Privacy Policy

Boss Level Oy, Privacy policy according European GDPR 679/2016

General Data Protection Regulation
Boss Level Oy Limited –


This Privacy Policy outlines the procedures governing the management of personal data collected from clients who buy products or services from Boss Level Oy LTD through the website, as well as the associated social network profiles of Boss Level Oy Ltd.
The purpose of this policy is to provide transparency and clarity regarding the processing of personal information for individuals acquiring services from Boss Level Oy Ltd.
This Privacy Policy is provided in accordance with Articles 13 and 14 of the European Union Regulation 2016/679 (hereinafter also referred to as the "General Data Protection Regulation" or "GDPR") for those accessing the website
The Data Controller for personal data under the GDPR is Boss Level Oy Limited, a Finnish legal entity based in Tampere - Käenkuja 8 C 34 b 00500 HELSINKI.
The website where you buy our services is a space owned and managed by the Data Controller and operates on the platform and systems of Shopify, a Canadian legal entity acting as a joint data controller.
Shopify is the e-commerce platform powering our online store.
Users of the website are therefore invited to review the privacy policy of Shopify at the link
The following processing methods apply to all clients of Boss Level Oy.
The data of users not residing in the territory of the European Union or in the states indicated in the specified exceptions will be processed in accordance with the GDPR.
Boss Level Oy has chosen to implement the GDPR as a framework to safeguard the personal data collected and processed for its purposes. We believe this is the optimal solution for ensuring the data protection, privacy, and safety of our users and consumers.
This Privacy Policy also applies to use of our Platform via a mobile device, either through mobile applications or mobile-optimized websites.
All information described in this Privacy Policy is processed by Boss Level Oy (hereinafter als "we", "us", or "our") as Data Controller according to General Data Protection Regulation (GDPR 679/2016). This Privacy Policy describes our practices related to the use, storage, and disclosure of personal information we collect from or about you when you interact with us.
We safeguard your information with robust cybersecurity. If a third party requests your personal data, we won't share it without your explicit consent or unless legally required. When legal obligations demand sharing your personal information, we'll notify you beforehand, unless prohibited by law.
Within our corporate organization, your data will be processed only by adequately trained personnel, and each department will adhere to the principles of minimization for every form of processing.
Clients of Boss Level Oy are aware our company is based in Finland and platform in Canada. Data will be processed by us only in our files, clouds, or server. Shopify will process data collected according to its privacy policy.
This Privacy Policy describes only our processing of the personal data of our clients. The way we process information depends on the type of information and purpose for processing and may include collection, organization, storage, retrieval, consultation, disclosure, restriction, erasure.
According to Article 6 of the General Data Protection Regulation, the legal bases for collecting and processing your data include: consent, contractual necessity (in the event of purchasing our services or for negotiations), and compliance with legal obligations. In cases of absolute necessity, the legal basis will be legitimate interests.
We may collect and receive information and data from you only on volunteer basis, including when you use or access our website such as when you enter information even if you do not complete your request.
For the sale of our products, our systems collect specific personal data transmitted over the Internet, such as IP addresses and computer domain names. When processed with third-party data, this information could potentially identify users/visitors. However, we use this data strictly for statistical purposes (ensuring anonymity) and to monitor the functionality of our site. In any case no excessive information for the purposes for which it was collected or otherwise processed will be requested.
In any case will be asked sensitive or special categories of personal information, such as that relating to health, disabilities, race, ethnicity, political opinions, biometrics, or religion, for the purpose(s) for which it was provided or for which you have provided express consent.
Information will be used solely to provide the services you purchase, won't be stored in our files, and will be retained only for the necessary duration to fulfill your requests. Your data won't be used for mailing, newsletters, or other materials from Boss Level Oy and won't be shared with any third parties, partners, suppliers, or network members. Only essential information will be shared with Shopify.
Under no circumstances will the provided data be kept for more than three years after the contract's conclusion, except when legally required or for safeguarding the rights of the Data Controller.
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically during the use of this Website.
Unless otherwise specified, all Data requested is mandatory. If the User refuses to provide them, it may be impossible for us to provide the Service. In cases we indicates some Data as optional, Users are free to refrain from communicating such Data without any consequences on the availability or operation of the Service.
If you contact us, we may record a copy of your correspondence and may ask for additional information to verify your identity. Users who have doubts about which Data are mandatory are encouraged to contact us.
Boss Level Oy as Data Controller implements appropriate security measures to prevent unauthorized access, disclosure, alteration, or destruction of Personal Data. Processing is carried out using computer and/or telematic tools, with organizational methods and logics strictly related to the specified purposes. In addition to the Data Controller, in some cases, clients are aware that other parties involved in the organization of this Website (administrative, commercial, marketing, legal, system administrators) or external entities (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the Data and may be appointed, if necessary, as Data Processors by the Data Controller. The updated list of Data Processors can always be requested from the Data Controller.
The Data is processed at the operational offices of the Data Controller and in any other location where the parties involved in the processing are located. For further information, please contact the Data Controller. The User's Personal Data may be transferred to a country other than the one in which the User is located. The User's personal data will not be transferred out of the European Union, except those necessarily transferred to Shopify.
We may use your personal information where this is necessary to comply with a reasonable request by a law enforcement or regulatory authority, body, or agency, or in the defense of legal claims.
We may also use your personal information when obtaining legal and other professional advice including for audits. We consider this to be in our legitimate interest in the management of our business.
Failure to comply will lead to penalties as stipulated by the regulations enforced by the supervisory authorities of the European Union member states. Hence, processing is mandatory when applicable in a specific case.
According to GDPR Recitals 47-49, the Data Controller may use your personal data for the following obligatory purposes, based on prevailing legitimate interests:
(i) to establish, exercise, or defend legal rights, as required in specific cases;
(ii) to ensure network and information security, protecting against unforeseen events or malicious acts that could compromise data integrity and confidentiality.

The potential use of Cookies - or other tracking tools - by this Website or third-party service providers used by this Data Processor aims to provide the Service requested by the User, in addition to the further purposes described in this document and in the Cookie Policy.
In accordance with Articles 15 to 21 of the GDPR, as a data subject, you are granted the following rights:
To the extent you are legally entitled, you can request confirmation of whether we process your personal information, and details of the information that we hold about you and how we use it. You also have a right to access your personal information and to be provided with a copy.
If you believe that the personal data, we hold about you is inaccurate, you may request that we correct it. You may also request us to complete personal data about you which is incomplete.
You have the right to request that we restrict processing of your personal information if you claim that the personal data is not accurate. The restriction will apply until we have taken steps to ensure the accuracy of the personal data.
You may request the erasure, suspension of processing or anonymization of your personal information if personal information is no longer necessary in relation to the purposes for which it was collected or otherwise processed. You may request erasure in case you have withdrawn your consent, and we have no other legal basis for processing the personal information.
We may refuse a request for erasure, suspension of processing or anonymization, for example, where we need to use the personal data to comply with a legal obligation or to establish, make or defend legal claims. You have a right, at any stage, to object to our using your personal information to send you marketing information.
You also have the right to object to our using your personal information where our reason is based on our legitimate interests. We will have to stop processing until we can establish that we have compelling legitimate grounds which override your interests, rights, and freedoms, or that we need to continue using it for the establishment, exercise, or defense of legal claims.
In some circumstances, you may be entitled to obtain your personal data from a data controller in a format that makes it easier to reuse your information in another context, and to transmit this data to another data controller of your choosing without hindrance.
You have a right to complain to a supervisory authority in Finland or the European Union country where you live or work or where you believe we have infringed your privacy rights.
If you have any requests, questions or comments regarding this Privacy Policy or any complaints about our adherence to it, please contact us at We adhere to applicable notification requirements and reporting obligations to supervising authorities and/or data subjects regarding violations of this Privacy Policy as required by law.
Every request is free of charge, and the Data Controller will respond as promptly as possible, in any case, within one month, providing the User with all the information required by law. Any corrections, deletions, or limitations to the processing will be communicated by the Data Controller to each of the recipients, if any, to whom the Personal Data have been transmitted, unless this proves impossible or involves a disproportionate effort.
We reserve the right to modify this Privacy Policy at any time and without prior notice. Any changes will be posted on our website. Please note that this Privacy Policy is not a contract and does not create any contractual rights, legal bindings, or obligations.
For further information visit also
For your utmost safety, we invite you to explore the following link to our partner, Shopify. Visit their website for additional information and to discover how their solutions can be applied effectively.


Boss Level Oy Limited, - Tampere - Käenkuja 8 C 34 b 00500




This policy (the Policy) must be followed whenever Personal Data are Processed for or on behalf of Boss level Oy.

The General Data Protection Regulation (EU) 2016/679 (GDPR) sets out specific requirements regarding the retention of Personal Data. In particular:

To the extent that the data records of Boss Level Oy (Data Records) contain Personal Data, Boss Level Oy must comply with applicable data protection laws, including (where relevant) the GDPR.

The GDPR requires Personal Data to be deleted or anonymized when they are no longer needed given the purposes for which they are held.

The purpose of this Policy is to ensure that:

Data Records are adequately protected and maintained.

Data Records containing Personal Data, which are no longer required are discarded at the appropriate time.

Boss Level Oy's data retention principles will help Boss Level Oy to ensure the exercise of individuals' data protection rights.

Capitalized terms not defined directly in this Policy have the meaning assigned to them in a document connected to this Policy in the form of the Data Protection Policy.


These are Boss Level Oy's guiding data retention principles:

Fairness: All Processing of Personal Data must be fair, proportionate, and compatible with the purposes for which the data were collected.

Necessity: Personal Data are deleted when no longer needed.

Security: Personal Data are protected by appropriate security measures.

It needs to be ensured that each principle set out at paragraph 2.1 above is followed whenever a Processing activity is envisaged or planned for or on behalf of Boss Level Oy.


Personal Data should only be retained for the period "necessary" to achieve our Processing purposes. This means that Personal Data must be deleted when we no longer need such data, for example where:

the Personal Data are incorrect.
the relevant contract has already been performed and possible claims are time- barred; or

an individual has withdrawn their consent to the Processing (i.e. if consent constitutes a basis for the Processing).

Boss Level Oy's legal unit should be consulted prior to deleting any Personal Data. Prior to deleting any Personal Data, Boss Level Oy's legal unit should establish whether the limitation periods for any related claims have elapsed, whether the run of the limitation period has been interrupted and whether any related claims have been brought up.

Legal or regulatory requirements might require Personal Data to be retained for a specified period. For example:

tax law.

labour law.

You must therefore consider for each Processing activity:

whether any legal or regulatory requirements specify a retention period for Personal Data to be Processed.

how long Boss Level Oy will need to retain Personal Data in relation to the proposed Processing activity; and

whether the duration of the proposed retention period is necessary for the purposes of the relevant Processing activity.

The retained data should be subject to periodic reviews every 6 months with an aim of identifying the data that should be deleted.


The purpose of the Retention Tracker is to help calculate appropriate retention periods at the outset of a new Processing activity.

Each member of personnel (including an employee and associate) of Boss Level Oy must ensure that that any new Processing activities are promptly notified to Boss Level Oy – i.e. to ensure that Boss Level Oy can update the Retention Tracker, where necessary.

Boss Level Oy is responsible for ensuring that the Retention Tracker is: (i) kept up- to-date; and (ii) reflect the categories of Personal Data Processed.

Inform the Data Protection Coordinator of the proposed retention period of the relevant Personal Data (a Retention Notice).

Promptly after the receipt of a Retention Notice, the Data Protection Coordinator will:

verify whether there are any relevant legal or regulatory requirements which will impact the proposed retention period set out in the Retention Notice; and

provide a confirmation, in writing or by e-mail, that the proposed retention period complies with this Policy (Confirmation).

Continual recording of: (i) Confirmations; and (ii) each retention period agreed for Boss Level Oy is important for record-keeping requirements.

The Data Protection Coordinator will ensure that each Confirmation is included in Boss Level Oy's repository confirming our retention periods (i.e. the Record of Processing – see paragraph 7 below). The Record of Processing will be maintained by the Data Protection Coordinator.


Regulators and individuals may request access to, or enabling the audit of, the Personal Data that Boss Level Oy Processes.

Boss Level Oy creates and stores Processed Personal Data in secure systems in accordance with auditable processes. Maintaining Boss Level Oy's Record of Processing will assist with this process. In particular, Boss Level Oy ensures that all Personal Data is kept secure (i.e. so as to avoid unauthorized access, alteration, destruction, deletion or tampering in any way for the approved retention period of relevant Personal Data).

It is necessary to ensure that the Processed Personal Data are capable of deletion, correction and portability (in response to an individual exercising their Personal Data protection rights). Boss Level Oy preserves the integrity of all Processed Personal Data. In particular, it ensures that:

Processed Personal Data are not manipulated or altered.

any corrections are explicable – Boss Level Oy is able to promptly track and justify changes.

Boss Level Oy, as soon as practicable, responds to requests from individuals, regulators and other competent authorities to provide information . Boss Level Oy ensures that third party service providers/vendors:

secure Personal Data that they Process on behalf of Boss Level Oy in accordance with all relevant legal and regulatory requirements; and

deliver any Personal Data that they Process on behalf of Boss Level Oy: (i) promptly and without unreasonable delay; and (ii) in any event, within 48 hours of Boss Level Oy's reasonable request.

When you are negotiating contracts with service providers where Personal Data will be Processed on Boss Level Oy's behalf, contact the Data Protection Coordinator for guidance on implementing and reflecting these requirements in the applicable contractual documentation.


Data Records must be destroyed responsibly and systematically.

If in doubt, the Confirmation should be obtained from the Data Protection Coordinator by contacting

No records that may be relevant in any current or expected litigation, dispute resolution, or regulatory inquiry may be destroyed under any circumstances without a prior Confirmation from the Data Protection Coordinator. If in any doubt as to the relevance of any record in relation to current or expected litigation, dispute resolution or regulatory inquiry, contact the Data Protection Coordinator.


Boss Level Oy maintains a detailed record of our Processing of Personal Data to comply with applicable laws (including data access obligations and security breach notification requirements) (the Record of Processing). The Record of Processing describes, among other things:

the location in which the Processed Personal Data are held/stored (e.g. paper files, third party servers, our servers, backup storage);

the purposes of the Processing;

the legal basis on which Boss Level Oy is processing the relevant data; and

retention periods.

The Data Protection Coordinator is responsible for maintaining the Record of Processing.

Each member of personnel (including employee and associate) of Boss Level Oy should contribute to updating and maintaining the Record of Processing.


This Policy has been drawn up in accordance with the requirements of the GDPR and the provisions of Finland law.

Where any local legal or regulatory requirements impose additional or more restrictive standards than this Policy, such jurisdictional specific policies shall take precedence.

Contact your Data Protection Coordinator if this Policy conflicts with local laws in any way.


Boss Level Oy takes its data retention obligations seriously. Boss Level Oy will, if required, report violations of this Policy and related provisions to relevant regulatory, governmental, and other competent authorities.

It is your responsibility to comply with this Policy. Failure to comply may leave you personally liable for civil or criminal penalties (including civil or criminal penalties and fines).

Breaches of this Policy are recorded and monitored. Failure to comply maybe considered during performance reviews for Boss Level Oy's employees, associates and service providers.