This GDPR Compliance Statement of SimplyBook.me Ltd explains the key elements of GDPR and how we comply with it.
Click below to read more about specific policies:
our approach to privacy, processing of personal data and our measures for security.
Detallespart of the T&Cs for users, includes a list of sub-processors.
Detalleshow we protect the privacy of job applicants.
Detalleswhat cookies we collect & why.
DetallesIf you have any questions and want to find our more, contact our dpo@simplybook.me.
The General Data Protection Regulation 2016/679 (the “GDPR”) is the law of the European Union and the European Economic Area regarding data protection and privacy. The GDPR was implemented on 25.05.2018 and allows EU citizens to better control their personal data while modernising and unifying the rules allowing businesses to reduce red tape and to benefit from greater consumer trust.
Find out more for the data protection and the approach of the European Commission, on their official website
- We follow the principle of least privilege in our business operations.
- For the level of access employees are instructed to use in diagnosing and resolving problems as well as responding to customer support requests.
- All employees have signed a Data Processing Addendum to the contract of employment and have provided a clean criminal record as part of our hiring process.
- All employees are legally binding to comply with the internal policies and procedures of the implemented Information Security Management System.
CUSTOMER SUPPORT REQUESTS: Upon activation of the double authentication feature of the System, we DO NOT have any access to your account and system. However, when you need quick assistance from our support team, you may give our representative a temporary code so they can help them out with settings if needed.
Medical information is considered as “sensitive personal data” and it may be stored in the system, in a component called “SOAP”. The SOAP component has now been enhanced to be encoded at rest so that no one can have access to this information, even if they break into the user’s system, or even into SimplyBook.me servers UNLESS they have the secret key. This key can be kept on an USB drive, or in a computer’s folder - but never on the SimplyBook.me servers. Just make sure that the computer is well protected, so that if it is stolen, thieves would not have easy access to the hard disk. Same applies to the USB drive, this can also be encrypted with a code that only you remember.
HIPAA FEATURE: For users that want to harden security even more, the HIPAA Custom Feature is available to the Standard and Premium Subscriptions. This allows users to set automatic system log out after predefined time, like 20 minutes after the system was being used. It also allows users to get notifications upon each login into the system. Furthermore, this feature disables personal data to be sent over email or SMS, it removes client’s and service names from these notifications, making it harder for snoopers to see personal data.
All our email communications have included the option to unsubscribe via specific and easy to find links. This has now also been added to the promotions emails so clients that have unsubscribed from getting these messages will not be receiving them. This has though fortunately not been a problem as clients are generally happy to receive promotions from their favorite providers.
As you will have the responsibility to ensure the protection of your clients’ personal data, we have made key changes to our system, in order to make sure you can comply with the GDPR. Specifically, some changes make the security enhanced - and you are better protected in case someone gets hold of their equipment while some other features in the system make the user’s permission for client’s data and communication better. Check illustrations below for more information on this.
We provide 4 Custom Features, free for all:
mejora la seguridad al iniciar sesión en los sistemas. Es muy importante que los usuarios adopten estas medidas rápidamente, puesto que la causa más probable de violación de datos es quizás la obtención de acceso a su equipo por parte de otra persona, virtual o físicamente, permitiéndole acceso al sistema y a los datos.
permite a los usuarios establecer el tiempo en el que deben almacenarse los datos de las personas interesadas que han reservado a través del sistema. En caso de que el usuario no necesite guardar los datos, esta herramienta resulta muy útil para eliminarlos treinta días después de la reserva (según la configuración de usuario). Si los usuarios has configurado el inicio de sesión de los clientes, tienen una suscripción o etcétera, este módulo no debería utilizarse.
permite a los usuarios fijar los términos y condiciones junto con una política de privacidad, en la que detallen la utilización de los datos con un lenguaje entendible para las personas (sin una enrevesada jerga legal)
permite a los usuarios explicar la implementación de su política de cancelación
Personal data
usually publicly available on the internet in order for clients to be able to book.
Never available on the internet for other than system users to see
Each of these groups can access an interface to see and print out all information stored in the SimplyBook.me system. Additionally, upon request, all client details can be deleted with the use of a simple button.
Please note that these records can only be accessed by users after a simple authentication procedure by re-entering the password and if they have double authentication, they will be asked for a verification code to get access.
As client data is often part of statistical information about sales and bookings, the data is not all deleted but made completely unrecognisable but still kept usable for statistic purposes.
it is recommended for users to harden the security on mobile devices using long passwords, and automatic deletion of phone data when there are several wrong passwords attempts. This will avoid thieves getting hold of double-authentication access code.
All users should set auto screen lock to decrease the risk of snooping from people that may be browsing the workplace. Here is a link that describes how this can be done on Windows based computers: 4 ways to lock your Windows 10 PC.
Remember that you are responsible to draft, maintain and operate in accordance with a privacy policy towards your own clients and no one can make this for you, as this is something you decide. Get professional advice or check your local data protection authority/body on this document and make it in a clear, concise manner.
Remember to make a link to our Privacy Policy where we illustrate how we process the subject's data on your behalf, and what transfers take place.
¿Desea saber más sobre cómo SimplyBook.me puede ayudarle a gestionar sus reservas online? Vea el siguiente video para saber todo acerca de nuestro software de programación de reservas
Es muy fácil
Ten en cuenta que también ofrecemos una herramienta incluso más sencilla para la organización de reuniones. Dale una mirada si crees que SimplyBook.me es demasiado para lo que necesitas.
