GDPR Compliance Management
Manage your personal data and privacy preferences in compliance with the General Data Protection Regulation (GDPR).
What is GDPR?
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy that gives individuals control over their personal data. Sarah's Bookings is committed to protecting your privacy and ensuring compliance with GDPR requirements.
Data Inventory and Classification
Review the personal data we collect and how it's categorized.
Personal Data Categories
Sarah's Bookings collects and processes the following categories of personal data:
| Category | Description | Purpose | Legal Basis |
|---|---|---|---|
| Identity Data | Name, username, title | Account creation, booking identification | Contract performance |
| Contact Data | Email address, phone number, address | Communication, booking confirmations | Contract performance |
| Financial Data | Payment information | Processing payments for bookings | Contract performance |
| Booking Data | Service selections, appointment times | Providing booking services | Contract performance |
| Technical Data | IP address, browser type, device information | System security, service optimization | Legitimate interest |
| Usage Data | Information about how you use our website | Service improvement, analytics | Legitimate interest |
| Marketing Data | Preferences for receiving marketing | Marketing communications | Consent |
Data Processing Activities
Review how your personal data is processed within our system:
| Processing Activity | Data Categories | Purpose | Retention Period |
|---|---|---|---|
| Account Management | Identity, Contact | Creating and managing user accounts | Until account deletion |
| Booking Processing | Identity, Contact, Booking, Financial | Creating and managing bookings | 7 years (financial records) |
| Payment Processing | Financial, Identity | Processing payments for services | 7 years (financial records) |
| Communications | Identity, Contact | Sending booking confirmations and updates | 3 years after last interaction |
| Marketing | Identity, Contact, Marketing | Sending promotional materials | Until consent withdrawal |
| Analytics | Technical, Usage | Improving our services | 26 months |
Data Access Requests
Access, download, or request deletion of your personal data.
Access Your Data
You have the right to access all personal data we hold about you. Use the options below to view or export your data.
View My Data
View all personal data associated with your account directly in your browser.
Export My Data
Download all your personal data in your preferred format:
Request Data Correction
If you believe any of your personal data is inaccurate or incomplete, you can request corrections.
Right to be Forgotten
Request deletion of your personal data from our systems.
Data Deletion Options
You have the right to request the deletion of your personal data. Please note that some data may need to be retained for legal or legitimate business purposes.
Delete Specific Data
Select the categories of data you wish to delete:
Delete Account
Warning: This will permanently delete your account and all associated data. This action cannot be undone.
Consent Management
Manage your consent preferences for data processing activities.
Consent Preferences
Control how we process your data by managing your consent preferences:
Essential Data Processing
Processing required to provide our core booking services. This cannot be disabled as it's necessary for the functioning of the service.
Marketing Communications
Receive promotional emails, special offers, and newsletters about our services.
Analytics and Improvement
Allow us to analyze how you use our services to improve functionality and user experience.
Third-Party Data Sharing
Allow sharing of your data with trusted third-party partners for enhanced services.
Data Retention Settings
Manage how long we keep your data in our systems.
Retention Preferences
Configure how long we retain different categories of your personal data. Note that some minimum retention periods may be required for legal compliance.
Account Information
Basic profile data required for your account.
Booking History
Records of your past bookings and appointments.
Payment Information
Records of transactions and payment details.
Communication History
Records of emails and messages between you and businesses.
Usage Data
Information about how you use our platform.
Data Breach Notification
Learn about our procedures in the event of a data breach.
Notification Procedures
In the unlikely event of a data breach that affects your personal data, we are committed to:
- Notifying affected users within 72 hours of becoming aware of the breach
- Providing clear information about what data was affected
- Explaining potential consequences of the breach
- Outlining steps we're taking to mitigate the impact
- Offering guidance on how you can protect yourself
Notification Preferences
Choose how you would like to be notified in the event of a data breach:
Cookie Management
Control how cookies are used when you visit our website.
Cookie Preferences
Manage your cookie preferences by enabling or disabling different categories of cookies:
Third-Party Data Sharing
Control how your data is shared with third parties.
Data Sharing Controls
Manage which third parties can access your data and for what purposes:
Payment Processors
Stripe, PayPal, Square
Purpose: Processing payments for bookingsAnalytics Providers
Google Analytics, Hotjar
Purpose: Analyzing website usage to improve servicesMarketing Partners
Facebook, Google Ads, Mailchimp
Purpose: Targeted advertising and email marketingCalendar Integration
Google Calendar, Microsoft Outlook, Apple Calendar
Purpose: Synchronizing bookings with your calendarCommunication Services
Twilio, SendGrid
Purpose: Sending SMS and email notificationsGDPR Education
Learn more about your rights under GDPR and how we protect your data.
Your GDPR Rights
Under the General Data Protection Regulation (GDPR), you have the following rights:
- Right to be informed - You have the right to know how your personal data is being processed.
- Right of access - You have the right to access your personal data.
- Right to rectification - You have the right to have inaccurate personal data rectified.
- Right to erasure - You have the right to have your personal data erased in certain circumstances.
- Right to restrict processing - You have the right to request the restriction of processing of your personal data.
- Right to data portability - You have the right to receive your personal data in a structured, commonly used format.
- Right to object - You have the right to object to certain types of processing of your personal data.
- Rights related to automated decision making and profiling - You have rights related to automated decision making and profiling.
For more information about your rights under GDPR, please visit the official GDPR website.
How We Protect Your Data
Sarah's Bookings is committed to protecting your personal data through:
- Data Encryption - All personal data is encrypted both in transit and at rest.
- Access Controls - Strict access controls limit who can access your data.
- Regular Security Audits - We conduct regular security audits to identify and address potential vulnerabilities.
- Staff Training - Our staff receives regular training on data protection and security.
- Data Minimization - We only collect the data we need to provide our services.
- Privacy by Design - Privacy considerations are built into all our systems and processes.
For more information about our security practices, please visit our Security Features page.