Boomerang Privacy Policy

Introduction

Please read this Privacy Policy before accessing Boomerang’s services (“us”, “we”, “our”, “Boomerang”). These services include but are not limited to the use of our website and any subsequent domains or subdomains, conjointly referred to as the “website” or the “site”, the Boomerang Discord Bot (“the bot”, “bot”) and our API (“Application Programming Interface”, “API”). The site, bot and API are collectively known as the “service” or “services”. The services may expand at any time with or without prior notice at the sole discretion of Boomerang’s management team.

The data we collect is used solely to provide and improve our offerings. By accessing Boomerang's services, you acknowledge that your data is treated in accordance with this privacy policy. If you disagree with any part of this policy, do not use our services.

Your Privacy Rights

As a user, you have the right to access, rectify, or erase your personal data. You may also restrict or object to its processing, as well as the right to data portability. You have consent over your data and if you choose to exercise these rights, you have the right to not be treated in a discriminatory way or be treated differently from others.

If you wish to exercise your right to your personal data, please send an email to legal@bmrg.app outlining your request. We do not accept requests via our Support Server, outlining your request, we do not accept requests via our Support Server, Direct Messages or any other way.

Data Collection

Boomerang collects basic Discord information, which is listed below. This data is used to provide the proper and most accurate information. Information users input into Boomerang is collected as well, sometimes temporarily or permanently. The following information is collected:

• Public User Information (usernames, unique identifiers, and avatars)
• Public Guild Information (names, unique identifiers, roles, icons and channels)
• Command Usage (user, command, time and guild information)
• User Input (data that is input into commands, modals and menus)

If you are an Administrator and set up Boomerang within your guild, all information you submit through the command is logged to our database, which includes:

• Public Guild Information (names and unique identifiers)
• Configuration (roles, channels, strings and options)
• Command Usage (user, time and guild information)

Payment Information

In the event that you purchase access to our service, the information you submit during the sale will be available to Boomerang’s Core Team. Boomerang does not store, collect, or otherwise log personal or payment information from customers. Payment processing is facilitated through Stripe, a third-party service, which may store, collect, or log personal and payment information. The handling of this information by Stripe is subject to their Privacy Policy. Stripe adheres to the standards mandated by PCI-DSS, as overseen by the PCI Security Standards Council. Users are encouraged to review Stripe’s privacy practices via their Privacy Policy for more information on how their data is managed.

Data Transfer, Storage & Protection

Please be advised that your information, including Personal Data, may be transferred to and maintained on computers located outside your state, province, country, or other governmental jurisdiction. The data protection laws of these jurisdictions may differ from those in your own.

If you are situated outside Australia and choose to provide us with information, please be aware that we will transfer the data, including Personal Data, to Australia for processing. By consenting to this Privacy Policy and submitting such information, you agree to this transfer.

Boomerang is committed to taking all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy. No transfer of your Personal Data will occur to an organisation or country unless adequate controls, including the security of your data and other personal information, are in place. Your agreement to this Privacy Policy, along with the submission of your information, signifies your consent to the outlined data transfer processes.

It is important to note that Boomerang's database and server(s) are located in New York and various other destinations in the United States of America.

Only approved staff members have access to user data, which includes vetting and ensuring the user does not have malicious intent. We are constantly working to improve these safeguards to ensure your personal data is kept secure, no sensitive personal information is logged to our databases.

Children and Personal Data

We prioritise adding protection for children while using the internet and encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity. Boomerang does not knowingly collect any personal information from children under the age of 13. Children under the age of 13 are not permitted to access our services under any circumstances. To reinforce this policy, we employ various measures, such as age verification prompts. If you believe your child has accessed the service, we strongly encourage you to contact us so we can promptly remove such information from our records.

Data Usage

• Provide and maintain our service/services
• Allow you to participate in features offered by our service when chosen
• Provide you with customer support
• Monitor your usage of the service for analytical reasons
• Improve the overall functionality and performance of our service
• Process any payments triggered by you
• Enhance and personalise your user experience
• Ensure compliance with applicable laws and regulations

Legal Basis for Data Processing

Users consent to data processing when they begin using the service. Boomerang acknowledges and respects the importance of obtaining explicit consent for the collection and processing of personal information. By utilising our service, you signify your agreement to this Privacy Policy and the subsequent processing of your data. If you wish to withdraw your consent or exercise your rights, you may do so by contacting us at legal@bmrg.app, where further guidance will be provided.

Data Disclosure

Boomerang will never sell or disclose your information to third parties not specified within this policy without your explicit consent, unless compelled to do so by law. In certain circumstances, Boomerang may disclose your data in good faith when deemed necessary to comply with legal obligations, safeguard and defend our rights or property, investigate or prevent potential wrongdoing related to the service, ensure the personal safety of our users or the public, or protect against legal liability. For example, this may include cooperating with law enforcement in response to a subpoena.

Dispute Resolution

In the event of any dispute or disagreement arising from the use of our services, both parties agree to engage in good faith negotiations to resolve the issue. If a resolution cannot be reached through negotiation within a reasonable period, both parties agree to submit the dispute to mediation by a neutral third party. The mediation process will be conducted in accordance with the rules and procedures agreed upon by both parties. If mediation does not result in a resolution, any unresolved disputes shall be subject to binding arbitration under the rules of the Australian Centre for International Commercial Arbitration (ACICA), with all proceedings held in Australia. Each party shall bear its own costs related to the mediation and arbitration process, and the costs of the mediator and arbitrator shall be shared equally unless otherwise determined by the arbitrator.

Data Retention

Boomerang will retain your data only for the duration necessary to fulfil the purposes outlined in this Privacy Policy. This includes meeting legal obligations, resolving disputes, enforcing agreements, and safeguarding the security and functionality of our service. We may also retain usage data for internal analysis, security enhancements, or to improve service functionality. Usage data is typically retained indefinitely for these purposes.

Data Removal

To initiate a data removal, send an email to legal@bmrg.app and request a data removal. All data linked to you will be erased from our systems, though logs containing public information (e.g. command usage) will not be removed. Public user information will be kept to acknowledge that your data has been removed from our systems.

To prevent the abuse of this feature, once you have requested data removal, you are no longer able to use Boomerang services or systems.

Agreement Renewal

This Privacy Policy is subject to renewal at the discretion of Boomerang. Users will be notified of any changes to the policy, and continued use of the service after the effective date of the revised terms constitutes acceptance of the updated Privacy Policy.

Third Party Site Links

At times, our service may include hyperlinks or references to external websites that are not owned or operated by us. These links are provided for your convenience and to offer additional information. However, please be aware that we do not have control over the content, security, or privacy practices of these third-party sites.

We strongly encourage all users to review the Privacy Policy, Terms of Service, and any other relevant policies of these external websites before engaging with them. Your use of any third-party site linked from our service is at your own risk.

It's important to note that the inclusion of these links does not imply endorsement or approval of the content or practices of the linked sites. We are not responsible for the accuracy, legality, or appropriateness of the content on these third-party websites.

European Economic Area (EEA) Residents

Data Processing and Consent

Boomerang acknowledges the importance of compliance with the GDPR and other applicable data protection regulations. By using our services, EEA residents explicitly consent to the processing of their personal data in accordance with this Privacy Policy.

Data Controller

For individuals residing in the EEA, Boomerang shall be considered the data controller responsible for the processing of personal data. The Lead Developer, Summerlytz, and the Boomerang team are designated as data processors under the authority of Boomerang.

Legal Basis for Processing

Boomerang processes personal data of EEA residents based on one or more legal grounds as stipulated in the GDPR. These grounds may include the necessity of processing for the performance of a contract, compliance with legal obligations, protection of vital interests, consent, the performance of a task carried out in the public interest or the exercise of official authority, and legitimate interests pursued by Boomerang or a third party.

Data Subject Rights

EEA residents have specific rights under the GDPR, including but not limited to the right to access, rectification, erasure, restriction of processing, data portability, and objection to processing. To exercise these rights, individuals can contact Boomerang through the provided contact information in this Privacy Policy.

Cross-Border Data Transfers

By using our services, EEA residents acknowledge and agree that their personal data may be transferred to and processed in countries outside the EEA. Boomerang ensures that such transfers comply with applicable data protection laws, and appropriate safeguards, such as standard contractual clauses or binding corporate rules, are in place to protect the personal data.

Data Protection Officer (DPO)

Boomerang has appointed a Data Protection Officer responsible for overseeing data protection matters. EEA residents can contact the DPO via legal@bmrg.app.

Disclaimer

This provision is intended to be read in conjunction with the general Privacy Policy.

PIPEDA, LGPD, APA, APP, CCPA & GDPR

Boomerang is dedicated to ensuring full compliance with various global privacy laws to safeguard user information. Here's an overview of our commitment to specific protocols:

Personal Information Protection and Electronic Documents Act

Boomerang respects PIPEDA by obtaining user consent for data processing, ensuring transparency in information handling, securing personal data, and facilitating user access to their information.

General Personal Data Protection Law

In alignment with LGPD, Boomerang prioritises explicit user consent, transparency in data processing, and empowers users to exercise their rights, including access and data erasure requests.

Australian Privacy Act and Australian Privacy Principles

Boomerang complies with APA and APP by responsibly handling personal information, providing transparency through its Privacy Policy, training staff on privacy procedures, and safeguarding data during overseas transfers.

California Consumer Privacy Act

Aligned with CCPA, Boomerang respects Californian users' rights to know, delete, and opt-out. The company has procedures in place for securing personal information and handles data subject requests with diligence.

General Data Protection Regulation

We commit ourselves to adhering to all GDPR regulations. Information regarding our compliance is available in the "European Economic Area (EEA) Residents" section of this Privacy Policy.

Contact

If you have any questions regarding our privacy policy, policies or practices, you can contact us via email at legal@bmrg.app. Likewise, if you wish to submit a complaint, you have the right to do so via the same email address.

All users have the right to lodge a complaint if they believe that the processing of their personal data infringes applicable data protection laws. Your complaint will be taken into account, and you will not be treated in any different way from others, nor will you receive less of a service from Boomerang.

We take questions and concerns very seriously, thus, our team will review your question or concern and determine how best to reply. In most cases, you will receive a reply within 72 hours, in special cases, you may have to wait longer for a response from a representative. If we require additional information, it will be requested before the complaint or concern is fully logged.

Questions, Concerns, Complaints or other necessary contact of the utmost importance from law enforcement should be directed to urgent@bmrg.app. Further, any urgent security risks found in the service should be directed to this address. Inquiries that are not urgent in nature will be discarded without a response.