1. Introduction

The Boston Tech Company (“we”, “our”, or “us”) is committed to complying with the General Data Protection Regulation (GDPR). This GDPR Policy outlines our data protection commitments and your rights concerning your personal data.

2. Scope

This policy applies to all personal data processed by us, whether in physical or electronic mode.

3. Data Principles

As per the GDPR, we follow these principles:

3.1. Lawfulness, fairness, and transparency: Data will be processed lawfully, fairly, and transparently.

3.2. Purpose limitation: Data will be collected for specified, explicit, and legitimate purposes.

3.3. Data minimization: Only necessary data for the purpose it’s collected will be processed.

3.4. Accuracy: We will keep data accurate and up to date.

3.5. Storage limitation: We will retain data for no longer than necessary.

3.6. Integrity and confidentiality: Data will be held securely.

4. Data Subject Rights

4.1. Right to Access: You can request a copy of the personal data we hold about you.

4.2. Right to Rectification: You can ask us to correct inaccurate or incomplete data.

4.3. Right to Erasure (“Right to be Forgotten”): In certain circumstances, you can ask us to delete your data.

4.4. Right to Restrict Processing: You can ask us to temporarily stop processing your data.

4.5. Right to Data Portability: You can ask for a copy of your data in a machine-readable format.

4.6. Right to Object: You can object to the processing of your data in some circumstances.

4.7. Rights on Automated Decision-making and Profiling: You have the right not to be subject to a decision based solely on automated processing.

5. Data Security

5.1. We have implemented appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.

5.2. In the case of a data breach, we will notify the competent supervisory authority and affected individuals in accordance with GDPR requirements.

6. Third-party Processors

6.1. We may employ third-party companies and individuals to facilitate our services. We ensure that these third parties respect the GDPR and provide the same level of protection.

7. International Data Transfers

7.1. If we transfer personal data outside the European Economic Area (EEA), we will ensure that the recipient country offers an adequate level of data protection.

8. Children’s Privacy

8.1. We do not knowingly collect data from children under the age of 16 without obtaining parental consent, as required by the GDPR.

9. Updates to This Policy

9.1. We may update this GDPR Policy periodically. Any changes will be posted on this page, and, if significant, we will notify you through email or other means.

10. Contact Us

10.1. If you have questions or concerns about this GDPR Policy, or if you wish to exercise any of your rights, please contact us.