Privacy Policy for Business Partners
Last updated: 4 June 2025
1. Introduction
The data controller for personal data processed on the TimeToBook platform is TIMETOBOOK SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, with its registered office at ul. Świeradowska 47, 02-662 Warsaw, Poland, NIP: 5214117593, REGON: 54173145000000. The processing of personal data is carried out in accordance with Article 4(7) of Regulation (EU) 2016/679 (GDPR), i.e., the General Data Protection Regulation. This Privacy Policy for Business Partners ("Policy") supplements our general Privacy Policy and outlines how we collect, process, and protect data related to business activities.
In cases where a Business Partner gains access to clients’ personal data and processes it on their own behalf (e.g., for the purpose of service delivery), the Business Partner acts as an independent data controller and is responsible for ensuring compliance with the GDPR.
.2. Definitions
Business Partner – a business entity or individual offering services on our platform.
Dashboard – the admin interface for managing business operations.
Business Data – information related to your business operations.
Customers’ personal data – information that makes it possible to identify a natural person, such as first name, last name, email address, phone number, residential address, photograph, or other data that can be used to recognize an individual’s identity.
Processing of personal data – any operation performed on personal data, such as collection, recording, storage, modification, sharing, deletion, or other use.
3. What Data We Collect
3.1 Business Account Data
Collected during account registration and management:
- Business name
- Business type (e.g., camping, kayaking)
- Country
- Address details (state, city, street, postal code)
- Currency
- Google Place ID
3.2 Service and Operational Data
Collected to enable service listings and bookings:
- Business location and GPS coordinates (latitude, longitude)
- Uploaded images and metadata
- Service availability and scheduling
- Descriptions of services provided
3.3 Payment and Financial Data
Processed via Stripe for secure transactions:
- Stripe account ID
- Payment account status
- Stripe Customer ID
3.4 Contact and Communication Data
Collected for customer interaction and support:
- Business email address
- Business phone number
- Website URL (if provided)
3.5 Technical and Access Data
Used to ensure platform security and account access:
- Login activity and security logs
- Staff members with dashboard access (if applicable)
- Account preferences and settings
4. How We Use Your Data
4.1 Main Purposes
- Business onboarding – verifying and activating your account.
- Payments & transactions – ensuring secure Stripe payouts.
- Service listing – making your services visible to customers.
- Customer communication – sending booking details, confirmations.
- Fraud prevention & security – monitoring for suspicious activity.
- Platform improvements – analyzing service performance.
- We do not use automated decision-making or profiling as defined in Article 22 of the GDPR in relation to business data or customer data. Your data is not used for automated profiling or decisions that could produce legal effects or similarly significantly affect you.
4.2 Legal Grounds for Processing
- Contractual necessity – providing our services.
- Legal obligations – tax compliance, regulatory requirements.
- Legitimate interests – fraud prevention, service optimization.
- Consent – where required for marketing or optional features.
5. Data Sharing & Third Parties
5.1 Third-Party Services
- Stripe – for payments and business verification. Stripe acts as an independent data controller or processor (depending on the transaction context), in accordance with its own privacy policy.
- Cloud providers – for secure data storage.
- Email services – for notifications and business communications.
- Government authorities and law enforcement – if required by law, court orders, or official investigations.
- Hosting providers and IT support services – to maintain platform security and infrastructure.
- Financial and payment institutions – for payment processing, compliance, and auditing purposes.
5.2 Access to customers’ personal data
You receive customer details strictly for the purpose of fulfilling bookings and providing the requested services. You must not use customers’ personal data for marketing communications or promotional activities without obtaining explicit, informed consent from the customer.
If the Business Partner processes client data on their own behalf (e.g., by managing communication or handling bookings), they act as the data controller and are responsible for complying with GDPR requirements, including legal bases, data security measures, and the fulfillment of data subjects’ rights.
If the Business Partner uses features offered by TimeToBook (e.g., calendar management), TimeToBook acts as a data processor on behalf of the Business Partner.
TimeToBook is not responsible for the scope or lawfulness of personal data independently processed by the Business Partner outside the functionalities of the platform.
Misuse of customers’ personal data may lead to account suspension.
5.3 Technical (Necessary) Cookies
Our platform uses necessary cookies for the proper functioning of the service, as described in the Privacy Policy. These cookies are used based on Article 6(1)(b) and (f) of the GDPR. Blocking these cookies may limit the functionality of certain features of the platform.
5.4 International Data Transfers
Your business data and customers’ personal data are primarily stored and processed within the European Union (Germany) in compliance with GDPR requirements. In the event of data transfers outside the European Economic Area (EEA), for example, when using Stripe for payment processing, we apply Standard Contractual Clauses approved by the European Commission or other appropriate data protection mechanisms to ensure an adequate level of data protection.
6. Your Obligations
6.1 Data Protection
- You must keep customers’ personal data confidential and use it only for service provision.
- You are required to take reasonable measures to protect customers’ personal data from unauthorized access, data breaches, or alterations.
- Any data breaches must be reported to us immediately.
6.2 Staff & Access Control
- You must restrict dashboard access to authorized staff only.
- Regularly review and update access permissions to prevent unauthorized use.
7. Data Storage and Deletion Within the System
7.1 Retention Periods
- Business accounts – active while you use our platform.
- Financial records – stored for 5 years (legal requirement).
- Customer bookings – retained as required for service provision.
7.2 Account Termination
You can delete your account yourself in your profile settings, provided that:
- you have no active orders,
- you have no scheduled events.
Once your account is deleted, business data that is no longer necessary will be removed from our active systems.
However, legally required data (e.g. transactions, invoices) may be retained for up to 5 years.
Personal data of clients collected by you must continue to be processed in accordance with GDPR, as long as you retain access to it.
8. Security Measures
- Dashboard protection – secure login mechanisms and access control.
- Data encryption – all sensitive data is transmitted using SSL/TLS encryption.
- DDoS protection – implementation of security services to prevent distributed denial-of-service attacks.
- Regular security audits – periodic reviews to detect and fix vulnerabilities.
- Backups and disaster recovery – automated data backups with secure storage for business continuity.
- Fraud detection – automated monitoring and manual review to identify suspicious activity.
9. Your Rights
- Under the GDPR, you have the right to access, rectify, transfer, or erase your business data (subject to legal obligations) and to lodge a complaint with a supervisory authority. To exercise these rights, send a request to timetobookhelp@gmail.com. We will process your request within 30 days of receipt. For complex requests, this period may be extended to 60 days, and you will be notified accordingly.
- You also have the right to lodge a complaint with the President of the Personal Data Protection Office (PUODO) if you believe that the processing of your personal data violates the GDPR.
10. Business Analytics & Insights
10.1 Available Reports
- Booking trends and revenue reports.
- Customer satisfaction ratings.
- Service availability insights.
10.2 Data Use Policy
- Data is used to improve your business experience.
- Aggregated data may be used for market research.
- Individual business data is never shared without consent.
11. Updates & Communication
- We will notify you of significant changes before they take effect.
- Continuing platform use after updates implies acceptance.
- Acceptance of new terms may be required for continued access.
12. Contact Us
- Email: timetobookhelp@gmail.com
- Address: TimeToBook Sp. z o.o., ul. Świeradowska 47, 02-662 Warsaw, Poland.
13. Legal Compliance
- We comply with GDPR and local regulations.
- We cooperate with authorities when legally required.
- Payment processing follows industry security standards.
14. Account Termination & Data Handling
- Upon termination of cooperation, the processing of customers’ personal data for independent purposes must be discontinued. The use of such data after ceasing to use the platform – for example, for contact, marketing, remarketing, or other activities unrelated to the execution of previously concluded agreements – is prohibited.
- You are required to comply with obligations under GDPR, including rules on data retention and deletion.
- You are responsible for properly deleting personal data of clients from your own systems (if exported or processed outside the platform).