Protecting your private information is our priority. This Statement of Privacy applies to https:// www.bossworkapp.com/ and the related Application “Boss App” (hereinafter “our platform”) and governs data collection and usage. For purpose of this Privacy Notice, the terms “we” and “our” refer to Boss, LLC (or any of its subsidiaries (collectively, and including “bossapp,” “Boss App,” “bossworkapp.com,” or “Boss,”). By using our platform(s), you consent to the data practices described in this statement.
We use this privacy notice to disclose the privacy practices of our platform in accordance with privacy regulations, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We aim to help you understand what personal data we collect, how we use it, and what control you have over it. This notice applies solely to data collected by our platform. This notice will define the following:
What personal data is collected by the platform.
How personal data is collected, used, shared, stored, and otherwise processed.
The security procedures implemented to protect your data.
Your choices and rights regarding the use of your data.
How you can contact us for issues such as to correct inaccuracies of your data or to request the removal of your personal data.
Please read the following privacy notice to understand the processing, collection, sharing, protection, and your rights associated with your personal data.
In order to better provide you with products and services offered to you, our platform may collect personally identifiable information. In short, we collect personal information that you provide to us. when you register on the platform, express an interest in obtaining information about us or our platform or other services, when you participate on, or engage with the platform, or otherwise when you contact us. In particular, we may collect and have collected in the past twelve (12) months, the following categories of personal information (as defined by the CCPA):
Category | Examples | Collecte d |
A. Identifiers | Name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name (“username”), or other similar identifiers | YES |
B. Personal information categories listed in the California Customer Records statute | Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit or debit card number, other financial information, medical information, health insurance information | YES |
C. Protected classification characteristics under California or federal law | Race, religion, sexual orientation, gender identity, gender expression, age | NO |
D. Commercial information | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies | NO |
E. Biometric information | Hair color, eye color, fingerprints, height, retina scans, facial recognition, voice, and other biometric data | NO |
F. Internet or other similar network activity | Browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement | NO |
G. Geolocation data | Physical location or movements | YES |
H. Audio, electronic, visual, thermal, olfactory, or similar sensory information | Audio, electronic, visual, thermal, olfactory or similar information | NO |
I. Professional or employment-related information | Current or past job history or performance evaluations | NO |
J. Education Information | Non-public education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records | NO |
K. Inferences drawn from other personal information | Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes | NO |
L. Sensitive Personal Information | Account login information, debit or credit card numbers and precise geolocation | YES |
Please keep in mind that if you directly disclose personally identifiable information or personally sensitive data through our platforms’ public message boards (e.g., comments on a blog post), this information may be collected and used by others.
We do not collect any personal information about you unless you voluntarily provide it to us. However, you may be required to provide certain personal information to us when you elect to purchase certain products or use certain services available on our platform. These may include:
(a) registering for an account on our platform; (b) entering a sweepstake or contest sponsored by us or one of our partners; (c) signing up for special offers from selected third parties; (d) sending us an email message; (e) submitting your credit card or other payment information when ordering and purchasing products and services on our platform. To wit, we will use your information for, but not limited to, communicating with you in relation to services and/or products you have requested from us. We also may gather additional personal or non-personal information in the future.
Our platform collects and uses your personal information to operate our application and deliver the services and/or products you have requested. Our platform may also use your personally identifiable information to inform you of other products or services available from us and our affiliates. Accordingly, your personal data may be used for the following purposes:
Purpose | Categories Used |
Customization of content and user experience. | A, G, L |
Account set up and administration. | A |
Conducting polls, surveys, and contests. | A |
Internal research and development. | A |
Legal obligations. | A, B, G, L |
Internal audits. | A, B, G, L |
Fulfillment of obligations outlined in any agreements with users. | A, B, G, L |
Gathering feedback and opinions on our provided services. | A |
Notification to users of changes to our services. | A |
Respond to your requests and comments. | A |
Process your transactions. | A, B, L |
Detecting security incidents and debugging and providing security updates to our websites/applications | A, B, G, L |
Legal Basis of Processing.
We process personal data for purposes of our own legitimate interests, granted that those interests do not override any of our users' own interests, rights, and freedoms. This legitimate interest includes processing for user customization, processing transactions (e.g., order processing and invoicing), marketing, research, and business development purposes.
More particularly, we process your personal information for a variety of reasons, depending on how you interact with our platform, including: (a) to facilitate account creation and authentication and otherwise manage your accounts; (b) to deliver and facilitate delivery of services to you; (c) to respond to user inquiries/offer support to you; (d) to send administrative information to you; (e) to fulfill and manage your orders; (f) to enable user-to-user communications; (g) to request and obtain feedback; (h) to send you marketing and promotional communications; (i) to deliver targeted advertising to you; (j) to protect our platform and keep our platform safe and secure, including fraud monitoring and prevention; (k) to evaluate and improve our platform, products, marketing, and your experience; (l) to determine the effectiveness of our marketing and promotional campaigns; (m) to comply with our legal obligations.
We also process personal data for other purposes with consent, but you have the right to withdraw consent to processing for specific purposes, as outlined below.
Specific Data Use
To fully access the platform, you, as a user, can voluntarily register for an account. Certain data is collected during this process, including your name and email address. This data is used to contact you, suggest appropriate products and services, and improve your user experience.
When necessary, with your consent or as otherwise permitted by applicable law, we process financial data, including credit card or debit information. We may collect data necessary to
process your payment if you make purchases, such as your payment instrument number, and the security code associated with your payment instrument. All payment data is stored by stripe. You may find their privacy notice link(s) here: https://stripe.com/privacy.
We may also collect and store social media login data. We may provide you with the option to register with us using your existing social media account details, like your Facebook, Twitter, or other social media account. If you choose to register in this way, we will collect this information consistent with our policies described herein.
As part of using our platform, if you use our application(s), we may collect the following information if you choose to provide us with access or permission:
Geolocation Information. We may request access or permission to track location-based
information from your mobile device, either continuously or while you are using our mobile application(s), to provide certain location-based services. If you wish to change our access or permissions, you may do so in your device's settings.
Mobile Device Access. We may request access or permission to certain features from your
mobile device, including your mobile
device's calendar, camera, contacts, microphone, reminders, SMS messages, social media accounts, sensors, storage, and other features. If you wish to change our access or permissions, you may do so in your device's settings.
Mobile Device Data. We automatically collect device information (such as your mobile
device ID, model, and manufacturer), operating system, version information and system configuration information, device and application identification numbers, browser type and version, hardware model Internet service provider and/or mobile carrier, and Internet Protocol (IP) address (or proxy server). If you are using our application(s), we may also collect information about the phone network associated with your mobile device, your mobile device’s operating system or platform, the type of mobile device you use, your mobile device’s unique device ID, and information about the features of our application(s) you accessed.
Push Notifications. We may request to send you push notifications regarding your
account or certain features of the application(s). If you wish to opt out from receiving these types of communications, you may turn them off in your device's settings.
This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for our internal analytics and reporting purposes. All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit, use, or navigate the platform. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country,
location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes. The information we collect includes:
Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and
performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called ”crash dumps”), and hardware settings).
Device Data. We collect device data such as information about your computer, phone,
tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
Location Data. We collect location data such as information about your device's location,
which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.
Personal data may be used without knowledge or consent in situations when legally required or permitted, or when personal data has been anonymized or pseudonymized, so it is no longer associated with the user. This means we have removed personally identifying information so the data we’re left with cannot be tied back to you as an individual.
We do not sell, lease, or disclose the personal information we collect to third parties. However, personal information may be shared with regulators in compliance with legal regulations.
Personal information may also be shared with third parties when it is necessary to provide services to users, and/or for other legitimate interests. Third parties include service providers, professional advisors, and other members of our network.
Our platform may share data with trusted partners (e.g., Google Analytics) to help perform statistical analysis, send you email or postal mail, provide customer support, or arrange for
deliveries. All such third parties are prohibited from using your personal information except to provide these services, and they are required to maintain the confidentiality of your information. We may disclose your personal information, without notice, if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on our platform; (b) protect and defend our rights or property/ intellectual property: and/or (c) act under exigent circumstances to protect the personal safety of users of our platform, or the public. In the preceding twelve (12) months, we have disclosed the following categories of personal information for business purposes:
Category of Third Party | Categories of Information Shared |
Service Providers | A, B, G, L |
Our Affiliates and Business Partners | A, B, G, L |
Third Parties whom you have authorized us to disclose your information in connection with products or services we provide (including other users) | A, B, G, L |
Government entities or other third parties when required to by law or court order | A, B, G, L |
The platform may link to third-party websites, online services, or mobile applications and/or contain advertisements from third parties that are not affiliated with us, and which may link to other websites, services, or applications. Accordingly, we do not make any guarantee regarding any such third parties, and we will not be liable for any loss or damage caused by the use of such third-party websites, services, or applications. The inclusion of a link towards a third-party website, service, or application does not imply an endorsement by us. We cannot guarantee the safety and privacy of data you provide to any third parties. Any data collected by third parties is not covered by this privacy notice. We are not responsible for the content or privacy and security practices and policies of any third parties, including other websites, services, or applications that may be linked to or from the platform. You should review the policies of such third parties and contact them directly to respond to your questions.
Our platform offers you the ability to register and log in using your third-party social media account details (like your Facebook or Twitter logins). Where you choose to do this, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider concerned, but will often include your name, email address, friends list, and profile picture, as well as other information you choose to make public on such a social media platform.
We will use the information we receive only for the purposes that are described in this privacy notice or that are otherwise made clear to you on the platform. Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party social media provider. We recommend that you review their privacy notice to understand how they collect, use, and share your personal information, and how you can set your privacy preferences on their sites and apps.
We will only retain personal data for the duration necessary to fulfill the purposes for which it was collected or to comply with State, Federal, or other laws. Personal data may also be retained for longer periods if it is solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes. When defining the appropriate retention length, we adhere to relevant legal requirements.
We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the PLATFORM within a secure environment.
We do not knowingly solicit data from or market to children under 18 years of age. By using the platform, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the platform. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data, we may have collected from children under age 18, please contact us using the contact information provided in this Notice.
If you are in, or working from, the EU or other jurisdiction where similar rules apply, you have certain rights in relation to your information.
Access: you are entitled to ask us if we are processing your data and, if we are, you can
request access to your personal data. This enables you to receive a copy of the personal data we hold about you and certain other information about it;
Correction: you are entitled to request that any incomplete or inaccurate personal data we
hold about you is corrected;
Erasure: you are entitled to ask us to delete or remove personal data in certain circumstances. There are also certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with law or in connection with claims;
Restriction: you are entitled to ask us to suspend the processing of certain of your
personal data about you, for example if you want us to establish its accuracy or the reason for processing it;
Transfer: you may us to help you request the transfer certain of your personal data to
another party;
Objection: where we are processing your personal data based on legitimate interests (or those of a third party) and you may challenge this. However, we may be entitled to continue processing your information. You also have the right to object where we are processing your personal information for direct marketing purposes;
Automated decisions: you may contest any automated decision made about you where
this has a legal or similar significant effect and ask for it to be reconsidered.
Consent: where we are processing personal data with consent, you can withdraw your consent.
If you want to exercise any of these rights, please contact us via the contact information provided in this Notice.
Verification. Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g., phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate.
We will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you.
All terms and phrases used under this heading shall have the same meaning as those defined under the California Consumer Privacy Act of 2018 and all related amendments and regulations (“CCPA”).
Notice of Sale. We do not sell the personal information of California residents. We have no actual knowledge of selling information of California residents under the age of 16.
Right to Know. You have a have a right to submit a verifiable request, up to two times a year, for the following information:
The categories of personal information we have collected from or about you.
The categories of sources from which we have collected that personal information, and the business or commercial purpose for the collection.
The categories of third parties with whom we have shared your personal information, and
the business or commercial purpose for said sharing.
Specific pieces of your personal information.
Please note your request may only go back 12 months from the date of your request.
Right to Delete. You have a right to request that we delete your personal information, subject to certain exceptions such as if the information is necessary to complete the transaction for which the information was collected, detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, identify and repair errors and for various other reasons available under California law.
Right of Non-Discrimination. We will not discriminate against you in any way if you choose to exercise your rights under this section or applicable California law.
Submit a Request. To submit a request to know or delete, you may contact us via the contact information provided in this Notice.
Verification. In order to protect your personal information and prevent against fraud, we may verify your identity before responding to your request by matching the information provided in your request with the information we have on file about you, and depending on the sensitivity of information requested utilizing more stringent verification methods, including but not limited to requesting additional information from you and/or requiring you to sign a declaration under penalty of perjury.
Notice of Collection and Disclosure for a Business Purpose. The categories of personal information we have collected over the last twelve months, including, from where we collect it, the purpose for collection, and with whom we share it is outlined in this Notice.
Pursuant to Virginia law, some Virginia residents have specific rights regarding their personal data as described below. These rights are subject to certain exceptions.
When legally required, we will respond to most requests without undue delay, within 45 days of receipt of the request, unless it is reasonably necessary for us to extend our response time.
Right to Confirm and Access. You have the right to request confirmation from us as to whether or not we are processing your personal data and to access such personal data. If you submit a valid and authenticated request and we confirm your identity and/or authority to make the request, we will confirm for you whether or not we are processing your personal data and/or grant you access to your data.
Right to Request Correction of Inaccuracies. You have the right to request that we correct any inaccuracies in any of your personal information, which is under our control, taking into account the nature of the data and the purposes of processing that data. If you submit a valid and authenticated request and we confirm your identity and/or authority to make the request, we will correct the personal information.
Right to Request Deletion of Personal Data. You have the right to request that we delete any of your personal data that we collected from or about you and retained. If you submit a valid and authenticated request and we can confirm your identity and/or authority to make the request, we will delete your personal data from our records and direct our service providers to do the same, if no exceptions or retention conditions apply.
Right to Request Disclosure of Information. You have the right to request a copy of your personal data previously provided to us in a portable and, to the extent technically feasible, readily usable format, thereby permitting you the ability to transmit the data without hindrance.
Right to Opt-Out of Processing. As a Virginia resident, you have the right to direct a business that processes your personal data for the purposes of targeted advertising, sale, and/or profiling, in furtherance of decisions that produce legal or similarly significant effects concerning you, not to process for these purposes. This right is referred to as “the right to opt-out.” If you submit a valid and authenticated request and we confirm your identity and/or authority to make the request, we will cease processing your personal data for the limited purposes of targeted advertising, sale, and/or profiling. Because we are not selling your personal data for monetary compensation, we do not provide an opt-out for these activities. Since we may engage in targeted advertising and/or profiling, we provide you with the option to opt-out of such processing for these purposes. To do so, contact us using the contact information provided in this Notice.
Submit a Request. To exercise your rights described above, please contact us using the contact information provided in this Notice. You may make an authenticated consumer request no more than twice within a 12-month period. The authenticated request must:
Provide sufficient information that allows us to reasonably verify and authenticate you are the person about whom we collected personal data. Such verification process will involve you confirming details of the personal data we have collected about you and will increase in scope in the event the nature of your request relates
to the disclosure of sensitive personal data or the deletion of any personal data. In some instances, you may be required to submit proof of your identity (e.g., a driver’s license); and
Specify the consumer rights you wish to invoke; and
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Verification. In order to safeguard the personal data in our possession, if we cannot verify your identity or authority to act on another’s behalf using commercially reasonable efforts, we will be unable to comply with your request and may request additional information from you. We will only use personal data you provide when submitting an authenticated request to confirm your identity or authority, or to fulfill your request.
Right to Appeal. If we refuse to act on your request, you have the right to appeal our decision within a reasonable period of time after receipt of our initial decision. We will inform you in writing, within 60 days of receipt of an appeal, of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. To exercise your right to appeal, please submit an authenticated consumer appeal request to us using the contact information provided in this Notice.
If your appeal is denied, you may contact the Attorney General to submit a complaint by visiting the Office of the Attorney General’s website to complete an Online Consumer Complaint
Form or by calling the Consumer Protection Hotline at 1-800-552-9963 (within Virginia) or 804-786-2042 (outside Virginia).
Right to Non-Discrimination. You may exercise your rights under the CDPA without discrimination. For example, unless the CDPA provides an exception, we will not: (a) deny you goods or services; (b) charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; or (c) provide you a different level or quality of goods or services.
Most web browsers and some mobile operating systems and mobile applications include a Do- Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.
From time to time, we may contact you via email for the purpose of providing announcements, promotional offers, alerts, confirmations, surveys, and/or other general communication.
If you would like to stop receiving marketing or promotional communications via email from us, you may opt out of such communications by contacting us using the contact information provided in this Notice.
We reserve the right to change this Privacy Notice from time to time. We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address specified in your account, by placing a prominent notice on our platform, and/or by updating any privacy information on our platform. Your continued use of our platform and/or any related services available through our platform after such modifications will constitute your:
(a) acknowledgment of the modified Privacy Notice; and (b) agreement to abide and be bound by that Policy.
We welcome your questions or comments regarding this Privacy Notice. If you believe that we have not adhered to this Notice, please contact us at:
Email:
aj@bossworkapp.com privacy@bossworkapp.com
Post:
Boss App
1023 9th St. Apt 2
Hull, IA 51239
United States
This Privacy Notice was last updated on: December 15, 2023