What sort of personal data do we collect?
We collect information that you provide to us when you purchase our Services, including:
support ticket contacts (name, email, telephone number)
We collect technical information about you when you visit and interact with our services to help us administer, protect, and improve our Services; analyse usage; and improve users’ experience, including:
your internet connection (IP address)
country and telephone code where your computer is located
web page accessed during the visit
the type of download that you made from the website, but not the content of that download
the type of device used to access the service
We collect details of your interactions with us when you require support for our services, such as:
Information that you choose to submit regarding a problem that you are receiving with a service
Information that you choose to send, receive, post, share.
Not all of the personal information that we hold about you will necessarily come directly from you. There may be times that it comes from your employer, other organisations to which you belong, or a professional service provider, if they use our Services.
We also collect personal information from third parties such as our partners, service providers, and publicly available websites, to offer Services we think may be of interest and to help us maintain data accuracy and provide and enhance the Services.
2.1 How and why do we use your personal data?
We use your data to provide the service and personalise your experiences, including processing transactions with you, authenticating you when you log in, providing customer support and operating and maintaining the services.
We may also use this data to offer you products or services that are most likely to interest you. The data privacy law allows this as part of our legitimate interest in understanding our customers and providing the highest levels of service. Of course, you also have the right to refuse certain contact permissions and you may choose not to share your personal data with us, which may impact our ability to provide some services that you have asked for.
We process personal information for these Service- and business-related purposes:
Account set up and administration: We use personal information such as your name, email address, phone number, and information about your device to set up and administer your account, provide technical and customer support and training, verify your identity, and send important account, subscription, and Service information.
Marketing and events: We use personal information to deliver marketing and event communications to you across various platforms, such as email, telephone, text messaging, direct mail, and online. If we send you a marketing email, it will include instructions on how to opt out of receiving these emails in the future. Please remember that even if you opt out of receiving marketing emails, we may still send you important Service information related to your accounts and subscriptions.
Surveys and polls: If you choose to participate in a survey or poll, any personal information you provide may be used for marketing or market research purposes.
Personalisation: We use personal information to deliver and suggest tailored content such as news, research, reports, and business information and to personalise your experience with our Services.
Research and development: We use personal information for internal research and development purposes and to improve and test the features and functions of our Services.
Hosted services: Some of our Services provide data and document storage as an integral part of the product or solution offering. Documents and data stored by our customers may contain personal information. Any information stored by or on behalf of our customers is controlled and managed by and only made accessible to those customers or others our customers may authorise from time to time. Our access to this information is limited to our personnel with a critical business reason, such as technical support.
Legal obligations: We may be required to use and retain personal information for legal and compliance reasons, such as the prevention, detection or investigation of a crime; loss prevention; or fraud.
2.2 How we protect your personal data?
Data security matters to all of our customers, and we will treat your data with the utmost care, taking the appropriate steps to protect it.
We use data hosting services to host the information that we collect, and configure TLS to prevent interception of data transmitted over networks and to restrict access to the databases and other storage points used.
Access to your personal data is password protected, and we regularly monitor our systems for possible vulnerabilities and attacks.
2.3 How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
For information stored in backup archives, we will securely store the information and isolate it from any further use until deletion is possible.
2.4 Who do we share your data with?
We sometimes share your personal data with trusted third parties.
The policy that we apply to those organisations to keep your data safe and protect your privacy:
We provide only the information they need to perform their specific services.
They may only use your data for the exact purposes that we specify in our contract with them.
We work closely with them to ensure that your privacy is respected and protected at all times.
If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
Below are the parties that we may share personal information with.
Within our affiliated companies: Our business is supported by a variety of teams and functions, and personal information will be made available to them to provide our Services. Personal information will be made available when necessary to fulfil the Services that we provide to you.
Our business partners: We occasionally partner with other organisations to deliver co-branded Services, provide content, or to host events, conferences, and seminars. As part of these arrangements, you may be a customer of both BookingLab and our partners, and we and our partners may collect and share information about you.
Our third-party service providers: We partner with and are supported by service providers around the world. Personal information will be made available to these parties only when necessary to fulfil the services they provide to us, such as software, system, and platform support; direct marketing services; cloud hosting services; advertising; data analytics; and order fulfilment and delivery. Our third-party service providers are not permitted to share or use personal information we make available to them for any other purpose than to provide services to us.
Third parties for legal reasons: We will share personal information when we believe it is required, such as:
To comply with legal obligations and respond to requests from government agencies, including law enforcement and other public authorities, which may include such authorities outside your country of residence.
In the event of a merger, sale, restructure, acquisition, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
To protect our rights, users, systems, and Services.
Certain trusted third parties are based outside of the European Economic Area (EEA), so their processing of your personal data will involve the transfer of data outside of the EEA. Whenever we transfer your data outside of the EEA, we will check that at least one of the following safeguards is implemented:
Where providers are based in the United States of America, we may transfer data if they are part of the Privacy Shield. For further details, https://www.privacyshield.gov/list.
Where we use certain service providers, we may use specific contracts approved by the European Commission, which give personal data the same protection as it has in Europe.
3. Personal data rights
3.1 What is personal data?
Personal data is defined by the General Data Protection Regulation (GDPR) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified.
Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
3.2 What are your rights over personal data?
You have the right to request:
How we use your personal data (why, how long for, who we share it with).
Access to the personal data we hold about you, free of charge in most cases.
The correction of your personal data when incorrect, out of date or incomplete.
To be forgotten, resulting in the deletion or disposal of any of the personal data that we hold about you.
To restrict (i.e. prevent) the personal processing of your data, for example, that we stop using your personal data for direct marketing (either through specific channels, or all channels).
To object to us using your personal data for a particular purpose.
Data portability, meaning that if you have provided personal data to us, and that data is processed using automated means, you can ask for a copy of that data to re-use with another service.
The review of any decision made based solely on automatic processing of your data (i.e. where no human has yet reviewed the outcome and criteria for the decision).
4. Other important privacy information
4.1 Notice to end users
Many of our products are intended for use by organisations. Where the Services are made available to you through an organisation (e.g. your employer), that organisation is the administrator of the Services and is responsible for the accounts and/or Service sites over which it has control. If this is the case, please direct your data privacy questions to your administrator, as your use of the Services is subject to that organisation's policies. We are not responsible for the privacy or security practices of an administrator's organisation, which may be different than this policy.
4.2 Our policy towards children
Our services are not directed to individuals under 16. If we become aware that a child under the age of 16 has provided us with personal information we will take steps to delete such information. If you become aware that a child has provided us with personal information, please contact us via the contact details specified in this section.
4.3 Contact us
We hope this information has been helpful in setting out the way we handle your personal data and your rights to control it. If you have any questions, or would like to contact us:
bookinglab is a trading name of BookingLab Ltd. Registered in England. Company no: 11764238. Registered Office: The Lewis Building, Bull Street, Birmingham, B4 6AF.
You have the right to make a complaint at any time to the Information Commissioners Office (ICO), the UK’s supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
Don’t just take our word for it — see a system in action.