PRIVACY POLICY AND COOKIES POLICY

The Privacy Policy determines terms and conditions of the processing of Users' personal data, and also constitutes an attachment to the BoomLand Conditions of Use. This Privacy Policy is an attachment to the BoomLand Conditions of Use available on the website https://wp.boomland.io/boomland/.

All terms included herein shall be interpreted in accordance with the Conditions of Use, unless their different meaning has been clearly indicated herein.

>>> If your place of residence is in the European Union (EU), then your personal data is processed as follows:

1. CONTROLLER AND PERSONAL DATA PROCESSING

1. Controller

BOOMLAND GLOBAL spółka z o.o. with its registered office in Gdańsk, at: ul. Zacna 2, 80-283 Gdańsk, Poland, entered in the Register of Entrepreneurs of the National Court Register, kept by the District Court Gdańsk-Północ in Gdańsk, VII Economic Division of the National Court Register, under KRS number: 0001058226, NIP: 9571163148, REGON: 521683174, with share capital of 20,000.00 PLN (twenty thousand 0/100 PLN), paid in full.

All representations shall be directed to the relevant entity only. Contact with the Controller is available at e-mail: legal@boomland.io. For the purposes hereof – the Platform, the Controller, the Administrator and the Service Provider are referred to jointly as “the BoomLand”.

2. Governing Law

The Controller processes personal data in accordance with the requirements of applicable law, including in particular acts on privacy acts in Poland and European Union relating to the security of personal data. The User is liable for providing false personal data. By accepting the Privacy Policy, the User agrees to terms and conditions of collecting, processing and securing personal data regarding the use of the Platform.

Also, the Controller processes personal data pursuant to European Parliament and Council regulation (EU) 2016/679 dated 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (the General Data Protection Regulation - hereinafter referred to as “the GDPR”).

3. Respect for Privacy

The Service Provider makes every effort to ensure that personal data are processed with the greatest respect for the privacy of the data provider and with the utmost care for the security of the processed personal data, and in particular ensures to take all legal measures to safeguard the personal data collections.

4. Applied Measures

The Service Provider represents to apply technical and organizational measures to ensure protection of processed personal data appropriate for the risks and a category of protected data, and in particular to protect data against unauthorized sharing, processing as a violation of law and against their loss, damage or destruction .

5. Processing Scope and Purpose

The Service Provider processes personal data of the User with the purpose of:

1. establishing, changing, executing or terminating the agreed relationship between the Service Provider and the User;

2. fulfilling legal duties of the Controller;

3. marketing and advertising the Services, as well as sending commercial information;

4. using ICT end devices and automatic trigger systems for marketing purposes;

6. Data Profiling

Processing personal data includes profiling the Users according to their behavior, interests, payment credibility and purchase preferences. Based on profiling, a specific content is conveyed to the Users, which potentially may interest them.

7. Representation and AML officer

The Controller, represented by Chairman of the Board Mr Anibal Jose da Cunha Saraiva Soares (EID number: 784-1980-1122675-4) appoints Mr Rafal Kufieta (PESEL - personal ID number: 80060201331) as the Controller’s AML Officer for the purposes of anti-money laundering and combating finance terrorism.

8. Data Sharing

To execute the Agreement, the Controller may disclose collected personal data with the entities including: employees, associates, delivery service, online payment system operators, entities providing operating, legal, accounting and IT services for the Service Provider, as well as entities personally or financially associated with the Service Provider. In such cases the volume of disclosed information is limited to necessary minimum.

9. Website Traffic Analyses

The Service Provider represents that it is allowed to use tools designed to analyze traffic within the Platform such as Google Analytics and other similar. In particular, the Service Provider has the right to collect information on the User's activity and behavior, such as visiting the Platform and using the Services. The Service Provider uses the data to research the market and traffic on the Platform, as well as to create statistics, in particular, to assess the interest in the posted content, as well as to improve the Platform and fulfill obligations in the scope of counteracting money laundering and terrorist financing. The collected data shall be processed in an anonymous manner and used only for statistical purposes or to ensure proper use of the Platform.

10. Termination of the Service

Upon termination of the Agreement by the User, the Service Provider shall not process personal data of the User except for:

1. representations made by the User under the Terms and Conditions;

2. advertising, market research and behavior purposes to improve the quality of the provided services;

3. explanation of circumstances contrary hereto or the right to use the Website or the Services provided within the Platform;

4. authorized for processing under the agreement or separate provisions of law.

11. User Rights

The Service Provider ensures that the applied terms and conditions of processing personal data comply with Users’ rights under the applicable law, in particular rights to access, correct, update, remove, limit processing, transfer own data, to object, to withdraw the consent, to complain to the supervisory authority. Notices regarding the Privacy Policy and personal data are examined according to the complaint procedure specified in the Term and Conditions.

12. Scope of Data

The Service Provider processes or may process personal data of the User, appropriately to the data provided by the User, in particular including identification and contact data.

13. Platform Browsing

Browsing the Platform does not require the User to provide personal data, unless the access to particular content or services is conditional upon the data provision.

14. Data Processing Rules

The Service Provider shall comply with the following rules for the processing of personal data:

1. recording collected personal data only on such storage media that are protected against third party access;

2. performing personal data security surveillance throughout the whole term during which they are possessed to ensure in particular protection against unauthorized access, damage, destruction or loss;

3. sharing personal data with competent authorities under applicable law;

4. preserving the confidentiality of personal data.

The personal data processed by the Service Provider are not shared in a form that allows user identification of any kind, unless the User has given a consent or if the obligation to disclose such information is based on applicable law.

2. WHAT ARE THE PURPOSES OF PERSONAL DATA PROCESSING AND WHAT IS THE LEGAL BASIS FOR PROCESSING?

Personal data is processed for the purposes of:

1. receiving the newsletter (legal basis: Article 6(1)(a) of the GDPR),

2. performance of the Agreement or taking action at the request of the data subject prior to the conclusion of the Agreement (Article 6(1)(b) of the GDPR),

3. handling claims and complaints (Article 6(1)(b) of the GDPR),

4. conclusion and performance of the Agreement, including the performance of individual services (Article 6(1)(b) of the GDPR),

5. sending system messages or notifications to the User (Article 6(1)(f) of the GDPR),

6. developing statistics related to the User's activity on the Website (Article 6(1)(f) of the GDPR),

7. answering questions (Article 6(1)(f) of the GDPR),

8. storing documentation or archiving it for the purposes of examining, processing or settling claims (Article 6(1)(f) of the GDPR),

9. marketing, including monitoring and matching content to Users' interests, monitoring Users' activity, which includes searching for keywords, information on the Portal, as well as managing Users' activity on the Portal - to make it possible, we perform profiling, which, however does not affect the Users' rights or freedoms or otherwise affects the User (legitimate interest of the Service Provider, clearly defined in the provisions of the General Data Protection Regulation (recital 47 of the GDPR).

3. HOW DO WE OBTAIN PERSONAL DATA?

1. We collect personal data directly from Users.

2. We may collect personal data indirectly only during Registration - if the Portal User sends an invitation to a third party. In this case, the User provides the e-mail address of the person to whom the invitation is then sent. This person should confirm their willingness to register and complete their personal data.

4. WHAT DATA DO WE PROCESS AND FOR HOW LONG?

If:

1. you are browsing the Website: IP address (for static purposes), cookies. We store data until cookies expire.

2. you contact us using the contact form: the data and IP address provided by you. We retain data for 36 months or longer if necessary to assert, process or defend against legal claims.

3. you file a claim or submit a complaint: data contained in the document. We store the data for the period required by law for the purpose of investigating, processing or defending against legal claims. The complaint is considered within 30 days.

4. you order Paid Services: data necessary to provide the Service. If it is access to content, we do not process more data than related to the payment process. The payment service is provided by the payment operator. Card data is not processed by the Service Provider. In the case of stationary training services or other services provided outside the Website, we process the data necessary to use the Service. The data is processed for the duration of the Service, and after this period for the time necessary to investigate, process or defend against legal claims - including accounting, legal and IT services.

5. you receive a newsletter: e-mail address. You can withdraw your consent and unsubscribe from the newsletter by clicking the unsubscribe option directly in each email sent. If you unsubscribe, we will only process information about when you subscribed to the newsletter and when you unsubscribed from it (in both cases your IP address will be saved). NOTE: The Newsletter is not a message system sent by the Service Provider informing about alerts or other important notifications related to the User's Service or other Services.

6. you receive system messages or notifications: username, email address. No notifications and/or system messages will be sent in the event of Account deletion. However, the data will be processed for archiving purposes for a period of up to 36 months or longer (if it is necessary for the purpose of investigating, processing or defending against legal claims).

7. we keep records or archive for the purposes of investigating, processing or settling claims: data necessary for a given process. Deletion occurs after the process is complete.

8. you use the Portal: your activity on the Portal - information resulting from monitoring activity on the Portal aimed at profiling data, including: Information in HTTP headers, which contain information about the browser or application used; Information on standard/optional events, e.g. "page view" or "application installation", further object properties and buttons pressed by visitors to the Portal; Online identifiers, including IP addresses and, if provided, identifiers associated with Facebook or device identifiers (e.g. advertising identifiers in mobile operating systems) and information on opting out / organizing advertising monitoring - are stored until the User's account is deleted.

9. If we write that we store data for the period required by law for the purposes of research, processing or defense against legal claims, we mean the period indicated by law as the required period.

5. WHAT NOTIFICATIONS AND SYSTEM MESSAGES DO WE SEND?

The website can send notifications (so-called web push notifications) if you agree to it from the browser level. In this case, you will receive notifications visible from your device.

The website may send notifications visible after logging in. The user can set the frequency of sending information. Messages can be sent once a day, once a week, or they can be turned off. By default, the sending of notifications is disabled and the user is asked to select the frequency settings.

The Service Provider may send system messages to the User's e-mail address. These messages are sent as needed and relate to messages related to the Service.

6. WHO DO WE SHARE PERSONAL DATA WITH?

The recipients of the data may only be authorized employees of the Service Provider or co-workers providing services related to customer service or IT support or accounting or legal services, as well as advertising partners.

7. OUR RIGHTS RELATED TO THE PROTECTION OF PERSONAL DATA

Each data subject has the right to access, rectify, update, transfer, delete or limit processing, the right to raise objections, the right to withdraw consent at any time (withdrawal of consent does not affect the lawfulness of the processing was made on the basis of consent before its withdrawal), the right to lodge a complaint with the supervisory body, i.e. the President of the Office for Personal Data Protection. In order to exercise your rights, please send a relevant request by e-mail to: legal@boomland.io. We will consider your application immediately, but not later than within 1 month of receiving the request from the User. However, if the execution of the request within the indicated period is not possible, e.g. due to the complicated nature of the request or the number of requests, we reserve the right to extend the deadline for considering the request, but not longer than 2 months. We will inform you by e-mail about the possible need to extend the deadline for processing your inquiry.

8. TRANSFER OF DATA OUTSIDE THE EUROPEAN ECONOMIC AREA

Personal data may be transferred to third countries and international organizations when entities established in these countries have implemented appropriate safeguards for the personal data being processed. If personal data is transferred outside the EEA, the Service Provider uses Standard Contractual Clauses as safeguards for countries where the European Commission has not found an adequate level of data protection.

The transferred data include, in particular: e-mail address, IP address, date and time of each contact related to each opening and clicking on the newsletter email campaign.

9. HOW CAN YOU CONTACT US?

All inquiries regarding the method of data processing should be directed to the following e-mail address: legal@boomland.io.

10. COOKIES POLICY

Cookies are sent to web browsers, and then saved on the device's memory and read by the server each time you connect to a website. Cookies do not contain any information enabling third parties to get to know your personal data or contact you, e.g. by email or phone. Saving cookies does not allow us or unauthorized persons to access your private device.

1. Types of Cookies

The Service Provider may use the following types of cookies on the Platform and Application:

1. temporary, which are removed after leaving the Platform or after turning a web browser off;

2. permanent that are stored on the User's end device for unspecified period of time, or until the User manually deletes them;

3. statistical, which track traffic on the Platform;

4. functional, allowing personalization of the site in relation to the User;

5. advertising, which allow to provide the User with the content adjusted to his/her personal preferences;

6. obligatory and safety, which regard safety keeping rules within the Platform and authentication rules.

2. Purposes of Using

The Service Provider uses cookies for the following purposes:

1. to optimize and increase efficiency and quality of the Services;

2. to configure features available within the Platform and Application correctly;

3. to personalize displayed contents and adjust advertisements to visitors of the Platform and Application;

4. after logging in, to maintain the User’s sessions on the Platform and Application so the User does not have to re-enter the login and password on each subpage;

5. to keep safety and reliability of the Platform and Application;

6. collecting and using general and publicly available statical data through analytical tools.

3. Analysis

To ensure the highest quality, cookies are analyzed to determine which subpages are visited the most, which browsers are used by visitors and whether the Platform structure is free of errors.

4. Cooperation with Entities

Cookies stored on the User's end device may be used by other entities that affect the quality of the provided Services. The User may change own cookie settings any time by specifying the conditions of storing and granting access to cookies on the User’s device. The User is allowed to change the settings referred hereinabove by using the settings of the web browser or by configuring the Service. These settings may be changed in a way to block automatic cookies activity in a web browser or to inform the User of placing a cookie on the User’s device.

5. User Rights

The User is allowed to remove cookies at any time by using the settings available in the used web browser. Restricting or blocking cookies via the used web browser shall not make it impossible for the Users to participate in the Platform, however, this may cause difficulties or irregularities in the Platform operation for which the Service Provider is not liable. It is recommended to use software that enables cookies operation.

>>> If your place of residence is outside the European Union (EU), then your personal data is processed as follows:

1. DATA PROCESSING

By transferring data from the User to the Service Provider, in the scope of using the Website, the User agrees to place his personal data in the Service Provider's database and to process them in order to provide the Service on the basis of these Terms and Conditions.

The Controller of Personal Data (Personal Data Administrator) is:

BoomLand FZ-LLC (register number 0000004036488) having its registered office in Ras Al Khaimah Economic Zone, EIB-621A Emirates Islamic Bank Building, RAKEZ Business Zone-FZ, RAK (the United Arab Emirates), license number 45000886 (hereinafter referred to as “the Controller”, “the Administrator” or “the Service Provider”).

Contact with the Service Provider is available at e-mail: legal@boomland.io.

The Administrator processes personal data in accordance with the requirements of applicable law, including in particular the Privacy Protection Laws in the United Arab Emirates regarding the security of personal data. The User is responsible for providing false personal data. By accepting the Privacy Policy, the User agrees to the terms of collecting, processing and securing personal data related to the use of the Website.

2. RESPECT FOR PRIVACY

The Service Provider makes every effort to ensure that personal data is processed with the greatest respect for the privacy of the data provider and with the utmost care for the security of personal data processed, and in particular ensures that all legal measures are taken to protect the collected personal data.

3. MEASURES APPLIED

The Service Provider declares that he uses technical and organizational measures to ensure protection of the processed personal data appropriate to the threats and categories of data protected, and in particular protects the data against unauthorized disclosure, processing in violation of the law and its loss, damage or destruction.

4. SCOPE AND PURPOSE OF PROCESSING

The Service Provider processes the User's personal data for the purpose of:

1. establishing, changing, performing or terminating the contractual relationship between the Service Provider and the User;

2. fulfillment of the Administrator's legal obligations;

3. marketing and advertising of the Services, as well as sending commercial information;

4. the use of ICT end devices and automatic triggering systems for marketing purposes.

5. DATA PROFILING

The processing of personal data includes profiling of Users in terms of their behavior, interests, payment credibility and shopping preferences. On the basis of profiling, Users are provided with specific content that may potentially be of interest to them.

6. DATA SHARING

In order to perform the Agreement, the Administrator may share the collected personal data with entities, including: employees, associates, a courier company, Internet payment system operators, entities providing operational, legal, accounting and IT services to the Service Provider, as well as entities personally or financially related to the Service Provider. In such cases, the amount of information disclosed is limited to the necessary minimum.

7. TRAFFIC ANALYSIS IN THE SERVICE

The Service Provider declares that he may use tools for analyzing traffic on the Website, such as Google Analytics and other similar ones. In particular, the Service Provider has the right to collect information about the User's activity and behavior, such as visiting the Website and using the Services. The Service Provider uses this data to research the market and traffic on the Website, as well as to create statistics, in particular to assess the interest in the posted content, as well as to improve the Website and fulfill obligations in the field of anti-money laundering and counter-terrorist financing. The collected data will be processed anonymously and used only for statistical purposes or to ensure proper use of the Website.

8. TERMINATION OF THE USE OF THE SERVICE

After the termination of the Agreement by the User, the Service Provider does not process the User's personal data, except for:

1. statements made by the User on the basis of this Policy and the Terms and Conditions;

2. advertising, market and behavior research to improve the quality of services provided;

3. explanation of circumstances inconsistent with this Policy and Terms and Conditions or the right to use the Website or Services provided on the Website;

4. authorization to process the data on the basis of an agreement or separate legal provisions.

9. USER RIGHTS

The Service Provider ensures that the applied conditions for the processing of personal data are consistent with the Users' rights resulting from applicable law, in particular the right to access, correct, update, delete, limit processing, transfer own data, raise objections, withdraw consent, and submit a complaint to the supervisory authority. Inquiries regarding the Privacy Policy and personal data are considered in accordance with the complaint procedure specified in the Terms and Conditions.

10. SCOPE OF DATA

The Service Provider processes or may process the User's personal data, respectively in the scope of data provided by the User, including in particular identification and contact details.

11. BROWSING THE WEBSITE

Browsing the Website does not require providing personal data by the User, unless access to specific content or services depends on its provision.

12. RULES OF DATA PROCESSING

The Service Provider adheres to the following rules for the processing of personal data:

1. saving the collected personal data only on such storage media that are protected against access by third parties;

2. reporting personal data files or designating persons performing the required duties for this purpose;

3. supervision over the security of personal data throughout the period of its possession in order to ensure, in particular, protection against unauthorized access, damage, destruction or loss;

4. sharing personal data with competent authorities on the basis of applicable law;

5. maintaining the confidentiality of personal data.

Personal data processed by the Service Provider is not made available in a form that allows any identification of the User, unless the User has consented to it or the obligation to disclose such information results from applicable law.

13. COOKIES

Types of Cookies

The Service Provider may use the following types of cookies on the Website and in the App:

1. temporary, which are deleted after leaving the Website or turning off the web browser;

2. permanent, which are stored on the User's end device for an indefinite period or until they are manually deleted by the User;

3. statistical data that tracks traffic on the Website;

4. functional, enabling personalization of the website in relation to the User;

5. advertisements that enable the delivery of content to the User tailored to their personal preferences;

6. mandatory and security, which relate to the principles of security on the Website and the principles of authentication.

Purposes of use

The Service Provider uses cookies for the following purposes:

1. optimizing and increasing the efficiency and quality of the Services;

2. correct configuration of the functions available on the Website and in the App;

3. personalization of the displayed content and matching of advertisements to people visiting the Website and the App;

4. after logging in to maintain the User's session on the Website and in the App, thanks to which the User does not have to re-enter the login and password on each subpage;

5. maintaining the security and reliability of the Website and the App;

6. collecting and using general and publicly available statistical data using analytical tools.

Analysis

To ensure the highest quality, cookies are analyzed to determine which subpages are visited most often, which browsers are used by visitors and whether the structure of the Website is error-free.

Cooperation with entities

Cookies stored on the User's end device may be used by other entities that affect the quality of the Services provided. The User may at any time change their own cookie settings, specifying the conditions for storing and granting access to cookies on the User's device. The User has the option to change the settings referred to above using the web browser settings or by configuring the Services. These settings can be changed in such a way as to block the automatic activity of cookies in the web browser or inform the User about the placement of a cookie file on the User's device.

User rights

14. Users may at any time delete cookies using the settings available in the web browser they use. Limiting or blocking cookies by the web browser used will not prevent Users from using the Website, however, it may cause difficulties or malfunctions in the operation of the Website, for which the Service Provider is not responsible. It is recommended to use software that enables cookies.