BOON

Privacy & Data Protection

We at BOON ONLINE LIMITED (trading name BOON) take your privacy very seriously. Here, you can find out about how we keep your data private, and what cookies we collect to personalise your experience on this website. We are committed to avoiding the unnecessary request or collection of information about you, and as such we do not ask you to create an account with us. Our services are designed to avoid the necessity of collecting personal identifiable information.

BOON ONLINE LIMITED is a company registered in England and Wales under registration number 11085342 at address:

Office 7 35-37 Ludgate Hill,
London,
United Kingdom,
EC4M 7JN

Please read these policies carefully and check them periodically as they may change. We will notify subscribers to our mailing list when this occurs, and will place a pop-up on our homepage for a limited period of 10 days. It is important that the data that we store is kept up-to-date, and as such we ask you to maintain the accuracy of your data, processed by us. If any of the relevant information changes, it is your responsibility to notify us.

Purpose and Scope

We (BOON) are dedicated to being transparent about how we collect, store, and process data. This document sets out our commitment to data protection, individual rights and obligations in regards to personal data. We have appointed Dylan John Grey, CEO as our data protection officer. He can be contacted at [email protected].

In this document, we present what data we collect and what we do with it, where and how it is collected, stored and processed, and why we collect it.

This website is not intended for children, and we we do not knowingly collect any minor's data.

What data do we collect?

We may collect and process any of the personal data listed below:

Identity information such as your names and title.
Contact information such as your e-mail address or phone number.
Financial information such as your payment method and card association used to process your payments for your sponsorship requests. We do not store or process your card details ourselves, they are processed and stored via one of our contracted third party service providers. We encrypt your payment card details in your browser and securely transfer this data to our relevant third party payment provider to process a payment.
Transaction information such as details about transactions you have made on our website including the payments to and from you along with other details of services you have purchased from us.
Usage data showing how you use our website and services.
Technical data about your equipment, browsing software, IP address, your login data, and any technology used when accessing our website.
Profile data includes your email address, and password, products we've shown to you and your interactions with them, preferences, interests, gift finder answers, feedback and survey responses. Gift finder answers include (but are not limited to) age, gender, skin colour, relationship, event dates and interests of you or your gift recipient.
Marketing and communication information helping us understand your preferences regarding 'if', 'how' and 'when' we should contact you, and what you would like to be contacted about.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. Many of the services offered by our website improve based on each user's experience and feedback (both inferred and explicitely provided). However, all data collected in order for these services to improve is anonymous and thus does not constitute personal data by law.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

How do we collect data?

Your data may be acquired with any of these methods:

You may provide personal data directly such as when signing up to our mailing list to receive news and/or marketing, creating or maintaining an account (registered user), or when you give us feedback or send us an e-mail.
We may collect data automatically about your equipment and browsing actions. We may also receive such data about you if you visit other websites employing our cookies.
We may receive personal data about you from various third parties and public sources such as other users, analytics providers, advertising networks, affiliated retailers, and search information providers. Other data sources may include identity and contact data from data brokers or aggregators, or from publicly availably sources such as Companies House and the Electoral Register.

When do we use your personal data?

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Where we need to perform the contract we are about to enter into or have entered into with you.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.
Where you consent to the processing of your data.

Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to you account creation and maintencance and in relation to sending third-party direct marketing communications to you via e-mail, where consent is given by you submitting your details. You have the right to withdraw consent to these communications at any time by clicking the link in the communication, or contacting us at [email protected].

What do we do with your personal data?

Below is a list of how we use your personal data, as well as the lawful basis on which we rely to process it.

Manage our relationship with you, such as notifications about changes to our policies, or requesting you to provide feedback.
This action may use any or all of this data; indentity, contact, and marketing and communication information.
We rely on any of these legal bases; our necessity to comply with legal obligation, to perform a contract with you, our legitimate interests.
Enable you to provide us with feedback.
This action may use any or all of this data; indentity, contact, and marketing and communication information.
We rely on our legitimate interest to learn about your experience with our services.
Administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
This action may use any or all of this data; usage and technical data.
We rely on any of these legal bases; our necessity to comply with legal obligation, our legitimate interests.
Use data analytics to improve any of our services.
This action may use any or all of this data; usage and technical data.
We rely on our legitimate interest to maintain an up-to-date, useable, and secure website.

Email communications and marketing are basic communications for our users who are interested in the company's actions. These communications may include, but may not be limited to, requests for feedback, news, and notifications about updates to our policies. We will get your express opt-in consent before sharing any of your personal data with external companies for marketing purposes. You may opt out of communications at any time by unsubscribing on an e-mail, or contacting [email protected].

We will only use your personal data for the purposes outlined above, or a related purpose. For an explanation of how a new purpose is related to the original, contact us at [email protected]. In an instance where your data is needed for an unrelated purpose to that outlined above, we will notify you and explain our legal basis for doing so. In accordance with the rules set out above, your data may be processed when required or permitted by law without your consent or knowledge.

We may disclose your data to third parties

In accordance with the rules set out in this document, we may disclose your data to any third parties which fit a profile below. Any of these companies and services may act inside or outside the EU, and will be required to respect the security of your personal data, and treat it in accordance with the law. These third parties are only allowed to use your data for our purposes in accordance with our instructions, not for their own purposes.

Any internal company within our corporate group, based inside or outside of the EU, who may act as joint controllers and/or processors.
Service providers who provide IT and system administration services.
Various Affiliate Networks who track your purchases made via the site. An Affiliate Network is a network that acts as an intermediary between our Site which features products and services and the retailers who create or sell those products and services.
Regulators and other authorities based in the United Kingdom who may require reporting of processing activities in certain circumstances.
Any external company providing a service to our company. Or professional advisors who provide banking, consultancy, legal, accounting, or insurance services.
In order to facilitate any payments made on our site, we facilitate the sharing of your Financial information with payment providers.
Any company to whom we sell, transfer or merge part of our business. Or, if we acquire or merge with another business, they may use your data in accordance with the terms laid out in this document.

International Transfers

Some of our External Third Parties are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

Please contact us at [email protected] if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

You acknowledge that the Internet is not a completely secure medium for communication and, accordingly, we cannot guarantee the security of any information you send to us (or we send to you) via the Internet. We are not responsible for any damages which you, or others, may suffer as a result of the loss of confidentiality of such information.

Data Retention Length

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

By your legal rights, there are circumstances where you can request for your personal data to be deleted. More details on this can be found below.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Your Legal Rights

Below are a list of your legal rights regarding your personal data.

Right to restrict processing - In certain circumstances you have a right to require us to stop processing your personal data in a particular way.
Right to erasure - You have the right to request that your personal data is erased from our database in certain circumstances.
Right of access - You have a right to ask for a copy of the personal data we hold about you. If you want to access your personal data, please send a description of the personal data you want to see and proof of your identity to [email protected] and is usually free of charge, unless we deem your request clearly unfounded, or the quantity of your requests excessive.
Right to rectification - We also want to make sure that your personal data is accurate and up to date. Please let us know if your details change. You may also ask us to correct or remove personal data which is inaccurate.
Right to object - You can also opt-out of receiving all or some of our marketing communications or request that we stop processing personal data about you for certain purposes at any time by contacting us using the details below.
Right to data portability - In certain circumstances you have a right to data portability which means we will provide you (or a third party you nominate) with your personal data in a structured, commonly used and machine-readable format.

Please note that you may only use/benefit from some of these rights in limited circumstances. For more information, we suggest that you consult guidance from the Information Commissioner’s Office (ICO) or please contact us at [email protected].

Our Use of Cookies

Our website uses “cookies” to help you personalise your online experience. A cookie is a text file that is placed on your hard disk by a web server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you. One of the primary purposes of cookies is to provide a convenience feature to save you time. For more information about cookies, please read this article from Norton.

Most browsers are set to automatically accept cookies by default, but you can change this setting. For instructions on how to find and accept/reject cookies for your browser, please read its 'help' information.

We do not store personal information in cookies. We use two different types of cookies; session, and persistent. Session cookies are only stored for a short period of time (typically your browsing session), and are integral to the running of the website. Persistent cookies are used to offer you additional functionality and an improved experience. Some of our uses of persistent cookies are listed below;

A list of your favourited gifts (accessible from the top right button)
Data allowing you to return to previously generated suggestions at a later date
Data recording the state of your acknowledgement of our policies
Data allowing us to automatically sign you back into your account at a later date
Data allowing us to ensure you are using the most up-to-date version of our website

Third-Party Websites

We provide links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party webites and are not responsible for their privacy statements or cookie policies. Please ensure that you read the privacy notice and Terms and Conditions of every website you visit on leaving our site.

We use services allowing you to share our website and services on social media platforms. These websites and services (e.g. Facebook, Instagram, Pinterest, Whatsapp) may create cookies to aid in their services.

We use Google Analytics and Yandex Metrica to view aggregated use data of the website. These services create cookies to help perform this tracking. Yandex Metrica also stores information about the way in which you use our website. This includes but is not limited to; cursor position and click tracking, dwell times, information about your computer, your IP adress and locale.

We use Mailchimp and SendGrid to handle our e-mail marketing. Mailchimp and SendGrid may also serve cookies to enable this service.

We use Stripe to complete Financial transations. They tell us that you have paid and, when relevant and/or necessary they will provide us with your Contact data and Transaction data. We also might engage third party contractors to provide us with technical or delivery services that are related to your account with us.