Data Protection Policy
Data Protection Policy
BoulderTech is committed to protecting the personal data of its users, employees, and stakeholders. This Data Protection Policy outlines our approach to data protection and the measures we take to ensure that personal data is handled securely and in compliance with relevant data protection laws.
1. Purpose
The purpose of this Data Protection Policy is to establish the principles and guidelines for the collection, use, storage, and protection of personal data by BoulderTech. This policy ensures that personal data is processed lawfully, fairly, and transparently.
2. Scope
This policy applies to all employees, contractors, and third-party service providers who handle personal data on behalf of BoulderTech. It covers all personal data collected, used, and stored by BoulderTech, regardless of the medium in which it is held.
3. Data Protection Principles
BoulderTech is committed to processing personal data in accordance with the following principles:
3.1 Lawfulness, Fairness, and Transparency Personal data shall be processed lawfully, fairly, and in a transparent manner in relation to the data subject.
3.2 Purpose Limitation Personal data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
3.3 Data Minimization Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
3.4 Accuracy Personal data shall be accurate and, where necessary, kept up to date. Inaccurate data shall be erased or rectified without delay.
3.5 Storage Limitation Personal data shall be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
3.6 Integrity and Confidentiality Personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
3.7 Accountability BoulderTech shall be responsible for, and be able to demonstrate compliance with, these principles.
4. Legal Basis for Processing
BoulderTech will only process personal data where there is a legal basis for doing so. This includes:
Consent: The data subject has given clear consent for the processing of their personal data for a specific purpose.
Contract: The processing is necessary for the performance of a contract to which the data subject is a party.
Legal Obligation: The processing is necessary for compliance with a legal obligation.
Legitimate Interests: The processing is necessary for the purposes of the legitimate interests pursued by BoulderTech or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
5. Data Subject Rights
Data subjects have the following rights regarding their personal data:
Right to Access: Data subjects have the right to access their personal data and obtain information about how it is being processed.
Right to Rectification: Data subjects have the right to have inaccurate personal data corrected.
Right to Erasure: Data subjects have the right to have their personal data erased in certain circumstances.
Right to Restrict Processing: Data subjects have the right to request the restriction or suppression of their personal data.
Right to Data Portability: Data subjects have the right to obtain and reuse their personal data for their own purposes across different services.
Right to Object: Data subjects have the right to object to the processing of their personal data in certain circumstances.
6. Data Security
BoulderTech implements appropriate technical and organizational measures to ensure the security of personal data. This includes:
Encryption of personal data.
Regular security assessments.
Access control measures to limit access to personal data.
Secure data storage solutions.
7. Data Breach Response
In the event of a data breach, BoulderTech will take the following steps:
Contain and mitigate the breach.
Assess the impact of the breach.
Notify the relevant data protection authorities within 72 hours, if required.
Inform affected data subjects, if necessary.
Review and improve security measures to prevent future breaches.
8. Data Retention
BoulderTech will retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal, regulatory, or contractual requirements.
9. Third-Party Processors
BoulderTech will ensure that any third-party service providers that process personal data on our behalf comply with this Data Protection Policy and relevant data protection laws.
10. Training and Awareness
BoulderTech will provide regular training to employees and contractors on data protection principles, policies, and practices to ensure that they understand their responsibilities.
11. Contact Information
If you have any questions about this Data Protection Policy or how we handle personal data, please contact us at:
BoulderTech Labs Ltd. Email: support@bouldertech.fi
12. Changes to This Policy
BoulderTech reserves the right to update this Data Protection Policy at any time. We will notify you of any changes by updating the “Last Updated” date at the top of this page. We encourage you to review this policy periodically to stay informed about how we are protecting your personal data.
Last updated