As part of team.blue group, with our service providers when needed;
with other people such as our contractors and consultants) and companies such as payment systems providers we collaborate, see section Share of your personal data, below.
We are a company based in Cyprus and store your personal data worldwide, depending on the location of your business. For EU based businesses though your data including backups is stored in the EU, it may be transferred outside the EU. See more information under Where is your personal data stored?
Your personal data is stored on servers located in three reputable data centers, in Canada, France and Singapore all of which meet the R82 and R81 APSAD standards and work according to ISO/IEC 27001 standard. Check out how we always prioritise the importance of information security, here.
Additionally, all our security measures form part of the overall Information Security Management System (“ISMS”) of SimplyBook.me Ltd, in line with the ISO/IEC 27001 standard.
医療データのプライバシー / 保護される健康情報
You may upload via notes to your account certain medical data or protected health information (as defined in the Health Insurance Portability & Accountability Act of 1996, “HIPAA”).
For the purposes of providing our SimplyBook.me Software and services, we may have restricted access to such type of information and must comply with the applicable HIPAA regulations as a business associate.
In order to operate effectively as a company and also provide flawless services, products and features, we must share some of your personal data. The sharing is limited to the extent required for the specific purposes and for the period required in order to ensure our business operations. Therefore, our services to you will not be jeopardised and your rights are not infringed.
(a) Sharing for provision of our other services/products:
SimplyBook.me is part of team.blue Group and we may share personal data of our users with other entities within the Group, subject to provisions of our internal Global Data Sharing Framework.
The team.blue Group, consisting of several brands and subsidiaries, can improve coordination and resource allocation by sharing data internally. This allows for more efficient collaboration on product, campaign, and customer service improvements. Personal data may be shared among team.blue Group companies for marketing statistics, internal administration, and reporting purposes, but only in an amount necessary for the intended use and with proper protective measures in place to prevent unauthorised access or disclosure.
(c) Sharing with sub-processors:
We have appointed sub-processors with which we will share your personal data such as:
appointed service providers, business partners, and third-party vendors who assist us in delivering our services
legal authorities, regulatory bodies, and other third parties when required by law.
All data processing activities with parties located within the EU and EEA are governed by the provisions of the GDPR and respective Data Processing Agreements.
When we transfer your personal data to a country not located in the EU or EEA:
we will check and ensure that specific legal mechanisms and safeguards are in place: and such us “adequate decision” for that jurisdiction, concluded “Standard Contractual Clauses” (“SCC”) or other;
we follow the recent developments in the law and do not rely on the Privacy Shield but the Data Privacy Framework, to the exent applicable and valid;
for our business operations which involve the transfer of personal data from the European Union (“EU”) and/or the European Economic Area (“EEA”) to the United Kingdom, we rely on the decision of the European Commission dated on the 28th day of June, 2021 (see more info here).
Find a list of sub-processors as part of our online DPA here.
Where there is a change to this list, we will notify you and you can submit any objection via email to legal@simplybook.me, within 15 days
VIII. Cookies and Third-Party Technologies (Statistics and analytics)
General Statements:
a) For the purposes of security and detection of fraudulent behaviour, SimplyBook.me Ltd has implemented an automated control system, which makes use of cookies and other similar tracking technologies, to track and analyse certain behaviour of the users on the site, associated with their IP addresses and other personal data associated with the browsing on the site. The consequence of such processing is that, if a visitor attempts to engage in fraudulent conduct on the site, for example in order to benefit several times from the same promotion without having the right to do so, SimplyBook.me Ltd reserves the right to exclude such person from the promotion or to take any other appropriate measure for its own protection.
b) Analytics activities by means of tracking through the use of cookies and similar technologies, aimed at verifying and measuring the quality and effectiveness of SimplyBok.me Ltd’s online advertising campaigns, in order to improve the performance of those campaigns, as well as the services offered by SimplyBook.me Ltd.
c) SimplyBook.me Ltd uses cookies for functional and statistical purposes, to detect fraudulent behaviour and to measure the effectiveness of advertising campaigns and services.
Statics and Analytics
For statistics and analytics we use Google analytics and Piwik (self hosted in France). We do not use this software to get personal data or relate it directly to users of our system but to give us an overall overview on how visitors interact with our system so we can make it better.
When we use the auxiliary system mentioned above, it is only in order to help with signing up and facilitating displaying you as a service provider or your company on a map. This information is generally available for clients unless this is disabled in settings in which case the address or maps are not shown to clients on the booking site or in the directory. These external systems do not store any personal recognisable data about you.
Cookies
Like most websites, we use cookies - a file containing an identifier, a string of letters and numbers that is sent by a web server to a web browser and is stored by the browser and is then sent back to the server each time the browser requests a page from the server. Cookies can be either “persistent” and be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; or “session” and will expire at the end of the user session, when the web browser is closed.
We wish to clarify here that cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies. If you need to know more, find everything in our Cookies Policy.
Leadinfo:
We use the lead generation service provided by Leadinfo B.V., Rotterdam, The Netherlands, which recognizes visits of companies to our website based on IP addresses and shows us related publicly available information, such as company names or addresses. In addition, Leadinfo places two first-party cookies for providing transparency on how our visitors use our website and the tool processes domains from provided form inputs (e.g. “leadinfo.com”) to correlate IP addresses with companies and to enhance its services.
For additional information, please visit www.leadinfo.com. On this page: www.leadinfo.com/en/opt-out you have an opt-out option. In the event of an opt-out, your data will no longer be used by Leadinfo.
IX. ダイレクトマーケティング コミュニケーション
In order to contact you for marketing and promotional purposes, we need to have your clear consent and also inform you how we will process your personal data for these purposes. Therefore, by clicking to receive updates for marketing and promotional purposes during the sign-up procedure, you hereby consent and allow us to use your personal data and contact you via email, SMS or instant messaging such as via WhatsApp.
Your personal data for marketing and communication purposes will be stored in our internal database only and we shall not share your personal data with third parties unless they act as our service providers and are part of our business operations. This means we have established collaboration, safeguarded by data protection and privacy provisions.
As part of our marketing efforts and in the legitimate interest of SimplyBook.me Ltd, we may send marketing emails or texts promoting similar products or services to our customers, in compliance with the soft opt-in exemption. This exemption allows us to contact our existing customers with offers for products or services that are similar to those they have previously purchased from us.
Read the below section when you are outside the EU or EEA and GDPR does not apply.
The rights of Users in Switzerland are in line with the Swiss Federal Act on Data Protection (FADP) and provisions herein and include: access to Personal Data; right to object to the processing of their Personal Data (which also allows Users to demand that processing of Personal Data be restricted, Personal Data be deleted or destroyed, specific disclosures of Personal Data to third parties be prohibited); right to receive their Personal Data and have it transferred to another controller (data portability); right to ask for incorrect Personal Data to be corrected.
The rights of Users in Brazil are in line with the "Lei Geral de Proteção de Dados" (LGPD) and provisions here.
The rights of Users in the USA, are in line with the California Consumer Privacy Act of 2018" (CCPA), as updated by the California Privacy Rights Act (CPRA) (collectively the “CCPA/CPRA”) and Virginia Consumer Data Protection Act (VCDPA), to the extent relevant and applicable to the business operations of SimplyBook.me.
SimplyBook.me Ltd DOES NOT sell or share the personal information of its Users and the above rights can be exercised by respective individuals via contact details provided above and free of charge and/or to the extent applicable via your Account, subject to certain conditions and exceptions, to the extent SimplyBook.me Ltd must comply with the relevant law/regulation. The provisions above supersedes any other possibly divergent or conflicting information contained herein.