YCBM and GDPR: privacy and data protection
YCBM and GDPR. It sounds a bit like alphabet soup, but YouCanBook.me's compliance with GDPR, as well as our policies on privacy and data protection, are important topics to understand.
As a UK company, YouCanBookMe Ltd is registered under the UK Data Protection Act 1998 and the General Data Protection Regulation (GDPR) from 25 May 2018. You can find our full terms and notices for Privacy here https://youcanbook.me/privacy or by scrolling to the bottom of our homepage and clicking 'Privacy'.
When you create an account with YouCanBook.me, you will be asked to accept our terms and conditions and privacy statement. By reading, agreeing to, and clicking “accept” on them, you’ll have entered into a contract with us that satisfies the requirements of GDPR. This covers:
1. how you use YouCanBook.me as a data processor of your booker's data, and
2. how we act as a data controller of your data that you used to create your account with us.
Data Retention - booking data
The data for individual bookings will be held and processed by us for up to 24 months after the time and date of the booking was made. The data will be automatically deleted after 24 months, but you can change this in your account settings. You can find this setting on the Your Account page:
The data retention policy that you set on the Your Account page will only delete the bookings information from YouCanBook.me. It will not delete the information from your linked calendar.
If you set the data retention policy on the Your Account page to, say 12 months, all bookings from more than 1 year ago will be deleted from YouCanBook.me. The date of deletion will be one year after the appointment date.
As we have recently introduced this functionality, we are experiencing a high number of requests so we are doing the deletions in batches. This means you may not see the bookings deleted immediately but we will remove them as soon as possible.