Data Protection Policy
BoulderTech is committed to protecting the personal data of its users, employees, and stakeholders. This Data Protection Policy outlines our approach to data protection and the measures we take to ensure that personal data is handled securely and in compliance with relevant data protection laws.
1. Purpose
The purpose of this Data Protection Policy is to establish the principles and guidelines for the collection, use, storage, and protection of personal data by BoulderTech. This policy ensures that personal data is processed lawfully, fairly, and transparently.
2. Scope
This policy applies to all employees, contractors, and third-party service providers who handle personal data on behalf of BoulderTech. It covers all personal data collected, used, and stored by BoulderTech, regardless of the medium in which it is held.
3. Data Protection Principles
BoulderTech is committed to processing personal data in accordance with the following principles:
3.1 Lawfulness, Fairness, and Transparency
Personal data shall be processed lawfully, fairly, and in a transparent manner in relation to the data subject.
3.2 Purpose Limitation
Personal data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
3.3 Data Minimization
Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
3.4 Accuracy
Personal data shall be accurate and, where necessary, kept up to date. Inaccurate data shall be erased or rectified without delay.
3.5 Storage Limitation
Personal data shall be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
3.6 Integrity and Confidentiality
Personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
3.7 Accountability
BoulderTech shall be responsible for, and be able to demonstrate compliance with, these principles.
4. Legal Basis for Processing
BoulderTech will only process personal data where there is a legal basis for doing so. This includes:
Consent: The data subject has given clear consent for the processing of their personal data for a specific purpose.
Contract: The processing is necessary for the performance of a contract to which the data subject is a party.
Legal Obligation: The processing is necessary for compliance with a legal obligation.
Legitimate Interests: The processing is necessary for the purposes of the legitimate interests pursued by BoulderTech or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
5. Data Subject Rights
Data subjects have the following rights regarding their personal data:
Right to Access: Obtain information about their personal data and how it is being processed.
Right to Rectification: Correct inaccurate personal data.
Right to Erasure: Request deletion of personal data in certain circumstances.
Right to Restrict Processing: Request limitation or suppression of processing.
Right to Data Portability: Reuse their personal data across different services.
Right to Object: Object to processing in certain circumstances.
6. Data Security
BoulderTech implements appropriate technical and organizational measures to ensure the security of personal data, including:
Encryption of personal data
Regular security assessments
Access control measures
Secure data storage solutions
7. Data Breach Response
In the event of a data breach, BoulderTech shall:
Take immediate steps to contain and mitigate the incident
Assess its impact
Notify the relevant data protection authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach
Inform affected data subjects where there is a high risk to their rights or freedoms
8. Data Retention
BoulderTech will retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal, regulatory, or contractual requirements.
9. Third-Party Processors
BoulderTech shall ensure that all third-party service providers engaged to process personal data on its behalf enter into written Data Processing Agreements (DPAs) that reflect the requirements of this Policy and applicable law. These agreements include:
Confidentiality provisions
Security measures
Data breach notification obligations
Restrictions on sub-processing
10. Training and Awareness
BoulderTech will provide regular training to employees and contractors on data protection principles, policies, and practices.
The COO and the Compliance Officer are jointly responsible for overseeing implementation, monitoring adherence, and ensuring that staff receive adequate training.
11. Contact Information
If you have any questions about this Data Protection Policy or how we handle personal data, please contact us at:
BoulderTech Labs Ltd. Email: [email protected]
12. Changes to This Policy
BoulderTech reserves the right to update this Data Protection Policy at any time. We will notify you of any changes by updating the “Last Updated” date at the top of this page. We encourage you to review this policy periodically to stay informed.
13. Governing Law
This Data Protection Policy is governed by and construed in accordance with the laws of Saint Kitts and Nevis, in particular the Nevis Data Protection Ordinance 2017, without prejudice to mandatory data protection rights under other applicable regulations.
Last updated