Privacy policy of Boundwell.io

PRINCIPLES RELATING TO PROCESSING OF PERSONAL DATA

issued by Bound s.r.o., Company ID No.: 13965948, with its registered office at Plynární 1617/10, Holešovice, 170 00 Praha 7, represented by Pavel Šíma, Executive, incorporated in the Companies Register kept by the Municipal Court in Prague, Section C, Insert 358014 (hereinafter referred to as “Bound” or “controller”) for the provision of Bound review services, as available on https://boundwell.io.

This document aims to provide you with all information relating to the processing of your personal data. We encourage you to read these Principles Relating to Processing of Personal Data. If you have any questions about processing your personal data, please contact us by email at hitus@boundwell.io or by mail at the address mentioned earlier.

We process your personal data on the grounds laid down by law, for the performance of contracts, or for the purposes of our legitimate interests. Where none of those legal grounds as mentioned above applies, we will ask you for your consent. We make sure that your personal data are processed under the following principles:

  • reasonable limits - we use your personal data to the extent necessary to meet the purposes for which the personal data have been provided;
  • transparency - we inform you in advance about why, for how long, and to whom we transfer your personal data; and
  • security - we always use our technology and internal procedures to ensure the safety of your personal data; we monitor, evaluate and implement our internal policies in line with the development of modern technology.

Applicability of these Principles. Unless stated otherwise, these Principles Relating to Processing of Personal Data shall apply to persons who:

  • visit the websites run by us;
  • register voluntarily to write a Review.

For ease of reference and the reader's convenience, the terms which are often referred to in these Principles are specified below.

GDPR
Regulation (EU) 2016/679 of the European Parliament and of the Council;
Newsletter
usually an email message or SMS message sent to promote similar products and services either by Bound to those who have granted their prior consent to this, or Users;
Personal Data
any information on the User on the basis of which the User can be directly or indirectly identified;
Personal Data of the Recipient
any information on the Recipient on the basis of which the Recipient can be directly or indirectly identified;
Recipient
a natural person to whom the Personal Data of the Recipient relate; most often the Recipients are Users and, at the same time, subscribers of the Newsletter;
Review
investor review entered by a registered User;
Service
means a tool via with can the user can enter a Review as available on the website https://boundwell.io/review/add/, as well as the database of Reviews;
Users
a natural person to whom the Personal Data relates; most often this is a person who registered on our website https://boundwell.io to write a Review, or user of our website, or a participant in our online or offline events, also referred to as “you”;
Processors
carries out data processing activities on behalf of the controller (Bound) on the basis of a contract or other mandate;
Processing of Personal Data
means any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or another making available, alignment or combination, restriction, erasure or destruction;
Special Categories of Personal Data
personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data concerning health, or data concerning a natural person’s sex life or sexual orientation. If processed to uniquely identify a natural person, genetic and biometric data are also considered a special category of data.

Boundacts as the controller of the Personal Data of its Users on the website https://boundwell.io.

  1. BOUND ACTS AS THE CONTROLLER AND WHERE YOU CAN CONTACT US

    Bound as the controller. The controller of personal data is Roivenue s.r.o., Company ID No.: 06812279, with its registered office at Plynární 1617/10, Holešovice, 170 00 Praha 7, represented by Pavel Šíma, Executive, incorporated in the Companies Register kept by the Municipal Court in Prague, Section C, Insert 289445 (hereinafter referred to as “we”, “Bound” or “controller”).

    Contact details: hitus@boundwell.io

    Please note that these Principles Relating to Processing of Personal Data shall apply to the Processing of Personal Data of our Users, not those of the Recipients.

  2. PERSONAL DATA WE PROCESS

    We process the following Personal Data about you:
    • a link to your LinkedIn profile, which contains:
      • id of your profile
      • e-mail address
      • name and surname
      • profile picture URL
      • public profile URL
      • investment details
    • name and surname (if not provided by Linkedn),
    • contact details (in particular email, telephone number),
    • billing information and bank details (if making payments for the Services are needed),
    • information you disclose to us when communicating with us (these will be in particular your questions and answers to your questions, communication with you),
    • user account name,
    • user account login and behavior in the user account (in particular details entered by the user via the Service, time of registration, date of the last profile update),
    • IP address,
    • cookies.

    We do not process any Special Categories of Personal Data.

    Processing of Personal Data in general. We process your personal data to the extent necessary throughout the term of using the Service. We are obliged to end the Processing of Personal Data at the time indicated; if we conclude that it is necessary to archive or process the Personal Data for a more extended period, in particular, to protect our rights and legitimate interests.

    Duration of the Processing of Personal Data in general. Please note that in some cases, the duration of the Processing of Personal Data may be as much as 15 years after the completion of the Service to protect our interests or to fulfill our legal obligation.

  3. FOR WHAT PURPOSE DO WE PROCESS YOUR PERSONAL DATA

    Registration, setting up a user account. You provide us with personal data voluntarily by completing a questionnaire, available in the section Review.

    Database of Reviews. We can obtain information about your LinkedIn profile or other information you post on your LinkedIn profile. Such information may include, for example, your name, location, email address, telephone number, profession, and current employer.

    Using the Service. After setting up a user account, you can use our Service to write a Review. We can contact you to clarify your Review.

    Website. We also process information about when you visit or browse our website. This information may include, for example, IP address, date and time of access to our website, information about your web browser, operating system, or your language settings. We can also inspect the history of your behavior on the website, e.g. what links you visit on our website and which of the Services offered are displayed to you. However, the information on your behavior on the website is anonymized to ensure your maximum privacy.
    If you access our website from a mobile phone or similar device, we can also process information about your mobile device (data about your mobile telephone, etc.).
    We can collect the data as part of the log or through cookies or other tracking technologies. Rules for the use of cookies and other tracking technologies are described in detail here.

    Blog. We can have a publicly accessible blog on our website. Please note that any information which you enter as a comment on our blog can be seen by anyone. If your Personal Data appears on our blog and you wish to have them erased, don't hesitate to contact us at the email address hitus@boundwell.io. If we cannot erase your Personal Data from the blog, we will inform you and notify you of the reason.

    Social networks. We have a profile on LinkedIn. All information, communications, or materials disclosed via social media platforms are also disclosed according to the principles relating to the processing of personal data applicable to those platforms.

    Subscription to Newsletter. If you subscribe to our newsletter, we will send you interesting information about the operation of the Service. If you no longer wish to receive the emails, click on the unsubscribe button in the footer of the email.

    Newsletter for our users. If you have created an account to use our Service, we are entitled to send you Newsletters based on our legitimate interest in promoting our services and/or related similar services. If you no longer wish to receive the emails, click on the unsubscribe button in the footer of the email. You can also object to sending newsletters (for details, see the section on your rights).

    Transaction emails. These are messages we send to Users in connection with the use and proper operation of the Service. We can, for example, inform you about temporary or permanent changes to our services, such as planned maintenance, new functions, updates of versions, editions, warning against misuse, and amendments to our principles relating to the processing of personal data.

    Promotional events. We can carry out surveys, organize competitions, webinars or other promotional events. Your participation in our promotional events is voluntary. As part of these surveys, competitions, and promotional events, we may ask you for your Personal Data, e.g. name and surname, address, date of birth, telephone number, email address, user name, and similar details. We will use the Personal Data you have disclosed to us to manage these promotional events or for other purposes if specified in the conditions of the particular promotional event.

    Card payment. If you give us your credit card details, we do not have access to complete details. We only know that you are making the payment by card, and the card details are processed by recipients of those data who process the payment for us.

  4. SUMMARY OF THE GROUNDS FOR AND PURPOSES OF THE PROCESSING OF YOUR PERSONAL DATA

    We understand that it may be difficult for you to get through an extensive text about how and why we process your Personal Data and where we obtain them. We have prepared a summary table to give you a quick and transparent overview of the essential details about your personal data processing.

    Purpose of processing Personal data Legal ground for processing Duration of processing Processors
    Provision of the Services URL of the LinkedIn profile, name, surname, email, telephone number, details about the user as disclosed by the user itself Performance of contract For the term of the User's contractual relationship with us LinkedIn
    Bookkeeping billing information, bank details Compliance with legal obligations and performance of a contract invoices for the period of 15 years Ing. Andrea Votavová Ph.D., tax advisor
    Warranty claim or complaint handling name, surname, email, telephone number, details of the contract concluded, necessary details of payments Compliance with legal obligations and performance of a contract For the term of the User’s contractual relationship with us and then for 4 years from the termination of the contractual relationship Google, Freelo, Abra Flexibee
    Administration of training courses, workshops, or other online events name, surname, email, telephone number, user account name, participant’s preferences, billing information Performance of contract For the term of the contractual relationship with us and then for 4 years from the termination of the contractual relationship Zoom
    Routine analysis of the website traffic, security of our website, detection of server errors, and prevention of fraud and attacks on the server pseudonymized identifiers of registered users, IP address Legitimate interest A specific time of cookies storage differs according to the specific cookie type, usually no more than 1 year Google Analytics
    Marketing and promotion of our services name and surname, email, telephone, IP addresses, and other technical identifiers Consent to the processing of cookies, Legitimate interest For the term of the consent, the period of storage of cookies may differ according to the cookie type COOKIEBOT, Customer.io, Gmass, Facebook, LinkedIn, Google Ads
    Protection of our rights and property (or protection of the rights and property of third parties) name and surname, email, telephone number of the User, address, and details of the services provided Legitimate interest For the period of 4 years of the termination of our contractual relationships Legitas
    Processing and evaluation of competitions, announcing and publishing the winner on our website and social networks name, surname, address, telephone number, email address, or other details as may be specified by the conditions of the competition Consent, legitimate interest (if specified by the conditions of the competition) 2 years of the end of the competition unless you withdraw your consent earlier Facebook, Instagram, Google
    Publishing User's reviews or your questions or comments on the provision of our services name, surname, email address Consent For the time for which the post on which you commented is published unless you ask for the erasure of your comment earlier WordPress, Google (google forms)
    Technical background for the operation of the Service name, surname, URL of the LinkedIn profile, email, details about the user as disclosed by the user itself Legitimate interest (to provide a Service) For the term of the contractual relationship with us and then for 4 years from the termination of the contractual relationship Microsoft Azure Cloud, WebsupportGoogle drive, Gmail
  5. OUR OBLIGATIONS RELATING TO ACCOUNTING AND TAXES

    Please note that we process some of the personal data because we are legally required to do so. According to Section 31 of the Act on Accounting (No. 593/1991 Sb.), we are obliged to archive accounting documents and accounting records (invoices) for five years from the end of the financial year to which such documents and records relate. We also have an obligation arising from Section 47 of the Tax Code (No. 337/1992 Sb.) to retain invoices for three years from the end of the financial year in which the tax relating to the invoice becames chargeable. Invoices include the following personal data: name, surname, email address, billing address or other identification details of the User, and information about the Services.

    Further, please note that according to Section 35 of the Value Added Tax (No. 235/2004 Sb.), we are obliged to archive invoices for the period of 10 years from the end of the financial year in which the transaction occurred. Invoices include the following personal data: name, surname, email address, billing address, or other identification details of the User and information about the Services

  6. WHAT MEASURES WE HAVE IMPLEMENTED TO PROTECT YOUR PERSONAL DATA

    Technical and security measures. Taking into account the likelihood of risks and the costs of possible measures as well as technical capacity, we have implemented technical security and organizational measures – in all areas where the Processing of Personal Data takes place (in particular website operation, Services operation, employee matters, communication with Users).
    We use a secure information system that provides security to personal data corresponding to the state of the art, costs, nature, scope, and purposes of the processing.

    Organizational measures. All employees who have access to Personal Data have committed themselves to secrecy and must respect security principles. Access to all systems, including the information system, is personalized and secured by passwords created in various ways. The information system keeps logs for us to control access of individual employees to individual databases. Our employees regularly undergo training.
  7. WHEN WE TRANSFER YOUR PERSONAL DATA TO THIRD PARTIES

    We may transfer your Personal Data to our business partners (Processors) or other third parties where required by law.

    Processors. We use only pre-screened Processors with whom we have entered into a written agreement and who provide us with safeguards that are equal to those we provide to you. They are only Processors based in the European Union or with whom we have entered into standard contractual clauses under Article 46 GDPR and who provide a level of protection of your personal data equivalent to the one resulting from the application of GDPR and Czech legislation. All these Processors have committed themselves to secrecy. They must not use the provided Personal Data for purposes other than those we have disclosed under these principles. Particular Processors are indicated for each ground and purpose of the Processing of Personal Data above.

    Legal obligations. We can transfer your Personal Data also to third parties, in addition to Processors, if required by law or when responding to legitimate requests of public authorities or at the request of the court in legal proceedings.

  8. YOUR LEGAL RIGHTS

    You can request access to personal data and request rectification, alteration, erasure, or restriction of processing of personal data where the personal data are inaccurate or were processed in violation of the applicable data protection laws. In addition, you have the right to data portability, the right to object to processing, the right to withdraw consent to the processing of personal data, and the right not to be subject to automated individual decision-making, including profiling.

    You can exercise your rights concerning the processing of Personal Data at the email address hitus@boundwell.io, in person, or by mail at the address of the controller.

    We aim to comply with your requests without delay but no later than one week. However, there may be circumstances in which we cannot provide the access (for example, where the required information compromises the privacy of others or endangers other legitimate rights, or where the costs of granting the access would be disproportionate to the risks compromising the individual privacy in the particular case). We can take reasonable action to verify a user's identity before we take any steps in relation to the rights of Users of the data.

  9. Right of access to personal data
    According to Article 15 GDPR, you will have the right of access to personal data, which includes the right to obtain from the controller:

    • confirmation as to whether personal data are being processed,
    • information about the purposes of the processing, the categories of personal data concerned, the recipients to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be processed, the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the Users or to object to such processing, the right to lodge a complaint with a supervisory authority, any available information as to the source of personal data where the personal data are not collected from Users, the existence of automated decision-making, including profiling, the appropriate safeguards where personal data are transferred outside the European Union,
    • a copy of the personal data provided that the rights and freedoms of others are not adversely affected.

    For any further copies requested, the controller may charge a reasonable fee.

    Right to rectification of inaccurate data

    According to Article 16 GDPR, you have the right to the rectification of inaccurate personal data. At the same time, you are obliged to inform us about any changes to your personal data (e.g., user profile records). You are also obliged to cooperate with us should it be established that the personal data we process is inaccurate. We will perform the rectification without undue delay but, in any case, take into account the technical capacities available.

    Right to erasure

    According to Article 17 GDPR, you have the right to the erasure of personal data concerning you unless we prove legitimate grounds for processing those personal data. Accordingly, we have established mechanisms to ensure automatic anonymization or erasure of personal data when they are no longer necessary to the purposes for which they were processed.

    Right to restriction of processing

    According to Article 18 GDPR, you have the right to obtain restriction of processing pending the resolution of your complaint if you contest the accuracy of personal data or the grounds for the processing of personal data or if you object to the processing of personal data.

    Right to be notified of rectification, erasure, or restriction of processing

    According to Article 19 GDPR, you have the right to be notified of any rectification, erasure, or restriction of processing of personal data. Therefore, in case of any rectification or erasure of personal data, we will inform each recipient unless this proves impossible or involves disproportionate effort.

    Right to portability of personal data

    According to Article 20 GDPR, you have the right to receive the data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format, and the right to request that the data can be transmitted to another controller.

    Where you provide any personal data in the context of our contractual obligations or based on consent and the processing of the personal data is carried out by automated means, you have the right to receive the data in a structured, commonly used, and machine-readable format. Where technically feasible, the data can be transmitted to a controller indicated by you provided that the person acting on behalf of the relevant controller is properly identified and can be authorized. If the exercise of this right might adversely affect the rights and freedoms of others, we cannot comply with your request.

    Right to object to the processing of personal data

    According to Article 21 GDPR, you have the right to object to processing your personal data on the ground of legitimate interest.

    Unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, we will end the processing based on your objection without undue delay.

    Where you object to processing for direct marketing purposes, we will end the processing without undue delay.

    Right to withdraw consent to the processing of personal data

    You may withdraw any consent to the processing of personal data for marketing and commercial purposes at any time. The withdrawal of consent shall be made by an explicit, comprehensible, and specific manifestation of will. Web browser settings can prevent the processing of any data from cookies.

    Automated individual decision-making, including profiling

    You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you. We state, however, that we do not perform any automated decision-making unaffected by a human intervention that has legal consequences relating to Users.

  10. CONCLUSION

    We may amend these Principles Relating to Processing of Personal Data only in writing. However, we will inform users about any amendments on our website or by email.

    If you have any questions concerning our Principles Relating to Processing of Personal Data, don't hesitate to contact us at the email address hitus@boundwell.io. If you are dissatisfied, you can lodge an objection or complaint at any time with the Office for Personal Data Protection, with its registered office at Pplk. Sochora 727/27, 170 00 Praha 7 – Holešovice (further details can be found at https://www.uoou.cz/)

    These Principles Relating to Processing of Personal Data take effect on 1 January 2022.