Boka en tid and GDPR

Each administrator/account owner chooses themselves what information they want to enter, but most often this is a name and email address for each user to be able to see who has booked and to give the user the opportunity to request a new password on their own. It is possible to have completely anonymous accounts if desired.

Below is a more detailed description of how the service works.

What personal data do you collect?

The system supports each user having a username (which is usually an apartment number or similar) or an email address to log in.

The most common setup is to have a name and email address (to be able to order a new password) linked to each user. Users can, however, choose to be completely anonymous in our system by using general designations instead of apartment numbers and names.

We also save the most recently logged in users with date and time to be able to help customers troubleshoot if needed.

Who do you share data with?

We do not sell any information to anyone and only use collected data internally in the system (such as to display the correct name at the correct time, etc).

How do you view the relationship between each customer (often a BRF) and you. Do you consider yourself to be a data processor for the customer?

Regarding the relationship between the customer and us, we only collect the data needed to be able to contact the customer if necessary and to be able to invoice. We view this as customer data (from an organization/company/association) rather than personal data for the responsible person in question that we must have to be able to have a commitment as a supplier.

We do not have any data processing agreements at the moment, but can prepare this if desired.

Where is data (personal data) stored?

The system is operated and stores data on a virtual server (VPS) with our supplier Ports Group. This VPS is on a server physically located in Landvetter, outside Gothenburg.

Is personal data transferred to third countries i.e. outside EU/EEA?

We do not send any personal data to other systems, but use Fathom Analytics for statistics and New Relic to monitor and optimize the system.

Data retention/anonymization

What retention options are there for historical booking times/logs?

Historical bookings are saved because one of the main purposes of the service is to provide our customers with statistics on bookings and to be able to go back and see usage over time.

We save system logs for a limited time (such as metadata about push notifications, but no content) to be able to help users who have problems with troubleshooting.

Can booking times be deleted without removing users?

Yes, unstarted times can be removed in the calendar by the user themselves. The administrator can also delete future bookings in the system. Completed times are saved in the system until the user is removed.

Does history disappear when you delete a user?

Yes.

What technical measures have you taken to protect user data?

We use a very stable and tested framework called CodeIgniter as the base in our application. This ensures a stable base and gives us good opportunities to build a secure and robust system.

For example, how are passwords protected, how is the service protected against malicious code?

All passwords are stored encrypted in the database.

Our VPS is operated and monitored by Ports Group who handles server and hosting.