BookingTimes

Privacy Policy

Last updated: March 1, 2026

This Privacy Policy explains how BookingTimes collects, uses, stores, and shares your personal information. If we make significant changes to our privacy practices, we will notify you through the BookingTimes admin portal or by email.

1. Some Key Terms

In this Privacy Policy, "Clients" means businesses and individuals who use BookingTimes systems and services, including visitors to our website. "End Users" means the customers, visitors, and users of our Clients' sites and services. "we", "us", and "our" refers to BookingTimes.

2. How this Privacy Policy Applies

This Privacy Policy describes how we handle personal information we collect for our own purposes — such as account information, service interaction data, and customer support submissions.

We also host, store, and process personal information belonging to End Users on behalf of our Clients. If you are an End User of a Client's site and want to understand how your information is handled, please refer to that Client's privacy policy. Our Clients are independently responsible for their own privacy obligations in relation to their End Users.

3. What We Collect

We may collect the following types of personal information:

  • Identity and contact information: name, email address, phone number, business name, and billing address.
  • Payment information: credit card details and transaction records, processed in accordance with our PCI DSS compliance obligations.
  • Usage and technical data: IP address, browser type, operating system, pages visited, and session data. This may be used in anonymised, aggregated form for reporting and service improvement.
  • Health information (where applicable): where our Clients operate in healthcare settings, we may process Protected Health Information (PHI) as a Business Associate under HIPAA, and health information as defined under applicable Australian privacy law.
  • Communications: records of email, phone, and support interactions with our team.

4. Cookies

BookingTimes uses cookies and similar technologies to maintain session state, store user preferences, and analyse usage patterns. Cookies we use fall into the following categories:

  • Essential cookies: required for core platform functionality. These cannot be disabled without impacting service operation.
  • Functional cookies: used to remember your preferences and settings.
  • Analytics cookies: used to understand how our services are used, in anonymised or aggregated form.

You can configure your browser to refuse cookies. Please note that doing so may prevent certain features from working correctly.

5. How We Collect Your Information

We collect personal information in three main ways:

  • Directly from you — for example, when you register for an account, contact our support team, or complete a form.
  • Automatically — when you use our services, we collect technical and usage data through cookies and similar technologies.
  • From third parties — for example, from payment processors when you make a payment, or from third-party authentication services if you use them to sign in.

6. Why We Use Your Information

We use personal information for the following purposes:

  • Providing, operating, and improving our services
  • Billing, account management, and identity verification
  • Customer support and communications
  • Security, fraud prevention, and legal compliance
  • Product development and analytics (using aggregated or de-identified data where possible)
  • Contacting you about your account, service updates, or relevant offerings

We will not share your personal information with third parties except in the following circumstances:

  • Service providers: trusted third parties who assist us in operating our platform (such as cloud infrastructure providers, payment processors, and backup services). These parties are contractually bound to handle your information only as directed by us and to maintain appropriate confidentiality.
  • Legal requirements: where required by law, regulation, court order, or to cooperate with a lawful investigation.
  • Protection of rights: where necessary to protect the rights, property, or safety of BookingTimes, our Clients, or others.

We do not sell your personal information, and we never will.

7. Your Rights

Subject to applicable law, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate or out-of-date information
  • Request deletion of your personal information (subject to our legal retention obligations)
  • Object to or restrict certain processing of your information
  • Withdraw consent where processing is based on consent, without affecting the lawfulness of prior processing
  • Lodge a complaint with a relevant supervisory authority (see Section 11)

To exercise any of these rights, contact us at support@bookingtimes.com. We may need to verify your identity before actioning a request. Where identity cannot be verified, we may be unable to process the request in accordance with applicable law.

For technical reasons, deletion of personal information from all systems may not be immediate. We will also retain certain information where required to comply with legal obligations, resolve disputes, or enforce our agreements.

Protected Health Information (HIPAA)

BookingTimes acts as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA) for Clients operating in the United States healthcare sector. We handle Protected Health Information only as permitted under applicable Business Associate Agreements and HIPAA regulations. Requests or complaints relating to PHI should be directed to the relevant healthcare provider in the first instance. For queries about our HIPAA practices, contact support@bookingtimes.com.

Health Information (Australia & New Zealand)

Where we handle health information on behalf of Clients in Australia or New Zealand, we do so subject to the Privacy Act 1988 (Cth) (including the Australian Privacy Principles) and the Privacy Act 2020 (NZ) respectively. Health information is treated as sensitive information and handled with a higher standard of care.

8. Data Breach Notification

BookingTimes maintains procedures for identifying, assessing, and responding to data breaches. In the event of an eligible data breach:

  • Under the Notifiable Data Breaches (NDB) scheme (Australia), we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals where required.
  • Under the Privacy Act 2020 (New Zealand), we will notify the Privacy Commissioner and affected individuals where a breach is likely to cause serious harm.
  • Under HIPAA, we will notify the relevant Covered Entity and, where required, the U.S. Department of Health and Human Services.

If you believe your personal information held by us may have been compromised, please contact us immediately at support@bookingtimes.com.

9. Data Retention

We retain personal information for as long as your account is active or as long as required to provide our services. We also retain information where necessary to meet legal obligations, resolve disputes, or enforce our agreements.

Retention periods vary depending on the nature of the information and applicable legal requirements. Factors considered include statutory minimum retention periods, limitation periods for legal claims, and whether data has been aggregated or de-identified.

If your account becomes inactive or you cancel paid services, we retain your data for a reasonable period to facilitate reactivation. To permanently delete your account and associated data, contact support@bookingtimes.com. We will action deletion requests subject to any overriding legal retention obligations.

10. Cross-Border Data Transfers

BookingTimes is managed from New Zealand and operates infrastructure hosted on Amazon Web Services (AWS) in the Sydney, Australia region (ap-southeast-2). Your data is stored in Australia by default.

Where personal information is transferred across borders (for example, to sub-processors or support staff in other countries), we take steps to ensure appropriate protections are in place consistent with the Australian Privacy Principles, the NZ Privacy Act 2020, and where applicable, the UK GDPR and EU GDPR. This includes contractual safeguards such as Standard Contractual Clauses where required.

11. EU & UK Users (GDPR / UK GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, the following additional terms apply to the processing of your personal information under the EU General Data Protection Regulation (GDPR) and the UK GDPR respectively.

Lawful Basis for Processing

We process your personal information on one or more of the following lawful bases:

  • Contract: processing is necessary to provide the services you have requested or to take steps prior to entering into an agreement with us.
  • Legal obligation: processing is necessary to comply with a legal obligation applicable to BookingTimes.
  • Legitimate interests: processing is necessary for our legitimate business interests (such as fraud prevention, service improvement, and security), provided those interests are not overridden by your rights.
  • Consent: where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of prior processing.

Your Rights Under GDPR / UK GDPR

In addition to the rights described in Section 7, you have the right to:

  • Receive a copy of your personal information in a structured, commonly used, machine-readable format (data portability)
  • Object to processing based on legitimate interests
  • Not be subject to solely automated decision-making that produces legal or similarly significant effects
  • Lodge a complaint with your local supervisory authority — in the UK, the Information Commissioner's Office (ICO) at ico.org.uk; in the EU, your relevant national data protection authority

International Transfers

Your personal information is stored on AWS infrastructure in Sydney, Australia. Australia has been assessed as providing an adequate level of data protection for the purposes of EU data transfers. For UK transfers, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) where an adequacy decision is not in place. A copy of applicable transfer safeguards is available on request at support@bookingtimes.com.

Data Controller

For the purposes of GDPR and UK GDPR, BookingTimes acts as a data controller in respect of Client account data, and as a data processor in respect of End User data processed on behalf of Clients. Clients remain independently responsible as controllers for their End Users' data.

Retention

We apply the same retention principles described in Section 9. Where GDPR or UK GDPR applies, we do not retain personal information longer than necessary for the purposes for which it was collected.

12. Business Transfers

If BookingTimes is acquired, merges with another entity, or in the unlikely event of insolvency, personal information held by us may be transferred as part of that transaction. Any acquiring party would be required to honour the terms of this Privacy Policy or notify you of material changes before applying different practices.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are material, we will notify you via the BookingTimes admin portal or by email prior to the changes taking effect. The current version is always available at bookingtimes.com/privacy. Continued use of our services following notification of changes constitutes acceptance of the updated policy.

14. Questions or Complaints

We take privacy seriously. For any questions, concerns, or complaints about how we handle personal information, contact us at:

BookingTimes - support@bookingtimes.com