GDPR - Data Flow - Enterprise

This document details the data flow of information inside the BookingLive Enterprise product. BookingLive acts as a data processor for its customers.

Introduction 

As a provider of SaaS products that handle personal data, BookingLive take our responsibility to keep your data safe. If you ever have any concerns please raise these by contacting [email protected].

The Enterprise system has features that allow data to be automatically purged once the data is no longer required, e.g. once the event or booking has happened.

Forget me requests should be sent to [email protected] where they will be dealt with according to the GDPR - Forget Me & Personal Data Requests - Enterprise policy document.

Types of personal data stored

As a booking system, the BookingLive Enterprise product handles the personally identifiable data of the person booked on an event but there are other types of personal data stored in the system. The complete list is:

  • The person completing the booking

  • The person(s) being booked onto the event

  • The details of the users of the administration system

The BookingLive system displays an opt-in consent box that must be ticked for each person whose data is entered into the system during the booking process. It is the responsibility of the organisation using the BookingLive system to ensure their own staff consent to their data being stored as users of the administration system.

BookingLive staff members who you add to your administration system have consented for their information to be included as part of their employment.

Customers of BookingLive can often require special category data such as medical data to help them run their events, special care must be taken when dealing with such data.

BookingLive servers

BookingLive servers are hosted on AWS in the regions eu-west-1 (Ireland) and eu-west-2 (London UK).  The application server is only accessible via the load balancer on port 80 and 443, the standard HTTP and HTTPS ports.

HTTP is used merely to facilitate the redirection of traffic to HTTPS. The database and application servers are inside a private network and not accessible to the Internet.

The flow of data inside the application

Personally identifiable data is first entered via an HTTPS secure connection during the booking journey. In order to facilitate the booking journey, this data is transferred between the application server, the load balancer and the browser multiple times over that secure connection.

Once the order is submitted the application server transfers the data to the database server via a secure connection. The Enterprise application does not store personally identifiable data anywhere on the application server, including log files.

The data then lives inside the database server, which has an encrypted at rest disk. The personally identifiable data held therein is only accessible via the administration system or by the person who made the booking via the My Account system.

Personally identifiable data is also stored in encrypted database backups using the AWS database snapshot feature for 7 days.

When data flows outside of the application

Customers can opt to share data with external systems.

MailChimp

The BookingLive integration allows customers to push purchaser details to MailChimp. It shares the following information with MailChimp:

  • first name

  • last name

  • email address

Postcode Lookup

This shares the postcode that is being looked up with the postcode lookup service.

SMS - Text messages

Text messages can be optionally configured for the following actions:

  • Order confirmation

  • Order cancellation

  • Reminder

  • Feedback

When these messages are sent they share the destination phone number of the message and optionally the following information: 

  • The first name of the Purchaser

  • The start date of the Event

  • The start time of the Event

  • The name of your Company (as set in General Settings)

  • The first name of the Recipient

BookingLive use Twilio to send text messages, their GDPR information can be found at the following URL https://www.twilio.com/gdpr

Email messages

Emails can be configured to be sent on the following events: 

  • Feedback Request Email

  • Cancellation Email

  • Confirmation Email

  • Confirmation Participant Email

  • Amendment Email

  • Reset Password

  • New Account Email

  • Full Payment Confirmation Email

  • Waiting List Confirmation Email

  • Card About To Expire Email

  • Invoice Email

These emails often contain personally identifiable information such as:

  • Admin Email

  • FirstName

  • Locations

  • Participant First Name

  • Participant Social Title

  • Participant Surname

  • Purchaser First Name

  • Purchaser Surname

Emails are sent via SendGrid. Their GDPR information can be found here: https://sendgrid.com/resource/general-data-protection-regulation-2/.

External authentication providers

These such providers pass name and email information to the BookingLive Enterprise product which it then retains and uses the information as if the user signed up directly.

Custom webhooks and Zapier

BookingLive Enterprise supports sending information about bookings and participants via webhooks. These are configured by customers and can be any destination the customer chooses.

Reports

Administrative users with sufficient permissions can export personally identifiable information is available to export as reports. The creation of these reports is logged in an audit trail. The resulting reports are transferred securely to the user’s browser using HTTPS.


GDPR - Forget Me & Personal Data Requests - Enterprise

Download Personal Data & “Forget Me” Requests


Terminology


Personal Data

The information that BookingLive stores on the User. This includes the information they submitted during the booking process, Order Details, Order Notes, and system relevant fields like ID’s. 

Forget Me

A type of request a user can make to have their data anonymised 

User

A customer who has used the booking system to make a booking, or has been added separately either by an admin or via an automated process (ie a data import).

MyAccount

A restricted area where the User can log in and view various account related information or perform certain account-related tasks .

Active orders

Orders whose details are still required by the system. This can include orders which have events still occurring in the future, for example.


Introduction

This document sets out what happens when either a “Download Personal Data” Request or “Forget Me” request is raised. 


Download Personal Data

At any time a User can make a request to download their personal data, via the MyAccount. When this request is made, the current process is for an email to be sent out to [email protected] which states when this request was made, and who made it. 

BookingLive then action this request to provide all the relevant details to the customer within the 30 Day deadline, and email the user this data. 

BookingLive are currently adding additional configuration options to this to allow a system administrator to specify a different email address for these requests to go to. In this case, they can be actioned by the Administrator themselves and not BookingLive.


Forget Me Request

A User can make a request to be forgotten, via the MyAccount, however, there are times when this request is not possible and the User is informed as such. This is typically when they still have ‘active’ orders on their account, or they have an Outstanding Balance on their account. 

When this request is made, the current process is for an email to be sent out to [email protected] which states when this request was made, and who made it.

BookingLive then actions this request to anonymise this User’s details. it is not possible to provide the User with a confirmation upon completion of this task, however, because their information (like email address) is no longer available. 

BookingLive is currently adding additional configuration options to this to allow a system administrator to specify a different email address for these requests to go to. In this case, they can be actioned by the Administrator themselves and not BookingLive.