BOON

Privacy & Data Protection

We at BOON ONLINE LIMITED (trading name BOON) take your privacy very seriously. Here, you can find out about how we keep your data private, and what cookies we collect to personalise your experience on this website. We are committed to avoiding the unnecessary request or collection of information about you, and as such we do not ask you to create an account with us. Our services are designed to avoid the necessity of collecting personal identifiable information.

BOON ONLINE LIMITED is a company registered in England and Wales under registration number 11085342 at address:

Office 7 35-37 Ludgate Hill,
London,
United Kingdom,
EC4M 7JN

Please read these policies carefully and check them periodically as they may change. We will notify subscribers to our mailing list when this occurs, and will place a pop-up on our homepage for a limited period of 10 days. It is important that the data that we store is kept up-to-date, and as such we ask you to maintain the accuracy of your data, processed by us. If any of the relevant information changes, it is your responsibility to notify us.

Purpose and Scope

We (BOON) are dedicated to being transparent about how we collect, store, and process data. This document sets out our commitment to data protection, individual rights and obligations in regards to personal data. We have appointed Dylan John Grey, CEO as our data protection officer. He can be contacted at [email protected].

In this document and the supporting documents, we present what data we collect and what we do with it, where and how it is collected, stored and processed, and why we collect it.

Our websites and services are not intended for children, and we we do not knowingly collect any minor's data.

What data do we collect?

We may collect and process any of the personal data listed below:

• Usage data showing how you use our website and services.
• Technical data about your equipment, browsing software, IP address, your login data, and any technology used when accessing our website.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. Many of the services offered by our website improve based on each user's experience and feedback (both inferred and explicitely provided). However, all data collected in order for these services to improve is anonymous and thus does not constitute personal data by law.

We do not collect Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

Read relevant supporting documents

How do we collect data?

Your data may be acquired with any of these methods:

• You may provide personal data directly such as when signing up to our mailing list to receive news and/or marketing, or when you give us feedback or send us an e-mail.
• We may collect data automatically about your equipment and browsing actions. We may also receive such data about you if you visit other websites employing our cookies.
• We may receive personal data about you from various third parties and public sources such as other users, analytics providers, advertising networks, affiliated retailers, and search information providers. Other data sources may include identity and contact data from data brokers or aggregators, or from publicly availably sources such as Companies House and the Electoral Register.

Read relevant supporting documents

When do we use your personal data?

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Where we need to perform the contract we are about to enter into or have entered into with you.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal or regulatory obligation.
• Where you consent to the processing of your data.

Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to maintenance and in relation to sending third-party direct marketing communications to you via e-mail, where consent is given by you submitting your details. You have the right to withdraw consent to these communications at any time by clicking the link in the communication, or contacting us at [email protected].

Read relevant supporting documents

What do we do with your personal data?

Below is a list of how we use your personal data, as well as the lawful basis on which we rely to process it.

• Administer and protect our business and our services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
  This action may use any or all of this data; usage and technical data.
  We rely on any of these legal bases; our necessity to comply with legal obligation, our legitimate interests.
• Use data analytics to improve any of our services.
  This action may use any or all of this data; usage and technical data.
  We rely on our legitimate interest to maintain an up-to-date, useable, and secure website.

We will only use your personal data for the purposes outlined above (or in relevant supporting documents), or a related purpose. For an explanation of how a new purpose is related to the original, contact us at [email protected]. In an instance where your data is needed for an unrelated purpose to that outlined above, we will notify you and explain our legal basis for doing so. In accordance with the rules set out above, your data may be processed when required or permitted by law without your consent or knowledge.

Read relevant supporting documents

We may disclose your data to third parties

In accordance with the rules set out in this document, we may disclose your data to any third parties which fit a profile below. Any of these companies and services may act inside or outside the EU, and will be required to respect the security of your personal data, and treat it in accordance with the law. These third parties are only allowed to use your data for our purposes in accordance with our instructions, not for their own purposes.

• Any internal company within our corporate group, based inside or outside of the EU, who may act as joint controllers and/or processors.
• Service providers who provide IT and system administration services.
• Regulators and other authorities based in the United Kingdom who may require reporting of processing activities in certain circumstances.
• Any external company providing a service to our company. Or professional advisors who provide banking, consultancy, legal, accounting, or insurance services.
• Any company to whom we sell, transfer or merge part of our business. Or, if we acquire or merge with another business, they may use your data in accordance with the terms laid out in this document.

Read relevant supporting documents

International Transfers

Some of our External Third Parties are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
• Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
• Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

Please contact us at [email protected] if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

You acknowledge that the Internet is not a completely secure medium for communication and, accordingly, we cannot guarantee the security of any information you send to us (or we send to you) via the Internet. We are not responsible for any damages which you, or others, may suffer as a result of the loss of confidentiality of such information.

Data Retention Length

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

By your legal rights, there are circumstances where you can request for your personal data to be deleted. More details on this can be found below.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Your Legal Rights

Below are a list of your legal rights regarding your personal data.

• Right to restrict processing - In certain circumstances you have a right to require us to stop processing your personal data in a particular way.
• Right to erasure - You have the right to request that your personal data is erased from our database in certain circumstances.
• Right of access - You have a right to ask for a copy of the personal data we hold about you. If you want to access your personal data, please send a description of the personal data you want to see and proof of your identity to [email protected] and is usually free of charge, unless we deem your request clearly unfounded, or the quantity of your requests excessive.
• Right to rectification - We also want to make sure that your personal data is accurate and up to date. Please let us know if your details change. You may also ask us to correct or remove personal data which is inaccurate.
• Right to object - You can also opt-out of receiving all or some of our marketing communications or request that we stop processing personal data about you for certain purposes at any time by contacting us using the details below.
• Right to data portability - In certain circumstances you have a right to data portability which means we will provide you (or a third party you nominate) with your personal data in a structured, commonly used and machine-readable format.

Please note that you may only use/benefit from some of these rights in limited circumstances. For more information, we suggest that you consult guidance from the Information Commissioner’s Office (ICO) or please contact us at [email protected].

Our Use of Cookies

Our website uses “cookies” to help you personalise your online experience. A cookie is a text file that is placed on your hard disk by a web server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you. One of the primary purposes of cookies is to provide a convenience feature to save you time. For more information about cookies, please read this article from Norton.

Most browsers are set to automatically accept cookies by default, but you can change this setting. For instructions on how to find and accept/reject cookies for your browser, please read its 'help' information.

We do not store personal information in cookies. We use two different types of cookies; session, and persistent. Session cookies are only stored for a short period of time (typically your browsing session), and are integral to the running of the website. Although some persistent cookies are also integral to the running of our services, others are used to offer you additional functionality and an improved experience. Some of our uses of non-integral persistent cookies are listed below;

• Data recording the state of your acknowledgement of our policies
• Data allowing us to ensure you are using the most up-to-date version of our services

Read relevant supporting documents

Third-Party Websites

We provide links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party webites and are not responsible for their privacy statements or cookie policies. Please ensure that you read the privacy notice and Terms and Conditions of every website you visit on leaving our site.

We use Google Analytics to view aggregated use data of our services. They create cookies to help perform this tracking.

We use Mailchimp and SendGrid to handle our e-mail marketing. Mailchimp and SendGrid may also serve cookies to enable this service.

Read relevant supporting documents

Last updated: 24/10/2019