Privacy Policy

This Privacy Policy describes how Boise Bucket List (“we”, “us”) collects, uses, stores, and shares personal data when you use boisebucketlist.com and related pages (the “Site”). It should be read together with our Cookie Policy and Terms of Service. By using the Site you acknowledge this Policy. If you do not agree, please discontinue use.

Data controller

The data controller responsible for personal data processed in connection with the Site is Boise Bucket List. For privacy enquiries, contact info@boisebucketlist.com. We will respond within a reasonable period and in line with applicable law, typically within one month for requests under the UK GDPR where that law applies.

What personal data we collect

Depending on how you use the Site, we may process: (a) technical and usage data such as IP address, approximate location derived from IP, browser type and version, operating system, device type, screen resolution, referring URL, pages viewed, time on page, click paths, and diagnostic events; (b) cookie and similar identifier data as described in our Cookie Policy; (c) communications data if you email us, including your email address, name if provided, message content, and attachments; (d) records of consent or marketing preferences where you have supplied them; and (e) security-related logs such as failed requests or suspected abuse patterns. We do not intentionally collect special category data (such as health data) through the Site.

Purposes and legal bases

Where the UK GDPR applies, we rely on the following bases as appropriate: Legitimate interests in operating, securing, and improving the Site, measuring aggregated audience, preventing fraud, enforcing our terms, and defending legal claims, balanced against your rights; Consent for non-essential cookies and similar technologies where required by law; Contract where processing is necessary to respond to a request you make that forms or will form a contract with us; and Legal obligation where we must retain or disclose information to comply with law or regulatory requests. Where we rely on legitimate interests, you may object as described below where the law allows.

Cookies and similar technologies

We use cookies, local storage, session storage, or pixels as set out in the Cookie Policy. Essential technologies support core functions such as load balancing, security, and remembering your cookie choice. Non-essential technologies, if any, are activated only after consent where required. You can change browser settings to block cookies, though some features may not work.

Affiliate and outbound links

When you click links to third-party operators or networks, those parties may collect personal data under their own policies. We may receive aggregated reporting from partners (for example, confirmation that a referral occurred) but we do not control their processing. Always review the destination site’s privacy notice before providing personal data.

Recipients and processors

We use service providers to host the Site, deliver content, monitor performance, detect abuse, and manage email. They process data on documented instructions and are contractually required to implement appropriate security. We do not sell personal data in the conventional sense of selling lists of individuals to data brokers. We may disclose information if required by law, court order, or governmental authority, or to protect the rights, property, or safety of users, the public, or us.

International transfers

Our hosting or analytics providers may be located outside the United Kingdom or European Economic Area. Where we transfer personal data to countries not deemed adequate by the UK government, we use appropriate safeguards such as the UK International Data Transfer Agreement or Addendum, or equivalent mechanisms required at the time of transfer.

Retention

We retain personal data only as long as necessary for the purposes collected, including satisfying legal, accounting, or reporting requirements. Server logs are typically retained for a limited rolling period unless extended for security investigations. Email correspondence is retained while the thread remains open and for a reasonable archive period thereafter unless you request deletion and we have no overriding obligation to retain.

Security

We implement technical and organisational measures appropriate to the risk, including access controls, encryption in transit where supported, patching, and monitoring. No method of transmission over the Internet is completely secure; we cannot guarantee absolute security.

Your rights

Subject to conditions in applicable law, you may have the right to: access your personal data; rectify inaccurate data; erase data in certain circumstances; restrict processing; object to processing based on legitimate interests or for direct marketing; data portability where processing is based on consent or contract and is automated; and withdraw consent where processing is consent-based without affecting prior lawful processing. You may lodge a complaint with the Information Commissioner’s Office (ICO) in the UK or your local supervisory authority. To exercise rights, contact info@boisebucketlist.com. We may need to verify your identity before fulfilling certain requests.

Children

The Site is not directed at individuals under 18. We do not knowingly collect personal data from children. If you believe we have collected such data, contact us and we will take steps to delete it promptly where required by law.

Automated decision-making

We do not use personal data for solely automated decisions that produce legal or similarly significant effects concerning you.

Changes to this Policy

We may update this Privacy Policy to reflect operational, legal, or regulatory changes. The revised version will be posted on this page. Where changes are material, we will take additional steps where required, such as updating the cookie banner or providing a notice on the Site.