Please see below, a list of frequently asked questions that we get from our clients, Controllers, and Users. If you have any questions that are not answered below, please feel free to contact our Data Protection Officer (hereinafter referred to as “DPO”) at firstname.lastname@example.org. We will be glad to answer your questions as best as we can.
Q: What steps are you taking to ensure GDPR and CCPA compliance?
- We collect and process your Personal Information lawfully, fairly, and in a transparent manner;
- We collect and process your Personal Information for specified, explicit, and legitimate purposes;
- We collect and process your Personal Information only for the purposes specified in this Policy;
- We collect and process only your Personal Information that is relevant and necessary for us to provide our Services;
- We collect and process your Personal Information in a manner that ensures appropriate security of your Personal Information, including but not limited to:
- Protection against unauthorized or unlawful processing; and
- Protection against accidental loss, destruction, or damage of your Personal Information, using appropriate technical or organisational measures to ensure protection.
- We implement the appropriate technical and organisational measures required by international regulations in order to safeguard the rights and freedoms of the User;
- We only store your Personal Information for as long as it is needed, to provide you your Services;
- We keep accurate and up to date records of your Personal Information and give you the opportunity to correct any inaccuracies with your Personal Information.
- We do not sell, and we have not sold within the last twelve (12) months, the personal information of our business contacts, clients, personnel, sourcing and recruitment candidates, office visitors, or others with whom we interact. Book4Time does not sell the personal information of minors under 16 years of age.
For more information on our GDPR compliance please visit the “GDPR” section of our website at https://book4time.com/general-data-protection-regulation-gdpr/
For more information on CCPA compliance please visit the CCPA section of our website at https://book4time.com/california-consumer-privacy-act/
Q: What data is being stored?
A: Anonymous Information – In general, you can visit Book4Time Inc.’s web pages without telling us who you are or revealing any Personal Information about yourself.
For our internal purposes, when you visit our website www.book4time.com, we gather information about you as the User, and the device you are accessing our site with. This information can include, but is not limited to:
- The date and time you visited our site;
- The browser type you are using and the name of your internet service provider; and
- The website that referred you to us, any pages you requested, your navigation history, and the IP address linked to the device and/or provider you are visiting our site from.
This information does not contain anything that can identify you as the User personally. We use this information for our internal security audit log, trend analysis, system administration, and to gather broad demographic information about our User base.
We may also use this information to generate statistics and measure site activity to benefit www.book4time.com Users. This information may be shared with third parties in order to provide these services or to analyze, store, or aggregate the information. The information may also be shared with other third parties who are working with us to improve the services of Book4Time Inc. and/or this website. This information, however, will not be shared with third parties for business or marketing purposes.
Personal Information – Book4Time Inc. acknowledges that you own your data. Any data and/or Personal Information that is stored or processed by Book4Time Inc. is at the direction of our Controllers (the company or service that you created an account with). This makes us a Processer of data.
Book4Time Inc. does not control or have access to any Personal Information that may be shared while using Book4Time Inc. Services. When signing up for Book4Time Inc. Services (through our Controllers) such as the web application, we may be asked by our Controllers to store data that they have gathered about you as the User, that can be considered Personal Information.
This information includes, but is not limited to:
Your first and last name, address, email address, telephone numbers, and any other Personal Information you enter when you create an account with one of our Controllers.
You may also be asked for Personal Information when you make an online purchase or enter into contests or promotions, sponsored by our partners.
Your Personal Information is only stored for as long as it is necessary to be able to provide services to you and our Controllers. This information is used to conduct our business operations and provide Services to you and our Controllers including, but not limited to:
- Processing orders;
- Communications with customers;
- Customizing products or services to better meet User preferences;
- Offer products and services from Book4Time Inc. and other sources that may be of interest to Users;
- Service improvement; and
- Research, marketing, and other general purposes.
In addition to the use of your Personal Information as detailed above, we may, from time to time, be asked by our Controllers to use your Personal Information to deliver Services, such as fax bulletins and new product announcements, to alert you of special offers and to allow you to access certain limited-entry areas of our site.
Your Personal Information will not be shared with third parties for business or marketing purposes.
Q: Who has access to my personal data?
A: As a Processor of data, we cannot access any data or Personal Information without explicit consent from our Controllers. Access to this information is role-based and restricted to authorized users only. Authorized users of your data will only be able to access your data if you give them explicit consent. For any further information about who has access to data, please contact our DPO at email@example.com.
Q: What deletion processes are possible for guest data that has been requested to be forgotten?
A: As a Processor of data, we cannot access your Personal Information without your consent, and the consent of our Controller (the company or service that you created an account with). If at any time you would like to review, update, correct, or delete any of your Personal Information, please contact our Controller and they will gladly assist you in processing your request. If, for whatever reason, you do not receive the assistance you require from the Controller, please contact our DPO directly at firstname.lastname@example.org and we will be glad to assist you in facilitating the correct action to be taken.
If you are a Controller and have received a request from a customer to delete any Personal Information, when you bring that request to us, we can assist you in deleting the “Customer Function” in the Book4Time application to fully remove the customer’s data and Personal Information.
Q: Can you provide digital evidence of any request of information and/or request to be forgotten?
A: Yes, we can. This will be available through the “Reporting” feature in the Book4Time application.
Q: What guest data is shared in test scenarios and test environments?
Q: What is your data retention policy?
A: Data is only retained for as long as necessary to provide Services to the Controller and/or the customer. Once a contract is terminated, the data is retained for 30 days then purged, unless mutually agreed otherwise.
Q: How does your system monitor any breach in data access?
A: We use Amazon Web Services Web Application Firewall and Shield to protect and monitor data storage, processing, and breach matters.
Q: What is your notification policy in case of a data breach?
A: In the event of a data breach, we will send a notification to all affected parties within 2 hours of identifying the data breach.
Q: What third parties that you work with have access to any of our data?
A: Companies may be engaged by Book4Time Inc. to perform a variety of functions, including, but not limited to, fulfilling orders, assisting with promotions, and providing technical services for our website, etc. These companies may have access to your Personal Information, if needed, to perform their functions. However, these companies may only use such Personal Information for the purpose of performing that function and may not use it for any other reason. Book4Time Inc. ensures that any company engaged to provide functions or services are trusted and vetted, and we ensure that any company that is engaged by Book4Time Inc. is strictly obligated to protect your Personal Information under the terms of contract with them.
Book4Time Inc. does not sell, transfer, or disclose Personal Information to third parties. However, with your permission, we will, on occasion, send marketing information on behalf of one of our business partners about products or services they provide that may be of interest to you. You may be asked if you wish to receive marketing materials from Book4Time Inc.’s business partners. If you elect to receive such materials, Book4Time Inc. will not share your Personal Information with such partners, but rather will send correspondence on behalf of the partners.
Q: Where is your data hosted?
A: Our data is hosted using Amazon Web Services EC2. For our North American clients, it is hosted in Virginia, USA. For our European clients, it is hosted in Ireland.
For any further inquiries about where our data is hosted, please contact our DPO at email@example.com.
Q: Do you have any security and best practice certification?
A: We adhere to the following compliance standards:
- SSAE 18 / ISAE 3402
- PCI Compliance
- HIPAA / HITECH
- GDPR Compliance
- CCPA Compliance
Q: Are your backups fully encrypted and what is their frequency?
A: All of our backups are fully encrypted. We take three sets of backups:
Hourly backups – which are retained for 24 hours, then purged;
Daily backups – which are retained for 7 days, then purged; and
Weekly backups – which are retained for 14 days, then purged.
All of our backups are taken as snapshots in the Amazon Web Services EC2 environment on EBS encrypted storage. For any further inquiries about our data backup systems, please contact our DPO at firstname.lastname@example.org.
Q: Where can I find out more information about Book4Time Inc. privacy regulations and compliance?
A: For more information about our privacy policies, please visit our website at https://book4time.com/privacy-policy/
For any questions or concerns please contact our DPO at email@example.com