Information about your privacy when using our website and associated applications.
About this policy
- What data do we collect?
- How do we collect your data?
- How will we use your data?
- How do we store your data?
- What are your data protection rights?
- Privacy policies of other websites / services
- How to contact us
- How to contact the appropriate authorities
What data do we collect?
In order to deliver our service, Boundless collects the following data on individuals who are compliantly employed through our platform:
- Name 2,4,5,6
- Address 4,5,6
- Date of birth, gender, title 5,6
- Email address 2,5
- Phone number 5
- National identity numbers, insurance numbers and tax identifiers for country of employment and associated documentation where relevant 3,5,6
- Emergency Contact details (name, relationship, phone number)
- Details of your bank account (BIC and IBAN) 1
- Copies of passport you provide for identity verification and employment purposes 2
- Digitial imagary of your face 2, 3
- Evidence of right to work in selected country 3,5,6
- Data pertaining to your tax status, e.g. dependents, marital status 5,6
- Documents related to your tax status 3,6
- Information relating to your employment and employment contract such as salary, holiday allowances, bonuses, allowances, benefits.4,6
1 Items processed by 3rd party: Transferwise
2 Items processed by 3rd party: Passbase
3 Items stored on AWS EU Servers
4 Items stored on 3rd party servers as well as our own: Juro (Contract Mgmt software)
5 Items shared with local tax authorities
6 Items shared with in country Payroll Partners in order to run payroll and pay employees
A Note on third Parties
Transferwise: We share employees’ IBAN and BICs (or non EU equivalents) with Transferwise in order to make payroll payments.
Passbase: Service used for identity verification. Employees share a selfie video and a copy of their Passport to become verified.
Juro: Contract Management Platform. Used to compile employment contracts and as such holds data relating to the employee.
AWS Platform: All of our service is hosted on AWS with servers in the EU. This means that data is stored there but also that any logging which may access PII is also reported on there (EU servers).
Mailgun: Emails that come from our software are sent using this service. We do not include PII in our emails however this service has access to email addresses
Payroll Partners: These are a different company in each country and we pass them necessary information in order to process payroll figures accurately. We do not pass on emails, phone numbers or bank details.
How do we collect your data?
You directly provide Boundless with most of the data we collect. We collect data and process data when you:
- Register for our service.
- Use or view our website via your browser’s cookies.
Boundless may also receive your data indirectly from the following sources:
- The company hiring you via Boundless.
How will we use your data?
Boundless collects your data so that we can provide the best service and:
- Check your identity.
- Check your right to work in the selected country.
- Generate an employment contract for you.
- Issue salary payments to you.
- File tax returns and make tax payments to the local tax authorities on your behalf.
- Make other payments on your behalf such as pension contributions and other allowable deductions.
- Email you with special offers on other products and services we think you might like.
How do we store your data?
Boundless securely stores your data on our servers located in the European Union.
Any payroll carried out by us or our payment-processing partners will be encrypted using Secured Socket Layer technology or a secure virtual private network.
If you use a password for our website, you will need to keep this password confidential. Please do not share it with anyone.
Under anti-money-laundering laws Boundless needs to hold information about you and your transactions for five years.
Generally, Boundless will not hold your personal information for more than five years after our business relationship and your employer’s business relation with you has ended, unless we need to hold it for longer because of a potential or on-going claim or another legal reason.
Boundless would like to send you information about products and services of ours that we think you might like.
If you have agreed to receive marketing, you may always opt out at a later date.
You have the right at any time to stop Boundless from contacting you for marketing purposes or giving your data to other members of the Boundless Group.
If you no longer wish to be contacted for marketing purposes, please click here.
What are your data protection rights?
Boundless would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
The right to access – You have the right to request Boundless for copies of your personal data. We may charge you a small fee for this service.
The right to rectification – You have the right to request that Boundless correct any information you believe is inaccurate. You also have the right to request Boundless to complete the information you believe is incomplete.
The right to erasure – You have the right to request that Boundless erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that Boundless restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to Boundless’s processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that Boundless transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: firstname.lastname@example.org
Privacy policies of other websites
How to contact us
How to contact the appropriate authority
Should you wish to report a complaint or if you feel that Boundless has not addressed your concern in a satisfactory manner, you may contact the Data Protection Commissioner’s Office. The Data Protection Commission (DPC) is the national independent authority responsible for upholding the fundamental right of individuals in the EU to have their personal data protected. The DPC is the Irish supervisory authority for the General Data Protection Regulation (GDPR), and also has functions and powers related to other important regulatory frameworks including the Irish ePrivacy Regulations (2011) and the EU Directive known as the Law Enforcement Directive.
Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland.