At Boost Group, we’re serious about the security of the data on our servers and the protection of the privacy of our customers. We deploy state of the art technical and organizational security controls during our business operations, to provide our services and products to our customers. We continually protect your information against loss, misuse, unauthorized access, unauthorized disclosure, manipulation and/or destruction. We apply applicable data protection laws to the processing of your Personal Data.
Who we are
The controller of your Personal Data is:
Boost Services AG
(see further contact information under Contact Person, at the bottom of this page)
Your data at Boost Group
As a customer of Boost Group, you use, or your customer uses, one or more of the following services:
- Shopper Marketing
- Collectibles’ Promotions
- Loyalty Programs
- Boost Jobs
- Boost Newsletter
Thus, Boost obtains your Personal Data among others when you purchase a service at Boost, register for the newsletter, place a comment on a forum that is part of one of the websites of Boost, respond to a job-vacancy published by Boost, fill out and submit a contact form and when, for example, you send Boost an email. This Personal Data can be:
• your name, your address, your telephone number, your e-mail address, and/or information we need to deliver you the service you want or to contact you directly;
• financial information, for example payment-related information;
• information provided to us by or on behalf of you or generated by us in the course or providing services to you;
• information provided to us for the purposes of attending meetings, seminars and events;
• information in relation to materials and communications we send to you electronically, for example marketing emails;
• logs showing your visits on our website;
• any other information relating to you which you may provide to us.
When you register with us and provide us your information, we make it clear to you what the purpose is of collecting and processing that Personal Data. Where we ask for your consent, you are always able to, later, revoke that consent at any time.
How we use your Personal Data (purpose)
We use your Personal Data:
• to communicate with you;
• to provide and improve our services to our customers, including Personal Data of others provided to us or collected by us on behalf of our customers, administration and marketing processes;
• to manage our relationship with you and with our customers;
• to provide and improve our website, including monitoring and evaluating its use; • to promote our services, including by sending alerts, updates, event invitations etc.;
• to comply with our legal, regulatory and risk management obligations, including establishing, exercising or defending legal claims. You are generally under no obligation to disclose Personal Data to us, unless you have a contractual relationship with us that foresees such obligation. Yet, in order to conclude and perform a contract, we must collect and process the Personal Data which is necessary for such conclusion and for the fulfilment of the contractual and associated obligations as well as for the fulfilment of legal obligations. Moreover, when using a website, it is necessary to process log data and certain other data. Also, in relation to communications between you and us, we must process at least the Personal Data that you provide to us or that we provide to you.
Sharing with Third Parties
We may assign other companies to perform tasks on our behalf and may share your Personal Data, like your address, with them. The trusted third parties we will share your Personal Data will include
• logistics and/or fulfilment services for the delivery of ordered products;
• business management services (e.g. accounting or asset management);
• consulting services, e.g. services of tax consultants, lawyers, management consultants, consultants in the field of personnel recruitment and placement;
• IT services, e.g. services in the areas of data storage (hosting), cloud services, CRM, sending e-mail newsletters, data analysis and refinement etc.;
• credit and background check or debt collection agencies, e.g. if you are interested to become our customer or if due receivables are not paid.
With such companies we have a long-term agreement that includes a data processor agreement, which is in line with the data-privacy and protection requirements that we maintain ourselves on all the Personal Data we receive and process. We certainly do not sell your data to third parties.
For the purposes set out in this Policy and where necessary, we may share Personal Data with courts, regulatory authorities, government agencies and law enforcement agencies. While it is unlikely, we may be required to disclose your information to comply with legal or regulatory requirements. We will use reasonable endeavors to notify you before we do this, unless we are legally restricted from doing so.
If we look to use your Personal Data for a new purpose, beyond what it was originally provided for, we will ask for your explicit consent.
Transfer of Personal Data abroad
We are entitled to transfer your Personal Data abroad, including to third party companies (designated service providers as listed in section “Sharing with Third Parties” above) insofar as this is expedient for the Data Processing described in this Privacy Statement. The recipients will be obliged to protect this data to the same extent as we do.
The Boost Group databases are located on servers in Switzerland and Holland, both on-premise and with an external housing partner, or on hosting platforms within the EU where Boost IT employees have full control of the hardware, virtual servers, software and the data. The only cloud-app solution we use is our US-based customer relation management tool (CRM), which has a EU-approved Binding Corporate Rules (BCR) to facilitate storing of Personal Data in the cloud globally (see below).
If we transfer data to a country where the level of data protection is lower than in Switzerland, we will ensure under contract that the level of protection for Personal Data is equivalent to that applicable in Switzerland. We shall ensure this through one or more of the following measures:
• by concluding EU Model Clauses with the appointed service providers, cf. https://ec.europa.eu/info/law/lawtopic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_de
• by ensuring that the appointed service providers are certified under the Swiss-US or EU-US Privacy Shield (where the data recipient is based in the USA or stores the data there), cf. https://www.privacyshield.gov/
• through the appointed service providers having in place Binding Corporate Rules (BCR) that are recognised by a European data protection authority, cf. https://ec.europa.eu/info/law/law-topic/data-protection/data-transfersoutside-eu/binding-corporate-rules_en If you would like to receive a copy of these agreements, please contact us at the address indicated below.
Use of our website and e-mails
When you use our website, we automatically collect metadata about your browsing session such as your browser, the IP address of your computer, your internet service provider, the site from which you navigated to our website, the duration of your visit to our website and what type of device you are using (e.g. a computer, a smart phone or a tablet) and the respective operating system. We also keep a record of the pages that you view during your visit. This information is used to improve the way in which our website operates, for statistical and systems administration purposes.
Our website uses Google Analytics, a service provided by Google, Inc. that tracks and reports on the manner in which our websites are used. Google Analytics does this by placing small text files called “cookies” on your computer or other device. Cookies collect information about the number of visitors to the websites, the pages visited, and the time spent on the websites. This information is aggregated and is not personally identifiable.
Most Internet browsers automatically accepts cookies. However, you always have the choice to configure your browser at any time in such a manner that no cookies are saved on your computer or that an indication always appears when you receive a new cookie.
Some of our online services may in principle be used without accepting cookies, although individual functions may thereby be limited. You can choose to disable cookies by selecting the appropriate settings on your browser, but this may limit your ability to use Boost Group’s services.
We may use your name and e-mail address(es) to send you alerts, updates, event invitations and other information by email, but will ask for consent first unless we have obtained your contact details from you in the context of our services. If you receive marketing communications from us and no longer wish to do so, you may unsubscribe at any time by following the link included in these e-mails. Note that we use Personal Data to understand if you read our e-mails or click on links included in them.
We use social media plugins. They are displayed on our website with the logo of the corresponding social network (such as the “like” button by Facebook). If you are logged into a social network (with your user credentials) when you visit our website, the respective network will automatically be notified of your visit to our website. The data processing associated with social media plugins is in the responsibility of the respective social media network, is subject to their privacy policies and outside of our control.
Boost Group records certain requests and transactions in log files. This log data is used for troubleshooting, statistics, analytics, quality assurance, and to monitor system security and can be analyzed to that end. Boost Group can process and share anonymous statistics on log data, under the condition that no personally identifiable information can be derived from such statistics.
We have implemented, and we maintain appropriate organizational and technical security controls, to prevent unauthorized access to Personal Data and other sensitive data. We make sure that only access is granted to employees of Boost Group if it is necessary and appropriate to their work.
Your Personal Data and other sensitive data is stored and transferred over our company network encrypted and we use SSL-certificates to verify the identity of the data requester’s device, and also all forms through which you submit your Personal Data are SSL-protected.
Boost Group implements several mechanisms to prevent unauthorized access to our services and portals. User-accounts are protected by passwords. You should choose a secure password and ensure its confidentiality to prevent unauthorized access to your account.
We shall only retain your Personal Data for as long as is legally necessary or in accordance with the purpose for which they were collected and processed. Afterwards we delete your Personal Data. If we store your Personal Data on the basis of a contractual relationship with you, this will remain stored for at least the duration of the contractual relationship and at most for the duration of the limitation periods within which any claims may be brought by or against us, or for the duration of legal or contractual duties of retention, such as archiving purposes, fiscal or tax regulations.
Boost Group can delete or render inactive such user-accounts that remain inactive (i.e. not accessed) for a longer period.
We process Personal Data on the following grounds:
• for the performance of a contract;
• for legitimate interests. This includes, for example, the interest in customer care and communication with customers outside of a contract; in marketing activities; in getting to know our customers and other people better; in improving products and services and developing new ones; in combating fraud, and the prevention and investigation of offences; in the protection of customers, employees and other persons and data, secrets and assets of the Boots Group; in the guarantee of IT security, especially in connection with the use of websites, apps and other IT infrastructure; in the guarantee and organisation of business operations, including the operation and further development of websites and other systems; in company management and development; in the sale or purchase of companies, parts of companies and other assets; and in the enforcement or defense of legal claims;
• based on a consent, where such consent was obtained separately; and
• for compliance with legal and regulatory obligations.
You have the right to exercise your data privacy rights subject to applicable data protection law at any time and to request information as to whether, how and which Personal Data relating to you has been processed by us and to receive a copy. You may also arrange for your Personal Data to be corrected, blocked or deleted. Subject to applicable data protection law, you may also restrict our processing of your information, and object to the processing of your Personal Data.
You may also choose to withdraw your consent. Please note that even after you have chosen to withdraw your consent we may be able to continue to process your Personal Data to the extent required or permitted by law.
You may at any time contact us using the contact details listed below (“Contact Person”).
We reserve the right to exchange correspondence with you in this regard and request appropriate proof of your identity where necessary to prevent unauthorized access by another person.
Please note that we may be required to retain your Personal Data in part even after a request for blocking or cancellation under the terms of our statutory or contractual retention requirements (such as for warranty, accounting and/or tax purposes) and in such an eventuality will only block your Personal Data insofar as necessary for this purpose. In addition, the cancellation of your Personal Data may have the effect that you are no longer able to acquire or use the services registered by you. Under certain circumstances and subject to applicable data protection law, you have the right to require us to provide you, or a third party specified by you, with your Personal Data in a commonly used format.
In addition, you have the right to make a complaint concerning the data processing in question with the competent supervisory authority. You can do this with the supervisory authority in your country of residence or at the place of the alleged data breach.
If you have questions regarding data protection, need information or want to request access to your Personal Data or want your Personal Data to be corrected, blocked or deleted please contact us via email (see below). The contact details for your data privacy questions are:
Boost Services AG Boost Services B.V
c/o Enterprise Security Officer
+41 58 201 97 99
Boost Services BV
c/o Enterprise Security Officer
NL-5253 RH Nieuwkuijk
+31 114 381 600