Bookme Privacy Policy
This Privacy Policy explains how Red Ocean B.V. (“Bookme”, “we”, “us”) collects, uses, and protects personal data. We are based in the Netherlands, and comply with the General Data Protection Regulation (GDPR).
1. Scope of Application
This Privacy Policy applies to:
- Visitors of our website
- Bookme customers (users of our platform)
- Clients of Bookme customers (individuals who book appointments)
When we process personal data on behalf of our customers (as data processors), the terms of our Data Processing Addendum apply.
2. Personal Data We Collect
We do not engage in automated decision-making or profiling based on personal data.
| Category | Source | Purpose | Legal Basis |
|---|---|---|---|
| Website usage data | Analytics tools (e.g., Google Analytics) | Improve website performance, security monitoring | Legitimate interest |
| Contact form data | Website visitor | Communication, support, marketing | Consent |
| Customer account data | Customer (self-provided) | Account setup, access to services | Contractual obligation |
| Clients of customers | Entered by customer | Enable scheduling and appointment handling | Contractual obligation |
| Public profile data | Entered by customer | Display on public booking pages (when enabled) | Legitimate interest |
| Google API data | User (via OAuth) | Sync appointments to calendar | Consent |
| Communication data | Email or chat interactions | Respond to inquiries, improve service | Legitimate interest |
We do not collect sensitive health or financial data.
3. Purpose and Legal Basis
We process your data based on:
- Your consent (e.g., connecting Google Calendar, marketing opt-ins)
- Contractual necessity (e.g., providing scheduling functionality)
- Legitimate interests (e.g., service improvement, fraud prevention)
- Legal obligations (e.g., transaction record keeping)
4. Publication of Data
When a customer enables public booking pages, selected profile data may be made accessible via:
- Embedded widgets
- Direct URL links
We do not sell or trade personal data. We do not transfer or disclose your Google user data to third parties for purposes other than those outlined in this Privacy Policy. We may share data:
You control what information is published. This publication is entirely optional.
5. Data Sharing
- With Stripe (for payment processing)
- With our sub-processors (e.g., DigitalOcean, Google Analytics)
- With legal authorities if required by law
A list of sub-processors is available upon request. We will notify users at least 15 days in advance of any changes to our sub-processor list.
6. International Transfers
Your data is stored within the EU on secure servers hosted by DigitalOcean. In the event of data transfer outside the EU, we ensure adequate protections under GDPR.
7. Data Retention and Deletion
- For 6 months after user activity or account cancellation
- For 12 months for website visitor logs (e.g., IP address)
- Google OAuth tokens are stored securely and removed when disconnected
Customers may delete their account and data anytime through the dashboard. Residual backups may exist for up to 30 days.
8. Data Security
- Regular data backups and business continuity measures to recover from outages or data loss
- Encryption in transit and at rest
- Token-based secure authentication
- Access control and audit logs
These practices apply to all personal data, including Google user data.
9. Marketing Communications
We may send marketing emails to users who have provided explicit consent during signup or opt-in. You can unsubscribe at any time via a link in each email.
We may also send system-related communications under our legitimate interest.
10. Your Rights
- Access your data
- Correct or delete your data
- Restrict or object to processing
- Request data portability
- Withdraw consent at any time
- File a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens)
To exercise these rights, contact us at: [email protected]
11. Cookies
We use cookies to improve your experience on our website and booking tool. These include:
- Essential cookies – required for the basic functioning of the site and booking functionality.
- Performance cookies – used to understand how visitors interact with the site and to improve performance.
- Analytics cookies – set by Google Analytics to collect information like IP address, browser version, device type, page visits, and interaction data.
These cookies may involve processing of personal data. Google Analytics cookies are used under a legitimate interest basis, and we have configured them to minimize data collection.
You are presented with a cookie banner when visiting our site where you may accept or reject non-essential cookies. Disabling certain cookies may affect the performance of our services.
Currently, we use only Google Analytics as a third-party cookie provider.
We do not currently provide a separate cookie settings dashboard, but you can manage cookie preferences via your browser settings.
12. Children's Privacy
Bookme is not intended for children under 16. If we become aware that data has been collected from a child without parental consent, we will delete it promptly.
13. Changes to This Privacy Policy
We may update this policy from time to time. Material updates will be communicated via email or displayed within the platform. Continued use constitutes acceptance.
This privacy statement was last updated 16 May 2025.