At Skedda, we respect the privacy rights of our users and recognize the importance of protecting the Personal Data we collect about you. If you are a visitor to a Skedda Website or a customer of a Skedda Service, then except as expressly set forth below, this Privacy Policy applies to your use of such Website or Service.
If you are a visitor to or user of a third-party website or service that utilizes the Skedda Services ("Associated Venue"; a Skedda venue account for managing bookings hosted at e.g. thirdpartyvenue.skedda.com), then any information you submit to such Associated Venues (including via Skedda Services) is additionally collected under the privacy policy of the owners of such Associated Venues, and you should contact such owner with any related requests or inquiries you may have regarding their privacy policies.
As used in this Privacy Policy, "Skedda", "us" and "we" refers to Skedda, Inc. and its affiliates. The "Websites" means Skedda’s websites (including www.skedda.com, any successor URLS, mobile or localized versions and related domains and subdomains), and the "Services" means Skedda’s proprietary software-as-a-service solution(s), including the Dashboard, Skedda application programming interfaces (APIs), Skedda Code and Skedda Apps.
What does this privacy policy cover?
This Privacy Policy covers our treatment of personally identifiable information ("Personal Data") that we gather when you are accessing or using our Website or Services. Personal Data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
This Privacy Policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage.
Personal Data We Collect
Information Related to Your Interaction with Skedda and the Services
Registration and Contact Information
We collect information about you when you (a) register to use the Services and (b) otherwise provide contact information to us via email or through our Services. This information you provide may include your email address, first and last name, organization name and telephone number. Additionally, Skedda may collect your photo (avatar) if the corresponding Associated Venue has configured its Skedda account to do so (please contact your Associated Venues if unsure).
Payment Information
When you purchase the Services or make a booking through an Associated Venue which has online payments enabled, we will also collect transaction information, which may include your credit card information, billing and mailing address, and other payment-related information ("Payment Information"). We describe below how Payment Information may be collected and processed under the main heading “Payment Information”.
Technical, Usage and Location Information
We automatically collect information on how you interact with the Services ("Log Data"), such as the IP address from which you access the Services, date and time, information about your browser, operating system and computer or device, pages viewed and items clicked. We may also collect location information, including location information automatically provided by your computer or device. We use cookies and similar technologies, some served by Third-Party Platforms, to collect some of this information. For more information, please see Skedda’s Cookie Policy.
Third-party authentication identifiers
We collect and store identifiers from third party services (such as Facebook, Google, Twitter, Microsoft and Apple) if you choose this option to authenticate yourself in Skedda (as opposed to a password-based login).
User Data provided by Skedda Venue Administrators
If you are an administrator of a Skedda venue account, you may submit Personal Data corresponding to natural persons other than yourself into the Services for booking, hosting and processing purposes (“User Data”). User Data may include, without limitation Personal Data such as names, email addresses, organization names and phone numbers of persons interacting with the venue account ("Users").
We will only use, disclose and otherwise process User Data for the purposes set forth in your agreement with us for the provisioning of the Services (“Agreement”).
Retention
We collect and retain your Personal Data submitted in an identifiable format for the amount of time necessary to meet your request or fulfill our legal or regulatory obligations, unless it is in the legitimate interests of the Services and not prohibited by law to maintain the Personal Data for longer periods.
We specifically limit the retention period for certain types of information as follows:
Booking audit logs (concerning the users responsible for creating, updating, charging and deleting bookings): maximum of 90 days
Booking information (concerning the storage of the actual booking information like scheduled time, holder, price, title and notes) made for your Associated Venues: maximum of seven years past the booking conclusion time (configurable by each Associated Venue)
User profile information (name, email address, organization, telephone, hashed password, tokens for external logins, photos): By default, user profile information is retained indefinitely until it is explicitly removed by an Associated Venue. However, each Associated Venue can configure user profile information to be removed from the system automatically after the user's booking information is removed from the system. Contact your Associated Venues to request further information about their chosen retention setting.
Server and analytics logs: maximum of 90 days
Database backups: maximum of 35 days
How We Use the Personal Data We Collect
We use Personal Data in the following ways:
To verify your identity using authentication mechanisms;
To share your Personal Data with your Associated Venues (and also with other users of an Associated Venue if that Associated Venue chooses to allow it - please contact your Associated Venues if unsure);
To manage your bookings at your Associated Venues;
To communicate your booking interactions (creating bookings, cancelling bookings, modifying bookings) with your Associated Venues;
To log audit information about your booking interactions (for auditing purposes of your Associated Venues);
To provide, maintain and improve the Services and our other products and services, including to operate certain features and functionality of the Services (for example, by remembering your Personal Data so that you will not have to re-enter it during this or subsequent visits);
To process your inquiries and otherwise deliver customer service;
To process your payments, we share and use Payment Information as described under the heading “Payment Information”;
To control unauthorized use or abuse of the Services and our other products and services, or otherwise detect, investigate or prevent activities that may violate our policies or be illegal;
To analyze trends, administer or optimize the Services, monitor usage or traffic patterns (including to track users’ movements around the Services) and gather demographic information about our user base as a whole; and
In the manner described to you at the time of collection or as otherwise described in this Privacy Policy.
Lawful Basis for Processing of Personal Data
The lawful basis under which the Services process your Personal Data is legitimate interests.
Please contact us at info@skedda.com if you have any questions about the lawful basis for processing Personal Data.
Sharing Your Personal Data with Third Parties
We do not sell, trade, share or transfer your Personal Data to third parties except in the following limited circumstances:
We may share your Personal Data with our listed third-party service providers to permit such parties to provide our basic/critical service functions. For example, we may provide Personal Data to our transactional email-sending provider for sending notification emails about booking transactions;
We may share your Personal Data when we have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce a Customer Agreement, including investigation of potential violations thereof, or (c) protect against imminent harm to our rights, property or safety, or that of our users or the public as required or permitted by law;
We may share your Personal Data with third parties (including our service providers and government entities) to detect, prevent, or otherwise address fraud or security or technical issues;
We may share your Payment Information to process your payments, as further described below under the main heading “Payment Information”;
We may share and/or transfer your Personal Data if we become involved in a merger, acquisition, bankruptcy, or any form of sale of some or all of our assets; and
We may share your Personal Data with a third party if we have your consent to do so.
We may also share aggregated or anonymized information with third parties for other purposes. Such information does not identify you individually, but may include usage, viewing and technical information such as the types of Services our customers and users generally use, the configuration of their computers, and performance metrics related to the use of Services which we collected through our technology. If we are required under applicable law to treat such information as Personal Data, then we will only disclose it as described above. Otherwise we may disclose such information for any reason.
Payment Information
When you make a purchase on the Services or make a booking with one of your Associated Venues that requires online payment, any credit card information you provide as part of your Payment Information is collected and processed directly by the payment processor Stripe through their Stripe Elements service. We never receive nor store your full credit card information. Stripe commits to complying with the Payment Card Industry Data Security Standard (PCI-DSS) and using industry standard security. Stripe may use your Payment Information in accordance with their own Privacy Policy here: https://stripe.com/us/privacy.
Other Access to or Disclosure of Your Information
The Services may also contain links to third party websites. This Privacy Policy applies solely to information collected by us. Even if the third party is affiliated with us through a business partnership or otherwise, we are not responsible for the privacy practices of such third party. We encourage you to familiarize yourself with the privacy policies of such third parties to determine how they handle any information they separately collect from you. Please be aware that we do not warn you when you choose to click through to another website when using the Services.
The Websites contain features that enable you to make bookings with content that may be publicly viewable. You should be aware that any Personal Data you submit as part of those bookings can be read, collected, or used by other visitors to the Websites. You should contact your Associated Venues if you have any questions about the visibility of your Personal Data to the public.
Use of Intercom Services
We use third-party analytics services to help understand your usage of our services. In particular, we provide a limited amount of your information (such as sign-up date and some Personal Data like your email address) to Intercom, Inc. ("Intercom") and utilize Intercom to collect data for analytics purposes when you visit our website or use our product. As a data processor acting on our behalf, Intercom analyzes your use of our website and/or product and tracks our relationship by way of cookies and similar technologies so that we can improve our service to you. For more information on Intercom's use of cookies, please visit https://www.intercom.com/terms-and-policies#cookie-policy. We may also use Intercom as a medium for communications, either through email, or through messages within our product(s). As part of our service agreements, Intercom collects publicly available contact and social information related to you, such as your email address, gender, company, job title, photos, website URLs, social network handles and physical addresses, to enhance your user experience. For more information on the privacy practices of Intercom, please visit https://www.intercom.com/terms-and-policies#privacy. Intercom’s services are governed by Intercom’s terms of use which can be found at https://www.intercom.com/terms-and-policies#terms.
Ability for your Associated Venue to edit your Personal Data
A venue administrator of an Associated Venue is able to edit your name, contact number and organization if and only if that venue is your only Associated Venue. In this context it is understood that the venue is updating your Personal Data on your behalf. The venue administrator must have obtained your unambiguous consent to this privacy policy as well as the terms and conditions documents to do so. This consent must be presentable on request to Skedda and any competent supervising authorities. For security reasons, your Associated Venues are not able to update any other aspects of your Personal Data (email address, logins, passwords or credit card details).
At all times, you can see the list of your Associated Venues by signing into your account and viewing the venue-selection control in the navigation bar.
Use of Services by Minors
The Services are not directed to individuals under the age of thirteen (13), and we request that they not provide Personal Data through the Services.
Your Rights, Controls and Choices
Opt-Outs: We may provide you with the opportunity to “opt-out” of having your Personal Data used for certain purposes when we ask for this information. If you decide to opt-out, we may not be able to provide certain features of the Services to you.
Communication Preferences: If you no longer wish to receive our communications, you may opt-out of receiving them by following the instructions included on such communications or on the Services. Please note, however, that you may be unable to opt-out of certain service-related communications.
Blocking Cookies: You can remove or block certain cookies using the settings in your browser but the Services may cease to function properly if you do so. For more information, please see the Skedda Cookie Policy.
How We Respond to Do Not Track Signals: Your Web browser may have a “do not track” setting which, when enabled, causes your browser to send a do not track HTTP header file or “signal” to each site you visit. At present, the Services do not respond to this type of signal.
Skedda is an American entity and is directly bound by a variety of American federal and state privacy laws. However, Skedda respects and fulfills its obligations under data-protection legislation in a number of other jurisdictions. Skedda's privacy policy and data-protection posture is specifically oriented on the EU GDPR and UK GDPR, typically considered the "gold standard" for such legislation worldwide. If you are a citizen of the European Economic Area (EEA), Switzerland or the UK, you benefit from certain rights granted by the EU GDPR and the UK GDPR, but subject to limitations therein. These rights include the right of access, rectification, restriction, opposition, erasure and portability, and the right not to be subjected to automated decision-making. Skedda will respect your rights under the EU GDPR and UK GDPR legislation. Skedda also respects other GDPR-similar legislation like the California Consumer Privacy Act of 2018 (CCPA) for citizens of associated jurisdictions. If you want to exercise those rights or find out more, please contact us at info@skedda.com.
Data Protection Officer (Pursuant to Articles 37-39 of the UK GDPR and EU GDPR)
Skedda has designated the data protection officer specified below to fulfill its obligations with respect to Articles 37-39 of the UK GDPR and EU GDPR.
Evalian Limited
a: West Lodge, Leylands Business Park, Colden Common, Hampshire, SO21 1TH, United Kingdom
EU and UK Representative (Pursuant to Article 27 of the UK GDPR and EU GDPR)
If you are based in the EU or the UK and you have a question specifically regarding the processing of your Personal Data with respect to the EU/UK GDPR, you may contact Skedda's appointed EU/UK representative using the contact details below:
UK Address / Contact Information
GDPREP.ORG
a: 3rd Floor, 86-90 Paul Street, London EC2A 4NE
EU Address / Contact Information
GDPREP.ORG
a: Suite 10357, 5 Fitzwilliam Square, Dublin 2, Ireland, D02 R744
Accessing, Changing and Deleting Your Personal Data
When you use the Services, we make good faith efforts to provide you with access to your Personal Data upon your request and either provide you the means to correct this information if it is inaccurate or to delete such information at your request if it is not otherwise required to be retained by law or for legitimate business purposes. You may access, review, correct, update, change and delete your information at any time. To do so,sign in to your account, go to your profile, and make the desired changes (or contact us at info@skedda.com if you are not actively using the Services). The following information can be accessed and modified on your profile page:
Name
Password and login information
Email address
Organization name
Telephone number
Credit card information
To delete this information completely, or to access and change other Personal Data stored about you, please contact us at info@skedda.com with your email address. We may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort (for instance, requests concerning Personal Data residing on backup tapes), jeopardize the privacy of others, would be extremely impractical, or for which access is not otherwise required. We may also decline to process requests for Personal Data deletion if:
we show it to be lawfully necessary to retain that information (e.g. for exercising the right of freedom of expression and information, for compliance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, on the grounds of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, or for the establishment, exercise or defence of legal claims); or
we have not received permission from an administrator of each of your Associated Venues (for their compliance, auditing and legal reasons).
Your Personal Data may continue to exist in our backup databases, booking logs and server/analytics logs for a period of no greater than ninety (90) days after your Personal Data is deleted from our primary application database.
In accordance with the Data-Processing Agreements into which Skedda has entered with its third-party processors, we will forward the request to erase your Personal Data from any relevant and connected third-party system.
In any case where we provide Personal Data access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort.
Please note that if you cease using the Service or we terminate your access to the Service in accordance with the Agreement, you may no longer have the ability to access or update your Personal Data.
We may retain your Personal Data as necessary to support the Services, comply with our legal obligations or resolve disputes. Note that content you supply through transactions (such as booking titles and notes) may remain on the Services even if you cease using the Services, if we delete your Personal Data, or we terminate your access to the Services.
Security
The security of your Personal Data is important to us. We maintain a variety of appropriate technical and organizational safeguards to protect your Personal Data. We limit access to Personal Data about you to employees who we believe reasonably need to come into contact with that information to provide products or services to you or in order to do their jobs. Further, we have implemented reasonable physical, electronic, and procedural safeguards designed to protect Personal Data. When you enter sensitive information (such as your password), we encrypt that information in transit using industry-standard Transport Layer Security (TLS) encryption technology. Refer to our document on data security for further information about the current security measures in place at Skedda.
No method of transmission over the Internet, method of electronic storage or other security methods are one hundred percent secure. Therefore, while we strive to use reasonable efforts to protect your Personal Data, we cannot guarantee its absolute security.
You have the responsibility to prevent unauthorized access to your account and Personal Data by selecting and protecting your login information appropriately and limiting access to your computer or device and browser, for example by signing off after you have finished accessing your account.
Data breaches
If we become aware that a data breach has occurred, we will notify any relevant supervising authorities not later than seventy-two (72) hours after having become aware of it.
Storage and International Transfer of Data
The Services are supported by a network of computers, cloud-based servers, and other infrastructure and information technology, including, but not limited to, third-party service providers. We and our third-party service providers store and process your Personal Data in the United States of America and elsewhere in the world. We will protect your Personal Data as described in this Privacy Policy if your Personal Data is transferred to other countries, and have entered into appropriate Data-Processing Agreements with our third-party service providers to this end. By using our Sites and Services, you consent to your Personal Data being transferred to other countries, including countries that have different data protection rules than your country. Please contact us if you require further information.
Changes to the Privacy Policy
We are at all times entitled to change the way we use, collect, transmit and process Personal Data and such other information as we may deem necessary. This Privacy Policy may therefore be amended from time to time in order to reflect the latest changes. Please re-visit this Privacy Policy regularly to stay informed about how we collect, process and share your Personal Data.
Contact Us
If you have questions or need to contact us about this Privacy Policy, please email us at info@skedda.com.