In this guide you will learn how to create or update your privacy policy. GDPR (General Data Protection Regulation) came into effect on May 25th, 2018 and replaces the previous EU data protection law. GDPR gives individuals control over how their personal information is stored and used by companies.
What is GDPR and why does it exist?
If you collect, store or otherwise manage the personal information of individuals who live in the European Union, even if you don't have an entity or presence in the EU, then the GDPR will apply to you. If you want to find out more about the GDPR, we recommend checking out the official GDPR website or the Information Commissioner's Office (ICO) resource.
Any personal information that you use and store as part of delivering your services must also meet the requirements under the GDPR framework. For more information, please see our guide on keeping your clients information secure.
How can I write a privacy policy for my business?
While we are happy to help with any questions about adding a privacy policy to your Timely account, we aren't able to provide any legal advice or guidance.
Important disclaimer: The information laid out in this document is for general information purposes only and it is not intended to be comprehensive and does not constitute legal advice. We recommend or talking with your lawyer, or seeking legal advice about drafting a privacy policy, or what your business needs to do to be GDPR compliant. Timely is not liable for any reliance on any of the information contained in this note.
Resources
- This website has a comprehensive template for a privacy policy which is a great starting point.
- This guide to data protection, privacy notes transparency, and control
- This guide to better understand the duties and responsibilities of a data controller
-
This data protection / GDPR checklist
What should a privacy policy contain?
1 Transparency into what personal information
you collect, and why you collect it- The purpose and legal basis for processing the customer's data (this may be that you have obtained the customer's consent to the processing, or that it's required for the performance of a contract between you and the customer).
- Whether the customer is required to provide personal data (and the consequences for not doing so).
- Your source of the personal data if it has not been provided by the customer directly.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- How you secure said personal information, and whether third parties have access to it
- Whether you use cookies, and the control that users have over this.
- If you transfer data internationally and the safeguards you have in place when doing this (i.e. you should include that you transfer the data from the EU to Timely's servers in the US and that there is a contract in place between us to provide safeguards (Timely's Terms of Service and our Data Processing Addendum).
- If you transfer the customer's data, or the recipient of the customer's personal data (i.e. you should include that you transfer the customer's data to Timely for processing).
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Confirmation that you, as the business owner, are the "data controller" (see here for more information).
- The full name of your business and your contact details (as the data controller).
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- The retention period of the data, or criteria used to determine the retention period (this could be that you'll only hold data for so long as you are lawfully entitled to, or until the customer requests deletion).
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- The customer's rights as a data subject (including the right to access, correct and delete data, and to have the data provided to them in a commonly used and electronic format so they could provide the information to another data controller).
- The right for the customer to withdraw their consent to the processing of their data at any time.
- The right for the customer to lodge a complaint with a supervisory authority about how their data has been handled; and whether the data is used to make automated decisions (and if so, how the decisions are made).
Updating or adding your privacy policy
In Timely, you can add your own privacy policy. Customers that book online will be prompted to view the policy and accept its terms to make a booking. To do this:
1 Head to set up > online bookings from the main menu.
2 Scroll down to the privacy policy section.
4 Enter your privacy policy in the field provided. You can view a preview of the message below.
5 Now you're ready to click save and apply your changes.