As your data controller we have:

  • Renewed and updated our privacy policy.

  • Given you the option to opt-in to any future marketing-related correspondence. You can do that via your email preferences.

  • Given you the ability to 'pause' the processing of your data by Bookwhen. See the data processing section on your profile page.

As your data processor we have:

  • Provided an action list to help ensure you're compliant as the data controller of your customers.

  • Created special consent fields which can be easily added to all of your booking forms, so you can easily ask your customers to opt-in to marketing messages and agree to your privacy policy.

  • Ensured your customers can exercise all of their data rights, namely to: - amend any of their personal data, get a report on all of their personal data held on your Bookwhen account, have the right to have that personal data deleted and object to the processing of that data. All of these functions will be available soon via the new Customer List, but in the meantime Bookwhen will happily perform any of these requests on your behalf.

  • Employed the highest standards in terms of data security and protection including: - having a 'cloud' database located in London provided by best-in-class, Google Cloud Platform; having a strict data security organisational hierarchy meaning personal data from your account can only be accessed by limited individuals at Bookwhen and usually in anonymised or pseudonymised form; giving you the ability to automatically delete customer data after a certain period of time; having a clear 'security incident' protocol, including the reporting of any data breaches; and educating all Bookwhen staff on GDPR via a 12 hour course.

  • Created a Data Processing Addendum. If you'd like to request a copy then please contact

Did this answer your question?