Privacy Policy

Last updated: October 9, 2025

Introduction

This Privacy Policy explains how BookThem ('we', 'our', or 'us') collects, uses, and protects your personal information when you use our appointment booking service. We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

User Roles

Our service has two distinct user roles:

Business Owner

A business owner is a user who signs up to the service to manage their business on our platform. They configure business settings, manage staff, services, working hours, and appointments. Business owners have full access to their business data and customer appointment information.

Business Customer

A business customer is an individual who books appointments with a business through our platform. They access the booking system via a public link, provide their contact information, and make appointment reservations. Business customers do not have a login account and interact with the system only for making and managing their appointments.

Data Controller

BookThem is the data controller for the personal data we collect and process. You can contact us at:

Email: privacy@bookthem.online

Address: BookThem, Privacy Department, [Address]

What Data We Collect

For Business Owners

  • Name and email address (from Google OAuth)
  • Business information (name, description, address, phone, website)
  • Working hours and holiday schedules
  • Service offerings and pricing
  • Staff information and schedules
  • Appointment data and customer interactions

For Business Customers

  • Name, email address, and phone number
  • Appointment preferences and booking history
  • Special requests and notes
  • IP address and browser information
  • Language preferences

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract performance: To provide our appointment booking services
  • Legitimate interests: To improve our services and prevent fraud
  • Consent: For marketing communications and non-essential cookies
  • Legal obligation: To comply with applicable laws and regulations

How We Use Your Data

  • Provide and maintain our appointment booking service
  • Process appointments and send notifications
  • Improve our service and develop new features
  • Ensure security and prevent fraud
  • Comply with legal obligations
  • Communicate with you about your account and our services

Data Sharing

We do not sell your personal data. We may share your data only in the following circumstances:

  • With your explicit consent
  • To comply with legal obligations
  • With service providers who assist us in operating our platform (under strict data protection agreements)
  • In case of business transfers (with prior notice)
  • To protect our rights and prevent fraud

Data Retention

At BookThem, we respect your privacy and comply with the General Data Protection Regulation (GDPR). This policy explains how long we keep your personal data and when we delete or anonymize it.

Appointment Records of business customers

What we keep: Date, time, and service booked.

How long: Up to 12 months after your last appointment.

Why: To manage bookings, handle customer service queries, and resolve disputes.

What happens next: Records are deleted or anonymized.

Contact Information of business customers

What we keep: Name, phone number and email address.

How long: up to 12 months after your last appointment, unless you agree to receive ongoing communications.

Why: To contact you about your bookings and provide follow-up service.

What happens next: Deleted or anonymized unless you have given marketing consent.

Contact Information of business owners

What we keep: Name, email address, phone number, business details including staff members, and account information.

How long: Up to 12 months after your subscription expires or until you request deletion.

Why: To manage your business account, provide platform services, and fulfill our contractual obligations.

What happens next: Deleted upon your request or anonymized automatically after the retention period.

Your Rights

Under GDPR, both business owners and business customers have the following rights regarding their personal data:

  • Right to access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure: Request deletion of your data
  • Right to restrict processing: Limit how we use your data
  • Right to data portability: Receive your data in a structured format
  • Right to object: Object to certain types of processing
  • Right to withdraw consent: Withdraw consent at any time

How to Exercise Your Rights

To exercise any of these rights, please send an email to our privacy address with your request. We have implemented the following mechanisms:

  • Right to Access: Email us at privacy@bookthem.online with your request. Include your name and email address (or phone number for business customers). We will provide you with a copy of your personal data within 30 days.
  • Right to Rectification: If you believe any of your personal data is inaccurate or incomplete, email us at privacy@bookthem.online with the corrections. We will update your information promptly.
  • Right to Erasure (Right to be Forgotten): Email us at privacy@bookthem.online to request deletion of your data. For business owners, this will include all business-related data. For business customers, this will include all your appointment and contact information.
  • Right to Restrict Processing: If you wish to limit how we process your personal data, email us at privacy@bookthem.online with your request and the reasons for restriction.
  • Right to Data Portability: Both business owners and business customers can request their data in a structured, machine-readable format. We provide a data export interface that allows you to download your data in JSON format. Email us at privacy@bookthem.online to request access to this export functionality.
  • Right to Object: If you wish to object to certain types of data processing (such as direct marketing or processing based on legitimate interests), email us at privacy@bookthem.online with your objection.
  • Consent Withdrawal: If you wish to withdraw consent for data processing, email us at privacy@bookthem.online. This applies to marketing communications and other consent-based processing.

Response Time: We will respond to all requests within 30 days. If your request is complex or we receive multiple requests, we may extend this period by an additional 60 days, and we will inform you of this extension.

Identity Verification: For security purposes, we may need to verify your identity before processing your request. This helps ensure that personal data is not disclosed to unauthorized parties.

To exercise these rights, contact us at privacy@bookthem.online

Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication
  • Secure data centers and infrastructure
  • Staff training on data protection

Cookies and Tracking

We use cookies and similar technologies to:

  • Ensure proper functionality of our service
  • Remember your preferences and settings
  • Analyze usage patterns to improve our service
  • Provide personalized experiences

You can manage cookie preferences in your browser settings or through our cookie consent banner.

International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area. We ensure appropriate safeguards are in place, including standard contractual clauses and adequacy decisions.

Data Processing Agreement (DPA) Template

We have a long-standing commitment to customer privacy and data protection. As part of this commitment, we have prepared a Data Processing Addendum ("DPA"). To make the Data Processing Agreement (DPA) legally binding, our customers, the business owners, must fill in their details and sign it. You can download the DPA as a PDF from the page and sign it. DPA page.

Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal data from children under 16. If we become aware of such collection, we will delete the data immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through our service. Your continued use constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@bookthem.online

Data Protection Officer: dpo@bookthem.online