General Data Privacy Regulation

Last updated March 20, 2024

This General Data Privacy Regulation (GDPR) Privacy Policy incorporates and supplements the Boldin Privacy Policy. It applies solely to United Kingdom and European Economic Area residents governed by GDPR and addresses personal data the Site collects online and offline. 

Lawful Basis for Processing 

We will only collect and process your personal data where we have a lawful basis. Our lawful basis includes consent (where you have given it), where processing is necessary for the performance of a contract with you, and for the purposes of our legitimate interests or the legitimate interests of our third parties, provided that such interest does not outweigh your rights and freedoms. Examples of legitimate interest include but are not limited to: (i) complying with applicable law, (ii) protecting against security or other threats, (iii) administration of our business interests, including improvements and enhancements of our business, and (iv) customer relationship issues.  

Boldin as “Processor”

Some Boldin customers may choose to engage Boldin in part as a “processor” under GDPR for certain services, and in such case the collection, use and sharing of personal data for the engagement may be governed by the agreement between Boldin and the customer, and the customer’s privacy policy, in addition to or independent of, this Privacy Policy.

Special Categories of Personal Data

Boldin does not require you to include sensitive information (e.g., racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships, genetic data, biometric data, data concerning health or data concerning sexual orientation). In the event that you provide such sensitive information without an express agreement authorizing it, you acknowledge that you have provided Boldin explicit consent concerning the collection, use and disclosure of such information in accordance with this Privacy Policy or as otherwise described to you at the time of collection. If the jurisdiction where you reside requires affirmative, separate, opt-in consent, this paragraph does not apply to you and you are required to provide consent at or before the time of collection, or if not, do not provide the sensitive information to Boldin.

Data Retention

We may choose to retain personal data for as long as necessary for the fulfillment of the purposes described herein, unless otherwise restricted by an applicable law.

Whenever applicable, Boldin identifies the purposes for which the information is being collected before or at the time of collection. The collection of your personal data will be limited to that which is needed for the purposes identified by Boldin. Unless you consent, or we are required or permitted by law, we will only use the personal data for the purposes for which it was collected or another purpose described to you at that time. If Boldin will be processing your personal data for another purpose later on, Boldin will seek your further legal permission or consent; except where the other purpose is compatible with the original purpose. 

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory and tax, accounting or other requirements.

In some circumstances you can ask us to delete your personal data (see Your Privacy Rights below).

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research, statistical or other permitted purposes, in which case we may use this information indefinitely without further notice to you.

Your Privacy Rights

Depending on where you reside, you may have the right to exercise additional rights available to you under applicable laws and receive additional disclosures, including:

In the European Economic Area and the United Kingdom under GDPR:

  • Access. You may have the right to access your personal data or the categories of personal data that Boldin processes.
  • Correct/Update. You may have the right to correct and/or update your personal data. 
  • Erasure. You may have a right to the erasure of personal data that we hold about you. For example, if it is no longer necessary in relation to the purposes for which it was originally collected. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations, among other things.
  • Data portability. In certain circumstances, you may have the right to be provided with your personal data in a structured, machine readable and commonly used format and to request that we transfer the personal data to another data controller without hindrance.
  • Transparency. You may have the right to request additional information not contained in this Privacy Policy.
  • Confirm processing. You may have the right to confirm our processing of your personal data as a controller.
  • Object to processing. You may have the right to request that we stop processing your personal data.
  • Withdraw your Consent to Processing Personal Data. You may have this right where we require a lawful basis for processing and we are relying on your consent. Please note that your withdrawal will only take effect for future processing and will not affect the lawfulness of processing before the withdrawal.
  • Restrict processing. You may have the right to request that we restrict processing of your personal data in certain circumstances. For example, where you believe that the personal data we hold about you is inaccurate or unlawfully held. You may also be able to opt-out of direct marketing, automated decision-making or profiling in furtherance of decisions that produce legal or similarly significant effects as required by an applicable law.

Where our services are made available to you through an organization (e.g. your employer), that organization is the administrator of the services and is responsible for the accounts and/or service over which it has control. Please direct your data privacy questions to your administrator, as your use of the services is subject to that organization’s policies. We are not responsible for the privacy or security practices of an administrator’s organization, which may be different from this policy.

For reconsideration of our response to your request under any applicable law that provides for an appeal, please request an appeal within the time frame for the appeal notice set forth in the applicable law (or in the event no time frame is provided, then fifteen days) by utilizing the contact information published below.

If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. There may be exceptions to the foregoing rights and some or all of the above rights may not apply to you. Where a privacy law permits an organization to continue to maintain and/or use personal data for a particular purpose, despite receiving your request, we reserve the right to utilize your personal data for such purpose. In some cases, our ability to uphold these rights for you may depend upon our obligations to process personal data for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request. If you are an individual in the EU / EEA, you have the right to make a complaint to the relevant Supervisory Authority. A list of EU / EEA Supervisory Authorities is available here:  http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.  If you are in the UK, you have a right to make a complaint to the UK Information Commissioner’s Office. You can visit their website at www.ico.org.uk.

International Transfer of your Personal Data to the United States 

Any Sites may be hosted and operated in the United States and is subject to United States law. Any personal data that we collect from you may be stored and processed in the United States. If you are accessing the Sites outside of the U.S., you acknowledge the transfer of your personal data to the United States. Please be advised that United States law may not offer the same privacy protections as the law in your jurisdiction.

Privacy Principles

When addressing matters related to Privacy, and specifically, GDPR requirements, Boldin adheres to the following 7 Privacy Principles:

Lawfulness, Fairness, and Transparency.

Purpose Limitation; Data Minimization.

Accuracy;

Storage Limitation;

Integrity and Confidentiality;

Accountability.

If you have any questions, concerns or suggestions about our GDPR Privacy Policy, you may contact us:

By sending an email to: privacy@boldin.com

By sending a letter to:
Boldin, Inc. d\/b\/a Boldin. d/b/a Boldin. d\/b\/a Boldin d/b/a Boldin
Attn: Customer Service
1 Belvedere Drive, Suite 200
Mill Valley, CA 94941

Data Protection Officer: Frank Nevers