1. Introduction

Booker ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our scheduling platform and related services (the "Service").

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read this policy carefully. By using the Service, you consent to the practices described in this Privacy Policy.

2. Data Controller

For the purposes of the UK GDPR, Booker is the data controller for the personal data we collect directly from you when you use our Service.

Professionals who use our Service to manage their client appointments act as independent data controllers for their client data. We act as a data processor on their behalf for that data.

3. Information We Collect

3.1 Information You Provide

We collect information you provide directly to us, including:

Account information: Name, email address, password, phone number, and professional details when you register
Profile information: Business name, profession type, services offered, pricing, and availability
Booking information: Appointment details, dates, times, and any notes or special requirements
Payment information: Billing address and payment card details (processed securely by Stripe)
Communications: Messages, feedback, and correspondence with us or other users

3.2 Information Collected Automatically

When you use the Service, we automatically collect certain information:

Device information: Device type, operating system, browser type, and unique device identifiers
Usage information: Pages viewed, features used, actions taken, and time spent on the Service
Log data: IP address, access times, and referring URLs
Cookies and similar technologies: As described in our Cookie section below

3.3 Information from Third Parties

We may receive information from third-party services you connect:

Calendar services: Event and availability data from Google Calendar or Apple Calendar when you enable synchronisation
Payment providers: Transaction status and payment confirmation from Stripe

4. How We Use Your Information

We use the information we collect for the following purposes:

4.1 Providing the Service

Create and manage your account
Enable appointment scheduling and management
Process payments and subscriptions
Send appointment confirmations and reminders via email or SMS
Synchronise with your calendar applications
Facilitate communication between Professionals and Clients

4.2 Improving the Service

Analyse usage patterns to improve functionality
Develop new features and services
Conduct research and analytics
Troubleshoot technical issues

4.3 Communications

Send service-related notices and updates
Respond to your enquiries and support requests
Send marketing communications (with your consent)

4.4 Legal and Safety

Comply with legal obligations
Enforce our Terms of Service
Protect against fraud and abuse
Protect the rights, property, and safety of our users

5. Legal Basis for Processing

Under UK GDPR, we process your personal data on the following legal bases:

Contract: Processing necessary to perform our contract with you (e.g., providing the Service, processing payments)
Legitimate interests: Processing necessary for our legitimate business interests (e.g., improving the Service, preventing fraud), where those interests are not overridden by your rights
Consent: Where you have given explicit consent (e.g., marketing communications, optional features)
Legal obligation: Processing necessary to comply with our legal obligations

6. Information Sharing

We do not sell your personal information. We may share your information in the following circumstances:

6.1 With Service Providers

We share information with third-party service providers who perform services on our behalf:

Stripe: Payment processing and financial transactions
Amazon Web Services (AWS): Cloud infrastructure and data storage
Email service providers: Sending transactional and marketing emails
SMS providers: Sending appointment reminders

6.2 Between Users

When you book an appointment, relevant information is shared between Professional and Client (e.g., names, contact details, appointment details) to facilitate the booking.

6.3 For Legal Reasons

We may disclose information if required by law, regulation, legal process, or government request, or to protect the rights, property, or safety of Booker, our users, or the public.

6.4 Business Transfers

If Booker is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your personal information.

7. International Data Transfers

Your information may be transferred to and processed in countries outside the UK, including countries where our service providers operate (such as the United States for AWS and Stripe).

When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO), or transfers to countries with adequate data protection laws.

8. Data Retention

We retain your personal data for as long as necessary to:

Provide the Service and maintain your account
Comply with legal and regulatory obligations
Resolve disputes and enforce our agreements

Specific retention periods include:

Active accounts: Data retained while account is active
Cancelled accounts: Data retained for 30 days, then deleted
Financial records: Retained for 7 years as required by UK tax law
Appointment history: Retained for the account lifetime or as required by law

9. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right of access: Request a copy of the personal data we hold about you
Right to rectification: Request correction of inaccurate or incomplete data
Right to erasure: Request deletion of your personal data in certain circumstances
Right to restrict processing: Request limitation of how we use your data
Right to data portability: Receive your data in a structured, machine-readable format
Right to object: Object to processing based on legitimate interests or for direct marketing
Right to withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, please contact us at privacy@booker.com. We will respond to your request within one month.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

Encryption of data in transit using TLS/SSL
Encryption of sensitive data at rest
Secure password hashing
Regular security assessments and monitoring
Access controls limiting employee access to personal data
Secure data centres with physical security measures

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

11. Cookies and Tracking

We use cookies and similar technologies to enhance your experience. Types of cookies we use:

Essential cookies: Required for the Service to function (e.g., authentication, security)
Functional cookies: Remember your preferences and settings
Analytics cookies: Help us understand how users interact with the Service

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Service.

12. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes indicates your acceptance of the updated policy.

14. Complaints

If you have concerns about how we handle your personal data, please contact us first so we can try to resolve your concerns.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Website: ico.org.uk
Telephone: 0303 123 1113

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@booker.com