Your privacy is critically important to us. We have a few fundamental principles:
- We don’t ask you for personal data unless we truly need it.
- We don’t share your personal data with anyone except to comply with the law, develop our products, or protect our rights.
- We don’t store personal data on our servers unless required for the on-going operation of one of our services.
Below is our privacy notice which incorporates these goals.
About us #
Cronofy Limited (we, us, our, Cronofy) is committed to protecting your privacy and personal data. This Privacy Notice (Privacy Notice) details the steps we take to protect your personal data when you access our site and use our app (together, Platform). It describes the personal data that we collect, the purposes for which we use such data, your choices regarding our use of it, and the steps we take to protect your personal data and how you can review and correct your personal data.
We reserve the right to modify this Privacy Notice at any time and the version that will apply to your use of the Platform will be the version that is current and displayed on the Platform on the date on which you access it so please ensure that you check this page periodically for any updates. Where we make material changes to this Privacy Notice we will notify you directly.
Our legal status under UK data protection law is that of a controller (also known as a data controller) and in this capacity we will securely store and process your personal data which you have provided to us. Controller is a legal term used in the GDPR and the Data Protection Act 2018 to signify the person who controls what to do with any given personal data. As controller we have registered with the Information Commissioner’s Office and our registration number is ZA146473.
Collection of information #
The personal data we collect about you generally relates to your calendar and your use of the Platform. This will include:
- your name;
- company/organisation name;
- email address;
- phone number;
- calendar appointments;
- any information contained within your calendar(s).
You are not required to provide any of this information, but if you do not, we may not be able to provide you the requested services.
Collection of personal data from third parties #
In using our Platform, we may also collect personal data of your contacts and other third parties that are included in your use of the Platform. We process this personal data only to provide you with the services that you have requested. We shall always ensure that such third party personal data is always kept secure. If you or any of the third parties that you connect with have any questions about our processing of their personal data, please email us at firstname.lastname@example.org.
How is your personal data used? #
In accordance with data protection laws, we will only process personal data where we have a lawful basis for doing so. In respect of your personal data, these lawful bases are: (i) where it is necessary to provide services to you under the performance of the contract we have with you (contract necessity); (ii) where we are required to do so in accordance with legal or regulatory obligations (legal necessity); (iii) where you have given your consent (consent); and, (iv) where it is in our (or a third party’s) legitimate interests to process your personal data and these interests do not prejudice your own interests or fundamental rights and freedoms (legitimate interests).
The following are a list of the “Purposes” for which we process your personal data, and the lawful basis on which we carry out such processing:
|To provide you with our services which you have signed up for, including to administer and manage your calendar.||Contract necessity|
|To provide information about your calendar to third party service providers with whom you already have a pre-existing relationship and have given your consent for them to process your personal data.||Contract necessity|
|To provide you with personalised visits to our Platform.||Legitimate interests (to allow us to make the Platform tailored to you)|
|To better understand how you interact with and use our Platform.||Legitimate interests (to allow us to better understand the Platform)|
|To develop our offering and the layout of our Platform.||Legitimate interests (to allow us to better understand the Platform)|
|To prepare statistics relating to the use of our Platform.||Legitimate interests (to allow us to better understand the Platform)|
|To respond to communications from you.||Consent|
|To record telephone calls to and from, and live chats with, our customer services representatives for training and identification purposes.||Consent; legitimate interest (to improve our customer service)|
|To contact you with important information regarding our Platform and/or service.||Contract necessity|
|To send you email alerts you may have signed up for.||Consent|
|To send you information about recommended goods, services or promotions which may be of interest to you (but only where you have consented to be contacted for such purposes).||Consent|
|To carry out market research campaigns.||Legitimate interest (to better understand our Platform)|
|To share your personal data with our partners (detailed below).||Contract necessity; legitimate interests (to allow us to manage our business and offer you the Platform in the most effective way possible)|
|To investigate, and assist with the investigation of, suspected unlawful, fraudulent or other improper activity connected with our Platform (including, where applicable, dealing with requests from law enforcement agencies).||Legal necessity; Legitimate interests (to ensure our users are protected from potential fraud or crime)|
|Cookies: Those that are necessary for the operation of the Platform, including allowing you to interact with our Platform and to recall selections move through the Platform.||Necessary for the performance of the contract|
|Cookies: Those that analyse your use of our Platform, monitor our audience and populate certain content on our Platform in line with your usage.||Legitimate interest so we can continue to analyse and improve our Platform and services|
|Cookies: Those that track your journey to and from our Platform.||Legitimate interest so we can understand how users come to and from our Platform and give effect to any commercial arrangements|
|Cookies: Those that are used for third party marketing.||Consent|
Data Retention #
How long we retain your Personal Data depends on the type of data and the purpose for which we process the data. We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required by law.
Additional purposes #
We may process your personal data for additional purposes which are compatible with the purposes listed above. If we are required to process your personal data for additional purposes which are incompatible with those listed above we will ensure that we have a lawful basis for doing so and update this Privacy Notice accordingly.
With whom is your personal data shared? #
We will disclose your personal data only to third party service providers whom you already have an existing relationship with as set out above. We will ensure that contractual obligations are imposed on such service providers to keep your personal data secure.
We may disclose personal data to our professional advisors when seeking advice.
We may disclose depersonalised data (such as aggregated statistics) about the users of our Platform in order to describe our sales, customers, traffic patterns and other Platform information to prospective partners, investors and other reputable third parties and for other lawful purposes, but these statistics will include no personally identifying information.
We may occasionally be required by law enforcement, law, court order, governmental authority or public authority to disclose certain types of personal data, for example in the administration of justice or where we have to defend ourselves legally. We may also need to disclose personal data in the event of a reorganisation, sale or takeover.
Cross border transfers #
Cronofy does not transfer customer or end user data outside of the data centre that the data is hosted in - other than for the reasons listed above. Cronofy offers all customers the choice to host their data in the data centre most appropriate for them and their information security requirements.
For the purposes of GDPR Article 26(2) of Directive 95/46/EC, Cronofy will agree to sign standard contractural clauses (SCCs) for customers who require it. Standard contractual clauses are clauses adopted by the European Commission as an appropriate safeguard to comply with the GDPR restricted transfer rules. Please forward any queries in relation to SCCs to email@example.com.
Use of Sub-Processors #
Cronofy does use some sub-processors in order to deliver the service. An example of this is Amazon Web Services who we use to provide the technical infrastructure for the service.
Cronofy only uses sub-processors that adhere to the same, applicable level of security and data privacy protection that we do. In the event that data is processed by a sub-processor, Cronofy remains responsible for the security of that data, unless Cronofy can prove the sub-processor is at fault.
We are committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access, use, or disclosure. For example, we store the personal data you provide on computer systems with limited access that are located in facilities to which access is limited. It is your responsibility to ensure the security of your password and not to reveal this information to others.
Your rights #
Data protection laws grant you certain rights in relation to your personal data and our processing. You have the following rights in relation to your personal data:
- a right to request confirmation from us as to whether we are processing your personal data and, if so, a copy of such personal data;
- a right to request that inaccurate personal data is rectified;
- a right to request to receive your personal data in machine-readable format and to request that we provide this to a third party controller;
- a right to object to processing where the lawful basis is that it is in our legitimate interests, but please note that we may still process your personal data where there are other relevant lawful bases or where we have compelling grounds to continue processing your personal data in our interests which are not overridden by your rights, interests or freedoms;
- a right to request that certain personal data is erased where it is no longer necessary for us to process it, where you have withdrawn your consent (as described immediately below), or where you have objected (as described immediately above), where your personal data has been unlawfully processed, or where erasing your personal data is required in accordance with a legal obligation;
- a right to withdraw your consent where this is the lawful basis on which we process your personal data;
- a right to request an explanation of the logic involved where we make decisions about you solely through automated means;
- a right to complain to your national data protection supervisory authority; and
- a right to object to direct marketing.
If you are unsure about your rights or are concerned about how your personal data may be processed, please feel free to contact us at firstname.lastname@example.org.
If you would like to exercise any of your rights then you can do so by contacting us as described above. Please be aware that while we will try to accommodate any request you make in respect of your rights, they are not absolute rights. This means that we may have to refuse your request or may only be able to comply with it in part.
Where you make a request in respect of your rights we will require proof of identification. We may also ask that you clarify your request. We will aim to respond to any request within one month of verifying your identity. If we receive repeated requests, or have reason to believe requests are being made unreasonably, we reserve the right not to respond.
Cookies are small files that websites save to your hard disk or to your browser’s memory. You have the ability to accept or decline cookies. Most Internet browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies or to notify you when a cookie is being placed on your computer. If you choose to decline cookies, you may not be able to fully experience the features of our Platform or other websites that you visit. To learn more about cookies and how to disable them we recommend you visit here or go to the Information Commissioner’s website. Furthermore, whilst we do not use third party marketing cookies, you can learn more about these and how to delete them here.
The cookies we use, which includes analytics cookies, are used solely in relation to our service and so as to better understand how you interact with the Platform.
Contact us #
If you have questions regarding this notice or our handling of your personal data, please email us at email@example.com.
Cronofy commits to resolve complaints about our collection or use of your personal information. All individuals with inquiries or complaints should first contact Cronofy at firstname.lastname@example.org.
Last updated #
This Privacy Notice was last updated on February 2021.