a. BookNow Software Limited is a company incorporated in England and Wales whose registered number is 10455560 and whose registered office is at 6 Hope Fountain Camberley, Surrey, GU15 1JF, England. BookNow Software Ltd, ‘we, our, us, Licensor, Data Controller’) respects your privacy and is committed to protecting your personal data. This privacy notice explains how we use and protect the personal data you provide to us and how we collect and use personal information about employees of the company (“Employees”), customers who use the product and service (“Licensee’’ or “customer” or ‘’You’’ or ‘’prospect’’) and the General Data Protection Regulation (GDPR).
It also explains your privacy rights and protections. This means that we are responsible for deciding how we hold and use personal information about you. Where we decide the purpose or means for processing of the data that you provide for our business to run effectively we are the “Data Controller,” We are required under data protection legislation to notify you of the information contained in this privacy notice. This notice applies to Employees, Customers and Prospects. This notice does not form part of any contract of employment or other contract to provide services. We may update this notice at any time but if we do so, we will provide you with an updated copy of this notice as soon as reasonably practical.
It is important that Employees, Customers and Prospects read and retain this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information and what your rights are under the data protection legislation.
- About The Policy
- How We Use Your Personal Data
- Data Collection Validation
- Web Privacy
- Cookie and IP Addresses
- Change of Purpose
- Data Security
- Data Retention
- Your Legal Rights
a. We will comply with data protection law. This says that the personal and business information we hold about you must be:
i. Used lawfully, fairly and in a transparent way.
ii. Collected only for valid purposes that we have clearly explained to you and not used in anyway that is incompatible with those purposes.
iii. Relevant to the purposes we have told you about and limited only to those purposes. We don’t collect any data that isn’t pertinent to the products we have and the service we provide.
iv. Accurate and kept up to date.
v. Kept only as long as necessary for the purposes we have told you about.
vi. Kept securely.
a. Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
b. Data Collection This policy will explain how we collect and process the data that you provide to us (or that we may collect) when you engage with us, request information about BookNow Software or when you use our products and services.
d. Collected Information The information we collect helps us to provide you with the service you’ve requested or purchased, answer your queries and provide you with the support we believe you require. Without this information we will not be able to provide to you the service or products you have purchased or require.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform our contractual obligations to you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
Legitimate Interest means the interest of conducting and managing our business to enable us to give you the good services/products and a good and secure experience. We consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). Please contact us if you would like any further guidance concerning how we assess legitimate interests against any potential impact on you.
Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third-party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us at [email protected].
Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and legal bases we rely on in doing so. We have also identified what our legitimate interests are where appropriate.
The information we collect and why it is collected is explained below:
i. Information we collect
ii. How data is collected, stored and used
iii. Where your data is stored
iv. Your choices and rights regarding the personal data we hold
v. Updating your data and your right to be forgotten.
vi. Data to Third Parties
vii. Who we collect data from
With reference to this document ‘you’ is referred to as the person who is a ‘lead’ ‘prospect’ or ‘customer’ who has either engaged with, is currently engaged with or has purchased the services and products of and by BookNow Software Ltd.
a. Information we collect
We will not collect any information about individuals except where it is specifically and knowingly provided by them. The information we collect is either required by our payment provider for invoicing and billing, for legal documents including contracts, Payment Orders, Schedule of Works and Licence Agreements and to ensure we hold all of your customers data securely within BookNow Software Ltd on the Salesforce.com platform
The information required by us to be collected is:
All other Bookings – Your card details are shared with your chosen payment gateway provider. This is to ensure we can collect monthly payments for our services. In these circumstances your data is shared with your chosen payment gateway provider. We do not store the card details. However, if a partial or full refund is required, then our payment system just requires the last 4 digits of your card as verification of the card used for this booking. ‘BookNow do not have access to your billing address or your payment details.
The transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted to our website or booking platforms; any transmission is at your own risk. Once we have received your Personal Information, we will use strict procedures and security features to try to prevent unauthorised access to the best of our ability.
c. Where your data is stored We are committed to ensuring that your Personal Information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the Personal Information we collect online. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted to our website; any transmission is at your own risk. Once we have received your Personal Information, we will use strict procedures and security features to try to prevent unauthorised access to the best of our ability.
Your Personal Information will not be transferred outside of the European Economic area (EEA) unless we need to contact you using the Personal Information you have provided.
We may use the information that you provide or that we collect for the following purposes:
i. To register you with BookNow Software Ltd, to set up and manage your BookNow Software Ltd account/SalesForce licenses and and to administer our services;
ii. To take advice and action in relation to the collection of debts;
iii. To provide any services or information you have requested, including using email and text message where appropriate;
iv. To request feedback on our performance as a business (i.e an annual survey or similar).
v. To notify you about our products, services or special offers that may be of interest to you, customer services and profiling your membership preferences;
vi. To ensure that content from our site is presented in the most effective manner for you and for your computer;
vii. For detecting and protecting against error, fraud or other criminal activity;
viii. To enforce our terms and conditions of use including carrying out security reviews to validate your identity, age, contact details and financial information; or
ix. In any other way as described to you at the time of collection of your personal data.
(a). Collecting child data Data on minors and children under the age of 16 years will be stored by BookNow due to the nature of the demographic of those utilising the trampoline parks and leisure industries we provide a service for. We may collect the following information to help ensure our business runs effectively.
1. Name and surname of the child.
2. Date of birth.
3. Relationship to an adult who made a booking or visited the park/leisure facility.
We may have to share your personal data with the parties set out below for the purposes set out in the table in paragraph 4 above.
• Internal third parties – i.e. other companies within our group of companies and who provide support or development services to you under the terms of our contract with your company.
• The following external third parties:
- Suppliers, partners and providers which we use to help deliver our services (including without limitation those set out in the table at the end of this section 5).
- Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
- HM Revenue & Customs, regulators and other authorities.
• Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
|Title||Supplier Website||Data Category||Purpose|
|Subscriber Salesforce Instance||https://www.salesforce.com/||Product Data||Product application infrastructure|
|Precursive Salesforce Instance||https://www.salesforce.com/||Company confidential and Employee Personal Data||CRM Software, Knowledge base, Community, Customer Support, License Management, and other business processes.|
|Xero||https://www.xero.com/||Company confidential and Employee Personal Data||Accounting and invoicing|
|Stripe||https://stripe.com/||Company confidential and Employee Personal Data||Credit card payment processing|
|RingCentral||https://www.ringcentral.co.uk/||Company confidential and Employee Personal Data||Cloud Telephone Service|
|ActiveCampaign||https://activecampaign.com/||Company confidential and Employee Personal Data||Marketing Communications|
|Google Apps||https://gsuite.google.com/||Company confidential and Employee Personal Data||Documents and file storage, Email, Calendar and other productivity tools|
|Wix||https://wix.com/||Company confidential and Employee Personal Data||Web hosting and form collection|
|Hubspot||https://www.hubspot.com/||Company confidential and Employee Personal Data||Inbound Marketing|
|WordPress||https://www.wordpress.com/||Company confidential and Employee Personal Data||Web hosting and form collection|
|Google Analytics||https://analytics.google.com/analytics/web/||Anonymous Product Usage Data||Web and Product Analytics|
|Lusha||https://www.lusha.com/||Company confidential and Employee Personal Data||Sales Prospecting|
Our technology platform provider, Salesforce, is based outside the European Economic Area (EEA) so their processing of your personal data may involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.Where you are solely a U.S. resident, we will store your personal data within the U.S. but we may process such data within the EEA and/or the United Kingdom.
a. Your choices and rights on data storage If you do not want us to contact you with details of our special offers, products or services that we think you might be interested in please either opt out via your account or by selecting the opt-out buttons on our communications.
i. If you would like to know what personal information we hold about you, or would like us to correct the details we hold about you, you should write to the BookNow Software Limited Security Officer enclosing proof of your identity (such as a copy of your passport or driving licence) and asking to see your personal information or asking us to correct the relevant information. You will have to give us enough information so we can identify the personal information you have asked to see or have corrected. We do not have to respond to your request until you have given us the information we need. We will contact you within 40 days of you asking to see your records or, where we have asked for further information to identify you, within 40 days of receiving such information.
ii. You have the right to access the personal information we hold about you and the right to request the correction of inaccurate or out of date personal information we hold about you.
iii. You have the right to request that we delete your data, or stop processing it or collecting it. Please note that If we have to do this, we will not be able to provide you or you customers with the full service and products you have requested and paid for.
iv. You have the right to stop direct mass marketing messages via email, direct mail or other services such as push notifications.
v. You have the right to complain to your data protection regulator — in the UK, the Information Commissioner’s Office.
c. Providing Data to Third Parties In order to run our business effectively and safely, we may from time to time need to provide data to third parties. This could include but is not limited to our insurance company, insurance broker, H&S agencies including the council and HSE, our online payment providers and our system administrators. We also may use external marketing agencies to process data on our behalf, either for analysis or to submit promotions. We adhere to strict guidelines in the transferring of data to third parties and use only fully encrypted software. In addition, we only transfer data for specific reasons to ensure our business can operate effectively. Under no circumstances do we sell data to third parties for marketing purposes.
We collect information about how you use our website, including where available, your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers and for marketing purposes. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. For the same reasons, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our website and to deliver a better and more personalised service. They enable us to:
a. Estimate our audience size and usage pattern.
b. Store information about your preferences, and so allow us to customise our website according to your individual interests.
c. To speed up your searches.
d. To recognise you when you return to the website.
Below are a collection of links that will assist you if you in deleting cookies and existing cookies. The exact procedure depends on which browser you are using.
a. Internet Explorer
To prevent new cookies from being installed and delete existing cookieshttp://windows.microsoft.com/en-GB/internet-explorer/delete-manage-cookies
To prevent new cookies from being installed:
To delete existing cookies:
d. Google Chrome
To prevent new cookies from being installed and delete existing cookies:
To prevent new cookies from being installed and delete existing cookies:
For any further information please write to [email protected]
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, where this is required or permitted by law.
We are not responsible or liable to you for any loss or damage you may suffer or incur in connection with your use of our site(s) which is caused by any event beyond our reasonable control including the electronic transmission of information, content, material and data over the internet and the interception and decryption of it by others.
We are not responsible to you for any losses or damage you may suffer caused by any distributed denial-of-service attack, or any viruses, trojans, worms, logic bombs or other material which is malicious or technologically harmful and which may infect, contaminate or damage your computer equipment or computer programs, or cause damage to software or damage to or loss of data unless caused by our negligence. You should ensure that you use appropriate virus checking software and firewalls. Whilst we have taken reasonable steps to ensure the accuracy, currency, correctness and completeness of the information contained on the Site, we do not check, review, monitor, verify or endorse any information, content, material or data collected from or provided by third parties which are displayed on or is otherwise available from this Site or any third-party websites or services which you can access from the Site.
We are not responsible to you for any loss, damage or injury you may suffer or incur in connection with such information, content, material or data. It is your responsibility to check that such information, content, material or data is accurate, current, correct and complete.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed and are ISO/IEC 27001 certified (the most widely recognised international standard for information security). ISO 27001 certification demonstrates that we have a robust security program, with rigorous management activity and technical controls in place to meet the confidentiality, integrity, and availability principles of information security.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long will you use my personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
You have the right to:
• Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
• Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
• Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
• Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us at [email protected].
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Questions, comments and requests in relation to this policy are welcome and should be made in writing to the Security Officer, BookNow Software Ltd, Office 135, Devonshire House, Basingstoke RG24 8PE.
In the event you continue to use our services, system and platform you agree that you have read, understood and accept this policy.