Last updated: 01 November 2025
Panelhub OU ("Panelhub", "we", "our", or "us") operates the website www.myspots.app ("Site") and the related research participation programme ("MySpots"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you visit our Site, register as a member, or participate in surveys.
The controller responsible for the processing of your personal data under the General Data Protection Regulation (GDPR) is:
Panelhub OU
Harju maakond, Tallinn, Kesklinna linnaosa, Ahtri tn 12, 10151
Email: [email protected]
"Personal data" means any information relating to an identified or identifiable person. Examples include your name, email address, or any information that could identify you directly or indirectly (e.g. demographics, IP address, device identifiers, or survey responses linked to your profile).
We process your personal data only in accordance with applicable data protection laws, including the GDPR. The main purposes and legal bases are:
| Purpose | Data processed | Legal basis |
|---|---|---|
| Registration and account creation | Name, email address, password, IP address, browser fingerprint | Art. 6(1)(b) GDPR – necessary to perform a contract |
| Profile information and survey matching | Demographic and professional details voluntarily provided | Art. 6(1)(a) GDPR – consent |
| Participation in surveys and incentive fulfilment | Survey responses, participation history, payment details | Art. 6(1)(b) GDPR – contract performance |
| Quality assurance, fraud prevention, and platform security | IP, device data, activity logs | Art. 6(1)(f) GDPR – legitimate interest |
| Communication and notifications | Name, email address | Art. 6(1)(b) GDPR – contract performance |
| Marketing communications (if subscribed) | Email address | Art. 6(1)(a) GDPR – consent |
When you visit our Site, our servers automatically collect log-file data including:
IP address
Date, time and duration of access
Browser type and version
Operating system and device details
Referrer URL and pages visited
This data is used for site operation, security, and statistical analysis.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in ensuring security and service quality).
When you register, we collect your name, email, password, IP address, and browser fingerprint to create and secure your account.
Legal basis: Art. 6(1)(b) GDPR.
You may optionally provide demographic information (e.g. age, gender, education, occupation) so we can invite you to relevant surveys.
Legal basis: Art. 6(1)(a) (consent).
You may update or delete this information at any time through your account settings.
We record your participation in surveys, account changes, and other interactions to improve targeting and support.
Legal basis: Art. 6(1)(f) (legitimate interest).
If you choose to receive incentives via bank transfer or other methods, we will collect your bank details solely for payment processing.
Legal basis: Art. 6(1)(b) or Art. 6(1)(a) (consent).
You may delete or update this information at any time. Alternatively, you may choose to donate your incentives.
To prevent fraud, we may ask you to verify your identity through your registered bank account or mobile phone number.
Legal basis: Art. 6(1)(f) (legitimate interest in preventing abuse).
If you contact us, we will process your name, email address, and message content to handle your request.
Legal basis: Art. 6(1)(b).
When you participate in a survey, your responses are processed for market and opinion research purposes.
Surveys may be conducted directly by Panelhub or by third-party research partners on our behalf.
Personal data collected during surveys will not be used to identify you unless you have given explicit consent.
Legal basis: Art. 6(1)(b) (contract) and, where applicable, Art. 6(1)(a) (consent).
We may share your personal data with trusted third parties for the purposes described above, including:
Clients commissioning surveys or research projects
Technical service providers (e.g. hosting, email delivery, analytics)
Payment and incentive fulfilment providers
Fraud-prevention and quality-control partners
All such partners are bound by written agreements requiring them to process data only under our instructions and in compliance with the GDPR.
By using our Site and Services, you acknowledge and consent that your personal information may be shared with these third parties for legitimate business purposes related to market research, survey administration, and incentive fulfilment.
We do not sell or lease personal data to third parties for marketing or unrelated purposes.
We use cookies and similar tools to operate the Site, maintain sessions, and improve user experience.
Session cookies are essential for login and navigation.
You may control or delete cookies through your browser settings, but doing so may limit certain Site functions.
Legal basis: Art. 6(1)(a) (consent).
We retain your personal data only as long as necessary for the purposes described in this Policy or as required by law.
Inactive accounts may be deleted after 24 months of inactivity, following prior notice by email.
Financial data will be retained for the period required under applicable tax and accounting laws.
Under the GDPR, you have the following rights:
Right of access – to know what data we hold about you;
Right to rectification – to correct inaccurate or incomplete data;
Right to erasure – to request deletion of your data;
Right to restriction of processing;
Right to data portability;
Right to object to processing based on legitimate interest;
Right to withdraw consent at any time.
To exercise any of these rights, please contact us at [email protected].
We will respond within one month as required by law.
You may withdraw your consent for data processing at any time with future effect.
Upon withdrawal, we will delete or restrict the processing of your data unless retention is required for legal reasons.
If we transfer data outside the European Economic Area (EEA), we ensure adequate safeguards, such as the EU Commission's Standard Contractual Clauses or transfers to countries with an adequacy decision.
We apply appropriate technical and organisational measures to protect your data against loss, misuse, unauthorised access, disclosure, alteration, or destruction.
Access to personal data is restricted to authorised personnel and processors who are bound by confidentiality obligations.
We may update this Privacy Policy from time to time to reflect legal, technical, or operational changes.
We will notify members of any significant updates via email or through our Site before they take effect.
If you believe your data has been processed unlawfully, you may lodge a complaint with your local supervisory authority or with:
Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
Tatari 39, 10134 Tallinn, Estonia
Website: https://www.aki.ee
For any privacy-related queries or requests, please contact:
Panelhub OU
Email: [email protected]
Address: Harju maakond, Tallinn, Kesklinna linnaosa, Ahtri tn 12, 10151