Privacy Policy

Welcome to Onestop Booking’s Privacy Policy.

Please  note  that  this  Privacy  Policy  applies  to  personal  data  that  is collected and processed in the course of providing Service (as defined in the Definition Section of the Terms of Use) via Onestop Booking by Onestop Devshop, with offices located at 18A South Road, Paget, PG04, Islands of Bermuda. 

Onestop Booking, as a data controller, collects and processes personal data relating to interactions  on  the  Website  (as  defined  in  the  Definition  Section  of the Terms of Use). This Privacy Policy describes how Onestop Booking uses and protects any information that you give us.

We believe in full transparency, which is why we keep our Privacy Policy simple and easy to understand.

We strongly urge you to read this Privacy Policy and make sure that you fully understand and agree with it. If you do not agree to this Privacy Policy, please do not access, or otherwise use Onestop Booking. Should you have any inquiries regarding this Privacy Policy, please contact us at  help@OnestopBooking.com.

Any capitalized but undefined term in this Privacy Policy shall have the meaning given to it in the Definitions Section of the Terms of Use.

1. DEFINITIONS

When we say “consent” we mean your explicit consent on the processing of personal data.

When we say “cookies” we mean small pieces of data stored on your device (computer or mobile device). This information is used  to  track  your  use  of  the  Website  and  to  compile statistical reports on website activity.

When we say “controller” we mean the entity that alone or jointly with others, determines the purposes and means of the processing of personal data.

When  we  say  “Data  Subject”,  or  “you”  we  mean  any  natural person that shares personal data with us via Onestop Booking.

When  we  say  “Employer”  we  mean  the  Client  who  made  your Personal Data available to us and who is using the Service.

When we say “Employee” we mean an individual that is engaged as an employee, consultant, or contractor of Client, and who is registered on the Onestop Booking By the Employer with the purpose to provide Client’s services to Customers.

When  we  say  “GDPR”  we  mean  the  General  Data  Protection Regulation 2016/679.

When we say “personal data” or “data” we mean any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, either  directly  or  indirectly.  Therefore,  data  about  a company or any legal entity is not considered to be personal data but registering on behalf of a legal entity may include sharing personal data. For example, the information about one-person companies may constitute personal data where it allows  the  identification  of  a  natural  person.  The  rules also apply to all personal data relating to natural persons in the course of professional activity, such as the employees of a company or organization, business e-mail addresses like Page 3 of 16“firstname.surname@company.com”.  This  Privacy  Policy  does not  apply  to  information  from  which  no  individual  can reasonably be identified (anonymized information).

When  we  say  “processing”  we  mean  any  operation  or  set  of operations which is performed on personal data or sets of personal data. This includes activities such as collection, recording, organization, structuring, storage, adaptation or alteration,  retrieval,  consultation,  use,  disclosure  by transmission, dissemination or otherwise making available, alignment   or   combination,   restriction,   erasure   or destruction.

When we say “processor” we mean any natural or legal person who processes the data on behalf of the controller.

2. DATA CONTROLLER AND DATA PROCESSOR

In relation to your personal data processed on or via the Website and the Service, Onestop Bookingmay be either a Data Controller or Data Processor.

When  Onestop Booking acts  in  the  capacity  of  a  Data  Controller,  Onestop Booking determines  the purposes and means of the processing of personal data. The purpose of data processing is the reason why we process your personal data. The table in Section 3.1 of the Privacy Policy presents the purposes and legal basis for data processing. In such cases, Onestop Bookingis responsible for your personal data.

Apart from  Section 3.2, this Privacy Policy primarily contains information on processing your data in the capacity of a Data Controller. Should you have any inquiries, or you wish to exercise any of the rights of a Data Subject stipulated in  Section 9, please contact us:

 

Onestop Devshop

18A South Road, Paget, PG04

Islands of Bermuda

Email: admin@onestop.io.

 

Given that Onestop Bookingstrongly supports the principle of transparency of personal data  processing,  despite  being  a  Data  Processor,  Onestop Booking made  an  additional effort to explain personal data processing via the Service in Section 3.2 of this Privacy Policy. The information contained therein outlines how personal data processing via Onestop Booking Functions in general. Nevertheless, should you wish to send an inquiry or exercise any of your Data Subject’s rights which you may have under the applicable data protection legislation to the Client, your  Employer  or  service  provider,  please  contact  the  Client  as  Data Controller.

If you represent a Client that falls under the scope of application of the GDPR or similar data protection legislation, you may sign the Data Protection Addendum to these Terms of Use (“DPA”), with Onestop Booking As a Data Processor based outside the EEA. The DPA includes the Standard Contractual Clauses adopted by  the  European  Commission,  as  applicable,  and  reflects  the  Parties’ agreement with respect to the terms governing the processing of personal data under Onestop Booking’s Terms of Use. Signing the DPA will be considered as an amendment to the Agreement (within the meaning of Definitions Section of the Terms of Use) and will be considered to form a part of the Agreement. If you represent a Client that does not fall under the application of the GDPR, Onestop Booking Processes your personal data under the DPA concluded between Onestop Bookingand you, as stipulated by the Data Protection Act of the Republic of Serbia.

If you would like to sign a DPA with us, please contact us at help@Onestop Booking.com.

3. WHAT DATA DO WE PROCESS ABOUT YOU AND WHEN?

We may collect and receive information about you in various ways:

Information you provide through the use of the Service (for example, by creating the account on Onestop Booking).

information you decide to provide through getting in touch with us via support option.

Information we collect through the use of cookies in accordance with our Cookie Policy (for example, your time zone).

Personal data we may collect automatically

Each  time  you  use  Onestop Booking we  may  automatically  collect  the  following information:

when you use Onestop Booking, we will keep a record of the details of that usage, including the date, time, location, frequency and duration of the usage;

any  comments,  opinions  and/or  feedback  you  provide  to  us regarding Onestop Booking;

technical information about your computer or mobile device for system administration and analysis, including your IP address, URL clickstreams, unique device identifiers, operating system, and network and browser type;

other information about your use of Onestop Booking, including the pages you have viewed, the duration spent on Onestop Bookingand data files you have uploaded to Onestop Booking.

 

This information we collect via use of cookies. For further information about the  use  of  cookies  and  how  you  can  manage  them,  please  read  our  Cookie Policy.

3.1 Onestop Booking AS DATA CONTROLLER

  1. DATA WE COLLECT
  2. PURPOSE
  3. LEGAL BASIS
  4. RETENTION

Business URL (which may contain personal data such as name and last name), business email address (which may contain personal data such as name and last name), name, surname, password, profile photo (if the Client decides to provide such personal data).The Client will also obtain the Client ID so that we can identify that Client in the future.

Creating and maintaining an Account on the Website according to the Terms of Use.

Processing is necessary for the performance of the Agreement (as defined in Definitions Section of the Terms of Use). Without  providing business      URL, email     address, name,  surname  and password,      the Client   may   not create  the  Client Account.

Until the account is deleted in accordance with the Terms of Use.

Financial Data such as name, address, bank account and payment card details. The payer may not be the Client subscribing to the Paid Plan, so it is possible to receive the information from another Client.

When subscribing to any of the Paid Plans or when changing any Paid Plan in accordance with the Terms of Use, this information is being collected by a third-party processor.

Processing is necessary for the performance of the Agreement.

We keep only the last four digits of the credit card number under subscription billing info until such Agreement is terminated and for the period necessary to comply with the applicable financial and tax accounting and other statutory obligations in accordance with the applicable law (Section 22 of the Terms of Use).

Additional Data i.e., data you decide to share with us, email address.

If you send us an inquiry via Contact us page or otherwise request support, we will collect data you decide to share with us.

Processing of personal data is either necessary to provide a Service or part thereof, or the processing is based on your consent.

If the processing is based on your consent, we keep the information until you withdraw your consent or for one year, whichever date comes first.

Email address If you decide to sign up for our newsletter, we use your email address.

This newsletter allows us to inform you of the new features of the Service, updates, as well as other news relevant to the company.

Processing is based on your consent. You have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on consent prior to such withdrawal. You may unsubscribe from receiving a newsletter from us. If you wish to do so, simply follow the instructions found at the end of each email.

We may use your email for this purpose until you unsubscribe or until you delete your account.

Information necessary for identification

To allow Data Subjects from EEA to exercise their rights in accordance with this Privacy Policy, as defined in Section 9.

Processing is necessary for compliance with a legal obligation which the Controller is subject to.

We keep this information for a period of one year.

Other personal data

For the prevention and detection of fraud, money laundering or other crimes or to respond to a binding request from a public authority or court.

The processing is necessary to comply with legal and regulatory obligations.

In accordance with the applicable statutory deadlines.

  1. DATA WE COLLECT
  2. PURPOSE
  3. LEGAL BASIS
  4. RETENTION

 

Business URL (which may contain personal data such as name and last name), business email address (which may contain personal data such as name and last name), name, surname, password, profile photo (if the Client decides to provide such personal data).The Client will also obtain the Client ID so that we can identify that Client in the future.

Creating and maintaining an Account on the Website according to the Terms of Use.

Processing is necessary for the performance of the Agreement (as defined in Definitions Section of the Terms of Use). Without  providing business      URL, email     address, name,  surname  and password,      the Client   may   not create  the  Client Account.

Until the account is deleted in accordance with the Terms of Use.

Financial Data such as name, address, bank account and payment card details. The payer may not be the Client subscribing to the Paid Plan, so it is possible to receive the information from another Client.

When subscribing to any of the Paid Plans or when changing any Paid Plan in accordance with the Terms of Use, this information is being collected by a third-party processor.

Processing is necessary for the performance of the Agreement.

We keep only the last four digits of the credit card number under subscription billing info until such Agreement is terminated and for the period necessary to comply with the applicable financial and tax accounting and other statutory obligations in accordance with the applicable law (Section 22 of the Terms of Use).

Additional Data i.e., data you decide to share with us, email address.

If you send us an inquiry via Contact us page or otherwise request support, we will collect data you decide to share with us.

Processing of personal data is either necessary to provide a Service or part thereof, or the processing is based on your consent.

If the processing is based on your consent, we keep the information until you withdraw your consent or for one year, whichever date comes first.

Email address If you decide to sign up for our newsletter, we use your email address.

This newsletter allows us to inform you of the new features of the Service, updates, as well as other news relevant to the company.

Processing is based on your consent. You have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on consent prior to such withdrawal. You may unsubscribe from receiving a newsletter from us. If you wish to do so, simply follow the instructions found at the end of each email.

We may use your email for this purpose until you unsubscribe or until you delete your account.

Information necessary for identification

To allow Data Subjects from EEA to exercise their rights in accordance with this Privacy Policy, as defined in Section 9.

Processing is necessary for compliance with a legal obligation which the Controller is subject to.

We keep this information for a period of one year.

Other personal data

For the prevention and detection of fraud, money laundering or other crimes or to respond to a binding request from a public authority or court.

The processing is necessary to comply with legal and regulatory obligations.

In accordance with the applicable statutory deadlines.

 

3.2 Onestop Booking AS DATA PROCESSOR

As previously stated, concerning your personal data processed on or via the Service, Onestop Booking Is a Data Processor and the Client is the Data Controller. Onestop Booking Processes personal data following instructions from the Data Controller and under the Terms of Use, and DPA (if any). The purpose of such personal data processing includes but is not limited to: scheduling on-site or virtual appointments,  meetings  &  events  with  the  Customers,  managing  staff  and services, accepting payments, sending reminders to Customers and Employees.

As a processor, Onestop Booking Is permitted to collect, use, disclose and/or otherwise process your personal data only following the instructions of the Client, your Employer or service provider.

3.2.1 Processing prior to using the Service

Employee’s data

The Client, your Employer shares your email address, name, last name, and phone number to enable you to access the Service. The Client might add  a  brief  description  and  your  profile  photo.  Additionally,  your Employer shares your working hours, days off and special days.

The  Client,  your  Employer  may  assign  you  Client’s  services  to  be provided to Customers.

If you have any questions regarding the legal basis for such personal data processing, please contact your Employer who added you to the Onestop Booking.

Customer’s data

The Client, your service provider shares your name, last name, email address  and  phone  number  to  add  you  to  the  Onestop Booking and  create appointments with you. The Client might, optionally add your gender, date of birth and an additional description.

If you have any questions regarding the legal basis for such personal data  processing,  please  contact  the  Client  who  provided  you  the Client’s services.

3.2.2 Processing during the usage of the Service

Employee’s data

If you decide to accept the invitation to use Onestop Booking, you will be required to create an account. To create the account, you will need to share your email address and password.

You manage personal data you share via your account such as name and last name, photo, email data (personal email address or work email address).

If you choose to connect your Onestop Booking Account to Google Calendar, Outlook Calendar and Apple Calendar you will be able to sync your appointments from Onestop Booking with  these  calendars.  This  function  enables  you  to  have  the appointments from Onestop Bookingwithin the Google, Outlook, or Apple Calendar.

Once the calendar is connected, you will see all appointments from Onestop Booking Right inside your Google, Outlook or Apple Calendar. 

To provide this integration, we need to access your Google, Outlook or Apple calendar  and  collect  the  data  from  such  calendars.  Our  calendar  sync integration will check the duration and free/busy status of the events in your external calendar, as well as the titles of any events. We do not check who you are meeting with, their email, or any other details about events in your calendar. We ask Employees for such authorization explicitly prior to processing such data.

While Super Admins and Managers can view other Employees’ calendar, only the Employee can see events from the connected Google, Outlook, or Apple calendar (Super Admins and Managers cannot see events from your connected calendar).

The  Employee  may  disconnect  the  calendar  at  any  time  by  clicking  on  the Disconnect option on their calendar.

The Client, your Employer shares your personal data to create appointments for you with the Customers. The data includes your first and last name, type of service, date, and time of the appointment.

Onestop Booking will  send  you  reminders  for  your  scheduled  appointments  on  your registered email address.

You may unsubscribe from receiving any email from Onestop Booking. If you wish to do so, simply follow the instructions found at the end of each email or visit section “Account Settings” on Onestop Booking. 

If you have any questions regarding the legal basis for such personal data processing, please contact your Employer who added you to the Onestop Booking.

Customer’s data

If you decide to book an appointment via Onestop Booking, you will be required to share certain personal data:

To book an appointment as a Guest, you must share your first name, last name, and email address. You might decide to share your phone number  and  use  a  coupon.  Additionally,  you  may  choose  to  add  the appointment to your Google, Outlook, or Apple Calendar.

To create an account and book an appointment as a registered Customer, you must share your first name, last name, email address, and password. Additionally, you may choose to add the appointment to your Google, Outlook, or Apple Calendar.

The  Client,  your  service  provider  shares  your  personal  data  to  create appointments with you, such as: your name, last name, email address, phone number and type of service. The Client might add your gender, date of birth and an additional description.

In order to keep a record of your previous and current appointments, the Customer  shares  your  first  name,  last  name,  email  address,  number  of appointments, last appointment, favorite services, payment information, the person with whom you had the most appointments.

Onestop Booking will  send  you  reminders  for  your  scheduled  appointments  and appointment follow ups on your registered email address.

You may unsubscribe from receiving any email from Onestop Booking. If you wish to do so, simply follow the instructions found at the end of each email or visit section “Account Settings” on Onestop Booking. 

If you have any questions regarding the legal basis for such personal data processing, please contact the Client who provided you the Client’s services.

 Third Party Integrations

To allow for greater functionality and expanded services offerings Onestop Booking Integrates with a number of third-party apps and software platforms, such as Xero and Zapier. For these integrations, Onestop Booking user must maintain their  own  account.  Please  note  that  if  using  these  integrations  within Onestop Booking, separate privacy policies for those services and platforms apply.

 

4. WHAT DO WE NOT DO?

Onestop Booking Will never:

Sell any kind of personal information or data.

Disclose this information to marketers or third parties not specified in Section 6 of the Privacy Policy.

Process your data in any way other than stated in this Privacy Policy.

5. PERSONAL DATA SECURITY

We  take  administrative,  technical,  organizational  and  other  measures  to ensure the appropriate level of security of personal data we process. Upon assessing  whether  a  measure  is  adequate  and  which  level  of  security  is appropriate, we consider the nature of the personal data we are processing and the nature of the processing operations we perform, the risks to which you are exposed by our processing activities, the costs of the implementation of  security  measures  and  other  relevant  matters  in  the  particular circumstances.

Some  of  the  measures  we  apply  include  access  authorization  control, information classification (and handling thereof), protection of integrity and  confidentiality,  data  backup,  firewalls,  data  encryption  and  other appropriate measures. We equip our staff with the appropriate knowledge and understanding of the importance and confidentiality of your personal data security.

We  protect  personal  information  you  provide  online  in  connection  with registering an account via Onestop Booking. Access to your own personal information is available through a password selected by you. This password is encrypted while transmitted from your browser to our servers and while stored on our systems. To protect the security of your personal information, never share your password to anyone. Please notify us immediately if you believe your password has been compromised.

Whenever we save your personal information, it’s stored on servers and in facilities that only selected Onestop Bookingpersonnel and our contractors have access to. We encrypt all data that you submit through Onestop Booking During transmission using Transport Layer Security (TLS) in order to prevent unauthorized parties from viewing such information. Remember – all information you submit to us by email is not secure, so please do not send sensitive information in any email  to  Onestop Booking.  We  never  request  that  you  submit  sensitive  or  personal information over email, so please report any such requests to us by sending an email to help@Onestop Booking.com.

 

6. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

Onestop Bookingutilizes external processors and sub-processors for certain processing activities. We use information audits to identify, categorize and record all personal data that is processed outside the company, so that the information, processing activity, processor and legal basis are all recorded, reviewed and  easily  accessible.  The  list  of  sub-processors  is  approved  by  the Customer.

We have strict due diligence procedures and measures in place and review, assess  and  background  check  all  processors  prior  to  forming  a  business relationship. We obtain company documents, certifications, references and ensure that the processor is adequate, appropriate and effective for the task we are employing them for.

We audit their processes and activities prior to contract and during the contract period to ensure compliance with the data protection regulations and review any codes of conduct that oblige them to confirm compliance.

This is the list of processors and sub-processors with whom we share your personal data:

  1. PROCESSOR
  2. ROLE
  3. SEAT

SendGrid

E-mail services based on Cloud

USA

 
Google, Inc.
Analytics
USA
 
  1. SUB-PROCESSOR
  2. ROLE
  3. SEAT

Stripe, Inc.

Payment provider

USA

 

PayPal, Inc.

Payment provider

USA

 

We may also share your personal data with our outside accountants, legal counsels, and auditors.

Moreover, we may disclose your personal information to third parties:

if we are under a duty to disclose or share your personal data in order to comply with any legal obligation;

to prevent and detect fraud or crime;

in  response  to  a  subpoena,  warrant,  court  order,  or  as  otherwise required by law.

Finally, personal information may be disclosed or transferred as part of, or during negotiations of, a merger, consolidation, sale of our assets, as well as  equity  financing,  acquisition,  strategic  alliance  or  in  any  other situation  where  personal  information  may  be  transferred  as  one  of  the business assets of Onestop Booking.

We do not have a list of all third parties we share your data with, as this would be dependent on your specific use of our Services. However, if you would like further information about who we have shared your data with, or to be provided with a list specific to you, you can request this by writing to help@Onestop Booking.com.

7. INTERNATIONAL TRANSFER OF YOUR PERSONAL DATA

We may transfer your personal data to countries other than the one you reside in. We maintain appropriate technical and organizational measures to ensure that an appropriate level of security in respect of all personal data we process. If the GDPR applies to the Client, we make sure that such transfer is made:

to the countries within the EEA;

to the countries which ensure an adequate level of protection;

to the countries which do not belong to those specified under item 1. and 2, but only by applying the appropriate safeguard measures (such as Standard Contractual Clauses adopted by the European Commission).

If you require further information about these protective measures, please contact us at help@Onestop Booking.com.

Your personal data is stored on servers located in Germany.

8. HOW LONG DO WE KEEP YOUR DATA?

The period for which we store your personal data depends on a particular purpose  for  the  processing  of  personal  data,  as  explained  in  detail  in Section 3. We retain personal data for as long as we reasonably require it for legal or business purposes. In determining data retention periods, we take into consideration the applicable law (see Section 22 of the Terms of Use.), contractual obligations, and the expectations and requirements of our Clients and Customers. When we no longer need personal information, or when you  request  us  to  delete  your  information,  where  this  is  legal,  we  will securely delete or destroy it.

However, as an exception to the retention periods in Section 3 the data may be processed to determine, pursue, or defend claims and counterclaims.

9. YOUR RIGHTS

Given that transparency is one of our cornerstone principles, we grant Data Subjects certain rights in relation to their personal data. These rights may be exercised by Data Subject when Onestop Booking Operates as a Data Controller.

If your inquiry or exercise of any of the Data Subject’s rights relates to the data processed by the Client as a Data Controller as explained in Section 3.2  of  the  Privacy  Policy,  please  contact  the  Client  (your  Employer  or service provider).

In  the  event  Onestop Booking receives  a  request  for  exercising  any  of  these  rights directly from a Data Subject, we are obliged to notify the Client before responding to such a request.


Right of Access

You can send us a request for a copy of the personal data we hold about you.

We have ensured that appropriate measures have been taken to provide such in a concise, transparent, intelligible and easily accessible form, using clear and plain language. Such information is provided in writing free of charge. It may be provided by other means when authorized by the Data Subject and with prior verification as to the subject’s identity.

Information is provided to the Data Subject at the earliest convenience, but at a maximum of 30 days from the date the request was received. Where the retrieval or provision of information is particularly complex or is subject to a valid delay, the period may be extended by two further months where necessary.


 Right to Object to Processing

You have the right to object to the processing of your personal data where that  processing  is  being  undertaken  based  on  the  controller’s  legitimate interest. In such a case the controller is required to cease processing your data unless the controller can demonstrate compelling grounds that override your objection.


 Right to Correction of Your Personal Data

If the personal data we have about you is incorrect, you have the right to request that we correct those data. Where notified of inaccurate data by the Data Subject, we will rectify the error within 30 days and inform any third party of the rectification if we have disclosed the personal data in question to them.


 Right to Erasure

You have the right to request that your personal data is deleted in certain circumstances including:

The personal data are no longer needed for the purpose for which they were collected;

You withdraw your consent (where the processing was based on consent);

You object to the processing and no overriding legitimate grounds are justifying processing the personal data;

The personal data have been unlawfully processed; or

To comply with a legal obligation.

However, this right does not apply where, for example, the processing is necessary:

To comply with a legal obligation; or

For the establishment, exercise or defense of legal claims.

If you decide to use “Delete personal data” option at the Account Settings section of your personal page, as processor we have obligation to notify the controller about your request and ask for the instructions. Only after the controller approves, we are authorized to erase your personal data.


 Right to Restriction of Processing

If  the  accuracy  of  the  personal  data  is  contested,  you  consider  the processing is unlawful but you do not want it erased, we no longer need the personal data but you require it for the establishment, exercise or defense of legal claims or you have objected to the processing and verification, you can exercise your right to the restriction of processing.


 Right to Data Portability

Where you have provided personal data to us, you have the right to receive such personal data back in a structured, commonly used and machine-readable format,  and  to  have  those  data  transmitted  to  a  third-party  without hindrance, but in each case only where:

The processing is carried out by automated means; and

The processing is based on your consent or the performance of a contract with you.


Right to Withdraw the Consent

If you have provided your consent to the collection, processing and transfer of your personal data, you have the right to fully or partly withdraw your consent. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal ground for the processing.


 Right to Lodge a Complaint

If  you  have  any  concerns  or  requests  in  relation  to  your  personal  data, please contact us at help@Onestop Booking.com and we will respond as soon as possible but not later than within 30 days.

10. CHANGES TO OUR PRIVACY POLICY

Any changes we may make to our Privacy Policy will be posted on this page and where appropriate may be notified to you by e-mail or advised to you on the next login to Onestop Booking. Continued use of the Onestop Booking will signify that you agree to any such changes.