Home | MySchedule

MySchedule Ltd Privacy and Data Protection Notice

General
1. MySchedule limited ("we" or "us") take the privacy of your information very seriously. Our Privacy and Data Protection Notice is designed to tell you, the user of our availability and booking service ("Service") about our practices regarding the collection, use and disclosure of personal and other information about you or your business that may be provided via this website or collected through our booking form or otherwise.
2. This privacy notice applies to information provided by our members and account holders ("members") and also applies to information which is processed by us when a person (referred to for convenience as a "Customer") books an appointment or submits data using our Service.
3. This privacy notice is prepared in compliance with applicable data protection legislation including the EU General Data Protection Regulation (the “GDPR”), the Data Protection Act 2018 and the retained EU law version of the GDPR (“UK GDPR”).
4. Important Note: If you are using our Service to make a booking with our member or account holder ("account holder") please note that we are a processor of that data but we are not the data controller. We will pass the data you provide onto our account holder in accordance with this privacy notice.
Our Policy
1. We aim to limit our interaction with your data wherever possible... [Full paragraph remains the same]
2. However when working with data or content that was not collected by us... [Full paragraph remains the same]
Basis on which we process personal data
1. Personal data we hold about you will be processed either because:
  1. the processing is necessary in order for us to deliver our Service...
  2. the processing is necessary in pursuit of a “legitimate interest”...
  3. the processing is necessary to comply with a legal obligation...
  4. in certain limited circumstances because you have consented...
Personal data we collect
1. We may collect and process the following personal information...
  1. Log-In Information: log-in details and information...
  2. Contact Information: contact information we collect...
  3. Calendar Information: certain information...
  4. Booking Information: a record of the bookings...
  5. Correspondence Information: a record of any correspondence...
  6. Booking Form Information: information which may be provided...
  7. Payment Information: information relating to payment...
  8. Technical Information: details of your visits to the Site...
2. We only collect such information when you choose to supply it to us...
3. Information may also be gathered through the Service...
4. An IP address is a number assigned to your computer...
5. We use your IP address to diagnose problems...
6. If you are a customer of our account holder and...
How we use your personal data
1. Please see the table below which sets out the manner in which we will process the different types of personal data we hold...

Purpose/Activity	Type of data	Lawful basis for processing including basis of legitimate interest
When you (or your employer) register with us to provide the Service to our account holder.	Log-in Information Contact Information	Performance of a contract. Necessary for our legitimate interests (to establish necessary information in order to provide our Service).
When you use the Service as an account holder to take, manage or administer bookings.	Log-in Information Contact Information Calendar Information Booking Information Booking Form Information Payment Information Correspondence Information	Performance of a contract. Necessary for our legitimate interests (in order to provide our availability and booking service).
When you use the Service as a customer, patient or client of our account holder (“Customer”) to make a booking.	Contact Information Calendar Information Booking Information Booking Form Information Payment Information	Performance of a contract. Necessary for our legitimate interests (in order to provide our availability and booking service).
When you use the Service as a Customer to provide information relating to a booking.	Booking Information Calendar Information Booking Form Information Correspondence Information	Performance of a contract. Necessary for our legitimate interests (in order to provide our availability and booking service).
When you use the Service as a customer to make payment to our account holder in relation to a booking.	Payment Information	Performance of a contract. Necessary for our legitimate interests (in order to provide our availability and booking service).
To manage our relationship with our account holder including: Notifying changes to terms or privacy notice Requesting reviews or surveys Handling complaints	Log-in Information Contact Information Calendar Information Booking Information Technical Information Communication Information Correspondence Information	Performance of a contract with you. Necessary to comply with a legal obligation. Necessary for our legitimate interests (to keep our records updated and to study how customers use our Service).
To verify whether our Terms of Use are being complied with.	Log-in Information Contact Information Booking Information Technical Information Communication Information	Necessary for our legitimate interests (network security, compliance, fraud prevention). Necessary to comply with a legal obligation.
To administer and protect our business (e.g., troubleshooting, support, hosting).	Log-in Information Technical Information Communication Information	Necessary for our legitimate interests (IT services, fraud prevention, business ops). Necessary to comply with a legal obligation.
To use data analytics to improve the Service, Site, marketing, and experience.	Technical Information Communication Information	Necessary for our legitimate interests (to improve our services and inform marketing strategy).
When you use the Service as a customer to overlay your availability	Log-in Information	Necessary for our legitimate interests (to provide our availability and booking service).

Sharing your information
1. We do not disclose any information you provide to any third parties other than as follows:
  1. Sharing availability (e.g., Google Calendar) with people trying to book.
  2. Sending data to third-party services you interact with. These are not under our control and are called “processors in common.”
  3. Sharing booking form content with people booking via the Service.
  4. Supplying customer booking data to our account holder.
  5. Sharing payment info with payment processors.
  6. When required by law, e.g. court orders or crime prevention.
  7. To enforce terms and agreements.
  8. During business sale, transfer, or restructuring — ensuring your rights are preserved.
  9. To protect the rights, property, or safety of MySchedule, account holders, or others.
2. Otherwise, we do not share your personal information without your consent.
Security
1. We take reasonable steps to protect your data:
  1. Servers protected with strict cryptographic keys.
  2. Data stored in secure AWS locations. See AWS Certifications
  3. All communication encrypted with SSL.
  4. Regular infrastructure security audits and scans.
Subscriber Personal Data
1. We act as a “data processor” for certain data (Calendar, Booking, and Booking Form Info), while the account holder is the controller.
2. This is governed by our Terms of Use and our Data Processing Agreement (DPA).
Sub-processors and processors in common
1. We use:
  1. Sub-processors (under our control)
  2. Processors in common (independent services you connect to)
2. Processors in common are not our sub-processors. You control the data shared with them, and they operate under their own policies. List of processors:

Data Retention

Our retention policy is summarized in the table below:

Category of personal data	Length of retention
Records relevant for tax purposes	8 years from the end of the tax year
Data from contract with us	7 years from end of contract or last use
Marketing/business development data	3 years since last interaction
Booking-related information	24 months after booking (unless overridden)

Unspecified data defaults to 7 years retention unless otherwise required.
Retention periods may be extended for legal or investigative reasons.
We regularly review and update data to maintain relevance and accuracy.
To request deletion or changes to your data, see clause 11 below.

Your privacy rights
1. Under the EU GDPR/UK GDPR, you have rights related to your personal data.

Right	Description
The right to be informed	You have the right to know about our data practices as described in this policy.
The right of access	You may submit a Subject Access Request (SAR) for details about your personal data we hold.
The right to correction	Notify us if your data is incorrect or incomplete. We'll update records within a month.
The right to erasure	Request deletion of your data. Unless lawful grounds prevent it, we’ll erase the data within one month.
The right to restrict processing	You can limit how your data is processed without requiring deletion.
The right to data portability	Receive your data in a portable format or request it be transferred to a third party.
The right to object	You can object to processing if it affects your rights and freedoms, or for marketing purposes.
Automated decision-making rights	You can object to decisions made solely by automated means unless contractually necessary or you consent.
Right to withdraw consent	You may withdraw consent for processing at any time.

1. Send SARs or requests through our contact page.
2. We aim to respond within one month unless a longer period is needed due to complexity.
Data Breaches
1. Breaches will be reported to the ICO.
2. You will be notified if your rights or freedoms are at risk.
Other websites
1. Our policy doesn’t cover third-party websites.
2. We recommend checking other sites’ policies if accessed via our service.
3. We are not responsible for the privacy practices of external websites.
Transferring your information outside of Europe
1. Your data may be processed outside of the UK/EEA under appropriate GDPR safeguards.
2. Our infrastructure is hosted in the US. See
3. Transfers may occur when you access services outside of the UK/EEA or communicate globally.
Notification of changes to our Privacy Notice
1. We post updates to this notice on our site.
Contact us
1. You can reach out via our contact page for any data inquiries.
Cookie policy
1. We use:
  1. Essential cookies – for login/auth
  2. Performance cookies – for analytics
  3. Functionality cookies – e.g., timezone, inline help
2. Performance cookies load after you click “Accept” on our cookie notice.
3. List of cookies used is provided below.

Cookie	Type	Purpose
myschedule.pro	Essential	Login/Logout app authentication
Stripe	Essential	Handle payments within our service
Hubspot	Essential	Records cookie preference
HelpScout	Functionality	In-app chat and help docs
Google Analytics	Performance	Track service usage
G2	Performance	Track service usage
Mixpanel	Performance	Track service usage
Hotjar	Performance	Track service usage
Hubspot	Performance	Track service usage

1. As well as cookies that are set by domains we control (first-party cookies), you may also see cookies set by a third party (third-party cookies). These are set when you interact with certain parts of our service, such as viewing one of our help videos (YouTube) or signing in via Facebook and are used by these third-party services to understand your preferences and sometimes tailor content they show you.
2. Do I have to accept cookies?
  You are free to reject or disable cookies if you wish. How you disable cookies depends on the browser or device you are using. Most browsers’ help features will tell you how to manage or disable cookies. If you disable cookies, some features or parts of our service may not function properly or may provide a degraded experience.
3. Cookies used for tracking and analytics
  We use tools like Google Analytics to understand how our site is used and improve your experience. You can opt out of this tracking via the links below:
  1. Opt out of Hotjar Analytics using their one-click opt-out option
  2. Opt out of Google Analytics using their browser add-on
  3. Not clicking the “Accept” button in our cookie notice.

Effective 20th May 2025

Privacy

MySchedule Ltd Privacy and Data Protection Notice

General

Our Policy

Basis on which we process personal data

Personal data we collect

How we use your personal data

Sharing your information

Security

Subscriber Personal Data

Sub-processors and processors in common

Data Retention

Your privacy rights

Data Breaches

Other websites

Transferring your information outside of Europe

Notification of changes to our Privacy Notice

Contact us

Cookie policy