When you use the SimplyBook.me Ltd official website (subject to our Website Terms and Conditions) and our Services (subject to our Terms and Conditions), you trust us with your personal data. It is true that we process a lot of different data, and therefore our commitment to safeguard your trust on us is our goal.
In order to understand how we achieve this, please read this document carefully as we explain our privacy practices. You will understand how we collect, use, sometimes share your personal data and what you can do about it, always with the purpose of providing you with our optimal service.
Please read this document together with our Data Processing Agreement overview and signed version here as well as our Terms and Conditions.
data you give us upon registration and while using our system such as your name, email, address etc.;
data created when you use our services such as your IP address, browser type and other.
02
DATA PROCESSING:
How do we use your personal data?
In order to provide you with outstanding services;
Make our website better and more efficient;
Allow you to interact where possible;
Provide you with support when needed;
For research and development.
03
DATA SHARING:
With whom we share your personal data?
As part of team.blue group, with our service providers when needed;
with other people such as our contractors and consultants) and companies such as payment systems providers we collaborate, see section Share of your personal data, below.
We are a company based in Cyprus and store your personal data worldwide, depending on the location of your business. For EU based businesses though your data including backups is stored in the EU, it may be transferred outside the EU. See more information under Where is your personal data stored?
05
YOUR RIGHTS AS DATA SUBJECT:
What are your rights as a data subject?
Ask for a copy of your personal data request that we amend something included in your personal data, because it is wrong;
Request that we delete your personal data in part or in full;
Restrict us to or request to us to stop in full, the processing of your personal data;
Request that we provide your personal data to another company;
Take back the consent you gave us to process your personal data.
If you are outside the EU or EEA and GDPR does not apply there is a special section for your rights.
This is the Privacy Policy of SimplyBook.me Ltd which explains how we comply with the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) and other national and international applicable laws and regulations in all our business operations.
We have implemented appropriate measures and records demonstrating compliance with the GDPR and can therefore take responsibility for the processing of your personal data. Respecting the principles of GDPR (lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality (security) and accountability) is the key objective in all our business operations involving processing of personal data.
II. Our Information
We are SimplyBook.me Ltd and provide an appointment booking solution including a wide range of features such as promotion and marketing system, sales system and client contact system (collectively the “Services”). You may check our Terms and Conditions, containing more details of our services and our legal obligations, together with our Data Processing Agreement overview and signed version here.
In order to comply with the requirements of the GDPR, we must inform you that we are the “data controller”, making decisions about your personal data, when you visit our official website: www.simplybook.me and other sub-websites operated by us in accordance with our Website Terms and Conditions which you accept.
For this document and all privacy and personal data protection purpose, our information and contact details is as below:
When you visit our website and wish to use our services, as per our Terms and Conditions, we will need to collect various information about you. In this part of the document, we explain the categories and where necessary the source of specific personal data we process. For the processing, we also clarify why we need to collect and use our personal data as well as the legal basis for our actions.
Usage Data
Data includes information related to the use of this website and the system we offer: company information, IP address, geographical location, browser type and version, operating system, referred source, length of visit, and page views and website navigation paths, as well as information about the timing, frequency and pattern of your system use.
Source:
Analytics tracking system such as Google Analytics and similar.
Purposes:
Understand which sub websites cater to you and give you more information on it, improve our services and offer you usage suggestions that might suit your needs.
Legal Basis:
Legitimate interests ➝ monitoring and improving our website, system, client service and system services.
Account Data
This is the information you give us when you register for an account, create or modify your profile, set preferences, sign-up for or make purchases through the System: name, contact email address, profile photo, bio, other details to your profile information to be displayed on your Service provider profile or on your Company profile with our system so that your clients can book services with you.
Please note that we need to keep track of your preferences when selecting specific settings.
Source:
You, your employer or the user who sets up the system for his personal or company purposes.
Purposes:
Operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and used for communicating with you.
Legal Basis:
Legitimate interests & contractual obligations ➝ provide you with our system services so that you can display your information and sell services and products.
User's clients data
This is the information entered into the system from the clients of the User when they use the software to make a booking, such as name, surname, email address etc.
Source:
You, your employer or the user who sets up the system for his personal or company purposes.
Purposes:
Operating the system so that your clients can effectively book appointments online with their chosen service providers.
Legal Basis:
Legitimate interests & contractual obligations ➝ enable proper operation of the system and services.
Service provider's data
When you include personal data of your service providers in your account: name, address, telephone number, email address, profile pictures, and other details that are added to the service provider's profile.
This specific information will be available on the user’s booking site, supplied by us, on a widget that may be inserted into users own website, on users social media profiles, on our directory sites where all system users are displayed, unless they specifically opt out of being displayed there.
Source:
The data subject and data controller
Purposes:
Make a booking and use the services offered by the User.
Legal Basis:
legitimate interests & contractual obligations ➝ enable proper operation of the system and services.
Publication data
Information that you create for your bookable services, products for sale, promotions, or as company information.
You acknowledge that personal data that you submit for publication through our system or services about you, your company, service providers, products, promotions, services or related things may be available, via the internet, around the world. We CANNOT prevent the use (or misuse) of such personal data by others.
Source:
You, your employer or the user who sets up the system for his personal or company purposes.
Purposes:
Operating the system so that clients can effectively book appointments online and purchase products and read about your business and service offering.
Legal Basis:
Legitimate interests & contractual obligations - enable proper operation of the system and services.
Enquiry data
Information contained in any enquiry you submit to us through email or live support regarding the system and our services.
Source:
You or the user who sets up the system for his personal or company purposes, or your clients.
Purposes:
Analysing our users' problems and helping them to solve the issues as well as improving the system when relevant.
Legal Basis:
Legitimate interests ➝ enable proper operation of the system and services.
Transaction data
Information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our website: contact details and the transaction details.
Source:
You, as a data subject.
Purposes:
Supplying the purchased goods and services and keeping proper records of those transactions.
Legal Basis:
Legal obligation - proper accounting practices.
We use our own Notando Accounting System for this processing and run this on our own dedicated servers, hosted in the EU. We have to keep all invoicing data that contains your purchases, name, address, and email for 7 years for financial reporting and VAT purposes.
Company information
When you include information about your company in the company profile of the system we offer: name, address, telephone number, email address, profile pictures, and other details that you add to your company profile.
This specific information will be available on your booking site, supplied by us, on a widget that may be inserted into the user's own website, on users social media profiles, on our directory sites where all system users are displayed, unless they specifically opt out of being displayed there.
Source:
You, your employer or the user who sets up the system for his personal or company purposes.
Purposes:
You, your employer or the user who sets up the system for his personal or company purposes.
Legal Basis:
Legitimate interests & contractual obligations ➝ enable proper operation of the system and services.
Notification data
Information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters.
Source:
You, as a data subject.
Purposes:
Sending you the relevant notifications and/or newsletters to inform you about changes within the system and how you can make the most of using SimplyBook.me.
Legal Basis:
Consent ➝ to receive specific information from us, which may be withdrawn at any time by contacting us.
Correspondance data
Information contained in or relating to any communication that you send to us.
Source:
You, as a data subject.
Purposes:
Communicating with you and record-keeping.
Legal Basis:
Legitimate interest ➝ proper administration of our website and business and communications with users.
In addition to the specific legal basis of processing your personal data mentioned above, we may need to process personal data for our legitimate interests and as below:
for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure;
for the proper protection of our business interests against risks and obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice.
IV. Where We Store Your Information?
Your personal data is stored on servers located in three reputable data centres, in Canada, France and Singapore all of which meet the R82 and R81 APSAD standards and work according to ISO/IEC 27001 standard. Check out how we always prioritise the importance of information security, here.
For our enterprise clients, we offer dedicated servers in Canada, UK, Australia and Belgium or any other location, subject to availability and additional requirements and legal obligations.
We must comply with several legal obligations in relation to the retention and deletion of personal data. Therefore, in all cases, we will keep your data only for the period required for the purposes of processing stated herein, respecting the principle of “data storage” of GDPR. This means that as long as you remain a user of our system - you can edit this data at any point in time and request a deletion by cancelling the usage of the system. Since we keep backups of all databases for up to 30 days, this data may still exist for up to 30 days on our servers at which point in time it gets deleted.
VI. Privacy By Design and By Default
We have implemented “appropriate technical and organisational measures” in order to follow the data protection principles effectively and safeguard individual rights. Specifically, we will perform a Data Protection Impact Assessment (“DPIA”) when required under GDPR, for identifying and minimising the data processing risks of a project.
Security
Additionally, all our security measures form part of the overall Information Security Management System (“ISMS”) of SimplyBook.me Ltd, in line with the ISO/IEC 27001 standard.
Privacy of medical data / Protected health information
You may upload via notes to your account certain medical data or protected health information (as defined in the Health Insurance Portability & Accountability Act of 1996, “HIPAA”).
For the purposes of providing our SimplyBook.me Software and services, we may have restricted access to such type of information and must comply with the applicable HIPAA regulations as a business associate.
In order to operate effectively as a company and also provide flawless services, products and features, we must share some of your personal data. The sharing is limited to the extent required for the specific purposes and for the period required in order to ensure our business operations. Therefore, our services to you will not be jeopardised and your rights are not infringed.
(a) Sharing for provision of our other services/products:
SimplyMeet.me Software Solution
We are the owners and offer you the SimplyMeet.me online meeting software solution which will enable you to organise your meetings. Check out the official website of SimplyMeet me here for relevant legal documents.
In order to provide the SBPay in either version we will collect and store: all processing transaction data, time, name of Your Client, amount, item being purchased, if recurring or not, IP address and payment processor relating to the transaction.
Note that we do not store full credit card information - in order to avoid identification of the card owner.
Data is stored: Germany (EU) on Google Cloud.
Booking Page
SimplyBook.me Ltd is the owner and operator of the Booking.Page (the “Directory”) which is hosted in the United Kingdom with OVH - read more about OVH security standards Infrastructure & Software.
We have concluded SCC for this processing activity and must be informed that when you explicitly allow publication of your company info, the service provider data and publication data including company reviews in the Booking.Page, you explicitly consent to transfer this data outside EEA, and subject to the provisions herein.
(b) Sharing as part of the team.blue group:
SimplyBook.me is part of team.blue Group and we may share personal data of our users with other entities within the Group, subject to provisions of our internal Global Data Sharing Framework.
The team.blue Group, consisting of several brands and subsidiaries, can improve coordination and resource allocation by sharing data internally. This allows for more efficient collaboration on product, campaign, and customer service improvements. Personal data may be shared among team.blue Group companies for marketing statistics, internal administration, and reporting purposes, but only in an amount necessary for the intended use and with proper protective measures in place to prevent unauthorised access or disclosure.
(c) Sharing with sub-processors:
We have appointed sub-processors with which we will share your personal data such as:
appointed service providers, business partners, and third-party vendors who assist us in delivering our services
legal authorities, regulatory bodies, and other third parties when required by law.
All data processing activities with parties located within the EU and EEA are governed by the provisions of the GDPR and respective Data Processing Agreements.
When we transfer your personal data to a country not located in the EU or EEA:
we will check and ensure that specific legal mechanisms and safeguards are in place: and such us “adequate decision” for that jurisdiction, concluded “Standard Contractual Clauses” (“SCC”) or other;
we follow the recent developments in the law and do not rely on the Privacy Shield but the Data Privacy Framework, to the extent applicable and valid;
for our business operations which involve the transfer of personal data from the European Union (“EU”) and/or the European Economic Area (“EEA”) to the United Kingdom, we rely on the decision of the European Commission dated on the 28th day of June, 2021 (see more info here).
Find a list of sub-processors as part of our online DPA here.
Where there is a change to this list, we will notify you and you can submit any objection via email to legal@simplybook.me, within 15 days.
VIII. Cookies and Third-Party Technologies (Statistics and analytics)
General Statements:
a) For the purposes of security and detection of fraudulent behaviour, SimplyBook.me Ltd has implemented an automated control system, which makes use of cookies and other similar tracking technologies, to track and analyse certain behaviour of the users on the site, associated with their IP addresses and other personal data associated with the browsing on the site. The consequence of such processing is that, if a visitor attempts to engage in fraudulent conduct on the site, for example in order to benefit several times from the same promotion without having the right to do so, SimplyBook.me Ltd reserves the right to exclude such person from the promotion or to take any other appropriate measure for its own protection.
b) Analytics activities by means of tracking through the use of cookies and similar technologies, aimed at verifying and measuring the quality and effectiveness of SimplyBok.me Ltd’s online advertising campaigns, in order to improve the performance of those campaigns, as well as the services offered by SimplyBook.me Ltd.
c) SimplyBook.me Ltd uses cookies for functional and statistical purposes, to detect fraudulent behaviour and to measure the effectiveness of advertising campaigns and services.
Cookies
Like most websites, we use cookies and we wish to clarify here that cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies. If you need to know more, find everything in our Cookies Policy.
Statics and Analytics
In order to improve our website and product, we use tools for statistics and analysis in order to obtain an accurate overview on how visitors interact with our system and our website, so we can make it better. Note that where possible, we enable relavnt settings in the tools we use and mention below, in order to minimise the personal data we process.
Google Analytics: a web analysis service provided by Google Ireland Limited (“Google”) which allows us to track and examine the use of our website and have reports on activities and share them with other Google services.
Matomo (previously Piwik): an analytics service provided by InnoCraft, an open-source web analytics tool, to track and analyse visits to our website. Matomo collects data such as IP addresses (anonymised), browser information, and pages visited. This helps us understand how you interact with our site and as well as admin interface of your account, and hence help us improve your experience.
Leadinfo: a lead generation service provided by Leadinfo B.V., Rotterdam, The Netherlands, which recognise visits of companies to our website based on IP addresses and shows us related publicly available information, such as company names or addresses. In addition, Leadinfo places two first-party cookies for providing transparency on how our visitors use our website and the tool processes domains from provided form inputs (e.g. “leadinfo.com”) to correlate IP addresses with companies and to enhance its services.
For additional information, please visit www.leadinfo.com. On this page: www.leadinfo.com/en/opt-out you have an opt-out option. In the event of an opt-out, your data will no longer be used by Leadinfo.
IX. Direct Marketing Communication
In order to contact you for marketing and promotional purposes, we need to have your clear consent and also inform you how we will process your personal data for these purposes. Therefore, by clicking to receive updates for marketing and promotional purposes during the sign-up procedure, you hereby consent and allow us to use your personal data and contact you via email, SMS or instant messaging such as via WhatsApp.
Your personal data for marketing and communication purposes will be stored in our internal database only and we shall not share your personal data with third parties unless they act as our service providers and are part of our business operations. This means we have established collaboration, safeguarded by data protection and privacy provisions.
For the user communication related to system usage, we use a self hosted version of marketing automation tools to avoid external access to our user's data. Therefore, we track user's actions within our system and send appropriate email and system messages to assist with the usage, where users have allowed us to communicate with them, by checking the marketing communication box during sign up.
As part of our marketing efforts and in the legitimate interest of SimplyBook.me Ltd, we may send marketing emails or texts promoting similar products or services to our customers, in compliance with the soft opt-in exemption. This exemption allows us to contact our existing customers with offers for products or services that are similar to those they have previously purchased from us.
In all cases, your personal data will be processed based on our instructions as data controller of your data and in compliance with the provisions of this Policy. We do not use marketing automation platforms and do not perform any automated decision-making processing of your personal data.
The unsubscribe option is available in all our communications for marketing purposes.
X. Your Rights
You are a “data subject” in accordance with the provisions of GDPR and have the below rights which you can exercise freely:
Read the below section when you are outside the EU or EEA and GDPR does not apply.
The rights of Users in Switzerland are in line with the Swiss Federal Act on Data Protection (FADP) and provisions herein and include: access to Personal Data; right to object to the processing of their Personal Data (which also allows Users to demand that processing of Personal Data be restricted, Personal Data be deleted or destroyed, specific disclosures of Personal Data to third parties be prohibited); right to receive their Personal Data and have it transferred to another controller (data portability); right to ask for incorrect Personal Data to be corrected.
The rights of Users in Brazil are in line with the "Lei Geral de Proteção de Dados" (LGPD) and provisions here.
The rights of Users in the USA, are in line with the California Consumer Privacy Act of 2018" (CCPA), as updated by the California Privacy Rights Act (CPRA) (collectively the “CCPA/CPRA”) and Virginia Consumer Data Protection Act (VCDPA), to the extent relevant and applicable to the business operations of SimplyBook.me.
SimplyBook.me Ltd DOES NOT sell or share the personal information of its Users and the above rights can be exercised by respective individuals via contact details provided above and free of charge and/or to the extent applicable via your Account, subject to certain conditions and exceptions, to the extent SimplyBook.me Ltd must comply with the relevant law/regulation. The provisions above supersedes any other possibly divergent or conflicting information contained herein.
XI. Changes to our Privacy Policy
We may change this document at any time in order to reflect changes in the law or our practices. Keep an eye on our website for any updates. If we change anything major in this document, we will inform you.
Keep in mind that we also offer an even simpler tool intended for meeting scheduling. Check it out if you feel SimplyBook.me is too extensive for your needs.
