GDPR - Data Flow - Enterprise
This document details the data flow of information inside the BookingLive Enterprise product. BookingLive acts as a data processor for its customers.
Introduction
As a provider of SaaS products that handle personal data, BookingLive take our responsibility to keep your data safe. If you ever have any concerns please raise these by contacting [email protected].
The Enterprise system has features that allow data to be automatically purged once the data is no longer required, e.g. once the event or booking has happened.
Forget me requests should be sent to [email protected] where they will be dealt with according to the GDPR - Forget Me & Personal Data Requests - Enterprise policy document.
Types of personal data stored
As a booking system, the BookingLive Enterprise product handles the personally identifiable data of the person booked on an event but there are other types of personal data stored in the system. The complete list is:
The person completing the booking
The person(s) being booked onto the event
The details of the users of the administration system
The BookingLive system displays an opt-in consent box that must be ticked for each person whose data is entered into the system during the booking process. It is the responsibility of the organisation using the BookingLive system to ensure their own staff consent to their data being stored as users of the administration system.
BookingLive staff members who you add to your administration system have consented for their information to be included as part of their employment.
Customers of BookingLive can often require special category data such as medical data to help them run their events, special care must be taken when dealing with such data.
BookingLive servers
BookingLive servers are hosted on AWS in the regions eu-west-1 (Ireland) and eu-west-2 (London UK). The application server is only accessible via the load balancer on port 80 and 443, the standard HTTP and HTTPS ports.
HTTP is used merely to facilitate the redirection of traffic to HTTPS. The database and application servers are inside a private network and not accessible to the Internet.
The flow of data inside the application
Personally identifiable data is first entered via an HTTPS secure connection during the booking journey. In order to facilitate the booking journey, this data is transferred between the application server, the load balancer and the browser multiple times over that secure connection.
Once the order is submitted the application server transfers the data to the database server via a secure connection. The Enterprise application does not store personally identifiable data anywhere on the application server, including log files.
The data then lives inside the database server, which has an encrypted at rest disk. The personally identifiable data held therein is only accessible via the administration system or by the person who made the booking via the My Account system.
Personally identifiable data is also stored in encrypted database backups using the AWS database snapshot feature for 7 days.
When data flows outside of the application
Customers can opt to share data with external systems.
MailChimp
The BookingLive integration allows customers to push purchaser details to MailChimp. It shares the following information with MailChimp:
first name
last name
email address
Postcode Lookup
This shares the postcode that is being looked up with the postcode lookup service.
SMS - Text messages
Text messages can be optionally configured for the following actions:
Order confirmation
Order cancellation
Reminder
Feedback
When these messages are sent they share the destination phone number of the message and optionally the following information:
The first name of the Purchaser
The start date of the Event
The start time of the Event
The name of your Company (as set in General Settings)
The first name of the Recipient
BookingLive use Twilio to send text messages, their GDPR information can be found at the following URL https://www.twilio.com/gdpr
Email messages
Emails can be configured to be sent on the following events:
Feedback Request Email
Cancellation Email
Confirmation Email
Confirmation Participant Email
Amendment Email
Reset Password
New Account Email
Full Payment Confirmation Email
Waiting List Confirmation Email
Card About To Expire Email
Invoice Email
These emails often contain personally identifiable information such as:
Admin Email
FirstName
Locations
Participant First Name
Participant Social Title
Participant Surname
Purchaser First Name
Purchaser Surname
Emails are sent via SendGrid. Their GDPR information can be found here: https://sendgrid.com/resource/general-data-protection-regulation-2/.
External authentication providers
These such providers pass name and email information to the BookingLive Enterprise product which it then retains and uses the information as if the user signed up directly.
Custom webhooks and Zapier
BookingLive Enterprise supports sending information about bookings and participants via webhooks. These are configured by customers and can be any destination the customer chooses.
Reports
Administrative users with sufficient permissions can export personally identifiable information is available to export as reports. The creation of these reports is logged in an audit trail. The resulting reports are transferred securely to the user’s browser using HTTPS.
GDPR - Forget Me & Personal Data Requests - Enterprise
Download Personal Data & “Forget Me” Requests
Terminology
Personal Data | The information that BookingLive stores on the User. This includes the information they submitted during the booking process, Order Details, Order Notes, and system relevant fields like ID’s. |
Forget Me | A type of request a user can make to have their data anonymised |
User | A customer who has used the booking system to make a booking, or has been added separately either by an admin or via an automated process (ie a data import). |
MyAccount | A restricted area where the User can log in and view various account related information or perform certain account-related tasks . |
Active orders | Orders whose details are still required by the system. This can include orders which have events still occurring in the future, for example. |
Introduction
This document sets out what happens when either a “Download Personal Data” Request or “Forget Me” request is raised.
Download Personal Data
At any time a User can make a request to download their personal data, via the MyAccount. When this request is made, the current process is for an email to be sent out to [email protected] which states when this request was made, and who made it.
BookingLive then action this request to provide all the relevant details to the customer within the 30 Day deadline, and email the user this data.
BookingLive are currently adding additional configuration options to this to allow a system administrator to specify a different email address for these requests to go to. In this case, they can be actioned by the Administrator themselves and not BookingLive.
Forget Me Request
A User can make a request to be forgotten, via the MyAccount, however, there are times when this request is not possible and the User is informed as such. This is typically when they still have ‘active’ orders on their account, or they have an Outstanding Balance on their account.
When this request is made, the current process is for an email to be sent out to [email protected] which states when this request was made, and who made it.
BookingLive then actions this request to anonymise this User’s details. it is not possible to provide the User with a confirmation upon completion of this task, however, because their information (like email address) is no longer available.
BookingLive is currently adding additional configuration options to this to allow a system administrator to specify a different email address for these requests to go to. In this case, they can be actioned by the Administrator themselves and not BookingLive.