Boost GDPR Privacy Policy
Effective Date: April 2025
At Boost, we are committed to protecting and respecting your privacy. This GDPR Privacy Policy (“Policy”) explains how we collect, use, store, and protect your personal data, in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This Policy applies to individuals whose personal data we process in the course of providing our products and services.
1. Introduction
As a healthcare SaaS provider, we process personal data for a variety of reasons, including the provision of services, billing, customer support, and improving user experience. This Policy explains how we handle your data, the rights you have in relation to it, and how you can exercise those rights.
2. Data Controller
Boost is the data controller of the personal data you provide to us. Our contact details are as follows: legal@boostresults.com
3. Types of Personal Data We Collect
We may collect and process the following types of personal data:
-
Contact Information
Name, email address, phone number, job title, company details.
-
Billing Information
Payment details, invoices, and billing addresses.
-
Healthcare Data
Medical records, patient information, and health-related data (as required for the services you use).
-
Technical Data
IP addresses, browser type, device details, and other technical information related to your use of our platform.
-
Usage Data
Information about how you use our website and services, such as login times, features accessed, and errors encountered.
4. How We Use Your Personal Data
We collect and process your personal data for the following purposes:
-
To Provide Our Services
To deliver, maintain, and support our healthcare SaaS platform.
-
To Manage Customer Accounts
To process and manage subscriptions, billing, and account-related information.
-
To Improve Our Services
To enhance the functionality and security of our platform, monitor usage, and improve user experience.
-
To Comply with Legal Obligations
To meet regulatory requirements, including those specific to healthcare data (e.g., HIPAA compliance).
-
To Communicate with You
To send you service-related information, updates, and notifications.
5. Legal Basis for Processing Your Data
Under the GDPR, we must have a valid legal basis to process your personal data. The legal bases we rely on include:
-
Contractual Necessity
We process your personal data to fulfill our contractual obligations with you (e.g., providing access to our platform).
-
Legal Obligation
We may process your data to comply with legal requirements, such as healthcare regulations and data protection laws.
-
Legitimate Interests
We may process personal data where we have a legitimate interest in doing so (e.g., improving our services, marketing communications).
-
Consent
In certain cases, we may ask for your explicit consent to process your data, particularly for sensitive data (e.g., health-related information).
6. How We Share Your Personal Data
We do not sell, rent, or lease your personal data. However, we may share your data with trusted third-party service providers to fulfill our contractual obligations or provide services, such as:
-
Cloud Hosting Providers
To host our platform and store data securely.
-
Payment Processors
To handle billing and payment transactions.
-
Healthcare Partners
In cases where we need to integrate with third-party healthcare providers or services.
-
Compliance Authorities
To comply with legal obligations or respond to lawful requests from authorities (e.g., for audits or investigations).
These third-party providers are contractually obligated to safeguard your data and use it only for the purposes we have specified.
7. International Data Transfers
As part of our operations, your personal data may be transferred to and stored in countries outside the European Economic Area (EEA) that may not have the same level of data protection as your country. Where this occurs, we ensure that appropriate safeguards are in place, such as the use of Standard Contractual Clauses (SCCs) or other legal mechanisms, to ensure your data is adequately protected.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to meet legal, accounting, or reporting requirements. Once your data is no longer needed, it will be securely deleted or anonymized in accordance with our data retention policies.
9. Your Data Protection Rights
Under the GDPR, you have the following rights regarding your personal data:
-
Right to Access
You can request access to the personal data we hold about you.
-
Right to Rectification
You can request corrections to inaccurate or incomplete data.
-
Right to Erasure
You can request the deletion of your personal data under certain conditions.
-
Right to Restriction of Processing
You can request the restriction of processing of your personal data in certain circumstances.
-
Right to Data Portability
You can request a copy of your personal data in a machine-readable format to transfer to another service.
-
Right to Object
You can object to the processing of your data, including for marketing purposes.
-
Right to Withdraw Consent
If you have provided consent for specific processing activities, you can withdraw your consent at any time.
-
Right to Lodge a Complaint
If you believe your rights have been violated, you can lodge a complaint with a supervisory authority in your jurisdiction.
To exercise these rights, please contact us using the contact details provided above.
10. Security of Your Personal Data
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or alteration. These include encryption, secure data storage, and regular security assessments to ensure that your data remains safe.
11. Cookies and Tracking Technologies
For information about how we use cookies and other tracking technologies, please refer to our Cookie Policy for further details.
12. Changes to This Privacy Policy
We may update this Policy from time to time to reflect changes in our practices, legal requirements, or business needs. We will notify you of any significant changes by posting a notice on our website or through our platform.
13. Contact Us
If you have any questions, concerns, or requests regarding your personal data or this Policy, please contact us: legal@boostresults.com
By using our website, products or services, you acknowledge that you have read, understood and consent to this Policy.