Why we process your personal data
Skedda processes your personal data for the following purposes:
- Setting up your venue user account
- Managing your bookings at venues
- Contacting you regarding relevant matters associated with your venue user account
We may also use your personal data to detect fraud and/or other illegal acts aimed at Skedda.
Personal data collected by Skedda
Skedda collects the following personal data: your name, email address, telephone number and optionally the name of your organization. If required by the venue, the Skedda website may also provide pages on which credit-card information (including billing address information) is collected. The Skedda application never processes raw credit card information - it is always securely redirected to the payment gateway account of the venue with which you have entered into a booking contract. Credit card details are exclusively the responsibility of the venue and are held in their payment gateway. For more information on how your credit card details are used by a venue, refer to the Terms and Conditions for Venue Users.
The information listed above is required to setup your account, manage your bookings and contact you regarding any matters related to your account. The information is available to administrators of the venues with which your Skedda user account is associated. Depending on the configuration of the respective venues, your name and organization may additionally be visible to the other persons interacting with venue accounts.
Skedda may also process data about your computing device such as IP address, browser type, and (for users of our service through a mobile device) Unique Device Identifier, operating system, application version and latitude/longitude. These data are typically non-identifying or anonymised, but may nevertheless be considered personal data either by themselves or when combined.
Finally, Skedda may store information from external providers like Facebook, Google or Twitter. This information is used during login for authentication purposes only (Skedda does not store any content from these accounts, and does not actively post (or "tweet") any content to these accounts). At all times, you have the option to remove our access to these accounts and revert to a password-based login.
Skedda exchanges two different cookies with your browser. The first cookie allows us to authenticate you; the second cookie helps us to protect your account against malicious access (e.g. cross-site request forgery). These contents of these cookies are machine-generated tokens used for authentication and security purposes. Without these cookies, we would not be able to provide our core services in a reliable way. No other cookies are exchanged between the Skedda servers and the client's browser during product use.
From time to time, we may use third party service providers as data processors for the purposes specified above. Processing by these third parties takes place under our instruction. These parties are bound by data processing agreements and confidentiality agreements.
Venue control over user information
A venue with a Skedda subdomain and subscription is able to add new users to its venue who then have the option to login and use the Skedda system. If a venue provides the email address of a user who already exists as a registered Skedda user, the venue will be given access to that user's details if they are able to verify that they know the user by confirming the final four digits of the stored contact number. Once verified, the venue will be provided with the user's name, telephone number and organization (if provided). If the Skedda user account in question has no contact number stored, the venue is given access to the remaining information (first name, last name and potentially organization name) without a verification step.
A venue is able to edit the name, contact number and organization of a user profile ("venue user") if and only if that user profile is not associated with any other venue. In this context it is understood that the venue is updating the profile details on behalf of the user (who is associated exclusively with that venue). For security reasons, the venue is not able to update any other aspects of the user account (email address, logins, passwords or credit card details).
We may share and disclose your personal details and information to a government or investigative authority if required by law (or any regulation having the force of law), legal process, criminal investigation, court order or subpoena. We may also disclose your personal data if it is strictly necessary for the prevention, detection and prosecution of criminal acts.
In accordance with data protection laws, strict security procedures are observed within Skedda to prevent personal data misuse and unauthorized access.
In order to protect and safeguard the personal data provided to us, we have implemented and use appropriate business systems and procedures. Furthermore, we have implemented and use security procedures and technical and physical restrictions for accessing and using personal information. Only authorized employees are permitted to access personal information for performing their duties with respect to our services.
Credit Card Information
Raw credit card information does not make contact with the servers on which Skedda is hosted. All communication of credit card information is done with the venue's payment gateway over an industry-standard SSL connection. Neither Skedda nor the venue are able to gain access to the unmasked credit card data and can only interact with the payment gateway through a token-based system. The security pages of our payment providers offer additional details: Stripe.
If you wish for any reason to remove your credit card details from the venue's payment gateway the request needs to be made to the venue directly.
Control over your personal data
You always have the right to review the personal data you have stored with us. This information can be viewed in the User Profile section of your account. You can edit all items listed here.
If you wish for any reason to remove your account, this can be done by sending an email to firstname.lastname@example.org requesting this.
Changes to this statement
We are at all times entitled to change the way we use, collect, transmit and process personal data and such other information as we may deem necessary. This statement may therefore be amended from time to time in order to reflect the latest changes.