Privacy Policy - Boxcore
Book a Demo
Login

Boxcore Privacy Policy

Last Updated July 23, 2024 Protecting your privacy is fundamental to the way Scopeasy Construction Software Limited, doing business as Boxcore (“Boxcore”, “we”, “us”, or “our”), conducts business. This Privacy Policy explains how we may collect, use, and disclose your personal data when you access and use our online products and services that link to this Privacy Policy (including, our website, www.boxcore.com), (the “Site”), our marketing activities, our live events, and other activities described in this Privacy Policy) (collectively, the “Online Services”). This Privacy Policy does not apply to your use of third-party sites linked to this website.  This Privacy Policy may change from time to time. We will make note of the changes on our website and your continued access to the Online Services is deemed to be your acceptance of those changes, so we encourage you to check back periodically for updates. You can jump to particular topics by going to the headings below:

What is Personal Data?

The term “personal data” in this Privacy Policy refers to any data or information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to a particular identifiable natural person or household, or any other data or information that constitutes “personal data”, “personal information,” or “personally identifiable information.” An identifiable natural person, or “Data Subject,” is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person, to include training records and qualifications.

Personal Data Collected from You

Boxcore is a data processor of the personal data collected in connection with your use of our Online Services. We collect the following data in the course of providing you these services: 
Context Types of Data Primary Purpose for Collection and Use of Data
Client Data We collect the names, usernames, and contact data of our clients and their employees with whom we may interact.   We are executing on a contractual obligation in contacting our clients and communicating with them concerning normal business administration such as billing, registration, and our services.
Client and User Account Data We collect personal data from our clients and users of our Online Services when they create an account to access and use the Online Services. This data could include business contact data such as name, email address, title, company information, and password for the Online Services. We are executing on a contractual obligation by providing account-related functionalities to our users, monitoring account log-ins, and detecting potential fraudulent logins or account misuse. 
User Training and Certification Data We collect training records of users through our Online Services, which allows clients to keep updated records on file. This typically includes specific training records such as manual handling training or OSHA training. Certain training may sometimes include a user’s driver license information, to include data such as name, date of birth, address, license number, identified gender, identified ethnicity or race, veteran or disability status, physical descriptors, and photograph. We are executing on a contractual obligation by providing account-related functionalities to our users and clients, which allows for them to upload and keep important documents, training records, and qualifications on file.
Safety and Insurance Data We collect our client’s safety documents they provide through our Online Services, such as their equipment inspection records and insurance certificates. We are executing on a contractual obligation in providing account-related functionalities to our clients, which allows for them to upload and keep these records and certificates on file.
Cookies and First-Party tracking We use cookies and clear GIFs. “Cookies” are small pieces of data that a website sends to a computer’s hard drive while a website is viewed.  We have a legitimate interest in making our website operate efficiently and improving our marketing efforts and Online Services.
Cookies and Third-Party Tracking We participate in behavior-based advertising and the gathering of analytics. This means that a third- party uses technology (e.g., a cookie) to collect data about your use of our website so that they can provide us with website and user analytics, as well as for the purposes of advertising products and services tailored to your interests on our website, or on other websites. Specifically, we use Intercom and Google Analytics on our Site and Web App. We have a legitimate interest in engaging in behavior-based advertising and capturing website analytics in improving our marketing efforts. You can find out more about how Intercom and Google use data from our Site and Web App by reviewing their respective privacy policies at www.google.com/policies/privacy/partners/ and https://www.intercom.com/legal/product-privacy-notice.
Email Interconnectivity If you receive an email from us, we may use certain tools to capture data related to when you open our message, click on any links or banners it contains and make purchases. We have a legitimate interest in understanding how you interact with our communications to you.
Employment If you apply for a job posting or become an employee, we collect the data necessary to process your application or to retain you as an employee. This may include, among other things, your Social Security Number or Personal Public Service Number. Providing this data is required for employment. We use data about current employees to fulfil our contract of employment or the anticipation of a contract of employment with you. In some contexts, we are also required by law to collect data about our employees. We are executing on a contractual obligation in using your data to have efficient staffing and workforce operations.
Feedback and Support We collect personal data from you contained in any inquiry you submit to us regarding the Online Services, such as completing our online forms, calling, or emailing for the purposes of general inquiries, support requests, or to report an issue. When you communicate with us over the phone, your calls may be recorded and analyzed for training, quality control and for sales and marketing purposes. During such calls, we will notify you of the recording via either voice prompt or script. We have a legitimate interest in receiving and acting upon, your feedback, issues, or inquiries.
Mailing List and Demo Requests When you sign up for one of our mailing lists, we collect your email address or postal address. Additionally, when you book a demo through one our blog post pages, we collect your contact data. We share information about our Online Services with individuals that consent to receive such data. 
Order Placement  We collect your name, billing address, e-mail address, phone number, and use a third-party PCI compliant service to process your payment card number when you place an order. Specifically, we use Stripe and Gocardless for payment processing and XERO for invoices. We use your data to perform our contract to provide you with Online Services. For questions about how these third parties process your data, please refer to their respective Privacy Policies: https://stripe.com/privacy, https://www.xero.com/us/legal/privacy/, and https://gocardless.com/privacy/payers/.
Payment Data We collect payment and billing information when you register for certain paid Online Services, such as our Web App.  For example, we ask you to designate a billing representative, including name and contact data, upon registration.  You might also provide payment information, such as payment card details, which we collect via secure payment processing services. We are executing on a contractual obligation in obtaining payments for certain Online Services.
Promotions Promotions, incentives, or giveaways may be made available by us or third parties from time to time. You do not have to participate in these, however, if you choose to participate, you may be asked to disclose some personal data. Additionally, at the time of entering the promotion, we will disclose in the promotion’s materials specific terms and conditions regarding how your personal data will be used. Please do not participate in any promotion if you do not agree to such usage. We obtain consent to share data about our Online Services and providing incentives to our customers.
Surveys When you participate in a survey, we collect data that you provide through the survey. If the survey is provided by a third-party service provider, the third-party’s privacy policy applies to the collection, use, and disclosure of your data. We obtain consent for any surveys and use them to gain an understanding of your opinions and collecting data relevant to our organization.
Website Interactions We use technology to monitor how you interact with our Online Services. This may include which links you click on, or information that you type into our online forms. This may also include data about your device or browser. We have a legitimate interest in understanding how you interact with our Online Services to better improve them, and to understand your preferences and interests in order to select offerings that you might find most useful. We also have a legitimate interest in detecting and preventing fraud.
Social Media When an individual interacts with our Services through various social media networks, such as when someone follows us or shares our content on LinkedIn or other social networks, we may receive some data about individuals that they permit the social network to share with third parties. The data we receive is dependent upon an individual’s privacy settings with the social network, and may include your profile information, profile picture, gender, username, user ID associated with your social media account, age range, language, country, and any other data you permit the social network to share with third parties.  We use this data to update and maintain the page to provide you with content and features of our Services, as well as to improve our product outreach. Individuals should always review and, if necessary, adjust their privacy settings on third-party websites and social media networks and services before sharing data and/or linking or connecting them to other services. We have a legitimate interest and/or may obtain your consent to collect this information.
Web Logs We collect data, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the Internet is used), domain name, click-activity, referring website, and/or a date/time stamp for visitors. We have a legitimate interest in monitoring our networks and visitors to our Online Services. Among other things, it helps us understand which of our Online Services is the most popular.
In addition to the data that we collect from you directly, we may also receive information about you from other sources, including third parties, business partners, our affiliates, or publicly available sources. For example, if you submit a job application, or become an employee, we may conduct a background check.  Boxcore as a data controller of the personal information, has committed to comply with: 
  • The General Data Protection Regulation (EU) 2016/679 (hereinafter, the “GDPR”); 
  • The General Data Protection Regulation as it forms part of the law of England and Wales, Scotland, and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (hereinafter the “UK GDPR”) and the UK Data Protection Act 2018 (amended 2020) (hereinafter the “Data Protection Act”); 
  • The Swiss revised Federal Act on Data Protection 2020 (the “FADP”) and, where applicable, complemented by the revised Swiss Ordinance on Data Protection 2022 (the “FODP”);
  • The laws enacted in the various United States applicable to individual privacy and breach notification, as applicable; and
  • All other applicable regulations regarding data privacy within the jurisdictions it operates.
Collectively referred to as “Data Protection Laws.” If you are located in:
  •  the European Economic Area, UK, or Switzerland, please also see the Supplemental European Privacy Statement below
  •  One of the United States with legislation protecting individual privacy, please also see the Your Choices below

How We Use Personal Data

We use the personal data which you provide to us to perform our Online Services as outlined in this Privacy Policy.  When you are our prospective or current business client of our Web App, we use personal data about you and your employees to: 
  • deliver the Site and Web App;
  • carry out “Know Your Client” checks and screenings prior to starting a new engagement;
  • carry out client communications, services, billing, and administration;
  • configure our Online Services and your dashboard access, and other professional services that you may request; 
  • secure client feedback;
  • deal with client complaints and requests;
  • create marketing materials such as white papers, case studies, and social media content; or
  • contacting and marketing to our clients.
We also process personal data about our clients/prospective clients and employees of our clients/prospective clients to:
  • contact our prospects and clients in relation to current, future, and proposed engagements;
  • send our prospects and clients newsletters, know-how, promotional material, and other marketing communications; or  
  • invite our prospects and clients to events (and arrange and administer those events).
When you are a visitor to our Site, our Web App, attend our live events, or request marketing information, we may use your personal data to:
  • monitor the performance of our Site and Web App, analyze trends, usage, and activities in connection with our Site;  
  • deliver targeted advertising where permitted by applicable law; or 
  • respond to your requests, deliver information (including marketing information) to you based on your needs and interest.
Although the sections above describe our primary purpose in collecting your data, in many situations we have more than one purpose. For example, if you sign up for our Web App, we may collect your data to complete that transaction, but we also collect your data as we have a legitimate interest in maintaining your information after your transaction is complete so that we can quickly and easily respond to any questions about the Online Services.  If we wish to use your personal data for a purpose which is not compatible with the purpose for which it was collected for, we will request your consent, unless there is an exception which applies under applicable law, such as those listed in the section below. In all cases, we balance our legal use of your personal data with your interests, rights, and freedoms in accordance with applicable laws and regulations.

Disclosure of Personal Data

In addition to the specific situations discussed elsewhere in this Privacy Policy, we may disclose personal data we collect from you: (1) if we believe disclosure is necessary or appropriate to protect the rights, property or safety of us, our clients or others (2) to our authorized service providers such as our contractors and other third parties we use to support our business; (3) to fulfill the purpose for which you provide it; (4) to a buyer or other successor in the event of a sale, merger, reorganization or transfer of some or all of our business or assets; (5) for any other purpose disclosed by us when you provide the data; (6) to comply with any court order, law or legal process, including responding to any government or regulatory request; (7) to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections; or (8) with your consent. We do not sell your personal data or otherwise share personal data with third parties for direct marketing purposes.

Your Choices

You can make the following choices regarding your personal information:
  • Right to Access Your Personal Information. You may request access to your personal data by contacting us at the address described below. If required by law, upon request, we will grant you reasonable access to the personal data that we have about you. 
  • Right to Data Portability. You may have the right to obtain a copy of the personal data that you previously provided.  We will provide this information in a portable format, to the extent technically feasible, readily usable format that allows you to transmit your personal data to another controller without hindrance, where the processing is carried out by automated means. Note that California residents may be entitled to ask us for a notice describing what categories of personal data (if any) we share with third parties or affiliates for direct marketing.
  • Right to make Changes to Your Personal Information. We rely on you to update and correct your personal information. Most of our websites allow you to modify or delete your account profile. If our website does not permit you to update or correct certain information, you contact us at the address described below in order to request that your information be modified. Note that we may keep historical information in our backup files as permitted by law.
  • Right to Deletion of Your Personal Information. Typically, we retain your personal data for the period necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. You may, however, request information about how long we keep a specific type of information, or request that we delete your personal data by contacting us at the address described below. If required by law we will grant a request to delete information, but you should note that in many situations we must keep your personal data to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes.
  • Right to Object to Certain Processing. You may object to our use or disclosure of your personal data by contacting us at the address described below.
  • Online Tracking. We do not currently recognize automated browser signals regarding tracking mechanisms, which may include “Do Not Track” instructions.
  • Promotional Emails. You may choose to provide us with your email address for the purpose of allowing us to send free newsletters, surveys, offers, and other promotional materials to you, as well as targeted offers from third parties. You can stop receiving promotional emails by following the unsubscribe instructions in the e-mails that you receive. If you decide not to receive promotional emails, we may still send you service-related communications.
  • Promotional Text Messages. If you receive a text message from us that contains promotional information you can opt-out of receiving future text messages by replying “STOP.”
  • Revocation Of Consent. If you revoke your consent for the processing of personal data, then we may no longer be able to provide you services. In some cases, we may limit or deny your request to revoke consent if the law permits or requires us to do so, or if we are unable to adequately verify your identity. You may revoke consent to processing (where such processing is based upon consent) by contacting us at the address described below.
Please address written requests and questions about your rights to info@boxcore.com. Note that, as required by law, we will require you to prove your identity.  We may verify your identity by phone call or email. Depending on your request, we will ask for information such as your name or other account information. We may also ask you to provide a signed declaration confirming your identity. Following a request, we will use reasonable efforts to supply, correct or delete personal data about you in our files. In some circumstances, you may designate an authorized agent to submit requests to exercise certain privacy rights on your behalf.  We will require verification that you provided the authorized agent permission to make a request on your behalf.  You must provide us with a copy of the signed permission you have given to the authorized agent to submit the request on your behalf and verify your own identity directly with us.  If you are an authorized agent submitting a request on behalf of an individual, you must attach a copy of the following information to the request:
  • A completed notarized statement executed by you and the consumer indicating that you have the authorization to act on the consumer’s behalf.

Data Security

We have implemented measures designed to secure your personal data from accidental loss and from unauthorized access and disclosure. The Boxcore platform is hosted on Amazon Web Services’ (AWS) Cloud Infrastructure located in secure facilities in Ireland, which comply with international best practice security certifications. We also maintain physical, electronic, and procedural safeguards to limit access to your nonpublic personal data. For more information about our security practices and certifications, please visit our Trust Center which is available at https://trust.boxcore.com/  The use of, and access to, your personal data by us is restricted to only authorized individuals who need to know that information to provide services to you, and who have received training about the importance of protecting personal data. Our service providers and business partners are also contractually bound to maintain the confidentiality of personal data and may not use the data for any unauthorized purposes. Unfortunately, no method of transmission of data via the internet or electronic storage is completely secure.  Although we take reasonable efforts to protect your personal data, we cannot guarantee the security of your personal data transmitted to us through our website or other electronic means. Any electronic transmission of personal data is at your own risk. In the event that we are required by law to inform you of a breach of your personal data we may notify you electronically, in writing, or by telephone, if permitted to do so by law. 

How we Retain Your Personal Data

Typically, personal data collected by Boxcore will be kept for as long as the user’s account remains active or until the user deletes the data. The precise periods for which we keep your personal data vary depending on the nature of the data and why we need it. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use and/or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means. Additionally, Boxcore and our clients may be required to retain personal data provided by you to comply with applicable laws and regulations, or to handle any claims or disputes that may arise in connection with your employment.  Boxcore may also anonymize your personal data (so that it can no longer be associated with you) for research, statistical or other business purposes. We may use this aggregated, anonymized, or de-personalized data indefinitely. We may retain personal data for a commercially reasonable time for backup, archival, audit purposes, and/or to comply with legal obligations, resolve disputes and enforce agreements. You can request further details of retention periods for different aspects of your personal data by contacting us at support@boxcore.com.

Other Important Information

  • Third-Party Providers. Some applications and services may be embedded within our Site or Web App, or linked from our Site or Web App. These third parties may use cookies, alone or in conjunction with other tracking technologies, to collect data about you when you use our Site or Web App or navigate away from our Site or Web App. These third parties may also have privacy policies that differ from ours. For example, they may collect personal data about your online activities over time and across different websites, and other online services, and may use this information to provide you with interest-based (behavioral) advertising or other targeted content. We do not control these third-parties or their privacy practices, and this Privacy Policy does not apply to any third-party website or service you may access through our website. If you have any questions about a third-party provider’s privacy policies or advertising, you should contact the responsible provider directly.
  • Non-Personal Data. This Privacy Policy does not restrict our collection, use or disclosure of any aggregated data or information that does not identify, or cannot be reasonably linked to, any individual.
  • Accessibility.  If you have a disability and require an alternative format to this Privacy Policy, please email us at: info@boxcore.com so that we may provide you with a more suitable format.

GDPR Transparency Statement

If you are dissatisfied with Boxcore’s transparency regarding data protection and data privacy, you have the right to contact the Data Protection Authority in the Member State of the European Union of your habitual residence, place of work or place of the alleged infringement, or with the Information Commissioner’s Office for UK residents if you consider that your personal data is not processed in accordance with the GDPR/UK GDPR. Please see the appropriate list and contact information below: EU Data Protection Authorities https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm UK Information Commissioner’s Office (ICO) https://ico.org.uk/make-a-complaint/  Data Protection and Information Commissioner (FDPIC) https://www.edoeb.admin.ch/edoeb/en/home.html  If you are a Swiss Data Subject: As per the Swiss Civil Code and the FADP, you may lodge a civil claim in case of personality rights’ infringements, in particular, regarding the exercise of your rights of access, rectification, and object but also regarding infringements related to data privacy principles.

Children’s Policy

Because we care about the safety and privacy of children online, we do not knowingly contact or collect personal data from children under 186. Our Site is not intended to solicit information of any kind from children under 16. It is possible that by fraud or deception we may receive data pertaining to children under 16. If we are notified of this, as soon as we verify the information, we will immediately obtain parental consent or otherwise delete the data from our servers. If you want to notify us of our receipt of data by children under 16, please do so by emailing us at info@boxcore.com.

Changes to Our Privacy Policy

We will post any changes we make to this Privacy Notice on our website. If we make material changes to how we treat personal data we collect from you, we may notify you by email or through a notice on our website homepage, but any changes are effective when posted online and are deemed accepted by you when you continue to use or access the Site, WebApp or the Online Services. The date this Privacy Policy was last revised is identified above. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting this Privacy Policy on our website to check for any changes.

Contact Information

If you have questions or comments about this Privacy Policy, please email us at info@boxcore.com or contact us by mail by providing a written request to Boxcore at 26 / 27 Upper Pembroke Street, Dublin 2, D02 X361, Ireland. Effective Date: July 23, 2024

Supplemental European Privacy Rights Statement

If you are a resident of the European Economic Area, we rely on our legitimate interest, contractual relationship, and you consent as described in this Privacy Policy to process your personal information. Additionally, subject to any exemptions as provided by law, you may have certain rights regarding the personal information we maintain about you. We offer you certain choices about what personal information we collect from you, how we use that information, and how we communicate with you. If at any time you wish to exercise your rights, please reach out to us in accordance with the “Contact Us” section below. According to the GDPR, UK GDPR, and FADP, you have the following rights:
  • Right of Access. If you ask us, we will confirm whether we are processing your personal information and, if so, provide you with a copy of that personal information along with certain other details. If you require additional copies, we may charge a reasonable fee.
  • Right to Rectification. If your personal information is inaccurate or incomplete, you may be entitled to ask that we correct or complete it.
  • Right to Erasure. You may ask us to erase your personal information in some circumstances, such as where we no longer need it, or you withdraw your consent (where applicable) and where there is no other legal basis for processing.
  • Right to Restrict Processing. You may ask us to restrict or ‘block’ the processing of your personal information in certain circumstances, such as if you contest its accuracy or object to us processing it.
  • Right to Data Portability. You may have the right to obtain your personal information from us that you consented to give us or that was provided to us as necessary in connection with our contract with you, and if the processing is carried out by automated means.
  • Right to Object. You may ask us at any time to stop processing your personal information, and we will do so: (a) if we are relying on a legitimate interest to process your personal information, unless we demonstrate compelling legitimate grounds for the processing or your data is needed to establish, exercise, or defend legal claims; or (b) we are processing your personal information for direct marketing and, in such case, we may keep minimum information about you (for example, in a suppression list) as necessary for our and your legitimate interest to ensure your opt out choices are respected in the future and to comply with data protection laws.
  • Right to Withdraw Consent. If we rely on your consent to process your personal information, you may have the right to withdraw that consent at any time, but this will not affect any processing of your data that has already taken place.
  • Right to lodge a Complaint. If you have a concern about our privacy practices, including the way we handled your personal information, you can report it to the data protection authority that is authorized to hear those concerns.
Please note that the above rights are not absolute, and we may be entitled to refuse requests, wholly or partly, where exceptions under applicable law apply. We will not discriminate against you for exercising such rights.  Except as described in this Policy or provided for under applicable privacy laws, there is no charge to exercise your legal rights. However, if your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may charge a reasonable fee taking in account the administrative costs of providing the information or taking the action requested; or refuse to act on the request and notify you of the reason for refusing the request.
Hexagonal logo with a blue gradient shape inside, above the word "BOXCORE" in bold uppercase white letters.
Ireland Office
  • 27 Upper Pembroke Street, Dublin 2, D02 X361.
Contact:
London Office
  • 3rd Floor, 86-90 Paul Street, London EC2A 4NE.
Contact:
USA Office
  • 228 Park Ave S, New York, NY 10003-1502 United States.
Contact:
Linkedin
© 2025 Boxcore. All rights reserved.