As part of our business, we may process information about you.
We attach great importance to respect your privacy, the security and the confidentiality of your personal data.
Therefore, we are committed to treating your personal data in compliance with UK and European regulations on the protection of personal data, namely: The Data Protection Act 2018 (DPA) and General Data Protection Regulation (GDPR) (hereafter referred to as “the Regulations”).
We invite you to read these documents carefully.
- Where do the personal data come from?
The personal data that we may deal with come from:
- Data that you provide when you use our services, when you:
- Use our website and/or mobile application (hereafter referred to as our “Site”);
- Communicate with us via phone, email, verbally or otherwise;
This includes, for example, data that you provide when you contact our company for the supply of products and/or services, data that you provide which is necessary for the production of products and/or services or data that we collect when you report a problem with our Site.
- Data related to your visit to our Site through tracking (such as cookies) and/or equivalent technologies;
These cookies and other trackers record and transmit information about the pages you visit, the time you spend on our site, the actions you perform there, etc.
- Data collected from other software systems;
This includes the data we receive from our partners when you use their services through our Site, for example, when you use the online payment service referred to in the terms and conditions (for this example, the terms and conditions for the online payment service are available from the payment setting page on the ‘Admin’ section of your booking system).
- Data that you provide when you use our services, when you:
- What information do we process?
We process all or part of the following data:
- Information about your identity (your title, surname, name, address, email address, date of birth, landline and/or mobile phone number, photography, personal description, etc.);
- Information about your company (company name / trade name and/or logo(s), company number, registered office address, employment held by you in this company, etc.);
- Information we receive when you make a purchase/order from us or in the settlement of other transactions with us (such as the purpose of the transaction, data relating to the type of payment used, telephone number(s) used to contact our customer service, etc.);
- Information related to your access of the Site:
- The URLs of pages visited;
- Your navigation to or from our website (including date and time of navigation);
- Page response times;
- Data related to your interaction with our Site (scrolling pages, clicks, cursor of your mouse etc.)
- Error messages;
- Technical information related to the device you are using, such as:
- The IP address of your device;
- Your login data;
- The type and version of the browser you are using (Safari, Chrome, Internet Explorer, etc.);
- The time zone set.
- Information on the advertisements that we issue to you, and if any, which have been issued by you, such as:
- The URL and/or purpose of the website and/or mobile application which you have visited and where the advertisement is likely to have been issued to you and, where appropriate, has been issued by you;
- The details of the advertisement that has been issued to you and, if applicable, has been issued by you;
- Your interaction with this advertisement (time spent on advertising, your potential clicks, etc.);
- Your actions after clicking on the advertisement (questionnaire response, product purchase(s), service subscription(s), etc.);
- The number of times you received the advertisement that we issued to you.
We do not handle sensitive data about you (on your religion, your political opinions, your health, your union membership, etc.).
- What is the purpose of our data processing?
We collect and/or process your personal data for the purpose of:
- Meeting our contractual obligations and providing you with the information, products and/or services that you request;
- Monitoring our commercial relationship, in particular by allowing you to reach our customer service;
- Managing unpaid bills and litigation;
- Sending you offers (via by email, postal mail, telephone, etc.) for products or services identical or similar to those which you bought and/or to which you are subscribed to on our Site;
- Notifying you of any changes to our service;
- Offering you personalised content, depending on your profile and the device you are using;
- Administering our Site and undertaking internal operations (for example, resolving anomalies, analysing data, conducting tests, research, analysing survey statistics, etc.);
- Allowing you to access and interact with our Site;
- Ensuring the safety, security and continued availability of our Site;
- Profiling from your data to send you relevant advertisements for products and services tailored to your needs;
- Evaluating the performance of our advertising campaigns;
- Gauging the audience of our Site, evaluating how our Site is used and improving its content;
- What is the legal basis for the processing of your data?
The processing of your data is based on our legitimate interest in running, improving and optimising our relationship.
It may also be based on the implementation of a contract (for example, the purchase of a product or the subscription to a service) or the implementation of pre-contractual requirements taken at your request (for example, a demonstration of a product or an operation).
However, in the following cases, the processing of your data is based on your express and specific consent (which will be collected through a checkbox for example, or a positive action on your part):
- The use of your data for marketing purposes (by email, SMS, MMS, automated calling machine, fax machine, etc.). However, email marketing will not require your consent if you are already one of our clients and the email we send to you relates to products or services similar to those we have provided to you in the past, or if we write to you as a professional;
- The use of your data passed on by certain types of cookies that require such consent.
As stated in Article 10 below, you can revoke this consent at any time.
For example, if you no longer want to receive marketing emails from us, you can let us know by following the steps outlined in Article 10 below, or by using the unsubscribe function provided in the emails that we send you (usually a clickable link to unsubscribe at the end of the message).
We will make sure to consider your application as soon as possible and to inform recipients of your data.
- Who handles your data?
We, bookingznow LIMITED, whose registered office address is 45a Cheadle Road, SK8 5EU (United Kingdom), are responsible for the handling and processing of your personal data.
The recipients of this data are:
- The authorised staff of the marketing department, sales department, customer service, administrative, logistics and/or IT department of our company, as well as their line managers;
- Authorised personnel of the departments responsible for the regulation of our company (auditors, departments responsible for internal control procedures, etc.);
- The authorised personnel of our business partners, our service providers, our subcontractors and any other person involved in the execution of the contract signed with you (for example, the online payment service provider, providers of data analysis, search engines allowing us to improve the visibility of our Site, etc.), on the specific condition that we ensure that these people present considerable guarantees on security and confidentiality of the personal data that we pass on;
- Public agencies, financial institutions and judicial officers, as required by law;
- Any entitled person, when we are obliged to disclose and/or share your personal data in order to fulfil our legal obligations, execute our Terms & Conditions or any other agreement, or to protect the rights, property, or safety of our company, our customers or third parties. This includes the exchange of information with third parties to prevent against fraud and reduce credit risk;
- Authorised staff of any affiliate of our company, such as parties interested in buying or selling assets of our company;
- Any third party that would acquire our company or a substantial part of its shares.
The use of personal data by third parties to our business (including through our online payment service provider) is governed by their own privacy policies. Please be assured we will not release your information to third parties to use for their own direct marketing purposes, unless you have requested us to do so.
- Where are your data processed?
Your data are processed mainly within the European Union.
However, when our relations with partners, our subcontractors or third parties (such as those who provide us with support services) involve cross-border exchanges of your personal data outside the European Union, we ensure that such transfers are made to countries with an adequate level of protection, or that they are supported by legal tools to ensure that such transfers comply with the European Union’s requirements on protection (such as the European Commission’s Standard Contractual Clauses, internal company policies and/or by the membership of the recipient entities of these data to the Privacy Shield, when located in the United States).
In any event, you agree to your personal data being processed under these conditions, outside the European Union.
- How are your data protected and stored?
Security is at the heart of our concerns.
We implement appropriate technical and organisational measures, including physical solutions, hardware and software, in order to preserve the security, integrity and confidentiality of your personal data and protect against unauthorised access, use, misuse, alteration, disclosure or destruction by unauthorised persons.
In addition, we require the recipients of the data to provide sufficient guarantees of security and confidentiality.
Furthermore, we encourage you to notify us of any security breach capable of generating a breach to your rights and freedoms, unless such communication is not necessary in cases referred to in Article 34 of the Regulations.
You are responsible for the confidentiality of the password you select and/or the password assigned to you to access certain features of the Site. You are not allowed to share the password with others.
- How long are your data kept by us?
Regarding data relating to the management of our customers and prospective customers:
The data relating to our customers will not be kept beyond the period strictly necessary for the management of the commercial relationship.
However, we may keep your data for analysis and statistics, for longer than the time required for the purpose of contract fulfilment, after having irreversibly anonymised this data.
Your data that are used for marketing purposes will be retained for a maximum period of three (3) years from the end of the business relationship (such as booking appointments, purchasing products and your last contact).
After this period of three (3) years, we are committed to destroying your personal data.
If you are one of our prospective customers, your data will be kept for a period of three (3) years from the date of collection or date of last contact from you (examples of such contact include everyday contact, contact to ask for documentation or clicking on a hyperlink contained in one of the emails that we sent you for marketing purposes).
At the end of this three (3) year period, we will contact you again to find out if you want to continue receiving commercial contact and/or marketing information from us.
In the absence of a positive response from you, we are committed to deleting or archiving your personal data.
In order to exercise your right to access or erase the storage and/or processing of your personal data, as referred to in Article 10 below, your identity must be confirmed by submitting an identity document (for example, a photo of the picture page of your passport). The data relating to your identity document will be kept for a period of one (1) year.
If you exercise your right to object under Article 10 below, the data concerned with the objection itself will be archived beyond a period of three (3) years.
Regarding the measurements of Site activity:
The information stored on your device (for example, through cookies), or any other item used to identify you and allow your traceability, will not be retained beyond thirteen (13) months.
New visits that you make to our Site will not extend the life of such information.
The raw data allowing us to know when you or other interested parties visit our Site will also not be kept beyond thirteen (13) months.
Beyond this time, your data will either be deleted or anonymised.
Regarding the data from your account on our site:
Your account will be considered inactive beyond two (2) years after your last use of this account. After this period, the data relating to your inactive account will be deleted, but not before you have been notified and have had the opportunity to oppose it.
In the event that we continue to process your data regardless of the closure of your account, you will have the opportunity to exercise the rights referred to in Article 10 below.
A “cookie” is a file sent by a website which is intended to collect and store information about your interaction with that particular website.
These cookies will be stored for a maximum of thirteen (13) months. They will then be deleted.
- What are your rights with regard to the processing of your data?
Under the Regulations, you have, with regard to the processing of your personal data, the right: of access, to rectification, to erasure, to restriction, to portability, and to object.
Right of Information and Access
You have the right to obtain from us confirmation as to whether or not your personal data are being processed, where it is, access to the personal data, and the following information:
- The purposes of processing;
- The categories of personal data concerned;
- The recipients, or categories of recipients, to whom the persona data have been, or will be disclosed, including recipients in third countries or international organisations;
- Where possible, the length of time that the personal data will be stored for, or the criteria used to determine that period;
- The existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing;
- The right to lodge a complaint with the supervisory authority;
- Where personal data are not collected from you, the information about the source (such as the identity of the source, for example, a company or public directory, or how we collected this data from the source, for example by using a search engine);
- The existence of automated decision-making, including profiling, the logic involved in such decision-making and any consequences for you; and
- Where personal data are transferred to a third country or international organisation, details of any safeguards in place.
Right to Rectification
As a data subject, you have the right to obtain from us, the data controller, without undue delay, the rectification of inaccurate personal data concerning you. Subject to the purposes for processing, you have the right to have incomplete data completed, including by means of providing a supplementary statement.
Right to Erasure (‘Right to be Forgotten’)
You have the right to obtain from us the erasure of personal data concerning you without undue delay and we are obliged to erase that data where one of the following grounds applies:
- The personal data are no longer necessary in relation to the purposes for which it was collected or processed;
- You withdraw the consent on which the processing is based and there is no other legal ground for processing;
- You object to the processing and there are no overriding legitimate grounds for processing;
- The personal data have been unlawfully processed;
- The personal data have to be erased for compliance with a legal obligation; or
- The personal data have been collected in relation to the offering of information society services under Article 8.1 of the Regulations.
Where we have made the personal data public and are obliged to erase the personal data, we, taking account of available technology and the cost of implementation, must take reasonable steps to inform data controllers processing the personal data that you have requested erasure. Personal data are not required to be erased where processing is necessary:
- For exercising the right of freedom of expression and information;
- For compliance with a legal obligation;
- For reasons of public interest in the area of public health Article 9.2(h) and (i) and Article 9.3 of the Regulations;
- For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, in accordance with Article 89.1 of the Regulations; or
- For the establishment, exercise or defence of legal claims.
Right to Restriction of Processing
You have the right to restrict our processing of your personal data where:
- The accuracy of the personal data is contested by you. Processing can be restricted until we have verified the accuracy of the personal data;
- The processing is unlawful but you oppose erasure and request restriction instead;
- We no longer need to process the personal data but the data are required by you for the establishment, exercise or defence of legal claims; or
- You have objected to processing pursuant to Article 21.1 of the Regulations, pending verification whether the legitimate grounds of ours override those of you own.
Right to Portability
You have the right to receive your personal data (where you have provided it to us), in a structured, commonly used and machine-readable format and to have the data transmitted to another data controller without hindrance, where:
- Processing is based on consent; and
- Processing is carried out by automated means.
This right is dependent on the transfer between the us and you being technically feasible.
The right will not apply to processing necessary for the performance of a task carried out in the public interest, or in the exercise of official authority vested in us.
This right cannot be exercised if it will adversely affect the rights and freedoms of others.
Right to Object
You have the right to object (on grounds relating to your situation) at any time to the processing of your personal data which is based on:
- The necessity for the performance of a task carried out in the public interest, or in exercise of official authority vested in us, as described in Article 6.1.e of the Regulations; or
- The necessity for the purposes of legitimate interests pursued by us or other third parties, except where this overrides your interests and fundamental freedoms, as described in Article 6.1.f of the Regulations.
We will have to stop processing the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the establishment, exercise or defence of legal claims.
If personal data are processed for direct marketing purposes, you can object at any time to such processing, including profiling that is related to direct marketing. Where you do object, the personal data can no longer be processed for these purposes.
Automated Processing and Profiling
You have the right to not be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or significantly affects you. This right will not apply if the decision:
- Is necessary for entering into, or the performance of, a contract between you and us;
- Is authorised by Union or Member State law; or
- Is based on your explicit consent.
We must implement suitable measures to safeguard your rights, freedoms and legitimate interests, or at least the right to obtain human intervention and contest the decision.
In addition, you have the right to provide us with guidelines that define how you want your personal data to be processed after your death (by indicating for example if you want them to be stored, deleted, or sent to a designated third party).
Finally, you can, if necessary, ask for the deletion of your personal data that has been collected when you were a minor.
To exercise these rights you will need to send us your request by email to the following email address: firstname.lastname@example.org.
To access your request, we will need to know your identity. We will therefore require a photocopy of one of your identity documents (such as a passport) with your signature. We will retain this copy for the time required to process your request (subject to periods specifically mentioned in section 8 above).
You will also need to provide us with at least one correspondence address, which the reply should be sent to.
Your application does not need to be justified, except in cases where you are exercising your right to object. In cases where you exercise your right to object, you must provide proof of the existence of a legitimate reason, except in the case where your data are processed for marketing purposes, including commercial.
If you have any questions, please contact us by one of the following means:
- By email to: email@example.com;
- By mail to: bookingznow LIMITED, 45a Cheadle Road, SK8 5EU.