Privacy Policy

1. Introduction

BoekMetMij ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our online booking platform and services (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use the Service.

This Privacy Policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Information We Collect

2.1 Information You Provide to Us

Account Information:

When you create an account, we collect:

• Name
• Email address
• Password (stored in encrypted form)
• Organization name and details
• Timezone preferences

Booking Form Information:

When you create booking forms, we collect:

• Form names and configurations
• Service definitions (name, duration, price)
• Time slot availability settings
• Form settings and preferences (language, theme, etc.)

Customer Booking Information:

When customers make bookings through your forms, we collect:

• Customer name
• Customer email address
• Customer phone number (if provided)
• Booking details (service, date, time, status)
• Any additional information you request in your booking forms

Team Management Information:

When you invite team members or manage your organization:

• Team member names and email addresses
• Role assignments (owner, admin, coworker)
• Invitation tokens and acceptance status

2.2 Automatically Collected Information

When you use the Service, we automatically collect certain information, including:

• IP address
• Browser type and version
• Device information (type, operating system)
• Pages visited and time spent on pages
• Referring website addresses
• Date and time of access
• Session identifiers and cookies
• User agent strings

2.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Maintain your session and authentication state
• Remember your preferences and settings
• Analyze how the Service is used
• Improve the Service's functionality and user experience

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of the Service.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To Provide and Maintain the Service: Creating and managing your account, processing bookings, sending notifications, and providing customer support
• To Communicate with You: Sending booking confirmations, cancellations, password reset emails, email verification, and important service updates
• To Improve the Service: Analyzing usage patterns, identifying technical issues, and developing new features
• To Ensure Security: Detecting and preventing fraud, unauthorized access, and other security threats
• To Comply with Legal Obligations: Meeting legal requirements, responding to legal requests, and enforcing our Terms and Conditions
• To Manage Subscriptions: Processing payments, managing subscription tiers, and providing access to premium features
• To Support Team Collaboration: Enabling team member invitations, role management, and shared access to booking data

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal bases:

• Contractual Necessity: Processing necessary to perform our contract with you (providing the Service)
• Legitimate Interests: Processing necessary for our legitimate business interests (improving the Service, security, fraud prevention)
• Consent: Processing based on your explicit consent (where required)
• Legal Obligation: Processing necessary to comply with legal obligations

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

Service Providers:

We may share information with third-party service providers who perform services on our behalf, such as:

• Email delivery services
• Cloud hosting and infrastructure providers
• Payment processors (for paid subscriptions)
• Analytics and monitoring services

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

Within Your Organization:

Team members within your organization may have access to booking data and customer information based on their role and permissions.

Legal Requirements:

We may disclose information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Protect the rights, property, or safety of our users or others
• Prevent or investigate fraud or security issues

Business Transfers:

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

6. Data Retention

We retain your information for as long as necessary to:

• Provide the Service to you
• Comply with legal obligations
• Resolve disputes and enforce our agreements
• Maintain security and prevent fraud

When you delete your account, we will delete or anonymize your personal information, except where we are required to retain it for legal, regulatory, or legitimate business purposes.

Booking data and customer information may be retained for a reasonable period after account deletion to allow for data recovery if requested, but will be permanently deleted after the retention period expires.

7. Data Security

We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction, including:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of sensitive data at rest
• Secure password storage using industry-standard hashing algorithms
• Regular security assessments and updates
• Access controls and authentication mechanisms
• Secure hosting infrastructure
• Regular backups and disaster recovery procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Your Rights (GDPR)

Under GDPR and other applicable data protection laws, you have the following rights regarding your personal data:

Right of Access

You have the right to request access to your personal data and receive a copy of the data we hold about you.

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data, subject to certain legal exceptions.

Right to Restrict Processing

You have the right to request restriction of processing of your personal data in certain circumstances.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates applicable data protection laws.

To exercise these rights, please contact us at support@boekmetmij.nl. We will respond to your request within 30 days, or as required by applicable law.

9. Data Controller and Processor

For account holders and users of the Service: BoekMetMij acts as the data controller for your account information and usage data.

For customer booking data: When customers make bookings through your forms, you (the Organization) are the data controller, and BoekMetMij acts as a data processor. We process customer data on your behalf in accordance with your instructions and this Privacy Policy.

As a data controller for customer bookings, you are responsible for:

• Obtaining appropriate consent from customers
• Complying with data protection laws
• Responding to customer data requests
• Implementing appropriate security measures

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Other legally recognized transfer mechanisms

11. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

12. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party websites or services you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated Privacy Policy on our website
• Sending an email to the address associated with your account
• Displaying a notice within the Service

The "Last updated" date at the top of this Privacy Policy indicates when it was last revised. Your continued use of the Service after such changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: support@boekmetmij.nl

For data protection inquiries, you can also contact your local data protection authority.