Overview of our Privacy Policy v2

Our approach to your privacy

When you use the SimplyBook.me Ltd website and our services, you trust us with your personal data. It is true that we process a lot of different data, and therefore our commitment to safeguard your trust on us is our goal. In order to understand how we achieve this, please read this document carefully as we explain our privacy practices.

By reading our Privacy Policy, you will understand how we collect, use, sometimes share your personal data and what you can do about it, always with the purpose of providing you with our optimal service.

Please read this document together with our Data Processing Agreement overview and signed version here.

  • 01

    What personal data we collect?

    • Data you give us upon registration and while using our system such as your name, email, address and etc.;

    • Data created when you use our services such as your IP address, browser type and other.

  • 02

    How do we use your personal data?

    • In order to provide you with outstanding services;

    • Make our website better and more efficient;

    • Allow you to interact where possible;

    • Provide you with support when needed;

    • For research and development.

  • 03

    With whom we share your personal data?

    • Our service providers when needed

    • With other people (contractors and consultants) and companies (insurance and payment systems) we collaborate, see section Sharing of Your Personal Data, below.

    See our DPA for more.

  • 04

    Where is your personal data stored?

    We are a company based in Cyprus and store your personal data worldwide, depending on the location of your business. For EU based businesses though your data including backups is stored in the EU, it may be transferred outside the EU.

  • 05

    What are your rights as a data subject?

    • Ask for a copy of your personal data request that we amend something included in your personal data, because it is wrong;

    • Request that we delete your personal data in part or in full;

    • Restrict us to or request to us to stop in full, the processing of your personal data;

    • Request that we provide your personal data to another company;

    • Take back the consent you gave us to process your personal data.

Datenschutzerklärung von SimplyBook.me LTD

I. Einführung

This is the Privacy Policy of SimplyBook.me Ltd which explains how we comply with the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) and other national and international applicable laws and regulations in all our business operations.

We have implemented appropriate measures and records demonstrating compliance with the GDPR and can therefore take responsibility for the processing of your personal data. Respecting the principles of GDPR (lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality (security) and accountability) is the key objective in all our business operations involving processing of personal data.

II. Our Information

We are SimplyBook.me Ltd and provide an appointment booking solution including a wide range of features such as promotion and marketing system, sales system and client contact system (the “Services”). You may check our Terms and Conditions, containing more details of our services and our legal obligations, together with our Data Processing Agreement overview and signed version here.

In order to comply with the requirements of the GDPR, we must inform you that we are the “data controller”, making decisions about your personal data, when you visit our official website: www.simplybook.me and other sub-websites operated by us in accordance with our Website Terms and Conditions which you accept.

For this document and all privacy and personal data protection purpose, our information and contact details is as below:

III. Information We Collect About You

When you visit our website and wish to use our services, as per our Terms and Conditions, we will need to collect various information about you. In this part of the document, we explain the categories and where necessary the source of specific personal data we process. For the processing, we also clarify why we need to collect and use our personal data as well as the legal basis for our actions.


Data includes information related to the use of this website and the system we offer: company information, IP address, geographical location, browser type and version, operating system, referred source, length of visit, and page views and website navigation paths, as well as information about the timing, frequency and pattern of your system use.

  • Quelle:

    Analytics tracking system such as Google Analytics and similar.

  • Zweck:

    Understand which sub websites cater to you and give you more information on it, improve our services and offer you usage suggestions that might suit your needs.

  • Legal Basis:

    Legitimate interests ➝ monitoring and improving our website, system, client service and system services.

Account Data

This is the information you give us when you register for an account, create or modify your profile, set preferences, sign-up for or make purchases through the System: name, contact email address, profile photo, bio, other details to your profile information to be displayed on your Service provider profile or on your Company profile with our system so that your clients can book services with you.

Please note that we need to keep track of your preferences when selecting specific settings.

  • Quelle:

    You, your employer or the user who sets up the system for his personal or company purposes.

  • Zweck:

    Operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and used for communicating with you.

  • Legal Basis:

    Legitimate interests & contractual obligations ➝ provide you with our system services so that you can display your information and sell services and products.

User's clients data

This is the information entered into the system from the clients of the User when they use the software to make a booking, such as name, surname, email address etc.

  • Quelle:

    You, your employer or the user who sets up the system for his personal or company purposes.

  • Zweck:

    Operating the system so that your clients can effectively book appointments online with their chosen service providers.

  • Legal Basis:

    Legitimate interests & contractual obligations ➝ enable proper operation of the system and services.

Service provider's data

When you include personal data of your service providers in your account: name, address, telephone number, email address, profile pictures, and other details that are added to the service provider's profile.

This specific information will be available on the user’s booking site, supplied by us, on a widget that may be inserted into users own website, on users social media profiles, on our directory sites where all system users are displayed, unless they specifically opt out of being displayed there.

  • Quelle:

    The data subject and data controller

  • Zweck:

    Make a booking and use the services offered by the User.

  • Legal Basis:

    legitimate interests & contractual obligations ➝ enable proper operation of the system and services.

Öffentliche Daten

Informationen, welche Sie für Ihre buchbaren Leistungen, Verkaufsprodukte, Promotion-Aktionen oder als Unternehmensinformation angeben

Sie bestätigen, dass Sie damit einverstanden sind, dass die personenbezogenen Daten, die Sie über unser System oder über eine unserer Leistungen veröffentlichen (inklusive über Sie, über Ihr Unternehmen, über Dienstleister, Produkte, Promotion-Aktionen, Dienstleistungen oder damit in Verbindung stehende Dinge) weltweit über das Internet abrufbar sein können. Die Nutzung (oder der Missbrauch) solcher personenbezogener Daten durch Dritte entzieht sich unserer Kontrolle.

  • Quelle:

    You, your employer or the user who sets up the system for his personal or company purposes.

  • Zweck:

    Operating the system so that clients can effectively book appointments online and purchase products and read about your business and service offering.

  • Legal Basis:

    Legitimate interests & contractual obligations - enable proper operation of the system and services.


Information contained in any enquiry you submit to us through email or live support regarding the system and our services.

  • Quelle:

    You or the user who sets up the system for his personal or company purposes, or your clients.

  • Zweck:

    Analysing our users problems and helping them to solve the issues as well as improving the system when relevant.

  • Legal Basis:

    Legitimate interests ➝ enable proper operation of the system and services.


Information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our website: contact details and the transaction details.

  • Quelle:

    You, as data subject.

  • Zweck:

    Supplying the purchased goods and services and keeping proper records of those transactions.

  • Legal Basis:

    Legal obligation - proper accounting practices.

We use our own Notando Accounting System for this processing and run this on our own dedicated servers, hosted in the EU. We have to keep all invoicing data that contains your purchases, name, address, and email for 7 years for financial reporting and VAT purposes.


When you include information about your company in the company profile of the system we offer: name, address, telephone number, email address, profile pictures, and other details that you add to your company profile.

This specific information will be available on your booking site, supplied by us, on a widget that may be inserted into the user's own website, on users social media profiles, on our directory sites where all system users are displayed, unless they specifically opt out of being displayed there.

  • Quelle:

    You, your employer or the user who sets up the system for his personal or company purposes.

  • Zweck:

    Ermöglichung Ihrer Nutzung unserer Website und Dienste.

  • Legal Basis:

    Legitimate interests & contractual obligations ➝ enable proper operation of the system and services.


Information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters.

  • Quelle:

    You, as data subject.

  • Zweck:

    Sending you the relevant notifications and/or newsletters to inform you about changes within the system and how you can make the most of using SimplyBook.me.

  • Legal Basis:

    Consent ➝ to receive specific information from us, which may be withdrawn at any time by contacting us.

Correspondance data

Information contained in or relating to any communication that you send to us.

  • Quelle:

    You, as data subject.

  • Zweck:

    Communicating with you and record-keeping.

  • Legal Basis:

    Legitimate interest ➝ proper administration of our website and business and communications with users.

In addition to the specific legal basis of processing your personal data mentioned above, we may need to process personal data for our legitimate interests and as below:

for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure;

for the proper protection of our business interests against risks and obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice.

IV. Where We Store Your Information?

Your personal data is stored on servers located in three reputable data centers, in Canada, France and Singapore all of which meet the R82 and R81 APSAD standards and work according to 27001:2013 standard. Check out how we always prioritize the importance of information security, here.

For our enterprise clients, we offer dedicated servers in Canada, UK, Australia and Belgium or any other location, subject to availability and additional requirements and legal obligations.

Erfahren Sie mehr

V. How Long We Keep Your Information?

We must comply with several legal obligations in relation to the retention and deletion of personal data. Therefore, in all cases, we will keep your data only for the period required for the purposes of processing stated herein, respecting the principle of “data storage” of GDPR. This means that as long as you remain a user of our system - you can edit this data at any point in time and request a deletion by cancelling the usage of the system. Since we keep backups of all databases for up to 30 days, this data may still exist for up to 30 days on our servers at which point in time it gets deleted.

VI. Privacy By Design and By Default

We have implemented “appropriate technical and organisational measures” in order to follow the data protection principles effectively and safeguard individual rights. Specifically, we will perform a Data Protection Impact Assessment (“DPIA”) when required under GDPR, for identifying and minimizing the data processing risks of a project.

  • Security icon


    Speichern wir Ihre personenbezogenen Daten zudem in solchen Fällen, in denen dies aus rechtlichen Gründen erforderlich ist, wie etwa zur Erfüllung von Buchhaltungsvorgaben oder um Ihre wesentlichen Interessen oder die wesentlichen Interessen einer anderen natürlichen Person zu gewährleisten.

    All our security measures form part of the overall internal Information Security Management System ("ISMS") of SimplyBook.me, which is certified by NQA in line with the ISO 27001:2013 requirements.

  • Hipaa icon

    Privacy of medical data / Protected health information

    SimplyBook.me may have restricted access to certain medical data or protected health information, as defined in the Health Insurance Portability & Accountability Act of 1996 (the “HIPAA”).

    When required however, we will follow the HIPAA rules and requirements, as may be amended and all staff with access to the system receive HIPAA training on an annual basis, to the minimum.

Lesen Sie mehr

VII. Sharing of Your Personal Data

In order to operate effectively as a company and also provide flawless services, products and features, we must share some of your personal data. The sharing is limited to the extent required for the specific purposes and for the period required in order to ensure our business operations. Therefore, our services to you will not be jeopardised and your rights are not infringed. We perform at least an annual review of all our suppliers with whom we share personal data.

Within the EU and EEA

All data processing activities with parties located within the EU and EEA are governed by the provisions of the GDPR and respective Data Processing Agreements.

Outside the EEA

When we transfer your personal data to a country not located in the EU or EEA, we will check and ensure that specific legal mechanisms and safeguards are in place: and such us “adequate decision” for that jurisdiction, concluded “Standard Contractual Clauses” (“SCC”) or other.

Third parties we collaborate with

Party: Purpose: Standort: Measure:
Insurance and other related advisors Insurance coverage, professional advice EU DPA
Zahlungsanbieter: PayPal (siehe ihre Datenschutzbestimmungen) und SafeCharge (siehe ihre Datenschutzbestimmungen) Conclude the payments, refund where necessary and deal with complaints and queries relating to such payments and refunds EU DPA
General services providers In order to operate and offer our services EU DPA
OVH, AMAZON und Google-Cloud Hosting facilities: backups and common and enterprise client’s accounts data storage EU and outside EU DPA with SCC
Fixed contractors General business operations and functions Iceland intra-EU transmissions of data
Fixed contractors General business operations and functions Ukraine und Taiwan SCC
LiveAgent (see their approach to privacy here) LiveHelp communication channel for your support related questions Europäische Union DPA
Linode (see their approach to privacy here) Hosting - email servers (EU accounts notifications are sent via UK mail server) Großbritannien und Kanada SCC
Nexmo, Twilio, Sendinblue und Google Messaging-Plattformen EU und USA SCC
Google und Facebook Text chat bots that accept bookings EU und USA SCC
Accountable HQ HIPAA compliance software and electronic signatures of Business Associate Agreements USA SCC
E-Sign Genie software (see their approach to privacy here) Electronic signature for our DPA USA SCC
Google und Twilio Sprachgestützte Chat-Bots USA DPA with SCC
Google Fonts, Google Charts, Google Maps, und Maxmind auxiliary system-when enabled by user USA DPA with SCC
Hotjar, PIWIK, Google Tag Manager For analytics and tracking EU und USA DPA & DPA with SCC

Zusätzliche Informationen


SimplyBook.me Ltd is the owner and operator of the SimplyMeet.me appointment scheduling system which is hosted in the European Union with Google Cloud. As such, SimplyBook.me approach to privacy, data protection and data processing described in this Policy is fully applicable to the SimplyMeet.me system, users and data.


SimplyBook.me Ltd is the owner and operator of the Booking.Page (the “Directory”) which is hosted in the United Kingdom with OVH - read more about OVH security standards Infrastructure & Software.

We have concluded SCC for this processing activity and must be informed that when you explicitly allow publication of your company info, the service provider data and publication data including company reviews in the Booking.Page, you explicitly consent to transfer this data outside EEA, and subject to the provisions herein.

Statistiken uns Analysen

Für Statistiken uns Analysen nutzen wir Google Analytics und Piwik (selbst gehostet in Frankreich). Diese Softwaresysteme nutzen wir nicht um personenbezogene Daten zu erfassen oder um Nutzer unseres Systems zu überwachen. Sie werden nur genutzt, um einen allgemeinen Überblick darüber gewinnen zu können, wie Besucher unser System nutzen, so dass wir Verbesserungen vornehmen können.

Wir nutzen außerdem die Hilfssysteme für Standortdaten, um den Registrierungsprozess zu erleichtern und um Sie als Dienstleister oder Ihr Unternehmen auf einer Karte anzeigen zu können. Diese Informationen sind standardmäßig für Kunden verfügbar, es sei denn sie werden in den Einstellungen deaktiviert. Dann wird den Kunden auf der Buchungsseite keine Adresse mehr und auch kein Standort auf einer Karte angezeigt. Diese externen Systeme speichern keine Daten, welche Ihnen persönlich zugeordnet werden könnten.

Our operations and the privacy shield

Following the recent developments in the law and especially the judgment of the European Court of Justice for the Schrems II case (Thursday 16 July 2020) we do not further rely on the Privacy Shield framework and principles for the transfer of personal data with our main USA-based services providers.

We have concluded appropriate SCC with all our USA-based services providers.

Our operations and brexit

You need to be aware that Brexit will have implications on the data protection, privacy and transfer of personal data between EU countries and the UK. This however, will depend on the negotiations and agreements between EU and UK. The UK left the EU on 31.01.2020 and the transition period ended on 31.12.2020.

In order to prepare the end of the transition period and safeguard the privacy of data subjects located in the UK, for which we process personal data, we have appointed a UK Representative. This person can be reached via email at UKRepresentative@simplybook.me and has been authorised by SimplyBook.me Ltd to act as the contact point within the UK region, between UK data subjects and the UK’s Information Commissioner’s Office (“ICO”) and for all our obligations under the UK GDPR (to be determined after the transition period).

Check more about Brexit and privacy at the website of ICO.

We will update this section of our Privacy Policy in accordance with latest developments to reflect our regulatory and legal obligations.

VIII. Cookies and Third-Party Technologies

Ein Cookie ist eine Datei, die eine Identifikationsnummer (eine Reihe aus Buchstaben und Zahlen) enthält, welche von einem Web-Server zu einem Web-Browser gesendet und vom Web-Browser gespeichert wird. Die Identifikation wird dann jedes Mal an den Server gesendet, wenn der Browser eine Seite vom Server anfordert. Cookies sind entweder “dauerhafte” Cookies (persistent cookies) oder “vorübergehende” Cookies (session cookies): Ein dauerhafter Cookie wird über einen Web-Browser gespeichert und bleibt bis zu seinem geplanten Ablaufdatum aktiv, es sei denn er wird vor diesem Ablaufdatum vom Nutzer gelöscht. Ein vorübergehender Cookie andererseits verfällt mit dem Ende der Nutzersitzung, wenn der Web-Browser geschlossen wird.

Cookies enthalten in der Regel keine Informationen, welch auf die Identität des Nutzers schließen lassen; aber personenbezogene Daten, die wir von Ihnen speichern können mit den Informationen verknüpft werden, welche in Cookies gespeichert oder von diesen bezogen werden.

If you need to know more, find everything in our Cookies Policy.

IX. Direct Marketing Communication

In order to contact you for marketing and promotional purposes, we need to have your clear consent and also inform you how we will process your personal data for these purposes. Therefore, by clicking to receive updates for marketing and promotional purposes during the sign-up procedure, you hereby consent and allow us to use your personal data and contact you.

Your personal data for marketing and communication purposes will be stored in our internal database only and we shall not share your personal data with third parties unless they act as our service providers and are part of our business operations. This means we have we have established collaboration, safeguarded by data protection and privacy provisions.

Für alle Kommunikation mit unseren Nutzern, die in Verbindung mit der Systemnutzung steh, nutzen wir selbst-gehostete Marketing-Tools, um so einen Fremdzugriff durch Dritte auf die Nutzerdaten zu vermeiden. So können wir die Aktionen der Nutzung im SimplyBook.me-System nachverfolgen und passende E-Mails und Systembenachrichtigungen versenden, um bei der Systemnutzung zu assistieren. Diese Überprüfung der Aktivitäten und die entsprechende Kommunikation, nehmen wir selbstverständlich nur vor, wenn uns die Nutzer entsprechende Berechtigungen erteilt haben, wenn diese als während des Registrierungsprozesses einer Kommunikation durch anklicken des entsprechenden Feldes zugestimmt haben.

In all cases, your personal data will be processed based on our instructions as data controller of your data and in compliance with the provisions of this Policy. We do not use marketing automation platforms and do not perform any automated decision-making processing of your personal data.

The unsubscribe option is available in all our communications for marketing purposes.

X. Your Rights

You are a “data subject” in accordance with the provisions of GDPR and have the below rights which you can exercise freely:

das Recht auf Zugriff;

das Recht auf Berichtigung;

das Recht auf Löschung;

das Recht auf die Einschränkung der Datenverarbeitung;

das Recht darauf der Datenverarbeitung zu widersprechen;

das Recht auf Datenportabilität;

das Recht auf Beschwerde bei einer Datenschutzbehörde;

das Recht die Zustimmung zu widerrufen.

If you wish to use any of your rights, please contact us via email dpo@simplybook.me or UKRepresentative@simplybook.me.

XI. Changes to our Privacy Policy

We may change this document at any time in order to reflect changes in the law or our practices. Keep an eye on our website for any updates. If we change anything major in this document, we will inform you.

Last update: 18.05.2021

Effective date: 25.05.2021

Previous version available here