Privacy Policy Statement (For GDPR and guidelines)

Personal information - what is it?

Privacy Policy Statement

If you’re a customer of ours we need to store some of your personal data (such as your name and contact details) in order to carry out our duties as a website / software provider and to fulfil orders from our shop. We’ll keep your details for as long as you remain a customer, and for six years afterwards as required by HMRC (the UK’s tax office).

If you’re not a customer but you’ve opted in to receive marketing emails from us, we’ll store your email address but nothing else. If you opt out we’ll delete your records immediately. You can opt out whenever you like, by clicking the link in the footer of our marketing messages.

We regularly delete old messages from our email accounts, chat programs and social media accounts in order to avoid storing personal data for longer than needed.

We store personal data about our customers, and email addresses of ‘opted in’ non-customers on our internal CRM (Customer Relationships Manager) system, which is hosted with Rackspace. Booking Online staff have individual logins to this CRM, protected via authenticator apps on their mobile devices. Their level of access to your data depends on their role in the business.

Customer data might also be provided to the third parties below, and is protected by the privacy policies you can read on their websites. Booking Online staff only have access to third party systems relevant to their role in the business. Booking Online reserves the right to provide your data to other third parties if required for the continuous operation of your website, if you request it, or if needed for fraud prevention, insurance claims, or tax reporting purposes. Booking Online Ltd will never give or sell your details to any third party for their marketing purposes.

Some of your contact details are used for your domain name registration, which is usually with Fasthosts. We also use and provide email accounts through Fastmail. We occasionally send newsletters through Campaign Monitor and need to use your email address to do so. You might sign up for an account with Worldpay to allow online transactions through your site. If you instigate a ‘live chat’ with us, that data is stored with Jivo. Some of your data is replicated to our internal support system, provided by Freshdesk, and to our address lookup provider (for Postcode or Eircode lookups) Allies Computing Ltd. We use a few providers to collect payments from customers - EazyCollect, Stripe, Worldpay and Paypal.

Your rights under GDPR:

• The right to be informed: The document you are reading details our use of your data. We will regularly revisit it to make sure of its accuracy. If you have any questions or suggestions, please contact us.
• Right to Erasure: We need to store your details while you’re our customer, and we need to keep some records for six years after that for tax purposes. After that period we will automatically anonymise your personal data and delete any records of our communications. We can remove non-essential data at your request. If you haven’t been our customer in the last six years, and you haven’t opted in to marketing, we probably don’t have any of your personal data anyway - but we’re happy to search if you ask.
• Right to data portability: On request we can provide any personal data we store on you in a universal format like a CSV file or Word document. We probably don’t store any more data than you’d imagine. You can export your customer and product data from your booking system into a CSV file whenever you like, to import to any other provider.
• Right to rectification: If you have access to a Booking Online website you can update your personal data from its ‘Account’ tab, or else you can contact us to make amendments. We strive to ensure that any data we store is as accurate as possible.
• Right to restrict processing: If you’re concerned about the accuracy or use of any of the data we store about you, you can ask us to restrict its processing until we have verified its accuracy and our right to use it.
• Automated decision making and profiling: We do not profile our customers or non-customers beyond the information they provide to us directly, and we do not buy data. The only factors we use in our marketing and advertising efforts are your country of operation and your history of purchases with us.

3. How we handle your CUSTOMER data

Short Version: Booking Online staff only access your customer data when needed to help you use the system or to fix bugs. Third parties involved with hosting your website or emails can also access the data.

Long Version: Your customers’ data is held on a database specific to your site, hosted with Rackspace. You create your own usernames and passwords for your site, which we cannot retrieve, and you can control access to your customer data this way. It is your responsibility to protect your username and password. Booking Online staff may also access your customer data, in the following circumstances:

• Developers might access your database when they need to build or maintain your site, or to fix technical bugs.
• Support Staff only view your customer data if you give them permission, to resolve a problem you have reported.

If we create your Fastmail email account, we also have access to its messages by default. We can lock ourselves out, if requested, but will be unable to help diagnose any email issues until you unlock it.

Some third party providers might also have copies of your customer data. For example, you might have live chats with Jivo, accept payments with Paypal or Worldpay, or use any number of other third party systems (including social media, email hosts, website widgets, etc). It is your responsibility to be aware of the other third parties who might have access to your customers’ data.

Once you are no longer our customer we will keep your data (your database and uploaded files) for one year, unless you ask us to delete it earlier. If you want to keep the booking data after you close your website (and you should, for tax and insurance reasons) you should export them from our system and back the file up securely. We will delete any email accounts we host for you within one week.