GDPR (data protection policy)
YCBM and GDPR. It sounds a bit like alphabet soup, but YouCanBook.me's compliance with GDPR, as well as our policies on privacy and data protection, are important topics to understand.
As a UK company, YouCanBookMe Ltd is registered under the UK Data Protection Act 1998 and the General Data Protection Regulation (GDPR) since May 25, 2018. You can find our full terms and notices for Privacy here: https://youcanbook.me/privacy or by scrolling to the bottom of our homepage and clicking 'Privacy'.
In this guide we cover:
Data Processing Agreement (DPA)
Our DPA thoroughly explains how YouCanBook.me is GDPR compliant, specifically addressing:
1. How you use YouCanBook.me as a data processor of your booker's data, and
2. How we act as a data controller of your data that you used to create your account with us.
Holding an account with us makes you eligible to receive a signed copy of our Data Processing Agreement.
Request A Signed DPA
Request a signed copy of our Data Processing Agreement here.
Set Data Retention Limits
In order to comply with the GDPR, you may need to set custom data retention limits in your account.
The default data retention setting for individual bookings is 24 months: 24 months after a booking is made, the data will automatically deleted. This setting can be changed in the settings on the account:
The data retention policy that is set will only delete the bookings information from YouCanBook.me. It will not delete the information from the linked cloud calendar.
For example, if the data retention policy is set to 12 months, all bookings from more than 1 year ago will be deleted from YouCanBook.me. The date of deletion will be one year after the appointment date.
To learn more about how to manage Data Retention, see this guide.
Require Bookers to Accept Terms
To maintain your GDPR compliance, you may need to add a "Terms" section to your booking form. This guide explains how.