EU & UK GDPR

The European Union’s law on personal data processing, the General Data Protection Regulation (GDPR), and the United Kingdom's law on personal data processing, The Data Protection Act (UK GDPR) went into effect on May 25th, 2018. They significantly impact how Technology businesses handle their users’ personal data. The GDPRs are not applicable only in Europe as it applies to any business offering goods or services to, or performing monitoring of, users in the EU and the UK respectively. As the GDPR is important to software product and service providers like us, not only do we need to be compliant, but we also strive to help our clients be compliant as well.

‍

Choosing Jubile means avoiding nuisances with regards to implementing GDPR guidelines. Personal data has historically been used and shared indiscriminately, and stored indefinitely “just in case”. The GDPR encourages businesses to be more aware of the data they collect and what they do with it. It gives users much more control over what happens to their data. We’re working continuously on our compliance, and are happy to see that most other Tech companies are doing the same.

Data Privacy

Jubile is committed to the highest standards of data security and privacy. We were designed to comply with both the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and the UK Data Protection Act on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

‍

We are dedicated to safeguarding personal data by developing a data protection regime that is robust and effective. We are committed to the principles inherent in the GDPR and particularly to the concepts of information transparency, privacy by design, the right to be forgotten, and a risk-based approach.

‍

Here is a list of technical and organisational security measures we put in place to ensure the highest level of data protection:

  1. Measures for the pseudonymisation and anonymisation of personal data; we use anonymous aggregates to advance our algorithm development. Data with Personally Identifiable Information "PII" cannot be retrieved by relevant systems without going through our anonymisation, feature extraction, and aggregation routines.
  2. Measures to encrypt personal data; not only do we use encryption in the transport layer, but also all communication takes place via SSL-encrypted channels. We also encrypt sensitive data in our databases.
  3. Measures to ensure confidentiality on a permanent basis; all our servers are equipped with the latest security measures and are hosted behind a Private Virtual Cloud on AWS (UK servers for our UK customers and EU servers for our European Union customers). In addition to Linux-specific measures and strong cryptographic key authentication on the server itself, we employ AWS-specific security measures and add an additional layer of security by proxying all our incoming traffic through Cloudflare to take advantage of advanced technologies to prevent snooping and service level attacks.
  4. The ability to offer our Services directly on the customers' servers; we provide our customers with the possibility of on-premise deployments, consequently making them the sole accessors of their data (since they are not stored in our cloud servers).
  5. Measures to ensure long-term integrity; data integrity is protected by the use of AWS data replication and backup services, and by frequent backups performed several times a day to ensure further redundancy in the event of an AWS problem.
  6. Measures to ensure long-term availability; we thoroughly test our API for malpractice and retain backups for a reasonable period of time to protect various snapshots of the data from accidental destruction or loss.
  7. Measures to ensure the long-term resilience of the systems and services; we use multiple internal and external state-of-the-art systems to monitor our platform, automatically detect threats, and protect the platform from them, resulting in a 99% uptime guarantee. Technologies we use to ensure resilience include Autoscaling AWS, Containerization, Cloudwatch, Cloudflare, and more.
  8. Measures to regularly review and evaluate the effectiveness of technical and organisational procedures; we regularly review our technical and organisational procedures and work with external experts to improve our systems and their security.
  9. Measures to prevent unauthorised access, traceability, and integrity in data transmission (transmission control through secure transmission); all data during transport is encrypted with SSL and thus protected by design against man-in-the-middle attacks.
  10. Measures to separate personal data collected for different purposes (separation control through client separation and authorisation management); all customers are operated either on AWS or on their local servers in logically or physically separate systems. This ensures that no other customer’s data can be accidentally accessed.
  11. Measures to erase data and restrict processing; all data of individual users will be deleted from our servers within a reasonable period of time in accordance with the regulations of the country in which the customer operates. In different countries, it is necessary that e.g. financial documents are stored for different periods of time. This includes all data stored in backups or logs of the system as well as data stored in the databases.

Contact

If you have any questions or concerns about your privacy, security and data protection in relation to the use of Jubile's Website, Product or Services please contact our privacy officer:

  • Email: data-privacy@jubile.tech
  • Phone: +44 204 577 1290
  • Letter to our Headquarters: Kemp House, 160 City Road, EC1V2NX, London, United Kingdom

Links to Other Legal Documents

  • Privacy Policy
  • Security Statement
  • Terms of Use
  • CCPA Compliance
  • Vulnerability Disclosure
If you desire to print this document, please use the keyboard shortcut Ctrl + P (for Windows) or Command + P (for macOS) to start the print process; all modern browsers support this operation.
Back to top

SITEMAP

  • HomeIncubation programIncubation criteriaWho we areContact usIncubatee application

Legal

  • Terms of UsePrivacy PolicyCCPA Compliance
GDPR ComplianceSecurity StatementVulnerability Disclosure

contact

  • LinkedIn's logo branded in Jubile's light purple colour. When clicked, it leads to Jubile's official LinkedIn account.

Copyright @2022 for Jubile Tech Incubator Ltd with company number 14363692. All rights reserved.