Bold-Win (“Bold-Win” “Company” or “we”) is committed to provide transparency regarding the security measures which it has implemented in order to secure and protect Personal Data (as defined under applicable law, including the EU General Data Protection Regulation (Regulation 2016/679) (“GDPR”)) processed by the Company for the purpose of providing its services. This information security policy (“Policy”) outlines the Company’s current security practices as of the “Last Updated” date indicated above. We will keep updating this Policy from time to time, as required by applicable laws and our internal policies. As part of our GDPR compliance process (available at: we have implemented, technical organizational monitoring protections, and established an extensive information and cyber security program, all with respect to data processed by us. We take best efforts to ensure our employees, contractors, as well clients, comply with this Policy. System Access Control Access to all data processing systems is solely via Company’s user authentication systems. Company uses simple authentication and block access in any case of failed attempts or inactivity. There is clear identification or which employees are entitled to access the data. In addition, remote access and wireless computing capabilities are restricted and require that both user and system safeguards are in place. The systems are also protected and solely authorized employees may access the systems by using a designated password. Data Access Control The access to the Personal Data is restricted to solely the employees that are required to receive access and is protected by passwords according to defined password stipulations and user names. Access to the Personal Data is secured by VPN and is highly managed by access control policies. The Company uses high level security measures to ensure that the Personal Data will not be accessed, modified, copied, used, transferred or deleted without specific authorization. The scope of authorizations is limited in each case to the absolute minimum necessary for performing tasks or functions (logistic, chronological, etc.) All transactions where Personal Data is read, inputted, changed and deleted are logged (user identifiers, transaction details) and archived. Physical Access Control The Company secures any physical access to facilities that contain Personal Data, such as the Company’s offices and server centers. The Company secures access to its offices and ensures that solely authorized persons have access. Company works exclusively with Google, as its main cloud storage to host the Company Personal Data (for additional information regarding Google’s Cloud Security see here). The Company’s servers are located in a protected facility in which the physical access is controlled by professional security staff. Further, the Company has entered in to applicable and binding processing agreements with each server service provider. The Company’s servers are protected by industry best standards of security systems and measures. The Company balances its approach towards physical security by considering elements of control that include architecture, operations, systems, performance, compatibility and interoperability. Organizational and Operational Security It is the responsibility of the individuals and personnel within the Company to comply with the Company’s practices and standards. The Company educates and provides ongoing training to its employees and service providers, consultants and contractors and raises awareness, risk and assessment with regards to any processing of Personal Data. Internal security testing is carried out on a regular basis. Further, the Company’s IT team ensures security of all hardware and software available within the Company, such as: install anti-malware software on computers to protect against malicious use and malicious software (additional controls may be implemented based on risk), virus detection on endpoints, email attachment scanning, system compliance scans, information handling options for the data exporter based on data type, network security, and system and application vulnerability scanning, use secured email transfer, etc. Transfer Control The goal of transfer control is to ensure that Personal Data cannot be read, copied, modified or removed by unauthorized parties during the electronic transmission of data or during their transport or storage in the applicable data center. Furthermore, any and all transfers of the data (either between the servers, from client side to server side and between Company’s designated partners) is secured (HTTPS) and encrypted. Data Retention Personal Data as well as raw data are deleted as soon as possible or as soon as legally required. Job Control Employees and data processors are all signed on applicable and binding agreements all of which include applicable data provisions and data security obligations. Further, as part of the employment process, employees undergo a screening process applicable per regional law. Employees are bound to follow the Company’s policies and procedures and violations shall result in disciplinary actions up to and including termination of employment. An employee will not gain access to the Personal Data until the Company has trust that the employee is well educated and responsible to handle the Personal Data, if needed, in a secure manner. In addition, the Company hold annual compliance training which include data security education. THE INFORMATION SECURITY, LEGAL, PRIVACY AND COMPLIANCE DEPARTMENTS WORK TO IDENTIFY REGIONAL LAWS, REGULATIONS APPLICABLE TO COMPANY’S COMPLIANCE. THEREFORE, THIS SECURITY POLICY MAY BE UPDATED FROM TIME TO TIME, ACCORDING TO ANY APPLICABLE LEGISLATION OR INTERNAL POLICIES. CHILDREN’S PRIVACY You represent and warrant that, (i) if you are located in the US, you are at least 13 years of age; or if you are located in any other GEO, you are above the age defined as “child” under applicable laws in your jurisdiction (collectively “Child” or “Children”); and (ii) you are of legal competence to enter into this Privacy Policy. If you are under 18, please be sure to read the terms of this Privacy Policy with your parents or legal guardians. The Services are not directed or intended for Children, as defined under applicable law, and we do not knowingly collect or solicit information from children. If we obtain actual knowledge that a User is considered as a Child under applicable law, we will take steps to immediately delete such User’s Personal Information. If you become aware or have any reason to believe that a Child has shared any information with us, please contact us at: DATA SECURITY AND INTEGRITY Your privacy is very important to Bold-Win and we are committed to protecting your Personal Information from unauthorized access, use or disclosure. We have implemented physical, technical and administrative security measures for the Services that comply with applicable laws and industry standards. For additional information regarding Bold-Win’s security measures please see: Bold-Win also protects your privacy by seeking to minimize the amount of data that we store on our servers in the first place. If you feel that your privacy was treated not in accordance with our policy, or if any person attempted to abuse Bold-Win please contact us at: directly. Further, in the event of a data breach, in which we discover your Personal Information is at risk, we will notify you and the applicable authority (if required subject to applicable laws). DATA RETENTION We retain the Non-Personal Information we collected for as long as needed to provide the Service and to comply with our legal obligations, resolve disputes and enforce our agreements. Bold-Win will retain data collected for online behavioral advertising for as long as commercially useful to carry out its business purpose, in accordance with applicable laws, or until an individual expresses an opt-out preference. Further, we retain the Personal Information, we collected for as long as legally permissible, in accordance with applicable laws. Bold-Win may rectify, replenish or remove incomplete or inaccurate information, at any time and at its sole discretion. TRANSFER OF DATA As a part of an international group, we may store or process your Personal Information in the United States or in other countries. If you are a resident of the European Economic Area (“EEA”) we will take appropriate measures to ensure that your personal data receives an adequate level of data protection upon its transfer outside of the EEA. If you are a resident of a jurisdiction where transfer of your personal data requires your consent, then your consent to this Privacy Policy includes your express consent for such transfer of your data. DO NOT TRACK DISCLOSURE The Service does not respond to Do Not Track signals. For more information about Do Not Track signals, please see DATA PROTECTION OFFICER If you have any requests regarding the data collected under this Policy, including without limitation, requests to remove, delete, amend, modify or transfer the data, please contact our Data Protection Officer at: Please be sure to include your name, address and email address in any correspondence to us so that we can respond to your inquiry in a timely manner. MODIFICATIONS AND UPDATES We reserve the right to periodically amend or revise this policy, at our sole discretion. The most recent version of the policy will always be posted on the site. If we do make any changes, the updated date at the top of the policy will be reflected in the “last revised” heading. If we make any material changes, that will substantially affect your use of the service or the data collection by us, we will provide you with applicable notifications or by means of a notice on this site. We encourage you to review the policy periodically to ensure that you understand how we collect, use and share information through the services. Any changes to the policy will become effective immediately upon the display of the revised policy. Your continued use of the digital assets or services following the display of such revised policy, constitutes your acknowledgement and consent of such amendments and your agreement to be bound by the terms therein.

Want To Hear More?

Contact Us