Bookeo has implemented the appropriate technical and organizational measures required by GDPR to safeguard the rights and freedoms of individuals and to ensure compliance with GDPR. We will continue to develop and improve our data protection policies and controls over time, to ensure compliance with the GDPR regulation.
Does my business need to comply with GDPR?
Not every business needs to be compliant with GDPR.
However, if your business is located in the EU or if it explicitly offers its services to customers who are residents of the EU, it must comply with the EU GDPR.
If your business is located in the UK or if it explicitly offers its services to customers who are resident in the UK, it must comply with the UK GDPR.
If your business is located in Switzerland or if it explicitly offers its services to customers that are resident in Switzerland, it must comply with the Swiss nFADP.
Where is my account data stored?
If you are located in the EU, Switzerland, the UK, Iceland, Liechtenstein, or Norway, Bookeo ensures that your account data is stored on Bookeo servers located in the EU.
Does Bookeo transmit my customer data to third parties?
Bookeo only transmits customer data to third parties (sub-processors) where this is necessary to provide some of its functionalities, such as email and SMS delivery.
Bookeo has Data Protection Agreements in place with each of the sub-processors it uses to process your data.
If you wish to receive the list of sub-processors used by Bookeo as a processor, please send an email to privacy@bookeo.com.
You may enable the integration of your Bookeo account with apps or services provided by third-party vendors, such as software applications developed by you or third parties, or services provided by third parties. In this case, Bookeo may transfer your account data to these third parties, according to your integration settings and permissions. Bookeo is not responsible or liable for the processing of data performed by these third-party vendors.
What does my business need to do in order to be compliant with GDPR?
Using a GDPR-compliant data processor does not automatically make your business GDPR compliant. GDPR is a complex law, with many requirements, including documenting how and why your business collects and processes customer data, how it controls employees’ access to such data, and much more.
Bookeo is not qualified to give legal advice about GDPR and how to comply with GDPR. Therefore we recommend reviewing the EU GDPR Regulation, the UK Data Protection Act 2018 (UK GDPR), the New Federal Act on Data Protection (nFADP), or consulting a qualified legal counsel.
If you use Bookeo to process data and your business must be GDPR compliant, we encourage you to take the following actions:
1. Review and sign the Data Processor Agreement
To review and sign the Data Processor Agreement, you should log into your Bookeo dashboard as the account owner and go to the page account>GDPR. This option is only available for businesses located in the EU, Switzerland, and the UK as per your regional settings.
A paid subscription is required to sign the Data Processor Agreement. If you have not already subscribed to a paid plan and would like to review the Data Processor Agreement, please send an email to privacy@bookeo.com to receive a copy.
2. Review the GDPR best-practice recommendations for your Bookeo account
You should review the tutorials we have prepared to help you work towards GDPR compliance:
3. Consult any third-party vendors
You should consult any third-party vendors, including integrations and apps installed in your Bookeo account – for example, email marketing systems, online calendars, payment gateways, accounting systems, and apps developed by your staff or third-party vendors – that may process your customer data to ensure they have sufficient privacy controls in place.
