Privacy Notice
Nggyu Limited, Cronofy Limited and/or Cronofy B.V. (we, us, our, Cronofy) is committed to protecting your privacy and personal data. Your privacy is critically important to us. We have a few fundamental principles:
- We don’t ask you for personal data unless we truly need it.
- We don’t share your personal data with anyone except to comply with the law, develop our products, or protect our rights.
- We don’t store personal data on our servers unless required for the on-going operation of one of our services.
Below is our Privacy Notice (Privacy Notice) which incorporates these goals and details the steps we take to protect your personal data when you access our site and use our app (together, Platform). It describes (i) the services we offer and the according legal status, (ii) what personal we collect, (iii) how we use your data, (iv) your choices regarding our use of it, (v) the steps we take to protect your personal data and (vi) how you can review and correct your personal data.
We reserve the right to modify this Privacy Notice at any time and the version that will apply to your use of the Platform will be the version that is current and displayed on the Platform on the date on which you access it, so please ensure that you check this page periodically for any updates. Where we make material changes to this Privacy Notice we will notify you directly.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new email address.
What services do we provide? #
Cronofy Scheduler #
For Cronofy Scheduler users, Cronofy is both a controller and a processor. We collect (and control) the information of users who want to schedule events via Cronofy, and process the information of their end-users with whom they’re scheduling the event.
Cronofy API #
For the Cronofy API, integrators (who are Cronofy customers who integrate with Cronofy’s APIs) are the controller, whilst Cronofy processes their, and their end-users’, data as part of providing the service.
As controller we have registered with the UK Information Commissioner’s Office with registration number ZA146473.
What personal data do we collect and process? #
For a detailed overview of the personal data that we collect, please refer to our Data Management Policy.
Personal data means any information about an individual from which that person can be identified.
The personal data we collect about you generally relates to your calendar and your use of the Platform. This will include:
In the Cronofy Scheduler #
- your name;
- company/organisation name;
- email address;
- calendar appointment data;
- any information contained within your calendar(s).
For the Cronofy API #
- your name;
- company/organisation name;
- email address;
- phone number;
- address;
- calendar appointments;
- any information contained within your calendar(s).
We may also collect, use, store and transfer the following personal data:
- Financial Data: billing address, bank account and payment card details.
- Transaction Data: details about payments to and from you and other details of products and services you have purchased form us.
- Technical Data: internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access this website.
- Profile Data: your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Usage Data: information about how you interact with and use our website, products and services.
- Marketing and Communications Data: your preferences in receiving marketing from us and our third parties and your communication preferences.
- Correspondence Data: copies of your written correspondence with us and recordings of telephone calls and virtual meetings with us.
You are not required to provide any of this information, but if you do not, we may not be able to provide you the requested services.
From third parties #
In using our Platform, we may also collect personal data of your contacts and other third parties that are included in your use of the Platform. We process this personal data only to provide you with the services that you have requested. We shall always ensure that such third-party personal data is kept secure. If you or any of the third parties that you connect with have any questions about our processing of their personal data, please email us at privacy@cronofy.com.
Via Cookies and web beacons #
Our Company uses cookies in a range of ways to improve your experience on our website, including:
- Keeping you signed in
- Understanding how you use our website
- Providing training content The cookies we use, which includes analytics cookies, are used solely in relation to our service and to better understand how you interact with the Platform.
You can set your browser not to accept cookies. However, in a few cases, some of our website features may not function as a result.
Leadinfo #
Our Company uses the lead generation service provided by Leadinfo B.V., Rotterdam, The Netherlands, which recognizes visits of companies to our website based on IP addresses and shows us related publicly available information, such as company names or addresses. In addition, Leadinfo places two first-party cookies for providing transparency on how our visitors use our website and the tool processes domains from provided form inputs (e.g. “leadinfo.com”) to correlate IP addresses with companies and to enhance its services. For additional information, please visit www.leadinfo.com. On this page: www.leadinfo.com/en/opt-out, you have an opt-out option. In the event of an opt-out, your data will no longer be used by Leadinfo.
How is your personal data collected? #
We use different methods to collect data from and about you including through:
- Your interactions with us. You may give us your personal data by filling in online forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- apply for our products or services;
- create an account on our website;
- subscribe to our service or publications;
- request marketing to be sent to you; or
- give us feedback or contact us
- Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see the Cookies section of this Privacy Notice for further details.
- Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:
- Technical Data is collected from the following parties:
- analytics providers (such as Google based outside the UK); and
- advertising networks (such as LinkedIn based outside the UK)
- Identity and Contact Data is collected from data brokers or aggregators (such as Cognism and Hubspot)
- Identity and Contact Data is collected from publicly available sources
- Technical Data is collected from the following parties:
How is your personal data used? #
On a lawful basis #
In accordance with data protection laws, we will only process personal data where we have a lawful basis for doing so. In respect of your personal data, these lawful bases are:
- Where it is necessary to provide services to you under the performance of the contract we have with you (contract necessity);
- Where we are required to do so in accordance with legal or regulatory obligations (legal necessity);
- Where you have given your consent (consent); and,
- Where it is in our (or a third party’s) legitimate interests to process your personal data and these interests do not prejudice your own interests or fundamental rights and freedoms (legitimate interests)
Please see the annex for a complete list of purposes for which we process your personal data and the lawful basis.
For a limited amount of time #
How long we retain your Personal Data depends on the type of data and the purpose for which we process the data. We will retain your Personal Information for the period necessary to fulfil the purposes outlined in this Privacy Notice unless a longer retention period is required by law. Generally, we remove end-user data 90 days after the calendar is disconnected from Cronofy. Please refer to our Data Management Policy for more information. You can also request more information concerning Data Management by emailing privacy@cronofy.com.
Only in the data centre of your choice #
Cronofy does not transfer customer or end user data outside of the data centre that the data is hosted in - other than for the reasons listed above. Cronofy offers all customers the choice to host their data in the data centre most appropriate for them and their information security requirements.
Marketing #
Direct marketing #
You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and you have not opted out of receiving the marketing.
We may also analyse your data to form a view which products, services and offers may be of interest to you so that we can then send you relevant marketing communications.
Third party marketing #
We will get your express consent before we share your personal data with any third party for their own direct marketing purposes.
Opting out of marketing #
You can ask to stop sending you marketing communications at any time by unchecking relevant boxes on the Platform to adjust your marketing preferences or by following the opt-out links within any marketing communication sent to you.
If you opt out of receiving marketing communications, you will still receive service-related communications that are essential for administrative or customer service purposes.
With whom is your data disclosed? #
We may share your personal data where necessary with internal and external third parties for the purposes for which we use your personal data.
We may also share your personal data with third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We will disclose your personal data only to third party service providers whom you already have an existing relationship with (such as your calendar provider). We will ensure that contractual obligations are imposed on such service providers to keep your personal data secure. We may disclose personal data to our professional advisors when seeking advice.
We may also disclose information relating to sales interactions to third party marketing and advertising providers such as Google and LinkedIn. We share information with these third party tools subject to your consent, and appropriate legal basis where required. We use such tools to provide certain analytics in connection with our advertising and marketing campaigns.
We may occasionally be required by law enforcement, law, court order, governmental authority, or public authority to disclose certain types of personal data, for example in the administration of justice or where we must defend ourselves legally. We may also need to disclose personal data in the event of a reorganisation, sale, or takeover.
When Cronofy receives a legally binding request to disclose PII, Cronofy will, where legally permitted, notify the Data Subject via email. Cronofy will reject any non-legally binding requests for PII, or Data Subjects will be consulted where appropriate.
Cronofy maintains a DPA (Data Protection Addendum) with customers who so require it. The DPA is based on the June 2021 template published by the European Commission, and can be viewed by contacting privacy@cronofy.com. You can also contact privacy@cronofy.com with any queries in relation to our DPA.
We have specified certain third parties below with whom personal data is shared.
Stripe #
Stripe Payments UK Ltd, a third-party payment provider, to collect payments and hold Payment Card information on our behalf, such as name, email address and debit/credit card details.
Hubspot, Zendesk and Intercom #
We use the platforms Hubspot, Zendesk and Intercom for sales and support respectively.
However, data is submitted to these platforms by end users through their own choice. For example, when submitting one of our online forms, data (such as your name, company and email address) will be captured through Hubspot. In addition, by submitting a support ticket to us, data will be transferred to Zendesk to handle the ticket. Please refer to the privacy notices of the relevant third party for detail on how they handle personal data.
MeetingBaaS and Deepgram #
We offer meeting recording and transcription functionality as part of our services. In the event that an end user decides to make use of these services, Cronofy will collect video and audio recordings of the meeting in question, along with a text transcript, using software provided by MeetingBaaS and Deepgram. By default, no data access will be granted to these service partners and all data processing will take place within Cronofy’s data centres.
Third party links #
Our Platform may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Platform, we encourage you to read the privacy policy of every website you visit.
International Transfers #
We offer hosting in six data centres from which you can choose your preferred location. No data is transferred out of these data centres once a location is chosen. Our employees may access this data from outside of the data centre region, but the data is never transferred out of the relevant data centre.
We make use of third party vendors, for example Hubspot, that store their data in various jurisdictions. However, we do not transfer any data between jurisdictions for this purpose.
If we ever transfer your personal data out of the UK to countries which have laws that do not provide the same level of data protection as the UK law, we always ensure that a similar degree of protection is afforded to it by ensuring that the following safeguards are implemented.
Data security and retention #
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we have policies in place with regard to the time period for which your data is retained. For more information on this, please see our Data Management Policy.
What are your rights? #
Data protection laws grant you certain rights in relation to your personal data and our processing. You have the following rights in relation to your personal data:
- a right to request confirmation from us as to whether we are processing your personal data and, if so, a copy of such personal data (commonly known as a “subject access request”);
- a right to request that incomplete or inaccurate personal data is rectified;
- a right to request to receive your personal data in machine-readable format and to request that we provide this to a third party controller;
- a right to object to processing where the lawful basis is that it is in our legitimate interests, but please note that we may still process your personal data where there are other relevant lawful bases or where we have compelling grounds to continue processing your personal data in our interests which are not overridden by your rights, interests or freedoms;
- a right to request that certain personal data is erased where it is no longer necessary for us to process it, where you have withdrawn your consent (as described immediately below), or where you have objected (as described immediately above), where your personal data has been unlawfully processed, or where erasing your personal data is required in accordance with a legal obligation;
- a right to withdraw your consent where this is the lawful basis on which we process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent;
- a right to request an explanation of the logic involved where we make decisions about you solely through automated means;
- a right to complain to your national data protection supervisory authority;
- an absolute right to object to direct marketing; and
- a right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in one of the following scenarios:
- If you want us to establish the data’s accuracy;
- Where our use of the data is unlawful but you do not want us to erase it;
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
If you are unsure about your rights or are concerned about how your personal data may be processed, please feel free to contact us at privacy@cronofy.com.
If you would like to exercise any of your rights, then you can do so by contacting us as described above. Please be aware that while we will try to accommodate any request you make in respect of your rights, they are not absolute rights. This means that we may have to refuse your request or may only be able to comply with it in part.
Where you make a request in respect of your rights, we will require proof of identification. We may also ask that you clarify your request. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We will aim to respond to any request within one month of verifying your identity. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Further, if we receive repeated requests or have reason to believe requests are being made unreasonably, we reserve the right not to respond.
Use of Sub-Processors #
Cronofy only uses sub-processors that adhere to the same, applicable level of security and data privacy protection that we do. In the event that data is processed by a sub-processor, Cronofy remains responsible for the security of that data, unless Cronofy can prove the sub-processor is at fault.
Cronofy uses the following sub-processors:
- AWS in all Data Centres
- Cronofy Ltd for business support to all Data Centres
- Cronofy BV for business support to all Data Centres
- Airbrake in the US only
Cronofy will notify Data Subjects via email if a new sub-processor who processes PII is engaged.
And of course, always secure! #
We are committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access, use, or disclosure. For example, we store the personal data you provide on computer systems with limited access that are located in facilities to which access is limited. It is your responsibility to ensure the security of your password and not to reveal this information to others. API request logs are available for analysis to application integrators at all times via the developer dashboard. More information about security at Cronofy can be found on our Privacy and Security hub.
How to reach out to us? #
We have appointed a Data Protection Manager who is responsible for overseeing questions in relation to this privacy notice. Please note that this role does not carry the formal obligations of a Data Protection Officer under the GDPR and UK GDPR, as we are not required by law to appoint a Data Protection Officer. As such, the identity of the Data Protection Manager has not been notified to supervisory authorities, being the UK Information Commissioner’s Office and Netherlands Autoriteit Persoonsgegevens.
If you have questions or complaints regarding this notice or our handling of your personal data, please email us at privacy@cronofy.com.
You have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). However, before doing so please make sure you have first made your complaint to us or asked us for clarification if there is something you do not understand. You can contact us at the above email address.
Annex #
| Purpose | Type of Data | Lawful Basis |
|---|---|---|
| To provide you with our services which you have signed up for, including to administer and manage your calendar. | Name, email address, calendar event data, credentials | Contract necessity |
| To provide information about your calendar to third party service providers with whom you already have a pre-existing relationship and have given your consent for them to process your personal data. | Name, email address, calendar event data | Contract necessity |
| To provide you with personalised visits to our Platform. | Usage data, preferences | Legitimate interests (to allow us to make the Platform tailored to you) |
| To better understand how you interact with and use our Platform. | Usage data | Legitimate interests (to allow us to better understand the Platform) |
| To develop our offering and the layout of our Platform. | Usage data | Legitimate interests (to allow us to better understand the Platform) |
| To prepare statistics relating to the use of our Platform. | Usage data | Legitimate interests (to allow us to better understand the Platform) |
| To respond to communications from you. | Name, email address | Consent |
| To record telephone calls to and from, and live chats with, our customer services representatives for training and identification purposes. | Name, email address, communication history and Correspondence Data | Consent; legitimate interest (to improve our customer service) |
| To contact you with important information regarding our Platform and/or service. | Name, email address, usage data | Contract necessity |
| To send you email alerts you may have signed up for. | Name, email address | Consent |
| To send you information about recommended goods, services or promotions which may be of interest to you (but only where you have consented to be contacted for such purposes). | Name, email address, usage data | Consent |
| To carry out market research campaigns. | Name, email address, usage data | Legitimate interest (to better understand our Platform) |
| To share your personal data with our partners (detailed below). | Name, email address, calendar event data | Contract necessity; legitimate interests (to allow us to manage our business and offer you the Platform in the most effective way possible) |
| To investigate, and assist with the investigation of, suspected unlawful, fraudulent or other improper activity connected with our Platform (including, where applicable, dealing with requests from law enforcement agencies). | Name, email address, calendar event data, usage data | Legal necessity; Legitimate interests (to ensure our users are protected from potential fraud or crime) |
Cookies #
| Purpose | Lawful Basis |
|---|---|
| Cookies: Those that are necessary for the operation of the Platform, including allowing you to interact with our Platform and to recall selections move through the Platform. | Necessary for the performance of the contract |
| Cookies: Those that analyse your use of our Platform, monitor our audience and populate certain content on our Platform in line with your usage. | Legitimate interest so we can continue to analyse and improve our Platform and services |
| Cookies: Those that track your journey to and from our Platform. | Legitimate interest so we can understand how users come to and from our Platform and give effect to any commercial arrangements |
| Cookies: Those that are used for third party marketing. | Consent |
As detailed above, please note that Leadinfo places two first-party cookies on our Platform, over which we have no control. These provide transparency on how our visitors use our website and the tool processes domains from provided form inputs (e.g. “leadinfo.com”) to correlate IP addresses with companies and to enhance its services. To deactivate the use of these cookies, you may visit the relevant page: www.leadinfo.com/en/opt-out. In the event of an opt-out, your data will no longer be used by Leadinfo.
Provider attestations #
Google #
Cronofy’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
- Last updated
- October 31, 2025
- Last reviewed
- October 31, 2025