Personal Data We Collect
Information Related to Your Interaction with Skedda and the Services
Registration and Contact Information
We collect information about you when you (a) register to use the Services and (b) otherwise provide contact information to us via email or through our Services. This information you provide may include your email address, first and last name, organization name and telephone number. Additionally, Skedda may collect your photo (avatar) if the corresponding Associated Venue has configured its Skedda account to do so (please contact your Associated Venues if unsure).
When you purchase the Services or make a booking through an Associated Venue which has online payments enabled, we will also collect transaction information, which may include your credit card information, billing and mailing address, and other payment-related information ("Payment Information"). We describe below how Payment Information may be collected and processed under the main heading “Payment Information”.
Technical, Usage and Location Information
Third-party authentication identifiers
We collect and store identifiers from third party services (such as Facebook, Google, Twitter, Microsoft and Apple) if you choose this option to authenticate yourself in Skedda (as opposed to a password-based login).
User Data provided by Skedda Venue Administrators
If you are an administrator of a Skedda venue account, you may submit Personal Data corresponding to natural persons other than yourself into the Services for booking, hosting and processing purposes (“User Data”). User Data may include, without limitation Personal Data such as names, email addresses, organization names and phone numbers of persons interacting with the venue account ("Users").
We will only use, disclose and otherwise process User Data for the purposes set forth in your agreement with us for the provisioning of the Services (“Agreement”).
We collect and retain your Personal Data submitted in an identifiable format for the amount of time necessary to meet your request or fulfill our legal or regulatory obligations, unless it is in the legitimate interests of the Services and not prohibited by law to maintain the Personal Data for longer periods.
We specifically limit the retention period for certain types of information as follows:
Booking audit logs (concerning the users responsible for creating, updating, charging and deleting bookings): maximum of 90 days
Booking information (concerning the storage of the actual booking information like scheduled time, holder, price, title and notes) made for your Associated Venues: maximum of seven years past the booking conclusion time (configurable by each Associated Venue)
User profile information (name, email address, organization, telephone, hashed password, tokens for external logins, photos): By default, user profile information is retained indefinitely until it is explicitly removed by an Associated Venue. However, each Associated Venue can configure user profile information to be removed from the system automatically after the user's booking information is removed from the system. Contact your Associated Venues to request further information about their chosen retention setting.
Server and analytics logs: maximum of 90 days
Database backups: maximum of 35 days
How We Use the Personal Data We Collect
We use Personal Data in the following ways:
To verify your identity using authentication mechanisms;
To share your Personal Data with your Associated Venues (and also with other users of an Associated Venue if that Associated Venue chooses to allow it - please contact your Associated Venues if unsure);
To manage your bookings at your Associated Venues;
To communicate your booking interactions (creating bookings, cancelling bookings, modifying bookings) with your Associated Venues;
To log audit information about your booking interactions (for auditing purposes of your Associated Venues);
To provide, maintain and improve the Services and our other products and services, including to operate certain features and functionality of the Services (for example, by remembering your Personal Data so that you will not have to re-enter it during this or subsequent visits);
To process your inquiries and otherwise deliver customer service;
To process your payments, we share and use Payment Information as described under the heading “Payment Information”;
To control unauthorized use or abuse of the Services and our other products and services, or otherwise detect, investigate or prevent activities that may violate our policies or be illegal;
To analyze trends, administer or optimize the Services, monitor usage or traffic patterns (including to track users’ movements around the Services) and gather demographic information about our user base as a whole; and
Lawful Basis for Processing of Personal Data
The lawful basis under which the Services process your Personal Data is legitimate interests.
Please contact us at firstname.lastname@example.org if you have any questions about the lawful basis for processing Personal Data.
Sharing Your Personal Data with Third Parties
We do not sell, trade, share or transfer your Personal Data to third parties except in the following limited circumstances:
We may share your Personal Data with our listed third-party service providers to permit such parties to provide our basic/critical service functions. For example, we may provide Personal Data to our transactional email-sending provider for sending notification emails about booking transactions;
We may share your Personal Data when we have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce a Customer Agreement, including investigation of potential violations thereof, or (c) protect against imminent harm to our rights, property or safety, or that of our users or the public as required or permitted by law;
We may share your Personal Data with third parties (including our service providers and government entities) to detect, prevent, or otherwise address fraud or security or technical issues;
We may share your Payment Information to process your payments, as further described below under the main heading “Payment Information”;
We may share and/or transfer your Personal Data if we become involved in a merger, acquisition, bankruptcy, or any form of sale of some or all of our assets; and
We may share your Personal Data with a third party if we have your consent to do so.
We may also share aggregated or anonymized information with third parties for other purposes. Such information does not identify you individually, but may include usage, viewing and technical information such as the types of Services our customers and users generally use, the configuration of their computers, and performance metrics related to the use of Services which we collected through our technology. If we are required under applicable law to treat such information as Personal Data, then we will only disclose it as described above. Otherwise we may disclose such information for any reason.
Other Access to or Disclosure of Your Information
The Websites contain features that enable you to make bookings with content that may be publicly viewable. You should be aware that any Personal Data you submit as part of those bookings can be read, collected, or used by other visitors to the Websites. You should contact your Associated Venues if you have any questions about the visibility of your Personal Data to the public.
Use of Intercom Services
Ability for your Associated Venue to edit your Personal Data
At all times, you can see the list of your Associated Venues by signing into your account and viewing the venue-selection control in the navigation bar.
Use of Services by Minors
The Services are not directed to individuals under the age of thirteen (13), and we request that they not provide Personal Data through the Services.
Your Rights, Controls and Choices
Opt-Outs: We may provide you with the opportunity to “opt-out” of having your Personal Data used for certain purposes when we ask for this information. If you decide to opt-out, we may not be able to provide certain features of the Services to you.
Communication Preferences: If you no longer wish to receive our communications, you may opt-out of receiving them by following the instructions included on such communications or on the Services. Please note, however, that you may be unable to opt-out of certain service-related communications.
How We Respond to Do Not Track Signals: Your Web browser may have a “do not track” setting which, when enabled, causes your browser to send a do not track HTTP header file or “signal” to each site you visit. At present, the Services do not respond to this type of signal.
Data Protection Officer (Pursuant to Articles 37-39 of the UK GDPR and EU GDPR)
Skedda has designated the data protection officer specified below to fulfill its obligations with respect to Articles 37-39 of the UK GDPR and EU GDPR.
a: West Lodge, Leylands Business Park, Colden Common, Hampshire, SO21 1TH, United Kingdom
EU and UK Representative (Pursuant to Article 27 of the UK GDPR and EU GDPR)
If you are based in the EU or the UK and you have a question specifically regarding the processing of your Personal Data with respect to the EU/UK GDPR, you may contact Skedda's appointed EU/UK representative using the contact details below:
UK Address / Contact Information
a: 3rd Floor, 86-90 Paul Street, London EC2A 4NE
EU Address / Contact Information
a: Suite 10357, 5 Fitzwilliam Square, Dublin 2, Ireland, D02 R744
Accessing, Changing and Deleting Your Personal Data
When you use the Services, we make good faith efforts to provide you with access to your Personal Data upon your request and either provide you the means to correct this information if it is inaccurate or to delete such information at your request if it is not otherwise required to be retained by law or for legitimate business purposes. You may access, review, correct, update, change and delete your information at any time. To do so,sign in to your account, go to your profile, and make the desired changes (or contact us at email@example.com if you are not actively using the Services). The following information can be accessed and modified on your profile page:
Password and login information
Credit card information
To delete this information completely, or to access and change other Personal Data stored about you, please contact us at firstname.lastname@example.org with your email address. We may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort (for instance, requests concerning Personal Data residing on backup tapes), jeopardize the privacy of others, would be extremely impractical, or for which access is not otherwise required. We may also decline to process requests for Personal Data deletion if:
we show it to be lawfully necessary to retain that information (e.g. for exercising the right of freedom of expression and information, for compliance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, on the grounds of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, or for the establishment, exercise or defence of legal claims); or
we have not received permission from an administrator of each of your Associated Venues (for their compliance, auditing and legal reasons).
Your Personal Data may continue to exist in our backup databases, booking logs and server/analytics logs for a period of no greater than ninety (90) days after your Personal Data is deleted from our primary application database.
In accordance with the Data-Processing Agreements into which Skedda has entered with its third-party processors, we will forward the request to erase your Personal Data from any relevant and connected third-party system.
In any case where we provide Personal Data access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort.
Please note that if you cease using the Service or we terminate your access to the Service in accordance with the Agreement, you may no longer have the ability to access or update your Personal Data.
We may retain your Personal Data as necessary to support the Services, comply with our legal obligations or resolve disputes. Note that content you supply through transactions (such as booking titles and notes) may remain on the Services even if you cease using the Services, if we delete your Personal Data, or we terminate your access to the Services.
The security of your Personal Data is important to us. We maintain a variety of appropriate technical and organizational safeguards to protect your Personal Data. We limit access to Personal Data about you to employees who we believe reasonably need to come into contact with that information to provide products or services to you or in order to do their jobs. Further, we have implemented reasonable physical, electronic, and procedural safeguards designed to protect Personal Data. When you enter sensitive information (such as your password), we encrypt that information in transit using industry-standard Transport Layer Security (TLS) encryption technology. Refer to our document on data security for further information about the current security measures in place at Skedda.
No method of transmission over the Internet, method of electronic storage or other security methods are one hundred percent secure. Therefore, while we strive to use reasonable efforts to protect your Personal Data, we cannot guarantee its absolute security.
You have the responsibility to prevent unauthorized access to your account and Personal Data by selecting and protecting your login information appropriately and limiting access to your computer or device and browser, for example by signing off after you have finished accessing your account.
If we become aware that a data breach has occurred, we will notify any relevant supervising authorities not later than seventy-two (72) hours after having become aware of it.
Storage and International Transfer of Data