• website icon
    •  
    •  
Manage cookies
We use cookies to provide the best site experience.
Manage cookies
Cookie Settings
Cookies necessary for the correct operation of the site are always enabled.
Other cookies are configurable.
Essential cookies
Always On. These cookies are essential so that you can use the website and use its functions. They cannot be turned off. They're set in response to requests made by you, such as setting your privacy preferences, logging in or filling in forms.
Analytics cookies
Disabled
These cookies collect information to help us understand how our Websites are being used or how effective our marketing campaigns are, or to help us customise our Websites for you. See a list of the analytics cookies we use here.
Advertising cookies
Disabled
These cookies provide advertising companies with information about your online activity to help them deliver more relevant online advertising to you or to limit how many times you see an ad. This information may be shared with other advertising companies. See a list of the advertising cookies we use here.
Confirm
Privacy Policy
Effective Date: 16.10.2025
1. Introduction
This Privacy Policy (“Policy”) explains how Qubeletum OÜ (“we”, “us”, “our”), registry code 17316925, Pille tn 11/1-32, Kesklinna linnaosa, Tallinn, 10138, Estonia, processes personal data collected through the website https://unlocksy.net (the “Website”) and related services including purchases, user accounts, support, and community interactions. This version complies with the strictest standards applied by European banks and payment service providers (PSPs) for onboarding and acquiring.
2. Data Controller & Processor Roles
Controller: Qubeletum OÜ (registry code 17316925) is the data controller responsible for all personal data collected via unlocksy.net.
Processor: Itemare OÜ (registry code 17309345) provides operational and technical services to Qubeletum OÜ under a Data Processing Agreement (Art. 28 GDPR).
3. Categories of Personal Data Processed
  • Account and Identity Data: name, username, email, password hash, language preferences.
  • Transaction Data: orders, payments, invoices (excluding card numbers/CVV).
  • Technical Data: IP address, device information, browser type, cookies, log files.
  • Support and Communication: messages, support tickets, attachments.
  • Marketing and Analytics: cookie identifiers, consent preferences, campaign data.
  • Anti-Fraud and Security Data: device fingerprinting, risk scores, access logs.
4. Legal Bases for Processing
We process data based on:
  • Contract performance (Art. 6(1)(b)) — account, purchases, support.
  • Legal obligations (Art. 6(1)(c)) — accounting, tax, AML compliance.
  • Legitimate interest (Art. 6(1)(f)) — fraud prevention, service improvement, security.
  • Consent (Art. 6(1)(a)) — analytics, marketing, cookies, newsletters.
5. Data Retention Periods
We retain data only as long as necessary:
6. Cookies & Tracking
We do not activate non-essential cookies (analytics, marketing) before consent. The cookie banner provides equally prominent 'Accept all' and 'Reject all' options. Continuing browsing or scrolling does not constitute consent. Full details are available in our Cookie Policy.
7. Data Recipients & Processors
We share data only with trusted providers under GDPR-compliant contracts:
  • Payment providers (PSPs) — to process transactions securely.
  • Anti-fraud vendors — for bot mitigation and risk scoring.
  • Hosting and CDN — EU-based infrastructure.
  • Analytics tools — only with consent.
  • Email and CRM — only for opted-in communications.
8. International Transfers
Where data is transferred outside the EEA (e.g., to the USA), we rely on:
  • The EU–US Data Privacy Framework (DPF) if the recipient is certified; or
  • Standard Contractual Clauses (SCCs) with supplementary measures (Schrems II compliance).
9. Data Protection Impact Assessments (DPIA)
We conduct DPIAs for processing activities that may pose high risks to individuals (e.g., payment data, fraud detection) and implement appropriate safeguards to minimize those risks.
10. Security Measures
We apply encryption in transit and at rest, Secure/HttpOnly cookies, restricted access controls, least privilege principles, and routine vulnerability reviews. No full card data is stored on our servers.
11. Your GDPR Rights
You have the right to access, rectification, erasure, restriction, data portability, and objection (Arts. 15–22 GDPR). You may withdraw consent at any time without affecting prior processing. You also have an absolute right to object to direct marketing (Art. 21 GDPR).
12. Automated Decision-Making & Profiling
We do not engage in automated decision-making producing legal effects. Limited profiling may be used exclusively for fraud prevention or security purposes under human supervision.
13. Children’s Data
Our services are not directed to children under 16. We do not knowingly collect children’s data. If you believe a child has provided data, please contact us for immediate deletion.
14. Contact & Data Protection Officer (DPO)
For any inquiries regarding data protection, contact our DPO:
Email: privacy@unlocksy.net
Address: Qubeletum OÜ, Pille tn 11/1-32, Tallinn, 10138, Estonia.
15. Complaints to Supervisory Authority
You may lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon): https://www.aki.ee/en, or with your local EU supervisory authority.
16. Updates to This Policy
We update this Policy periodically. Changes will be posted with a new Effective Date. Material updates will be communicated before they take effect.