Privacy Policy of the SimplyMeet.me Software Solution
Overview of our Privacy Policy
This document illustrates the privacy practices of SimplyBook.me Ltd (“We”, “Us” or otherwise) when offering You (“User”) the SimplyMeet.me Software Solution. In order to understand how we achieve this, please read this document carefully. We explain how we collect, use, sometimes share your personal data and what you can do about it, always with the purpose of providing you with our optimal services.
We respect the principles of GDPR: lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality (security), and accountability; in all our business operations involving processing of personal data.
This document explains how we comply with the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) and other national and international applicable laws and regulations in all our business operations. For our compliance, we have implemented appropriate measures and keep records demonstrating compliance with the GDPR and responsibility for the processing of your personal data.
Please note that, unless otherwise defined below, all the definitions contained in the Legal Documents (see above) are applicable in this document.
II. Our information
We are SimplyBook.me Ltd, the legal and beneficial owner of the SimplyMeet.me Software Solution, a platform which facilitates the online scheduling of meetings (the “Software”). For this document and all privacy and personal data protection purpose, our information and contact details is as below:
The national data protection authority relevant to our operations is the Cyprus Commissioner for Personal Data Protection (check their website here).
We collect and process the personal data outlined below for the specific purposes and defined legal bases explained in this section.
1.ACCOUNT DATA: The personal data you provide when registering for, and using, your SimplyMeet.me Account.
Data collected: name, contact email address, profile photo, bio, and other optional details you add to your profile.
Purpose: To operate our website, provide the SimplyMeet.me Software Solution to you, ensure the security of our operations, maintain our databases, and communicate with you.
Legal Basis: The processing of essential data, such as your name and email address, is based on Contractual Necessity to provide you with our SimplyMeet.me Software Solution. The processing of any optional data you add to your profile, such as a photo or bio, is based on our Legitimate Interest to provide a richer user experience.
Important Note: Please note that we need to keep track of your preferences when selecting specific settings. When you integrate an online calendar to the Account, we do not have access to the personal data included in your calendar events (i.e., names, emails, location) but only check your availability status for scheduling purposes.
2.USER'S CLIENTS DATA: This is the information entered into the system by your clients when they book a meeting with you.
For this data, you are the Data Controller. You are responsible for having a lawful basis to collect and process your clients' personal data. We act as a Data Processor on your behalf and only process this data according to your instructions to provide the SimplyMeet.me service to you.
Source: Your clients, who provide this data when scheduling a meeting with you.
Purposes: To operate the system so your clients can effectively book appointments with you.
Legal Basis: Our legal basis for processing this data as a Data Processor is our Contractual Obligation to you, the User, to provide the booking services as agreed.
3.USAGE DATA: Information related to your interaction with the SimplyMeet.me website and software.
Data collected: IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, and website navigation paths, as well as information about the timing, frequency, and pattern of your use.
Source: Analytical tracking systems, such as Google Analytics.
Purposes: To understand how our service is used, to improve our website and software, and to offer usage suggestions that might suit your needs.
Legal Basis: We process this data based on our Legitimate Interest to monitor and improve our website, system, and services. You have the right to object to this processing.
4.QUERY DATA: Personal data contained in any inquiry you submit to us via email or live support.
Data collected: Name, contact email address, and any other details you include in the communication.
Source: You are the source of this information.
Purposes: To check and respond to your query and to improve our system and services where required.
Legal Basis: We process this data based on our Legitimate Interest to respond to your queries and ensure the proper operation of our services.
5.FINANCIAL DATA: Information relating to your transactions for your SimplyMeet.me Account.
Data collected: Your name, surname, contact details, and transaction details.
Source: You are the source of this information.
Purposes: To supply our SimplyMeet.me Software Solution efficiently and to keep proper records of transactions.
Legal Basis: Processing is necessary for Compliance with a Legal Obligation, specifically for proper accounting and financial record-keeping.
IV. Storage of your personal data:
Where do you keep my personal data?
Your personal data is stored on Google Cloud servers located in Germany (EU). Check out how we always prioritise the importance of information security, here.
How long do you keep my personal data for?:
We will keep your data as long as necessary to provide you the SimplyMeet.me Software Solution and make sure you can use your SimplyMeet.me Account for the duration that your SimplyMeet.me account is active.
Upon account cancellation, your data will be permanently deleted after a max 90-day backup retention period.
We may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, such as accounting laws.
Personal data processed for transactional purposes will be kept in our records for 7 years for financial reporting and VAT purposes.
V. Our appropriate technical and organisational measures:
We rely on the concepts of “privacy by design” and “privacy by default” and follow the data protection principles effectively and safeguard individual rights. Where required, our team will perform a Data Protection Impact Assessment (“DPIA”) for identifying and minimising the data processing risks of a project.
In order to operate effectively as a company and also provide flawless services, products and features, we must share some of your personal data.
We share your personal data for the purposes of providing the SimplyMeet.me Software Solution and making sure you can operate your SimplyMeet.me Account with the below sup-processors. The sharing is limited to the extent required for the specific purposes mentioned and for the period required only.
The sharing is limited to the extent required for the specific purposes and for the period required in order to ensure our business operations. Therefore, our services to you will not be jeopardised and your rights are not infringed.
We also perform at least an annual review of all our suppliers with whom we share personal data.
In order to provide the SBPay in either version we will collect and store: all processing transaction data, time, name of Your Client, amount, item being purchased, if recurring or not, IP address and payment processor relating to the transaction.
Note that we do not store full credit card information and hence avoid identification of the card owner. We also engage PCI-DSS certified Payment Service Providers or equivalent and to the extent possible.
Data is stored: Germany (EU) on Google Cloud.
(b)Sharing as part of the team.blue group:
SimplyBook.me is part of team.blue Group and we may share personal data of our users with other entities within the Group, subject to provisions of our internal Global Data Sharing Framework.
The team.blue Group, consisting of several brands and subsidiaries, can improve coordination and resource allocation by sharing data internally. This allows for more efficient collaboration on product, campaign, and customer service improvements. Personal data may be shared among team.blue Group companies for marketing statistics, internal administration, and reporting purposes, but only in an amount necessary for the intended use and with proper protective measures in place to prevent unauthorised access or disclosure.
(c)Sharing with sub-processors:
We have appointed sub-processors with which we will share your personal data such as:
- appointed service providers, business partners, and third-party vendors who assist us in delivering our services
- legal authorities, regulatory bodies, and other third parties when required by law.
All data processing activities with parties located within the EU and EEA are governed by the provisions of the GDPR and respective Data Processing Agreements.
When we transfer your personal data to a country not located in the EU or EEA:
- we will check and ensure that specific legal mechanisms and safeguards are in place: and such us “adequate decision” for that jurisdiction, concluded “Standard Contractual Clauses” (“SCC”) or other;
- we follow the recent developments in the law and do not rely on the Privacy Shield;
- for our business operations which involve the transfer of personal data from the European Union (“EU”) and/or the European Economic Area (“EEA”) to the United Kingdom, we rely on the decision of the European Commission dated on the 28th day of June, 2021 (see more info here).
Find a list of sub-processors as part of our online DPA here. Where there is a change to this list, you will be notified via your SimplyBook.me account and you can submit any objection to the change within 15 days by sending an email to legal@simplybook.me.
VII. Our Cookies Policy:
When you first visit simplymeet.me, you will be asked to provide your consent for the use of non-essential cookies. You can manage your preferences at any time. A link to this policy will be provided in our cookie banner.
General Statements:
(a) For the purposes of security and detection of fraudulent behaviour, SimplyBook.me Ltd has implemented an automated control system, which makes use of cookies and other similar tracking technologies, to track and analyse certain behaviour of the users on the site, associated with their IP addresses and other personal data associated with the browsing on the site. The consequence of such processing is that, if a visitor attempts to engage in fraudulent conduct on the site, for example in order to benefit several times from the same promotion without having the right to do so, SimplyBook.me Ltd reserves the right to exclude such person from the promotion or to take any other appropriate measure for its own protection.
(b) Analytics activities by means of tracking through the use of cookies and similar technologies, aimed at verifying and measuring the quality and effectiveness of SimplyBok.me Ltd’s online advertising campaigns, in order to improve the performance of those campaigns, as well as the services offered by SimplyBook.me Ltd.
(c) SimplyBook.me Ltd uses cookies for functional and statistical purposes, to detect fraudulent behaviour and to measure the effectiveness of advertising campaigns and services.
(d) You can always change cookies settings from your browser and delete cookies completely but when you delete/disable cookies, you may find it hard to use our website efficiently and while cookies do not typically contain any information that personally identifies a user, personal information that we store about you may be linked to the information stored in and obtained from cookies.
What types of cookies do we use, for what purposes and which third parties are involved?
(a)Strictly Necessary cookies: PHPSESSID
These cookies are session and essential and are a general purpose identifier used to maintain user session variables and it can be specific to the site, but a good example is maintaining a logged-in status for a user between pages.
(b)Performance: Advertising & Analytics cookies uses as per below:
Cookie
Purpose
Expiry Period
Party
_pk_id.34.f9d8
It is a pattern type cookie, where the prefix _pk_id is followed by a short series of numbers and letters, which is believed to be a reference code for the domain setting the cookie.
1 year
Piwik
_pk_ses.34.f9d8
To help website owners track visitor behaviour and measure site performance. It is a pattern type cookie, where the prefix _pk_ses is followed by a short series of numbers and letters, which is believed to be a reference code for the domain setting the cookie.
30 minutes
Piwik
_ga
This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the site's analytics reports.
1 year 1 month
Google Universal Analytics
_gid
The purpose of these cookies is to store and update a unique value for each page visited and is used to count and track pageviews.
1 day
Google Analytics
_gat_UA-70295730-5
This is a pattern type cookie where the pattern element on the name contains the unique identity number of the account or website it relates to. It is a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
58 seconds
Google Analytics,
_gcl_au
The purpose is for experimenting with advertisement efficiency across websites using their services
3 months
Google AdSense
__cflb
To distinguish between human users and automated bots
30 minutes
hcaptcha
By the way, you can check our complete Cookies Policy for our Website here.
VIII. Direct Marketing Communications:
We may send you marketing communications under the specific circumstances and legal bases outlined below.
Consent-Based Marketing: Where you have provided your explicit consent, such as by checking a marketing communication box during the sign-up process, we may send you marketing and promotional communications.
This may include contact via email, SMS, or instant messaging.
You have the right to withdraw your consent at any time by clicking the "unsubscribe" link available in every communication.
Marketing to Existing Customers (Legitimate Interest): For our existing customers, we may send marketing communications about our products or services that are similar to those you have previously purchased.
We process your data for this purpose based on our Legitimate Interest, in compliance with the "soft opt-in" exemption. You can object to this and opt-out at any time by clicking the "unsubscribe" link.
Data Usage for Marketing: Your personal data used for marketing purposes is stored in our internal database and will not be shared with third parties for their own marketing purposes.
We may use service providers to assist in our business operations, and any data sharing is safeguarded by data protection and privacy provisions.
We use a self-hosted version of marketing automation tools for user communication related to system usage to avoid external access to your data.
IX. Your rights as data subject:
As per GDPR, You are a “data subject” and have the below rights which you can exercise freely at any time via your SimplyMeet.me Account or by contacting our dpo@simplybook.me
the right to access;
the right to rectification;
the right to erasure;
the right to restrict processing;
the right to object to processing;
the right to data portability;
the right to complain to a supervisory authority;
the right to withdraw consent.
For users that do not fall under GDPR, find more info here.
X. Changes to this Policy
We may update this document from time to time. We will notify you of any material changes by sending an email or by posting a prominent notice within your SimplyMeet.me account before the change becomes effective.
