Our Privacy and Data Protection Notice includes details of the scope, nature and purpose of the processing of data where we are the Data Processor, the duration of the processing, the types of personal data processed and the data subjects involved as required by Article 28 of the EU GDPR/UK GDPR.

  • Sub processors - those entities contracted to provide specific services to YouCanBook.me in order for YCBM to deliver its product and service to customers. A sub-processor is used in our capacity as a data processor.
  • Processors in common -those entities that the user has to have an account with, and we communicate with via API as part of the Service. A processor in common is not a processor or sub-processor engaged by us, rather they are an independent controller or processor of data who you have authorised to share data with us. The terms on which they process a user’s personal data will be subject to the user’s separate agreement with them, and the terms of their own privacy documentation. When we receive data from a processor in common it will be dealt with by us in accordance with the terms of our privacy notice.

Sub-Processors

Company Name (including links to their statement of compliance)

DPAs / Privacy Shield Registration

Nature and purpose of service

Types of personal data (PII) processed

Duration of processing

Country where processor is based

Amazon Web Services, Inc.

DPA

Web Hosting

Cloud Service Provider

IP address, Name, email address, postal address, and other PII entered into YCBM booking form as may be requested by a Account holder*

Data is held and managed via account holder’s cloud calendar account, and retrieved and held by AWS systems for a default period of 2 years.*

USA

Twilio, Inc.

DPA

Cloud-based SMS Notification Services

Phone numbers entered into YCBM booking form as may be requested by a Account holder*

PII deleted after a maximum of 121 days (‘Minimum Time to Live’ limits set by carriers and enforced by Twilio)

USA

Postmark, by Active Campaign

DPA

Cloud-based Email Notification Services

Email addresses entered into YCBM booking form as may be requested by a Account holder*

45 Days for all emails excluding bounce data.

USA

* YCBM account holders can change this period

Processors in common

Company Name (including links to their statement of compliance)

Nature and purpose of service

Types of personal data (PII) processed

Duration of processing

Country where processor is based

Google Inc (Google Calendar)*

Calendar Cloud Service Provider

PII collected on a Booking form (name, email)

Subject to Data Controller

USA

Google Inc (Gmail Integration)*

Cloud Email Service Provider

YCBM account holder details - name and email address

Subject to Data Controller

USA

Apple Inc (ICloud)

Cloud Service Provider and Services

YCBM account holder details - name and email address

PII collected on a Booking form (name, email)

Subject to Data Controller

USA

Microsoft Corporation (Microsoft Azure)

Cloud Service Provider

PII collected on a Booking form (name, email)

Subject to Data Controller

USA

Zapier

Cloud Service Provider

PII collected on a Booking form (name, email)

Subject to Data Controller

USA

Stripe Inc & Stripe Europe, Ltd (Stripe Connect)

Cloud-based Payment Services

PII collected on a stripe-connect embedded payment form (name, email)

Subject to Data Controller

USA

Ireland

Zoom.us

Cloud Service Provider

PII collected on a Booking form (name, email)

Subject to Data Controller

USA

Facebook Inc

Cloud-based 3rd Party Login Service

YCBM account email address

Subject to Data Controller

USA

Google Inc (Google Analytics)

Cloud-based analytics

PII collected from booking page (cookie tracking)

Subject to Data Controller

USA

Meta (Pixel Tracking)

Cloud-based analytics

PII collected from booking page (cookie tracking)

Subject to Data Controller

USA

LinkedIn (LinkedIn Tracking Pixel)

Cloud-based analytics

PII collected from booking page (Cookie tracking)

Subject to Data Controller

USA

* YCBM use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.