Privacy Policy

Introduction


We take your data very seriously and are committed to the privacy and security of it.  This policy tells you how we will collect and use your personal data and what you should expect in relation to the personal information we collect about you.  
We know there is a lot of information here so we have structured it in a format that enables you to click through to specific areas. 
It is important that you read this privacy notice, together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data.  This privacy notice supplements other notices and is not intended to take the place of them.
It’s likely that we’ll need to update this privacy notice from time to time.  Please keep an eye on our website for changes.

Who are we?

Boundless Social is a sole trader company, run and founded by Charlotte (Charlie) Garnham.

If you have any questions in relation to this privacy notice, including any requests to exercise your legal rights please contact charlie@boundlesssocial.com or 07727 024244. All data is collected and controlled by Boundless Social.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues – www.ico.org.uk.  We would, however, appreciate the chance to address your concerns before you approach the ICO so please contact us in the first instance. 
We are the data controller of the personal data that we keep and use, and we are therefore responsible for making sure that our systems, processes and people comply with the relevant data protection laws in respect of that personal data.   
We will act in respect of personal data to comply with the six principles of the General Data Protection Regulation (GDPR) which are:
•    Lawfulness, fairness and transparency
•    Purpose limitation
•    Data minimisation
•    Accuracy
•    Storage limitation
•    Integrity and confidentiality



How do we use personal information?


We will only use your personal data when the law allows.  The law on data protection sets out a number of different reasons (lawful bases) why a company may collect and process personal data.  Most commonly, we will use your personal data in the following circumstances.
•    In performance of a contract with you.  For example, if you take a service from us, we’ll collect your contact details in order to deliver the service to you.  Where that service is funded by a third party we’ll collect information to confirm your eligibility. We will personalise the content, business information and user experience.
•    Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.  For example, we’ll use your contact details to send you direct marketing information telling you about business services that we think might interest you.
•    Where we have your consent to do so. For example, when it may be relevant to connect you to other organisations.
•    Where there is a legal requirement.  For example, to pass on details of people involved in fraud or other criminal activity affecting us to law enforcement.  
•    Where it is needed in the public interest or for official purposes.  
•    Where we need to protect your interests (or someone else’s interests).  For example, in our recruitment activities. 
Boundless Social acts as an intermediary to Summit Affiliate Ltd. Once you have purchased through Summit Affiliate, you will also be bound to Summit Affiliate’s terms and conditions and privacy policy, which can be found here. 

What legal basis do we have for processing your personal data?


We collect and process personal data to:
•    Provide business services, training and affiliate opportunities
•    Market services which may be of interest to you.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:   
•    Identity and Contact Data: contact names and emails.
•    Technical Data: internet protocol (IP) addresses, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our websites.
•    Usage Data:  information about how you use our websites.
Through our websites we also collect, use and share Aggregated Data such as statistical or demographic data for any purpose.  Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.  For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature.  However, if we can combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice. 


Boundless Social will NOT collect the following:
•    Financial Data:  collect bank account and payment card details (business and personal).
•    Transaction Data: details about payments to and from you and other details of services you have taken from us.
•    Profile Data: username and password.
•    Interest data: what business information you are interested in. 
(Please refer to Summit Affiliate’s privacy policy for details on how your data is collected.)


If you fail to provide personal data


Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with business services).  In this case, we may have to cancel a service you have with us but we will notify you at the time.
When do we share personal data?
We may collect personal data from and about you through:
Direct interactions, when you:
•    Enquire, apply for or receive any of our services
•    Register or use our websites
•    Provide us with feedback
•    Contact us by any means with queries or complaints
•    Request marketing information to be sent to you
•    Enter a prize draw or competition
•    Complete a survey
Automated technologies or interactions
•    We may automatically collect Technical Data about your equipment, browsing actions and patterns.  We collect this personal data by using cookies, server logs, and other similar technologies.  
•    We may also receive Technical Data about you if you visit other websites employing our cookies.  Please see our cookie policy for further details.   
Third parties or publicly available sources
We may receive personal data about you from various third parties:
•    Technical Data from the following parties:
      - Analytics providers
      - Advertising networks
      - Search information providers
•    Contact, Financial and Transaction Data from providers of technical, payment and delivery services
•    Identity and Contact Data from data brokers or aggregators
•    Identity and Contact Data from publicly available sources such as Companies House


How we use personal data


Services


Boundless Social delivers a number of services and training.  The personal data collected and how it’s used varies for each. There may however, be other ways that you may engage with us.  These include when you contact us with an enquiry, when you request information or when you book onto a webinar.
The personal information you provide will be used to:
•    Send you relevant information on training
•    Respond to an enquiry
•    Manage our relationship with you which will include:
      - Notifying you about significant changes to our terms of privacy policy
      - Asking you to leave a review or take a survey


Third-party links


•    Our websites may include links to third party websites, plug-ins and applications.  Clicking on those links or enabling those connections may allow third parties to collect or share data about you.  We do not control these third-party websites and are not responsible for their privacy statements.  When you leave our website, we encourage you to read the privacy notice of every website you visit.


Cookies  


•    You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies.  If you disable or refuse cookies, please note that some parts of the website may be inaccessible or not function properly.  For more information about the cookies we use please see our Cookie Policy
How we use personal data for marketing
To help us decide what we think will be of interest to you, we may use information about your business - such nature of business, geographical location, the services you have previously used and how you are engaging on our website. If you have requested information from us, made an enquiry, registered an interest in a service, requested a call-back, purchased a service, entered a competition- and in each case did not opt out of receiving that marketing - you may receive direct marketing (eg email, direct mail or telephone) communications from us which we feel will be of interest to your business.


At any stage you can ask us to stop sending you marketing communications or unsubscribe from a specific email by:
•    Clicking the ‘unsubscribe’ link in any email communication that we send you.  We will then stop any further emails sent from Boundless Socil
•    Email:  charlie@boundlesssocial.com with your request
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.


Third party marketing


We take your data very seriously and will not share your personal data with any company outside of Boundless Social for marketing purposes.  If, however, you opt in or purchase any product from our partner, Summit Affiliate, you will then be subject to Summit Affiliate’s privacy policy.
When we may share personal data


Third party service providers


We rely on third-party service providers to perform a variety of business operations on our behalf. In so doing, we may need to share your personal information with them.  We provide our service providers with only the personal information they need to perform the services we request and we require that they respect the security of your personal data and to treat it in accordance with the law.  We do not allow our third-party service providers to use your data for their own purposes and only permit them to process your personal data for specific purposes and in accordance with our instructions.
For example, we may rely on a service provider to:
•    Respond to your enquiries
•    Host our website and support our IT systems
•    Deliver email or other communications
•    Manage payments
•    Handle webinar bookings
•    Analyse our data, sometimes combined with data from other sources, sometimes to communicate with you
•    Conduct research and analyse data to capture market intelligence and improve our services and sites
•    Perform other services that we request


How long we keep personal data


We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. 
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further consent from you.


How you can make changes to your personal data


It is important that the personal data we hold about you is accurate and current.  Please keep us informed if your personal data changes during your relationship with us.  You can do this by:
•    Emailing: charlie@boundlesssocial.com


How we protect personal data


We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.  In addition, we limit access to your personal data to those agents, contractors and other third parties who have a business need to know.  They will only process your personal data on our instructions and they are subject to a duty of confidentiality.  


We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Boundless Social is bound by the following:
•    to protect data against accidental loss
•    to prevent unauthorised access, use, destruction or disclosure
•    to ensure business continuity and disaster recovery
•    to restrict access to personal information
•    to conduct privacy impact assessments in accordance with the law and your business policies
•    to manage third party risks, through use of contracts and security reviews

Your legal rights over your personal data


You have the right to:
•    Request access to the personal data we hold about you, free of charge in most cases.
•    Request correction of your personal data when incorrect, out of date or incomplete.
•    Request erasure of your personal data.
•    Object to processing of your personal data where we are relying on your legitimate interest and there is something about your particular situation, which makes you want to object to processing on this ground.  You also have the right to object where we are processing your personal information for direct marketing purposes.


You have the right to request a copy of any information about you that Boundless Social holds at any time, and also to have that information corrected if it is inaccurate. 
•    No fee is usually required - You will not have to pay a fee to access your personal data (or to exercise any of the other rights).  However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.  Alternatively, we may refuse to comply with your request in these circumstances.
•    What we may need from you - We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).  This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.  We may also contact you to ask for further information in relation to your request to speed up our response.  
•    Time limit to respond - We try to respond to all legitimate requests within one month.  Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests.  In this case, we will notify you and keep you updated.
•    If we choose not to action your request we will explain to you the reasons for our refusal.
If you wish to exercise any of the rights set out above, please contact charlie@boundlesssocial.com


Changes to this privacy policy


Any changes we may make to our privacy policy in the future will be posted on our website, so please ensure that you are viewing the correct version.    
We hope this policy explains how we collect and use your personal data and your rights to control it.
If you have any questions or comments please do contact us by: 
Email:  charlie@boundlesssocial.com  
Post: 37 Old Bakery Close, Exeter, Devon, UK, EX4 2UZ.