Tietosuojakäytäntö - Easybook Nordic

This privacy policy applies to Easybook Nordic Oy and all the products and services we offer. We are committed to protecting your privacy and personal data. This privacy policy explains how we collect, process, and store personal data when you use our services.

1. General

2. Purposes and legal bases for processing personal data

2.1 Service provision (SaaS platform) — Purpose: Providing chatbot and calendar booking services to our customers. Legal basis: Contract (GDPR 6(1)(b)). Data processed: User credentials, usage data, technical data.
2.2 Usage analytics for customers — Purpose: Providing chatbot and calendar booking usage analytics to our customers. Legal basis: Legitimate interest (GDPR 6(1)(f)) – improving service quality. Data processed: Usage time, frequency, actions, anonymous user identifier.
2.3 Technical maintenance and error tracking — Purpose: Technical operation of the service and fixing errors. Legal basis: Legitimate interest (GDPR 6(1)(f)) – service reliability. Data processed: IP address, browser information, URL path, error log.
2.4 Website analytics — Purpose: Monitoring and improving website usage. Legal basis: Consent (GDPR 6(1)(a)). Data processed: Page visits, session data, user behavior.
2.5 Administrative logging — Purpose: Monitoring admin user actions for security purposes. Legal basis: Legitimate interest (GDPR 6(1)(f)) – information security. Data processed: IP address, browser information, URL path, actions, timestamp.
2.6 Contact — Purpose: Contacting Easybook Nordic OY representatives via booking calendar, chatbot, or other channels. Legal basis: Contract (GDPR 6(1)(b)) / Legitimate interest (GDPR 6(1)(f)). Data processed: Name, email address, phone number, message content, time of contact, details of the company you represent.
2.7 Payment processing — Purpose: Processing subscriptions and payments. Legal basis: Contract (GDPR 6(1)(b)). Data processed: Billing details, payment transactions, subscription information.
2.8 WhatsApp expert support — Purpose: Enabling employees of our customers (online stores and other operators using our platform) to respond to end-user inquiries via WhatsApp to ensure higher availability and faster response times. When an end user initiates a support conversation through the chatbot embedded on our customer’s website and requests assistance from a human expert, our customer’s expert handles the conversation on their end using WhatsApp. The end user remains in the chatbot interface throughout the interaction. Legal basis: Contract (GDPR 6(1)(b)) – providing requested support services. Data processed: Message content, conversation history, expert’s phone number, and all order-related information needed to resolve the inquiry. The end user’s phone number is not used or stored in this process.

3. Third parties and transfers of personal data

We share data with the following service providers:

3.1 Sentry (Functional Software, Inc.) — Purpose: Error tracking and application performance monitoring. Location: United States. Safeguards: EU-US Data Privacy Framework, Standard Contractual Clauses. Data processed: Technical error data, IP address, browser information. More information: https://sentry.io/privacy/
3.2 Google Analytics (Google LLC) — Purpose: Analyzing website usage. Location: United States. Safeguards: EU-US Data Privacy Framework, Standard Contractual Clauses. Data processed: Page visits, session data, user behavior. More information: https://policies.google.com/privacy
3.3 Stripe, Inc. — Purpose: Payment processing and subscription management. Location: United States. Safeguards: EU-US Data Privacy Framework, Standard Contractual Clauses. Data processed: Billing details, payment transactions, subscription information. More information: https://stripe.com/privacy
3.4 WhatsApp (Meta Platforms, Inc.) — Purpose: Enabling expert support conversations initiated by our customers’ employees. When our customers’ employees respond to end-user inquiries via WhatsApp, the message content is processed on Meta’s servers. Location: United States. Safeguards: EU-US Data Privacy Framework, Standard Contractual Clauses. Data processed: Message content and the expert’s phone number. More information: https://www.whatsapp.com/legal/privacy-policy
3.5 Legal obligations — We may disclose data to authorities when required by law or in connection with legal proceedings.

4. Cookies and local storage

We use the following cookies:

Essential cookies: Session cookies, Login credentials, User interface settings
Analytics cookies (require consent): Google Analytics cookies, Performance measurement cookies

5. Data retention

We retain your personal data for as long as necessary to fulfil the purposes defined in this privacy policy or for the period required by applicable legislation.

6. Data security

We have implemented appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or destruction. Your data is stored in secure databases accessible only to employees and service providers who need it for their job duties.

7. Rights of the data subject

7.1 Right of access (GDPR 15) — Request information about the personal data we process about you
7.2 Right to rectification (GDPR 16) — Request correction of inaccurate data
7.3 Right to erasure (GDPR 17) — Request deletion of your personal data in certain circumstances
7.4 Right to restriction of processing (GDPR 18) — Request restriction of processing in certain circumstances
7.5 Data portability (GDPR 20) — Receive your personal data in a machine-readable format
7.6 Right to object (GDPR 21) — Object to processing based on legitimate interest
7.7 Withdrawal of consent — Withdraw your consent at any time

8. Integration of Google and Microsoft services

In connection with our services, we use third-party calendar services (Google Calendar and Microsoft calendars). Integrating these services requires granting the following permissions:

Viewing: We use the right to view calendars visible to you in those services.
Editing: We can add, modify, and delete calendar events to ensure our services function correctly.
Sharing: We can manage calendar sharing settings, which allows calendar data to be shared when needed.
Permanent deletion: We can permanently delete calendars, which affects all related data.

9. Transfers of personal data outside the EU

We transfer personal data outside the EU to the following countries:

United States: Sentry, Google Analytics, Stripe. Safeguards: EU-US Data Privacy Framework certificate, Standard Contractual Clauses (SCC)
United States: WhatsApp (Meta Platforms, Inc.).

10. Changes to the privacy policy

We reserve the right to update this privacy policy. We will notify you of any changes on our website, and we recommend reviewing this privacy policy regularly.

11. Shopify integration

If you connect your Shopify online store to our services, the following data processing applies:

11.1 Data we collect — Purpose: Delivering the AI chatbot with product information. Legal basis: Legitimate interest (GDPR 6(1)(f)) and Contract (GDPR 6(1)(b)). Data collected: Product catalog (names, descriptions, prices, images, stock quantities), Order data (order status, tracking numbers, delivery status), Store information (domain, currency).
11.2 Data we do NOT collect — We do not collect or store: Customers’ personal data (names, email addresses, phone numbers, addresses), Payment data, Customers’ browsing behavior or purchase history.
11.3 Use of data — Product data is used for: Enabling the AI chatbot to answer customer questions about products, Displaying product availability and pricing information, Providing order tracking functionality (when the customer provides an order number).
11.4 Data storage and security — Shopify data is stored in Google Cloud Firestore (EU region), Access tokens are encrypted with AES-256 encryption, All data transfers use HTTPS/TLS encryption.
11.5 GDPR compliance — We comply with Shopify’s mandatory GDPR webhooks: Shop Redact: All store data is deleted within 48 hours of disconnecting, Customer Redact: We confirm that no customer personal data is stored (only the product catalog), Customer Data Request: We confirm that no customer personal data is stored.
11.6 Your rights — You can: Disconnect the Shopify integration at any time, Request deletion of all synchronized product data, View stored data from the EasyBook admin panel.
11.7 Data retention — Product data is retained for as long as the Shopify connection is active. Data is deleted within 48 hours after: You disconnect the Shopify integration, You delete your EasyBook account, Shopify sends the shop_redact webhook.
11.8 Shopify privacy policy — Shopify’s own data practices are governed by their privacy policy: https://www.shopify.com/fi/legal/privacy

Contact

Email: elias.anttalainen@easybook.fi
Phone: +358456795099
Address: Lönnrotinkatu 39, Helsinki