"Do you know the difference between education and experience? Education is when you read the fine print; experience is what you get when you don't."
Pete Seeger

privacy and data

image of magnifying glass

Thank you for wanting to know more about the way we handle and treat your data - it is extremely important to us and so we are delighted you want to know more about it.

We've recently updated our terms and conditions, and our privacy policy. It's all written in language that is designed to be understood and read by a 'normal' (apologies lawyers) person.

But to help you along, here are the basics - for us it isn't just the letter of the law that applies here, it is the spirit and principles we take seriously, to protect your data and your contract with us:

If you have any questions at all about the rest of this - please email me, Bridget Harris (the CEO) at bridget@youcanbook.me

Enjoy!

YouCanBookMe Ltd Privacy and Data Protection Policy

  1. General
    1. YouCanBookMe limited ("we" or "us") take the privacy of your information very seriously. Our Privacy and Data Protection Policy is designed to tell you, the user of our availability and booking service ("Service") about our practices regarding the collection, use and disclosure of personal and other information about you or your business that may be provided via this website or collected through our booking form or otherwise.
    2. This policy applies to information provided by our members and account holders ("members") and also applies to information which is processed by us when a person (referred to for convenience as a "Customer") books an appointment using our Service.
    3. By using our website ("the Site") or our Service, you are consenting to the collection, use, and disclosure of that information about you in accordance with, and are agreeing to be bound by, this Privacy and Data Protection Policy.
    4. YouCanBookMe limited is registered under the Data Protection Act 1998 (the "Act"). The Act sets out a number of important principles that organisations must apply when processing personal data. For more information see http://www.ico.org.uk/.
    5. Important Note: If you are using our Service to make a booking with our member or account holder ("account holder") please note that we are a passive processor of that data. We will pass the data you provide onto our account holder in accordance with this policy and we cannot control and we are not responsible for, the use made of that data by our account holder.
  2. Our Policy
    1. We aim to limit our interaction with your data wherever possible. We have a general policy relating to access to your data. We will generally seek only to access that data which is necessary in accordance with the privileges you have granted to the system. Automated processes may scan your data, but only for an explicit purpose to do with the management of your bookings or delivery of other services. When working with data that was originally collected by us, our processes may need to scan and manipulate the information in order to deliver our service to you. We have systems in place which allow you to limit and control the access you allow to your calendar data.
    2. However when working with data or content that was not collected by us and which originated elsewhere (e.g. private information you may have entered on your calendar) our policy is to only access and process a limited amount of outline data which we need to deliver the service to you (e.g. your 'free/busy' times). We will not review and analyse content. Occasionally, to assist with troubleshooting problems you are experiencing with the system, we will seek your permission to access your data. Our policy is always to minimise the instances that this occurs, judge the necessity on a case-by-case basis, not to automate this process and only to do so with the knowledge and permission of the owner of the data.
  3. Ways in which we collect data
    1. We may collect and process the following personal information or data (information that can be uniquely identified with you) about you:
      • certain information required to use the Site or the Service or any other services we offer, including the name and address of you and/or your business and/or your employees;
      • any information which is contained in any third party calendar account (e.g. Google Calendar account) which you have linked with your YouCanBook.me account (but please note our general policy in paragraph 2.1 above);
      • a record of any correspondence between you and us;
      • a record of the bookings made through the Service and other interactions with the Service or the Site;
      • information relating to each individual booking (time, location etc.);
      • information which may be provided to our account holder using an online booking form;
      • information relating to payment transactions which is collected where we collect payment on behalf of our account holder (but we do not collect credit card information which is sent directly from the user to our payment processor).
      • information we may require from you when you report a problem or complaint.
    2. We only collect such information when you choose to supply it to us. You do not have to supply any personal information to us but our Service may not be operable in practice without providing such data to us.
    3. Information may also be gathered through the Site without you actively providing it, through the use of various technologies and methods such as Internet Protocol (IP) addresses and cookies. These methods do not collect or store personal information.
    4. An IP address is a number assigned to your computer by your Internet Service Provider (ISP), so you can access the Internet. It is generally considered to be non-personally identifiable information, because in most cases an IP address can only be traced back to your ISP or the large company or organisation that provides your internet access (such as your employer if you are at work).
    5. We use your IP address to diagnose problems with our server, report aggregate information, and determine the fastest route for your computer to use in connecting to our site, and to administer and improve the site.
  4. Use
    1. We may use this information to:
      • provide the Service to our account holders;
      • communicate availability data from the third party calendar account (e.g. Google Calendar) which is linked with your YouCanBook.me account;
      • communicate data about prospective bookings information to assist in the administration of bookings;
      • assist in making general improvements to our services;
      • carry out and administer any obligations arising from any agreements entered into between you and us;
      • contact you and notify you about changes to our services or bookings or the services we offer (except where you have asked us not to do this);
      • analyse how our services are used.
  5. Sharing your information
    1. We do not disclose any information you provide to any third parties other than as follows:
      • if you are an account holder we will share information about your free and busy times from any third party calendar account (e.g. Google Calendar account) which is linked with your account to anyone who is seeking to make a booking using the Service;
      • if you are an account holder we will share information contained in any booking form or other content created by your with anyone who is seeking to make a booking using the Service;
      • if you are a Customer making a booking we will supply any information you provide to us to our account holder;
      • payment information may be provided to our payment processors;
      • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime);
      • in order to enforce any terms and conditions or agreements for our Services that may apply;
      • we may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation, but we will take steps with the aim of ensuring that your privacy rights continue to be protected;
      • to protect the rights, property, or safety of YouCanBookMe limited, our account holders, or any other third parties.
    2. Other than as set out above, we shall not disclose any of your personal information unless you give us permission to do so.
  6. Security
    1. In order to safeguard the information we collect from you we will take all reasonable steps to ensure that:
      • our servers are protected by security mechanisms and can only be administered via strictly controlled public/ private cryptographic keys;
      • our data processing storage facilities are sited in secure locations to prevent unauthorised access, our infrastructure is provided by Amazon Web Services (AWS) and certifications for infrastructure provided by AWS can be obtained here: AWS Certifications;/
      • all communication with our servers is encrypted through Secure Sockets Layer (SSL), an industry standard encryption method that encrypts data between your computer and our servers so that in the event of your network being insecure no data is passed in a format that could easily be deciphered.
      • regular security assessments of our infrastructure are performed. This includes web vulnerability scans, dependency vulnerability scans, static code analysis, rule based OS inspection and manual assessments.
  7. Access to and correction of personal information
    1. We will take all reasonable steps in accordance with our legal obligations to update or correct personally identifiable information in our possession.
    2. The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you. If you wish to see details of any personal information that we hold about you please contact us by way of our contact page.
  8. Other websites
    1. Our Site may contain links and references to other websites. Please be aware that this Privacy Policy does not apply to those websites.
    2. We cannot be responsible for the privacy policies and practices of sites that are not operated by us, even if you access them via the Site and/or any other service that is operated by us. We recommend that you check the policy of each site you visit and contact its owner or operator if you have any concerns or questions.
    3. In addition, if you came to this Site via a third party website, we cannot be responsible for the privacy policies and practices of the owners or operators of that third party site and recommend that you check the policy of that third party site and contact its owner or operator if you have any concerns or questions.
  9. Transferring your information outside of Europe
    1. As part of the services offered to you the information you provide to us will be transferred to, and stored at, countries outside of the European Union ("EU"). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU or one of our service providers is located in a country outside of the EU (currently our server infrastructure is located in the United States, please see the next paragraph for more information). We may also share information with other equivalent national bodies, which may be located in countries worldwide. These countries may not have similar data protection laws to the UK. If we transfer your information outside of the EU in this way, we will take steps with the aim of ensuring that your privacy rights continue to be protected as outlined in this privacy policy.
    2. Our server infrastructure is provided by Amazon Web Services and is currently based in the United States (although servers may from time to time be based in other countries). Please note that Amazon Web Services transfer and store data outside of the EU in accordance with EU law by operating in accordance with ‘model clauses’ approved by the EU’s Article 29 Working Party. More information can be found at the following link: http://aws.amazon.com/compliance/eu-data-protection/.
    3. If you use our Site or service while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
    4. By submitting your personal information to us you agree to the transfer, storing or processing of your information outside the EU in the manner described above.
  10. Notification of changes to our Privacy Policy
    1. We will post details of any changes to our Privacy Policy on the Site to help ensure you are always aware of the information we collect, how we use it, and in what circumstances, if any, we share it with other parties.
  11. Contact us
    1. If at any time you would like to contact us with your views about our privacy practices, or with any enquiry relating to your personal information, you can do so by way of our contact page.