TimeCenter Data Protection Policy
Last updated July 5, 2018
Your privacy is important to us at TimeCenter. In this policy, we explain how we collect and use your personal information. We also inform you about your rights and how to use them.
Who is the controller?
TimeCenter provides a platform that allows businesses (for example hair dressers, gyms, and spas) to offer a simple booking solution to their customers. In this policy, we will refer to these businesses as service providers.
When you make an appointment, we will simultaneously create a TimeCenter account (if you don't already have one) and a customer profile with the service provider. The service provider is the controller for the personal information in the customer profile. TimeCenter merely helps the service provider with managing this information (a legal term for TimeCenter's role in this context is "data processor"). TimeCenter is the controller for the information stored in your TimeCenter account. TimeCenter is the controller for all other processing on the TimeCenter platform, unless otherwise stated.
There are many ways you can contact TimeCenter, including by phone, email and post. See below for our contact details.
You can contact a service provider via the TimeCenter platform by phone, email and post.
What kind of information do we collect?
We collect personal information to provide you with the service and to make our service better. We collect some of that data on behalf of service providers. Examples of personal information that we collect are:
- Personal and contact information such as name, mobile number, e-mail address.
- Information specific to a service provider, such as food preferences or other custom data fields
- Information contained in communications, such as booking confirmations
- Booking-related information, such as booking records
- Information about which service provider you have booked at
- What services you booked, as well as when and where
- Information about your device, such as IP address, time zone, operating system, web browser
What are we using the information for?
This section explains for what purposes we process your personal information. Note that a service provider may process your information for other purposes. Please read the service providers' booking policy for more information about how the service provider processes your information.
- Provision of products and services
- We process your information to identify you as a customer or user, to manage and convey bookings and orders, to send confirmations and reminders about bookings and to allow the service provider to contact you regarding your booking. In addition, we may process your information for support and incident management purposes, and to handle complaints and claims.
Legal basis: Fulfillment of agreement
- Information security and to prevent abuse of services
- We process your information to keep our platform secure, to detect and prevent abuse and illegal use of our platform. We also process your information to prevent abuse of services as well as to detect and prevent fraud, virus attacks and other harmful behaviour.
Legal basis: Legitimate interest to maintain the security of the service and prevent abuse of the service
- Compliance with laws
- We may process your information to fulfill our statutory obligations.
Legal basis: Legal obligation
- Other communications about services
- We will process your information when you communicate with us, for example when we answer one of your questions about services offered by a service provider. When you call our customer service, we may record the conversation. We do this to educate our employees and improve our way of working to help you in the best possible way.
Legal basis: Legitimate interest to handle requests and to communicate with users
- Development of services
- We process your information to develop and manage our operations, services, and processes. For this purpose, we may also compile statistics for analysis needs.
Legal basis: Legitimate interest to develop our business and our services
- Direct marketing
- We process your information to directly market our products and services to you on social media and the internet. This includes for example marketing via post, phone, sms, email, online ads and social media such as Facebook. We may also compile statistics for evaluating the efficiency of our marketing campaigns.
Legal basis: Legitimate interest to market our services and products, consent
- Reviews of services and products
- We may use a review of a service provider that you have published on our platform for marketing campaigns.
Legal basis: Legitimate interest
How long do we keep your information?
Unless otherwise stated, we will keep your information for as long as it is necessary to perform our contractual obligations towards you and as long as required by statutory retention periods.
- Information in your TimeCenter account will be kept as long as you actively use your account. By that we mean that you either log in to your account or make a reservation with your registered email address. After an inactive period of 36 months, your account will be deleted and your information in TimeCenter's own database will be deleted.
- Your user profile at a service provider is saved until the service provider erases it. TimeCenter recommends each service provider to erase profiles after an inactive period of 36 months.
Where do we process your personal information?
We use third parties located in other countries to help us run our business. As a result, personal data may be transferred outside European Union. We have taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data outside the EU are done lawfully. Where we transfer personal data outside of the EU to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will be under an agreement which covers the EU requirements for the transfer of personal data outside the EU, such as the European Commission approved standard contractual clauses. The European Commission approved standard contractual clauses are available here.
Who do we share your information with?
TimeCenter does not share your information with third parties unless stated here or with your permission. Due to the nature of our service, we have to share your information with the parties below:
- Suppliers who process data on our behalf - To a certain extent, we rely on suppliers to deliver our services. These suppliers will process your information according to the written instructions that we have imposed on them by means of a legally binding contract. This makes sure that these suppliers will not use your information for purposes other than specified by us.
- Service providers - When you make a booking with a service provider you will give the service provider access to the information you provided at the time of booking.
- Authorities - We may be required by law to disclose your information to government authorities.
- Change of Ownership - In the event that we are involved in a bankruptcy, merger, acquisition, reorganization, or sale of assets, your personal data may be sold or transferred as part of that transaction. This Data Protection Policy will apply to your personal data as transferred to the new entity.
- Other - With your consent, we may also share your information with other third parties.
Your rights and how to exercise them
You have certain rights regarding your personal information. TimeCenter and the service providers on our platform are responsible for fulfilling these rights. Please see further information about these rights, when they are available and how to exercise them below.
- Right to access. You can request a copy of the information you would like to know and verify the information we have about you. The copy is free to request.
- Right to rectification/amendment. You have the right to request for your information to be amended or rectified where it is inaccurate and to have incomplete information completed.
- Right to erasure. You have the right to obtain the deletion of your information under certain circumstances.
- Right to restrict processing. You have the right to restrict our processing of your information in some cases.
- Right to object. You have the right to object to our processing of your information in some cases.
- Data portability. You have a right to receive your information provided by you to us and have the right to send the data to another organization (or ask us to do so if technically feasible). Note that this does not apply to the information we process about you.
- Withdraw consent. Where we process personal data based on consent, individuals have a right to withdraw consent at any time.
- Complaints. If you do want to complain about our use of personal data, please send an email with the details of your complaint to us at the contact details below. You also have the right to lodge a complaint with the supervisory authority in your country of residence. Datainspektionen is the Swedish supervisory authority for data protection. For further information on your rights and how to complain to complain to Datainspektionen, please refer to Datainspektionen's website.
If you have any questions about this privacy statement or how and why we process personal data, please contact us at:
256 67 Helsingborg
Company number: 556897-7747
E-mail: support (insert at-sign-here) timecenter.com