Privacy Notice

This Privacy Notice outlines how Boundless Productions and its affiliates ("Boundless," "we," "our," or "us") collect, use, and disclose personal information when you visit and/or use our products, platforms, and website ("website"). Boundless is committed to protecting your privacy and handling your personal information in a transparent, secure, and compliant manner in accordance with applicable laws and regulations. The purposes for which we collect and process your personal data are outlined below, along with the legal basis for such activity.

In this Privacy Notice, “Boundless” refers to our website, our application, and the products and services offered through our website and application. References to “personal information” (PI) may be inclusive of “personal health information” (PII).

By visiting our website and using Boundless services, you provide your consent and agree to the collection of personal data in a lawful and fair manner as described in this Privacy Notice. We ensure that the collection and processing of personal data adhere to applicable privacy laws and regulations. If you have any questions or concerns about the data we collect and how it is used, please contact Boundless directly using the contact information provided in this privacy policy.

Data Controller and Data Processor

Boundless serves as the data processor for most information entered into the Boundless application, website, and supporting systems, acting on behalf of its business customers who serve as the data controllers. However, Boundless also collects certain information directly from users for security, logging, and application performance purposes, where it acts as the data controller and processor. Boundless may engage third-party sub-processors (as detailed below) to support its operations. If you have any inquiries about the processing of your personal data, please contact us using the contact information provided in this privacy notice.

Types of Data Collected

Boundless strictly limits the collection of personal data to only the information that is necessary to perform and provide services or fulfill a direct business need. We adhere to the principle of data minimization, ensuring that only the minimum amount of personal data required is collected and processed. When collecting personal data, we strive to be transparent about the purposes for which the data is being collected and how it will be used.

Certain data may be mandatory for the use of the Boundless website or application, while other data may be optional. When data is mandatory, it is clearly indicated throughout the website and application. Users are free to choose not to provide optional data without any impact on the availability or functionality of the service. If you have any questions about which personal data is mandatory, please contact us using the contact information provided in this privacy notice.

When you visit our website or use our services, we may collect personal data that you voluntarily provide to us. This may include your name, email address, contact details, and any other information you voluntarily provide to us as part of account creation, login or website and application use. We automatically collect certain information about your visit to our website with cookies, web beacons, utilization metrics, and similar technologies. This may include your IP address, browser type, operating system, referring website, pages visited, actions taken, webpage interactions, and the duration, date and time of your visit. We utilize this information to analyze trends, administer the website and products, and track user movements for the purpose of delivering and improving our services.

Safeguards

At Boundless, we take the security of your personal data seriously. We implement a variety of security measures to protect your personal data from unauthorized access, use, or disclosure. We implement robust technical and organizational measures to protect your data from unauthorized access, disclosure, alteration, or destruction. We follow industry best practices and standards to ensure the confidentiality, integrity, and availability of your data. Our security measures include but are not limited to:

  • Encryption: We employ encryption techniques to safeguard your data during transmission and storage.

  • Access Control: We restrict access to personal data to authorized personnel only, ensuring that it is accessible on a need-to-know basis.

  • Regular Audits: We conduct regular security audits and assessments to identify and address any vulnerabilities or risks.

  • Employee Training: Our employees undergo comprehensive data protection training to ensure they understand the importance of data security and privacy.

We are committed to continuously enhancing our security practices and staying up to date with the latest industry standards to provide a secure environment for your personal data.

While we strive to protect your personal data, no method of transmission or storage is 100% secure. Therefore, we cannot guarantee absolute security. If you have any concerns about the security of your data, please contact us using the contact information provided in this privacy notice.

Mode, Place, and Methods of Processing the Data

Personal data is processed using computers and technology-enabled tools in accordance with organizational policies and procedures related to the stated purposes. In certain cases, personal data may be accessible to Boundless employees involved in the operation of the Boundless website, application, and supporting applications. External parties, such as third-party technical service providers, hosting providers, and IT companies, may also have access to personal data as data processors or sub-processors appointed by Boundless.

Data may be stored and processed in the United States or the European Union. Data transfers may involve transmitting user data to a country outside its own jurisdiction. Your personal data may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from those of your country. We ensure that appropriate safeguards are in place to protect your personal data when it is transferred internationally.

Legal Basis of Processing

When required by law, we will obtain your explicit and informed consent before collecting and processing your personal data. This consent will be sought in a clear and understandable manner, ensuring that you are fully aware of the purposes for which your data is being collected and how it will be used.

Boundless may process personal data when one of the following legal bases applies:

  • Consent: In situations where your consent is required, we will obtain explicit and informed consent from you before collecting or processing your personal data. You have the right to withdraw your consent at any time, which will not affect the lawfulness of processing based on consent before its withdrawal.

  • Legitimate Interests: We may process your personal data where it is necessary for our or a third party’s legitimate interests, provided that these interests are not overridden by your fundamental rights and freedoms. Legitimate interests include improving our services, enhancing user experience, and ensuring the security of our platforms.

  • Legal Obligations: We may process personal data to comply with legal and regulatory obligations, such as those required by GDPR, HIPAA, and other applicable laws.

  • Performance of a Contract: Processing is necessary for the performance of a contract between Boundless and the user.

The specific legal basis for processing personal data will be provided upon request, including whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Retention Time

We will retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Notice, unless a longer retention period is required by law. When we no longer need to process your personal data, we will securely delete, anonymize, or de-identify it.

Personal data collected for Boundless’s legitimate interests is retained as long as necessary to fulfill those purposes. For specific information about Boundlesss legitimate interests, please refer to the relevant sections of this document or contact us using the contact information provided in this privacy notice. Personal data processed based on user consent may be retained until such consent is withdrawn, provided that it is not otherwise required or permitted by law. Personal data may be retained for a longer period when necessary to comply with a legal obligation or a lawful order from an authority.

The Purposes of Processing

Boundless uses the personal information we collect to provide you access to our website, deliver services and products, communicate with you regarding your account and any inquiries or support requests you make. Some of the information collected helps us understand how users interact with our website. This information allows us to enhance the functionality and user experience of our website, identify and fix issues, and make informed decisions for future improvements. We collect and process your personal data for the following specific purposes:

  • Service Provision: To provide you with access to our website, products, and services, including accessing functionality, account management and customer support.

  • Communication: To communicate with you regarding your account, respond to inquiries, and provide updates or information relevant to our services.

  • Website and Service Improvement: To analyze how users interact with our website, identify issues, and make informed decisions to enhance functionality, security, and user experience.

  • Compliance: To meet our legal and regulatory obligations, including those related to data protection, security, and reporting requirements.

  • Analytics: To monitor and analyze web traffic and user behavior on the Boundless website and application.

  • User Database Management: To create user profiles, track user activities, and improve the application.

  • Handling Payments: To facilitate payment transactions and related communications.

  • Displaying Content from External Platforms: To display external content and enable interaction with it.

  • Hosting and Back-End Infrastructure: To support the operation of the Boundless application.

Processing and Sharing of Personal Data

We may share your personal information with trusted third-party service providers who assist us in operating our website, conducting our business, or providing services to you. These service providers are contractually bound to only use information as necessary to perform services on our behalf and are obligated to maintain confidentiality and security. We may disclose your personal information if required to do so by law to comply with legal obligations, protect and defend our rights or property, or investigate potential violations of applicable laws. Boundless engages various services and third-party processors to support its operations.

Cookie Policy

The Boundless website and web application use cookies to enhance the user experience and provide specific functionalities.

The Rights of Users

Users have the following rights regarding their personal data processed by Boundless:

  1. Right to Withdraw Consent: Users have the right to withdraw their consent to the processing of their personal data at any time.

  2. Right to Object: Users can object to the processing of their personal data based on legitimate interests or for direct marketing purposes.

  3. Right of Access: Users can request access to their personal data and obtain information about the processing activities.

  4. Right to Rectification: Users can request the correction or update of inaccurate or incomplete personal data.

  5. Right to Restrict Processing: Users have the right to restrict the processing of their personal data under certain circumstances.

  6. Right to Erasure: Users can request the erasure of their personal data, subject to legal obligations or overriding legitimate grounds.

  7. Right to Data Portability: Users can request to receive their personal data in a structured, commonly used, and machine-readable format, and transmit it to another data controller.

  8. Right to Lodge a Complaint: Users have the right to lodge a complaint with a data protection authority regarding the processing of their personal data.

  9. Right to Be Informed: To know how your personal data is being used.

If you wish to exercise any of these rights, please contact us at privacy@Boundlesshealth.com. We will respond to your request in accordance with applicable law.

Special Considerations

Data Protection Officer (DPO): Boundless has appointed a Data Protection Officer (DPO) responsible for overseeing our data protection strategy and ensuring GDPR compliance. If you have any questions or concerns about our data practices under GDPR, please contact our DPO at dpo@Boundlesshealth.com.

EU Representative: If you are based in the European Union (EU), you can contact our European Representative for GDPR-related inquiries at xxx. Please include "Boundless Productions" in the subject line.

Supervisory Authority: If you believe that your data protection rights under GDPR have not been properly addressed, you have the right to file a complaint with your local supervisory authority. A list of European supervisory authorities can be found here. If you do not feel we have appropriately honored your rights in the UK, you have the right to complain to the UK Information Commissioner. You can find out how to do this here.

HIPAA Rights: Boundless complies with the Health Insurance Portability and Accountability Act (HIPAA) regulations regarding the protection of PHI. We implement administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of PHI. If you are a U.S. citizen and believe your PHI has been improperly handled, please contact us at privacy@Boundlesshealth.com. You also have the right to file a complaint with the U.S. Department of Health and Human Services (HHS).

Changes to This Privacy Notice

Boundless reserves the right to modify or update this privacy notice at any time. Any changes will be posted on this page with an updated "Last Revised" date. We encourage you to review this Privacy Notice periodically to stay informed about how we are protecting your information.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Notice, data deletion, accuracy, or any other privacy practices, please contact us at: info@boundless.health

Last updated: [Aug 2024]