Data Processors
Data Processors used by YouCanBookme Ltd (‘YCBM’) as of October 2021
Our Privacy and Data Protection Notice includes details of the scope, nature and purpose of the processing of data where we are the Data Processor, the duration of the processing, the types of personal data processed and the data subjects involved as required by Article 28 of the EU GDPR/UK GDPR.
- Sub processors - those entities contracted to provide specific services to YouCanBook.me in order for YCBM to deliver its product and service to customers. A sub-processor is used in our capacity as a data processor.
- Processors in common -those entities that the user has to have an account with, and we communicate with via API as part of the Service. A processor in common is not a processor or sub-processor engaged by us, rather they are an independent controller or processor of data who you have authorised to share data with us. The terms on which they process a user’s personal data will be subject to the user’s separate agreement with them, and the terms of their own privacy documentation. When we receive data from a processor in common it will be dealt with by us in accordance with the terms of our privacy notice.
|
Sub-Processors |
|||||
|---|---|---|---|---|---|
|
Company Name (including links to their statement of compliance) |
DPAs / Privacy Shield Registration |
Nature and purpose of service |
Types of personal data (PII) processed |
Duration of processing |
Country where processor is based |
|
Web Hosting Cloud Service Provider |
IP address, Name, email address, postal address, and other PII entered into YCBM booking form as may be requested by a Account holder* |
Data is held and managed via account holder’s cloud calendar account, and retrieved and held by AWS systems for a default period of 2 years.* |
USA |
||
|
Cloud-based SMS Notification Services |
Phone numbers entered into YCBM booking form as may be requested by a Account holder* |
PII deleted after a maximum of 121 days (‘Minimum Time to Live’ limits set by carriers and enforced by Twilio) |
USA |
||
|
Cloud-based Email Notification Services |
Email addresses entered into YCBM booking form as may be requested by a Account holder* |
45 Days for all emails excluding bounce data. |
USA |
||
*YCBM account holders can change this period
|
Processors in common |
||||
|---|---|---|---|---|
|
Company Name (including links to their statement of compliance) |
Nature and purpose of service |
Types of personal data (PII) processed |
Duration of processing |
Country where processor is based |
|
Calendar Cloud Service Provider |
PII collected on a Booking form (name, email) |
Subject to Data Controller |
USA |
|
|
Cloud Email Service Provider |
YCBM account holder details - name and email address |
Subject to Data Controller |
USA |
|
|
Cloud Service Provider and Services |
PII collected on a Booking form (name, email) |
Subject to Data Controller |
USA |
|
|
Cloud Service Provider |
PII collected on a Booking form (name, email) |
Subject to Data Controller |
USA |
|
|
Cloud Service Provider |
PII collected on a Booking form (name, email) |
Subject to Data Controller |
USA |
|
|
Cloud-based Payment Services |
PII collected on a stripe-connect embedded payment form (name, email) |
Subject to Data Controller |
USA Ireland |
|
|
Cloud Service Provider |
PII collected on a Booking form (name, email) |
Subject to Data Controller |
USA |
|
|
Cloud-based 3rd Party Login Service |
YCBM account email address |
Subject to Data Controller |
USA |
|