The booked4.us service (hereinafter “Service”) is a cloud based online scheduling system which is capable of being embedded in a website.
The service provider and data controller company is booked4.us Kft. (hereinafter “Service Provider”), who shall be data processor regarding to customers who use the service.
Company data:
Name: booked4.us Kft.
Seat: H-2600 Vác, Zichy H. utca 12.
Company representative: Balogh Péter
Company registration number: 13-09-198371
VAT number: HU26668901
Financial institution holding account: Erste Bank (GIBAHUHB)
Bank account number: HU54116000060000000084765802
E-mail: info@booked4.us
Phone: +36 1 998 9123
User Categories:
Site visitors: Visitors of the websites of the Service Provider, who do not register on the website and do not intend to use the Service, neither as User nor as Costumer.
Newsletter subscribers: Visitors of our websites who subscribe to regular and occasional newsletters by selecting the related checkbox on the website.
Users: Any natural persons, identified or (directly or indirectly) identifiable based on personal data, standing for a business organization subscribing to the Service and creating a booking system instance or using the system instance with an administrator or employee account and using the Service for booking purposes.
Costumers: Any persons booking appointment(s) for a service following her or his registration on the system instance of a User. Upon the registration personal data of the Costumer will be stored in the system of the Service Provider as data processor.
The booked4.us online booking system is collecting and processing personal data from the users for the purposes and in the extent described in following points.
I. All users ( Site visitors, Newsletter subscribers, Users, Costumers)
Upon visiting our websites technical data will be stored on our webservers from the devices of the users.
A.) Cookies
1. The websites of the Service Provider and the booking system contain cookies. A cookie is a text file that a web browser stores on a user's machine. Cookies are used by the user’s device for authentication, storing website information/preferences, other browsing information and anything else that can help the user while accessing the Service. Cookies do not contain any persona data like name, address, email address, etc.
2. There is no need for special browser settings in order to save cookies on your device. At default settings your browser will receive cookies and store them on a list (“temporary internet files”), as it does not present any risk. In case you decide not to accept Service Provider’s cookies, you can inactivate it in the browser settings. For further information please read the Help menu of your browser.
3. If you accept the use of cookies, they will be stored on your device, for the time being you delete them. Please note, that declining cookies can cause limited functionality of the Web site and the Service.
4. Please be informed that upon visiting our website(s) third party cookies are used as well, which help the Service Provider to get statistics about page visitors and social media trends and to … marketing activities.
Third party cookies built in to the Service Provider’s website(s) and to the booking system (Service):
Google Analytics
Smartlook
Vimeo
booked.us session cookie
5. There are links and icons on the Service Provider’s websites - e.g. Facebook Like button, You Tube video link) - which refer to other websites using cookies as well. Information about using cookies on these websites are to be found on the concerning website. Service Provider does not review third party websites and does not take responsibility for the content of third party websites.
6. Unless you want to receive certain type of cookies, you have the option to configure your internet browser to block using cookies or to send you notification if a website uses cookies. For further information about this functionality and to change the cookie settings, please read the Help of your browser.
7. By using the Service User accept that limiting cookie functionalities certain functions of the Service are not available.
B.) Data processors of Service Provider
- Google Analytics
We collect technical data about the visits on our website and usage of the Service by using Google Analytics. The data gathered by Google Analytics (e.g.: type of device, type of browser, language settings, referring website, IP address of browsing device and other geographical data) are stored anonymously and independent of personal data. These data are for statistical analytics for optimizing the system’s utility and marketing.
Duration of preservation: we store the anonymous data gathered by Google Analytics for at most 3 years.
- Smartlook
By using Smartlook we can analyze the clicks happening on the website and the system’s user interface and the behavior of the visitors without storing the data recorded by them. The goal is to improve the user interface and make the usage of the system more easy and understantable.
Duration of preservation: we store the anonymous data gathered by Smartlook for at most 1 year.
Our websites may contain plug-ins of facebook.com social media network. The plug-in forwards to the provider that which of our websites did you open. If you are logged in to your Facebook account during browsing our website, the provider can compare the information you are interested in (that you have reached) with your user account. In case of using the plug-in’s function (e.g.: clicking on the “Like” button, commenting), the browser will send this information directly to the provider for preservation.
You can find further information about how do Facebook collects and use data, as well as your rights related to data controlling mentioned above and your available possibilites in the provider’s privacy policy: http://www.facebook.com/policy.php
If you want to avoid connecting the visit of our website with your Facebook or Twitter account, you have to sign out of these accounts before opening our website.
II. Newsletter subscribers
A) Data controlling related to the newsletter
- Legal basis: consent of the affected natural person which can be given by clicking in the related checkbox on the website or the blog by subscribing to the newsletter or register to the trial period.
- Goal: sending regular and occasional newsletter about updates of the service, tips, professional content and messages with marketing goal.
- Controlled data: name, email address
- Duration of data controlling: until the existence of the newsletter service, or the withdrawal of consent (request of deletion). One can withdraw the consent by using the link at the bottom of the newsletter or sending an email to data-control@booked4.us.
B) Data processors of Service Provider
- SurveyMonkey
- We collect and store survey data about client satisfaction and marketing by using SurveyMonkey, which are voluntary.
Duration of preservation: for at most 3 years after filling the survey.
III. Users
A.) Data controlling related to registration and creation of scheduling system
- Legal basis: The User or its natural person representative gives its consent to data controlling by registering to the free trial period of the Service, filling the registration survey and checking the checkbox about accepting this data controlling informative.
- Goal: creating a new scheduling system for the User with default settings, identifying the User, possibility of contacting (in favor of phone or personal support to get to know the needs and help with the settings and offering a proposal), giving information about functions and services.
- Controlled data: full name, email address, password, phone number, id of scheduling system and data given during setting the system (e.g.: opening hours, services, language setting, etc)
- Duration of data controlling: if the User does not become a subscriber after the free trial period and he/she does not give its consent for keeping their data and further contacting, their data will be deleted in at most 30 days after the end of the trial period.
B.) Data controlling related to subscription
- Legal basis: The User gives its consent to data controlling by filling the subscription form and checking the checkbox of accepting Terms and Conditions.
- Goal: Serving, contacting based on contracted legal relationship, informing the User as Service subscriber about new functions and services; creating invoices suitable for regulations and fulfilling the accounting document keeping obligation.
- Controlled data: name, email address, phone number of natural person representative; company name, seat, site address, phone number, email address, website, customer id, scheduling system id of legal person and data given during setting the scheduling system (e.g.: opening hours, services, language settings, etc.).
- Duration of preservation: For at most 3 years after the existence of an active contracted connection (subscription), or the natural person’s representative state. The invoices have to be kept for 8 years from invoicing based on 169. § (2) of Act C of 2000 on accounting. We inform you that if you withdraw your consent for invoicing, the Data controller has the right to keep your personal data known from invoicing for 8 years based on the 6. § (5) of Act CXII of 2011 on Informational Self-determination and Freedom of Information.
C.) Data controlling related to customer service (support)
- Legal basis: Explicit consent of the User by filling the registration or subscription form.
- Goal: proactive support of registered Users: offering help for setting up the system, surveying client satisfaction, ask about unique needs and subscription intention, call for proposal; receiving client needs through incoming calls, support Users with system usage, handling complaints and other general contact functions.
- Controlled data: name, phone number, customer service notes without personal data about needs, questions, technical problems and data given during registration and subscription (see above).
- Duration of data controlling: see in Data controlling related to registration and creation of scheduling system and Data controlling related to subscription chapters
D.) Data controlling related to phone contact (support)
- Legal basis: The Service Provider can record the customer service’s phone calls in favor of fulfilling sales and services, giving information and quality assurance. The legal basis of this data controlling is the affected person’s consent. If the Service Provider wants to record the call, it notifies the called party and ask for consent.
- Goal: The goal of outgoing calls and the related data controlling is to proactively support the registrated Users: offer help for setting up the system, surveying client satisfaction, ask about unique needs and subscription intention; in case of incoming calls the goal is to receive client needs, support Users with system usage, handling complaints and other general contact functions
- Controlled data: name, phone number, customer service notes about the content of the call without recording personal data; if recording the call, the sound recording and the related scheduling system’s id.
- Duration of data controlling: we store the phone calls and the related data for at most 3 years. The recorded audio material is searchable by phone number and the date of the call.
F.) Data processors of Service Provider:
- ZOHO CRM
We store the CRM kind data of the trial period registrations, active subscribers and customer service communications in the ZOHO CRM system. Duration of preservation: for at most 30 days after the expiry of the trial period, in case of subscription: for at most 3 years after the existence of an active contracted connection (subscription), or the natural person’s representative state.
- Sales Autopilot
- We store the CRM kind data of the trial period registrations, active subscribers and subscriptions in the SalesAutopilot system. Duration of preservation: for at most 30 days after the expiry of the trial period, in case of subscription: for at most 3 years after the existence of an active contracted connection (subscription), or the natural person’s representative state.
- számlázz.hu
We do the invoices, store the invoice’s data, and track the payment status in the Számlázz.hu system. Duration of preservation: The invoices have to be kept for 8 years from invoicing based on 169. § (2) of Act C of 2000 on accounting. We inform you that if you withdraw your consent for invoicing, the Data controller has the right to keep your personal data known from invoicing for 8 years based on the 6. § (5) of Act CXII of 2011 on Informational Self-determination and Freedom of Information.
- SurveyMonkey
We collect and store survey data about client satisfaction and marketing by using SurveyMonkey, which are voluntary.
Duration of preservation: for at most 3 years after filling the survey.
- Amazon Web Services
The Service Provider store the data (controlled and stored by the scheduling system) at the virtual servers (VPS) in the Frankfurt data center of Amazon Web Services, Inc. (seat: 1 Burlington Rd, Dublin 4, Ireland) as data processor. Duration of preservation: see in section Controll data recorded in scheduling system
- Twilio
The incoming and outgoing calls of customer service are going through the Twilio system. We store the technical data of the calls (e.g.: date of the call, duration, called or calling phone numbers) and if recording, the sound material in the Twilio system. Duration of preservation: we store the calls and the related data for at most 3 years.
IV. Customers
A.) Control data recorded in scheduling systems
- Legal basis: natural person’s registration on the User’s scheduling system or booking an appointment without registration and giving consent to data controlling by checking the privacy policy accepting checkbox. Service Provider considered as data controller (see section 8 in Terms and Condition)
- Goal: support the practical roles of the User related to managing the appointments, reception of clients, and providing services, e.g.: preparing for providing the service, identifying the client at the agreed date, giving information if the date is changing or the appointments has to be cancelled, giving information, follow-up, managing technical information automatically coming from the browser (e.g.: type of device, operating system, language setting, size and type of display); support any online payment and invoicing related to the appointment, transmission of payment and billing details to external systems for providing the payment (Barion) and invoicing (Számlázz.hu) process, follow-up and management of transactions and invoices.
- Controlled data: full name, email address, phone number, (password in case of registration), id of the scheduling system, chosen service provider, chosen service during booking, chosen date and time, time of arrival, name and id of calendar related to the service (can relate to location, colleague or any other thing specified by the User), any other information specified by the User that can be filled in the booking survey, any payment and billing data (payment method and details, billing name, address and tax number), contact details (name, e-mail address, telephone number) in the contact list of the telephone used by the User, IP address of User who gathers bookings, managing technical information automatically coming from the browser (e.g.: type of device, operating system, language setting, size and type of display)
The contact data in the User's telephone contact list will be processed by the Data Controller only if the User opts for the automatic form filling option and gives his/her consent to the data processing.
- Duration of data controlling: the data is stored in the database of the scheduling system for at most 3 years from the last booked date of the User’s customer.
B.) Data processors of Service Provider:
- Amazon Web Services
The Service Provider store the data (controlled and stored by the scheduling system) at the virtual servers (VPS) in the Frankfurt data center of Amazon Web Services, Inc. (seat: 1 Burlington Rd, Dublin 4, Ireland) as data processor. Duration of preservation: see in section Controll data recorded in scheduling system
V. Data transfer
Service Provider shall not transfer the data of Newsletter subscribers, Users, Costumers to third parties.
VI. Data security
1. Service Provider takes all necessary measures (organizational and technical) to ensure the highest level of security for the protection of personal data or the prevention of unauthorized alteration, deletion or use of such data.
2. Service Provider takes all necessary measures to ensure data integrity, i.e., the accuracy and completeness of the data handled or processed by it.
3. Service Provider protects the data with appropriate measures in particular against unauthorized access, alteration, transfer, disclosure, deletion or erasing or accidental destruction, injuries or inaccessibility resulting from the change of applied technology.
4. The Service Provider takes all necessary steps to ensure the credibility and confidentiality of the processed data and in order to ensure that data subjects and those entitled can always access the data.
5. Service Provider, in order to comply with the foregoing obligations, reserves its rights to provide information to its clients and partners concerning security leaks detected on the side of clients or partners and, simultaneously, restrict their access to the system and services of the Service provider or certain functions of the Service until the security leak is eliminated.
6. Data privacy incidents are treated according the Service Provider’s internal security policy.
VII. Rights of data subject
1. Service Provider should provide the facility the data subject – through the contact details set out in point 1. -- to request access, rectification or erasure personal data if applicable, and the exercise of the right to object. The data subject can withdraw her or his consent to the processing of personal data, which does not affect legality of data processing with consent before the time of withdrawing.
2. On request of data subject Service provider provides information about data being processed, the source of the data, purpose, legal basis and duration of data processing, name, address and activities of data processor, if applicable, and in case of data transfer, the legal base and the addressee of data transfer. Service Provider should provide information in written and easy recognizable form as soon as possible but at latest within 30 days, free of charge.
3. Service Provider should rectify personal data if it is not real and accurate and the real data Is available.
4. Service Provider erases personal data immediately if the processing is improper, on the request of data subject, if data is incomplete or not real and the law does not preclude the deletion, if the purpose of data processing is terminated, if the term of data processing is over, on the order of the court or the Hungarian National Authority for Data Protection and Freedom of Information. Service Provider does not take responsibility for data being erased from the Service but to be found in search engines in an archived form, deletion should be requested in this case at the provider of the search engine.
5. Service Provider informs subject of data about rectification of data, limitation of data processing or erasure of data. Service Prover should execute rectification, erasure or limitation of processing within 30 days.
6. Subject of data can turn to the following authority in case of a perceived violation of his rights:
Nemzeti Adatvédelmi ls Információszabadság Hatóság (Hungarian National
Authority for Data Protection and Freedom of Information)
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing information: 1530 Budapest, Postafiók: 5.
Phone: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
VIII. STATEMENT OF THE SERVICE PROVIDER
1. The booked4.us Service Provider, as data controller and data processor, acknowledges the binding nature of this Privacy Policy on.
2. The Data Controller undertakes to ensure that its data processing in connection with the Service or the operation of the Service always complies with the requirements laid down in this document and in the Regulation (EU) 2016/679 of the European Parliament and of the council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
3. Service Provider ensures that the present Privacy Policy is constantly available on the www.booked4.us website (hereinafter “Website”). Modifications to the present Privacy Policy enter into force with their publication on the Website.
Budapest, 24 May 2018.