Personal Data We Collect
Information Related to Your Interaction with Skedda and the Services
Registration and Contact Information
We collect information about you when you (a) register to use the Services and (b) otherwise provide contact information to us via email, mail, or through our Services. This information you provide may include your username, first and last name, email address, organization name or telephone number.
When you purchase the Services or make a booking through an Associated Venue with online payments enabled, we will also collect transaction information, which may include your credit card information, billing and mailing address, and other payment-related information ("Payment Information"). We describe below how Payment Information may be collected and processed under the main heading “Payment Information”.
Technical, Usage and Location Information
Third-party authentication identifiers
We collect and store identifiers from third party services (such as Facebook, Google and Twitter) if you choose this option to authenticate yourself in Skedda (as opposed to a password-based login).
User Data provided by Skedda Venue Administrators
If you are an administrator of a Skedda venue account, you may submit Personal Data corresponding to natural persons other than yourself into the Services for booking, hosting and processing purposes (“User Data”). User Data may include, without limitation Personal Data such as names, email addresses, organization names and phone numbers of persons interacting with the venue account ("Users").
We will only use, disclose and otherwise process User Data for the purposes set forth in your agreement with us for the provisioning of the Services (“Agreement”).
We collect and retain your Personal Data submitted in an identifiable format for the amount of time necessary to meet your request or fulfill our legal or regulatory obligations, unless it is in the legitimate interests of the Services and not prohibited by law to maintain the Personal Data for longer periods.
We specifically limit the retention period for certain types of information as follows:
- Booking audit logs (concerning the users responsible for creating, updating, charging and deleting bookings): maximum of 90 days
- Booking information (concerning the storage of the actual booking information like scheduled time, holder, price, title and notes) made for your Associated Venues: maximum of seven years past the booking conclusion time
- Server and analytics logs: maximum of 90 days
- Database backups: maximum of 35 days
How We Use the Personal Data We Collect
We use Personal Data in the following ways:
- To verify your identity using authentication mechanisms;
- To share your Personal Data with your Associated Venues (and also with other users of an Associated Venue if that Associated Venue chooses to allow it - please contact your Associated Venues if unsure);
- To manage your bookings at your Associated Venues;
- To communicate your booking interactions (creating bookings, cancelling bookings, modifying bookings) with your Associated Venues;
- To log audit information about your booking interactions (for auditing purposes of your Associated Venues);
- To provide, maintain and improve the Services and our other products and services, including to operate certain features and functionality of the Services (for example, by remembering your Personal Data so that you will not have to re-enter it during this or subsequent visits);
- To process your inquiries and otherwise deliver customer service;
- To process your payments, we share and use Payment Information as described under the heading “Payment Information”;
- To control unauthorized use or abuse of the Services and our other products and services, or otherwise detect, investigate or prevent activities that may violate our policies or be illegal;
- To analyze trends, administer or optimize the Services, monitor usage or traffic patterns (including to track users’ movements around the Services) and gather demographic information about our user base as a whole;
- To communicate directly with the single venue owner account only, including by sending newsletters, promotions and special offers or information about new products and services to that account. Your opt-out options for promotional communications are described under the heading “Your Controls and Choices”; and
Sharing Your Personal Data with Third Parties
We do not sell, trade, share or transfer your Personal Data to third parties except in the following limited circumstances:
- We may share your Personal Data with our listed third-party service providers to permit such parties to provide our basic/critical service functions. For example, we may provide Personal Data to our transactional email-sending provider for sending notification emails about booking transactions;
- For venue owner accounts only, we may share the Personal Data with third-party service providers to permit such parties to provide services that help us with our business activities, which may include assisting us with marketing, advertising our product/service offerings, or providing, maintaining and improving the features and functionality of the Services, among other things. For example, we may provide Personal Data to our service providers for direct emailing of our newsletters or notifications of our product/service offerings;
- We may share your Personal Data when we have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce a Customer Agreement, including investigation of potential violations thereof, or (c) protect against imminent harm to our rights, property or safety, or that of our users or the public as required or permitted by law;
- We may share your Personal Data with third parties (including our service providers and government entities) to detect, prevent, or otherwise address fraud or security or technical issues;
- We may share your Personal Data with our business partners who offer a service to you jointly with us, for example when running a cross-promotion;
- We may share your Payment Information to process your payments, as further described below under the main heading “Payment Information”;
- We may share and/or transfer your Personal Data if we become involved in a merger, acquisition, bankruptcy, or any form of sale of some or all of our assets; and
- We may share your Personal Data with a third party if we have your consent to do so.
We may also share aggregated or anonymized information with third parties for other purposes. Such information does not identify you individually, but may include usage, viewing and technical information such as the types of Services our customers and users generally use, the configuration of their computers, and performance metrics related to the use of Services which we collected through our technology. If we are required under applicable law to treat such information as Personal Data, then we will only disclose it as described above. Otherwise we may disclose such information for any reason.
Other Access to or Disclosure of Your Information
The Websites contain features that enable you to make bookings with content that may be publicly viewable. You should be aware that any Personal Data you submit as part of those bookings can be read, collected, or used by other visitors to the Websites. You should contact your Associated Venues if you have any questions about the visibility of your Personal Data to the public.
Use of Intercom Services
Sharing your Personal Data with other Skedda Venues
If you are using the Services with a set of Associated Venues, an administrator of another Skedda venue account is able to manually add you to their users list, providing they know your email address and the final four digits of your stored telephone number (a security check). In doing this, that venue thereby becomes one of your Associated Venues. If your Personal Data does not include a telephone number, the venue is given access to the remaining information (first name, last name and potentially organization name) without a verification step.
At all times, you can see the list of your Associated Venues by signing into your account and viewing the venue-selection control in the navigation bar.
Use of Services by Minors
The Services are not directed to individuals under the age of thirteen (13), and we request that they not provide Personal Data through the Services.
Your Rights, Controls and Choices
Opt-Outs: We may provide you with the opportunity to “opt-out” of having your Personal Data used for certain purposes when we ask for this information. If you decide to opt-out, we may not be able to provide certain features of the Services to you.
Communication Preferences: If you no longer wish to receive our communications, you may opt-out of receiving them by following the instructions included on such communications or on the Services. Please note, however, that you may be unable to opt-out of certain service-related communications.
How We Respond to Do Not Track Signals: Your Web browser may have a “do not track” setting which, when enabled, causes your browser to send a do not track HTTP header file or “signal” to each site you visit. At present, the Services do not respond to this type of signal.
If you are a citizen of the European Economic Area (EEA) or Switzerland, you also benefit from certain rights granted by applicable law (most notably, Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (as amended, replaced or superseded) ("GDPR")) but subject to limitations therein. These rights include the right of access, rectification, restriction, opposition, erasure and portability, and the right not to be subjected to automated decision-making. Skedda will respect your rights under this regulation. If you want to exercise those rights or find out more, please contact us at [email protected].
Accessing, Changing and Deleting Your Personal Data
When you use the Services, we make good faith efforts to provide you with access to your Personal Data upon your request and either provide you the means to correct this information if it is inaccurate or to delete such information at your request if it is not otherwise required to be retained by law or for legitimate business purposes. You may access, review, correct, update, change and delete your information at any time. To do so,sign in to your account, go to your profile, and make the desired changes (or contact us at [email protected] if you are not actively using the Services). The following information can be accessed and modified on your profile page:
- Password and login information
- Email address
- Organization name
- Telephone number
- Credit card information
To delete this information completely, or to access and change other Personal Data stored about you, please contact us at [email protected] with your email address. We may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort (for instance, requests concerning Personal Data residing on backup tapes), jeopardize the privacy of others, would be extremely impractical, or for which access is not otherwise required. We may also decline to process requests for Personal Data deletion if:
- we show it to be lawfully necessary to retain that information (e.g. for exercising the right of freedom of expression and information, for compliance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, on the grounds of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, or for the establishment, exercise or defence of legal claims); or
- we have not received permission from an administrator of each of your Associated Venues (for their compliance, auditing and legal reasons).
Your Personal Data may continue to exist in our backup databases, booking logs and server/analytics logs for a period of no greater than ninety (90) days after your Personal Data is deleted from our primary application database.
In accordance with the Data-Processing Agreements into which Skedda has entered with its third-party processors, we will forward the request to erase your Personal Data from any relevant and connected third-party system.
In any case where we provide Personal Data access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort.
Please note that if you cease using the Service or we terminate your access to the Service in accordance with the Agreement, you may no longer have the ability to access or update your Personal Data.
We may retain your Personal Data as necessary to support the Services, comply with our legal obligations or resolve disputes. Note that content you supply through transactions (such as booking titles and notes) may remain on the Services even if you cease using the Services, if we delete your Personal Data, or we terminate your access to the Services.
The security of your Personal Data is important to us. We maintain a variety of appropriate technical and organizational safeguards to protect your Personal Data. We limit access to Personal Data about you to employees who we believe reasonably need to come into contact with that information to provide products or services to you or in order to do their jobs. Further, we have implemented reasonable physical, electronic, and procedural safeguards designed to protect Personal Data. When you enter sensitive information (such as your password), we encrypt that information in transit using industry-standard Transport Layer Security (TLS) encryption technology. Refer to our document on data security for further information about the current security measures in place at Skedda.
No method of transmission over the Internet, method of electronic storage or other security methods are one hundred percent secure. Therefore, while we strive to use reasonable efforts to protect your Personal Data, we cannot guarantee its absolute security.
You have the responsibility to prevent unauthorized access to your account and Personal Data by selecting and protecting your login information appropriately and limiting access to your computer or device and browser, for example by signing off after you have finished accessing your account.
If we become aware that a data breach has occurred, we will notify any relevant supervising authorities not later than seventy-two (72) hours after having become aware of it.
Storage and International Transfer of Data