Privacy Policy

DUB SERVICES LLC (“we”, “us”, or “our”) is a privacy certifications and privacy tech consulting firm registered in Yerevan, Armenia (TIN 02942984, Reg. 999.110.1567116, address: 0015, 9 Grigor Lusavorich Str., Yerevan, Armenia).

We are committed to protecting your privacy and processing personal data only in accordance with applicable laws, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant data protection laws.

1. Information We Collect

We collect only the personal data you voluntarily provide to us:

• Name, email address, phone number, company name, and message when you contact us via email or the contact form.
• Curriculum vitae (CV) and any additional personal details if you apply for a job or internship with us.
• No automatic collection of browsing data, IP addresses for analytics, or any other tracking occurs except strictly necessary technical measures to combat DDoS attacks (as stated in the website footer).

2. How We Use Your Personal Data (Lawful Bases – GDPR)

We process your data only when we have a lawful basis:

• Legitimate interest (Art. 6(1)(f) GDPR) – to respond to your business inquiries, provide consulting services, and maintain our professional relationship.
• Consent (Art. 6(1)(a) GDPR) – when you voluntarily submit a CV or explicitly agree to further processing.
• Contract (Art. 6(1)(b) GDPR) – when you engage us for privacy consulting or certification services.
• Legal obligation (Art. 6(1)(c) GDPR) – where required by law (e.g., tax or accounting records).

We do not use your data for marketing, profiling, or automated decision-making.

3. Cookies and Trackers

This website does not use any cookies or trackers except those strictly necessary for combating DDoS attacks (see footer statement). No analytics, advertising, or third-party cookies are present.

4. International Transfers of Personal Data

We are based in Armenia, which does not have an adequacy decision from the European Commission. However, pursuant to Article 27(2) GDPR, we are not required to appoint an EU representative because our processing of personal data of EU data subjects is occasional, does not involve large-scale processing of special categories of data or criminal data, and is unlikely to result in a risk to the rights and freedoms of natural persons. This assessment is based on our very limited number of EU clients as of March 2026 and the minimal nature of our data processing activities.

Where any transfer outside the EEA occurs, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) and conduct transfer impact assessments as needed.

5. Your Rights as a Data Subject

Under the GDPR and CCPA you have the following rights (subject to applicable law):

• Right to access, rectify, or erase your data
• Right to restrict or object to processing
• Right to data portability
• Right to withdraw consent at any time
• Right not to be subject to automated decision-making (we do not perform any)
• Right to lodge a complaint with a supervisory authority (e.g., your local Data Protection Authority in the EU or the California Privacy Protection Agency)

To exercise any right, email us at privacy@dub-services.com. We will respond within one month (free of charge, except in manifestly unfounded or excessive cases).

6. California Privacy Rights (CCPA)

We do not “sell” or “share” your personal information for monetary or cross-context behavioral advertising purposes.

You have the right to:

• Know what personal information we have collected about you
• Request deletion of your personal information
• Opt out of any future sale/share (we do none)
• Non-discrimination for exercising your rights

Submit requests to privacy@dub-services.com. We verify your identity before processing.

7. Data Retention

We keep your data only as long as necessary for the purposes described or as required by law. Inquiries are typically deleted within 12 months unless they lead to an active client relationship. CVs are kept for 6 months unless you consent to longer storage.

8. Data Security and Breach Notification

We implement appropriate technical and organisational measures, including homomorphic encryption and strict access controls. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours (GDPR) and you without undue delay where required.

9. Children’s Privacy

Our website and services are not directed at children under 18. We do not knowingly collect data from minors. If we become aware that we have collected personal data from a child under 18 without parental consent, we will delete it.

10. Changes to This Privacy Policy

We may update this policy from time to time. The new effective date will be posted at the top. We encourage you to review it periodically.

11. Contact Us

For any privacy questions or to exercise your rights:

DUB SERVICES LLC
privacy@dub-services.com