GDPR Compliance Statement

This GDPR Compliance Statement of SimplyBook.me Ltd explains the key elements of GDPR and how we comply with it.

Click below to read more about specific policies:

  • Politica sulla Privacy

    our approach to privacy, processing of personal data and our measures for security.

    Dettagli
  • Data Processing Agreement

    part of the T&Cs for users, includes a list of sub-processors.

    Dettagli
  • Job Application Privacy Policy

    how we protect the privacy of job applicants.

    Dettagli
  • Cookie Policy

    what cookies we collect & why.

    Dettagli

If you have any questions and want to find our more, contact our dpo@simplybook.me.

Woman with a laptop
What is GDPR image

What is GDPR?

Il Regolamento Generale sulla Protezione dei Dati 2016/679 (il “GDPR”) è la legge dell’Unione Europea e dello Spazio Economico Europeo riguardante la protezione dei dati e privacy. Il GDPR è stato implementato il 25.05.2018 e consente ai cittadini dell'UE di controllare meglio i propri dati personali modernizzando e unificando le regole consentendo alle imprese di ridurre la burocrazia e di beneficiare di una maggiore fiducia dei consumatori.

Find out more for the data protection and the approach of the European Commission, on their official website

Come stiamo rispettando il GDPR?

The efforts of SimplyBook.me Ltd to comply with the requirements of the GDPR staterted before its implementation in 2018 by appointing a Data Protection Officer (“DPO”) who together with the security team of the company ensured that among other issues:

  • Internal policies and procedures are drafted, maintained and followed in all business operations
  • The online Terms & Conditions have been reviewed and amended
  • The online Privacy Policy has been reviewed and amended
  • We have prepared a Data Processing Agreement to be concluded between you and SimplyBook.me Ltd, and made it available on our website
  • Additional online policies are made available for users and visitors
  • Our contractual relationships with our suppliers are assessed and additional documentation for privacy and data protection is concluded - the Data Processing Agreements/Addendums.
  • Old suppliers have been scrutinised and some have been dropped just for security’s sake.
  • All members of the company go through a privacy and data protection training server security has been hardened even further.
  • Back up procedures have been changed to minimize personal information storage for deleted systems.

The key steps areas we took in order to ensure compliance with the GDPR:

  • Personal data protection icon

    Restricted access to Personal Data

    - We follow the principle of least privilege in our business operations.

    - For the level of access employees are instructed to use in diagnosing and resolving problems as well as responding to customer support requests.

    - All employees have signed a Data Processing Addendum to the contract of employment and have provided a clean criminal record as part of our hiring process.

    - All employees are legally binding to comply with the internal policies and procedures of the implemented Information Security Management System.

    CUSTOMER SUPPORT REQUESTS: Upon activation of the double authentication feature of the System, we DO NOT have any access to your account and system. However, when you need quick assistance from our support team, you may give our representative a temporary code so they can help them out with settings if needed.

  • HIPAA icon

    Protection of medical information - Patients Details

    Medical information is considered as “sensitive personal data” and it may be stored in the system, in a component called “SOAP”. The SOAP component has now been enhanced to be encoded at rest so that no one can have access to this information, even if they break into the user’s system, or even into SimplyBook.me servers UNLESS they have the secret key. This key can be kept on an USB drive, or in a computer’s folder - but never on the SimplyBook.me servers. Just make sure that the computer is well protected, so that if it is stolen, thieves would not have easy access to the hard disk. Same applies to the USB drive, this can also be encrypted with a code that only you remember.

    HIPAA FEATURE: For users that want to harden security even more, the HIPAA Custom Feature is available to the Standard and Premium Subscriptions. This allows users to set automatic system log out after predefined time, like 20 minutes after the system was being used. It also allows users to get notifications upon each login into the system. Furthermore, this feature disables personal data to be sent over email or SMS, it removes client’s and service names from these notifications, making it harder for snoopers to see personal data.

  • Products promotions icon

    Right to withdraw consent to processing of Personal Data

    All our email communications have included the option to unsubscribe via specific and easy to find links. This has now also been added to the promotions emails so clients that have unsubscribed from getting these messages will not be receiving them. This has though fortunately not been a problem as clients are generally happy to receive promotions from their favorite providers.

How can we help you comply with the GDPR?

As you will have the responsibility to ensure the protection of your clients’ personal data, we have made key changes to our system, in order to make sure you can comply with the GDPR. Specifically, some changes make the security enhanced - and you are better protected in case someone gets hold of their equipment while some other features in the system make the user’s permission for client’s data and communication better. Check illustrations below for more information on this.

We provide 4 Custom Features, free for all:

  • Google authenticator icon

    Doppio modulo di autorizzazione

    per una maggiore sicurezza di accesso. È molto importante che gli utenti lo adottino rapidamente poiché la causa più probabile di violazione dei dati è probabilmente il furto virtuale o fisico dell'apparecchiatura, cosa che consentirebbe l'accesso al sistema e ai dati.

  • Delete history icon

    Cancella la Cronologia

    questo consente agli utenti di impostare per quanto tempo devono essere conservati i dati dei clienti che hanno effettuato prenotazioni all'interno del sistema. Se non è necessario conservare i dati, questo strumento è ideale per cancellarli automaticamente dopo ad esempio 30 giorni (dipende dalle impostazioni dell'utente) da quando la prenotazione è stata effettuata. Se gli utenti hanno impostato il login del client, utilizzo dell'abbonamento. ecc., allora questo modulo non deve essere utilizzato.

  • Terms and conditions icon

    Modulo Termini e Condizioni

    mediante il quale gli utenti possono impostare i propri Termini e Condizioni e la politica sulla privacy, in cui descrivono in linguaggio facilmente comprensibile (non con parole giuridiche) come intendono utilizzare i dati.

  • Cancellation policy icon

    Cancellation Policy module

    con cui gli utenti possono descrivere come viene applicata la loro politica di cancellazione

Admin interface:
Access to 3 groups of personal data

Personal data

  • Informazioni sull'azienda

    usually publicly available on the internet in order for clients to be able to book.

  • Informazioni sugli utenti del sistema

    (i fornitori di servizi) generalmente disponibili su Internet e visibili a tutti in modo che i clienti possano effettuare le prenotazioni

  • Informazioni sul Cliente

    Never available on the internet for other than system users to see

Each of these groups can access an interface to see and print out all information stored in the SimplyBook.me system. Additionally, upon request, all client details can be deleted with the use of a simple button.

Please note that these records can only be accessed by users after a simple authentication procedure by re-entering the password and if they have double authentication, they will be asked for a verification code to get access.

As client data is often part of statistical information about sales and bookings, the data is not all deleted but made completely unrecognisable but still kept usable for statistic purposes.

Alcuni consigli amichevoli sulla tua conformità al GDPR

  • Migliora la tua sicurezza

    it is recommended for users to harden the security on mobile devices using long passwords, and automatic deletion of phone data when there are several wrong passwords attempts. This will avoid thieves getting hold of double-authentication access code.

    Tutti gli utenti dovrebbero impostare blocco schermo automatico per ridurre il rischio di spionaggio da parte di persone che potrebbero curiosare sul posto di lavoro. Ecco un collegamento che descrive come eseguire questa operazione sui computer basati su Windows: 4 modi per bloccare il PC Windows 10.

  • You as Data Controller

    Remember that you are responsible to draft, maintain and operate in accordance with a privacy policy towards your own clients and no one can make this for you, as this is something you decide. Get professional advice or check your local data protection authority/body on this document and make it in a clear, concise manner.

    Ricordati di creare un collegamento alla nostra Informativa sulla privacy dove illustriamo come trattiamo i dati del soggetto per tuo conto e quali trasferimenti avvengono.

Sei nuovo su SimplyBook.me?

Vuoi saperne di più su come SimplyBook.me può aiutarti a gestire le tue prenotazioni online? Guarda il video per scoprire in cosa consiste il nostro software di pianificazione

Video tutorial illustration Guarda il video E 'davvero facile