After reviewing this policy, if you have additional questions, want more information about our privacy practices, or would like to make a complaint, please contact us by e-mail at [email protected].
Collecting Personal Information
|SOURCE||PERSONAL DATA||REASON||LEGAL BASIS||RETENTION PERIOD|
|BROWSING ON THE WEBSITE||• Cookies|
• IP address
|• Browsing the website|
• Improve stability and functionality of the website.
• Security purpose
|• Legitimate interest|
|Until the data is no more needed, or the consent is revoked|
|CONTACT FORM||• Name|
• Email address
|• Contact the support for information.||• Contract (precontractual)||Until the contact procedure is completed|
The Site is not intended for individuals under the age of 18. We do not intentionally collect Personal Information from children. If you are the parent or guardian and believe your child has provided us with Personal Information, please contact us at the address above to request deletion.
Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:
- The performance of the contract between you and the Site;
- Compliance with our legal obligations;
- Additional technical and organizational measures.
According to the GDPR «storage limitation principle», we do not keep the data longer than necessary for the purpose of the processing. This can be:
- When the data is no more needed for the purpose
- When the data subject has revoked the consent
- When the account is closed
- After one year without any connection on the website
Transfers outside the EU
Your Personal Information will be initially processed in Amsterdam in a Cloudflare secure server and then will be in certain circumstances transferred outside of Europe to the USA, only in the case of a legal obligation
Cloudflare is using Standard Contractual Clauses and Additional technical and organisational measures as lawful basis. These are complying with the EU GDPR guidelines. You can find more information here https://www.cloudflare.com/gdpr/introduction/
Boomerbiz has put in pace security measures like using a secure server from Cloudflare. Additionally, we are using HTTPS connections and are updating regularly our website to find and remove any new vulnerability that could be identified.
- The Right to Information.
- The Right of Access.
- The Right to Rectification.
- The Right to Erasure.
- The Right to Restriction of Processing.
- The Right to Data Portability.
- The Right to Object.
- The Right to Avoid Automated Decision-Making.
The Right to Information; you have the right to request information about the personal data we hold. You have the right to be informed of how your personal data is processed.
The Right of Access; (Article 15, Recitals 63 & 64 GDPR) The General Data Protection Regulation (GDPR), under Article 15, gives individuals the right to request a copy of any of their personal data which are being ‘processed’ (i.e. used in any way) by ‘controllers’ (i.e. those who decide how and why data are processed), as well as other relevant information (as detailed below). These requests are often referred to as ‘data subject access requests’, or ‘access requests’.
The Right to Rectification; (Articles 16 & 19 of the GDPR)
If your personal data is inaccurate, you have the right to have the data rectified, by the controller, without undue delay.
If your personal data is incomplete, you have the right to have data completed, including by means of providing supplementary information.
The right of rectification is restricted in certain circumstances under Section 60 of the Data Protection Act 2018, which provides for restrictions that are necessary for important objectives of public interest, and by Section 43 of the Act which seeks to balance the right of rectification with the right of freedom of expression and information.
The Right to Erasure; (Articles 17 & 19 of the GDPR)
This is also known as the ‘right to be forgotten’.
You have the right to have your data erased, without undue delay, by the data controller, if one of the following grounds applies:
- Where your personal data are no longer necessary in relation to the purpose for which it was collected or processed.
- Where you withdraw your consent to the processing and there is no other lawful basis for processing the data.
- Where you object to the processing and there are no overriding legitimate grounds for continuing the processing (see point 6 below).
- Where you object to the processing and your personal data are being processed for direct marketing purposes (see point 6 below).
- Where your personal data have been unlawfully processed.
- Where your personal data have to be erased in order to comply with a legal obligation.
- Where your personal data have been collected in relation to the offer of information society services (e.g. social media) to a child.
The Right to Restriction of Processing; (Article 18 of the GDPR)
You have a limited right of restriction of processing of your personal data by a data controller. Where the processing of your data is restricted, it can be stored by the data controller, but most other processing actions, such as deletion, will require your permission.
The Right to Data Portability; (Article 20 of the GDPR)
In some circumstances, you may be entitled to obtain your personal data from a data controller in a format that makes it easier to reuse your information in another context and to transmit this data to another data controller of your choosing without hindrance. This is referred to as the right to data portability.
The Right to Object; (Article 21 of the GDPR)
When do you have a right to object?
You have the right to object to certain types of processing of your personal data where this processing is carried out in connection with tasks:
- In the public interest,
- Under official authority, or
- In the legitimate interests of others.
You have a stronger right to object to the processing of your personal data where the processing relates to direct marketing. Where a data controller is using your personal data for the purpose of marketing something directly to you or profiling you for direct marketing purposes, you can object at any time, and the data controller must stop processing as soon as they receive your objection.
You may also object to the processing of your personal data for research purposes unless the processing is necessary for the performance of a task carried out in the public interest.
The Right to Avoid Automated Decision-Making; (Article 22 of the GDPR)
You have the right to not be subject to a decision based solely on automated processing. Processing is ‘automated’ where it is carried out without human intervention and where it produces legal effects or significantly affects you.
Automated processing includes profiling.
In accordance with the UK and EU GDPR you also have the right to lodge a complaint to the Data Protection Authority.
For English-speaking peoples, you can contact the ICO, which is the English authority for the protection of personal data.
The Information Commissioner’s Office
Water Lane, Wycliffe House
Wilmslow – Cheshire SK9 5AF
Tel. +44 1625 545 745
e-mail: [email protected]