VivoCalendar Ltd’s GDPR Compliance Statement outlines how we adhere to the fundamental aspects of GDPR and ensure compliance with them.
Our stance on privacy, the handling of personal data, and our security measures.
In accordance with our Terms and Conditions for users, we would like to provide you with a list of our designated sub-processors.
Ensuring the privacy of job applicants is our priority.
We gather cookies.
If you have any questions or want to find more, contact our dpo@Vivocalendar.com
The General Data Protection Regulation 2016/679 (GDPR) is the European Union and European Economic Area law that governs data protection and privacy. It came into effect on May 25, 2018, empowering EU citizens with increased control over their personal data and streamlining regulations to help businesses minimize administrative burdens and foster greater consumer confidence.
Please visit their official website to learn more about data protection and the European Commission’s approach.
Vivocalendar Ltd’s commitment to GDPR compliance began prior to its implementation in 2018, with the appointment of a Data Protection Officer (“DPO”). Alongside the company’s security team, the DPO ensured, among other things:
- We follow the principle of least privilege in our business operations.
- For the level of access employees are instructed to use in diagnosing and resolving problems as well as responding to customer support requests.
- All employees have signed a Data Processing Addendum to the contract of employment and have provided a clean criminal record as part of our hiring process.
- All employees are legally binding to comply with the internal policies and procedures of the implemented Information Security Management System.
CUSTOMER SUPPORT REQUESTS: Upon activation of the double authentication feature of the System, we DO NOT have any access to your account and system. However, when you need quick assistance from our support team, you may give our representative a temporary code so they can help them out with settings if needed.
Medical information is classified as "sensitive personal data" and may be stored within the system under a component known as "SOAP." We have recently bolstered the security of the SOAP component by implementing encryption at rest. This means that even in the event of unauthorized access to the user's system or Vivocalendar servers, this information remains inaccessible without the secret key. You can store this key on a secure USB drive or within a computer folder, but ensuring the utmost protection for your computer or USB drive is crucial. In case of theft, it is advisable to employ robust security measures, such as disk encryption or password protection, to prevent unauthorized access.
HIPAA Enhanced Security: Available with Standard and Premium Subscriptions, our HIPAA Custom Feature empowers users to strengthen their system security. This feature enables automatic system logouts after a predetermined period, such as 20 minutes of system inactivity, provides login notifications, and ensures that personal data is not transmitted via email or SMS. Additionally, it removes client and service names from reports, enhancing privacy and preventing unauthorized access to personal data.
In all our email communications, we have consistently provided easy-to-find unsubscribe links. We have now extended this option to promotional emails, ensuring that clients who have opted out of receiving these messages will not receive them. Fortunately, this adjustment has not posed an issue, as our clients typically appreciate receiving promotions from their preferred providers.
As you shoulder the responsibility of safeguarding your clients’ personal data, we’ve implemented significant system enhancements to facilitate GDPR compliance. These changes not only bolster security, providing you with better protection in case of equipment loss or theft but also improve user control over client data and communication permissions. For detailed information, please refer to the illustrations below.
We proudly offer four Custom Features, available to all users at no additional cost:
Enhanced Login Security Module: It is crucial for users to swiftly adopt this feature, as the primary risk of data breaches often stems from unauthorized access to the system and its data, whether virtually or in physical possession.
Data Retention Module: Users can set data retention periods for bookings. Automatically delete data after a specified time, like 30 days (user-configurable), post-booking completion. Caution: Not needed for client login or membership scenarios.
User-Defined T&C and Plain-Language Privacy Policy Module
Cancellation Policy Enforcement Description Module
Typically accessible on the internet for client booking convenience.
Service providers are typically listed online for everyone to view, enabling clients to select them for booking.
Only visible to system users, not on the internet.
Each group has the capability to view and print data from the Vivocalendar system via a dedicated interface. Should the need arise, client information can be easily removed by pressing a single button.
Please be aware that access to these records is safeguarded. Users must undergo a straightforward authentication process, which involves re-inputting their password. If two-factor authentication is enabled, a verification code will also be required.
While client information plays a crucial role in generating statistical data about sales and bookings, any deleted data is anonymized, ensuring it remains unidentifiable yet still useful for analytical purposes.
You Can Boost Your Security Measures
Users are advised to fortify their mobile device security by using lengthy passwords and enabling the feature that automatically wipes phone data after multiple incorrect password attempts. This precaution prevents potential thieves from gaining access to two-factor authentication codes.
To further ensure privacy, users are encouraged to activate automatic screen locks to minimize the chances of unauthorized access, especially in a workplace setting.
As The Data Controller
Keep in mind that you hold the responsibility to create, uphold, and act in line with a privacy policy tailored for your clients. This is a decision only you can make, and no one else can do it for you. For guidance on this document, consult with a professional or reach out to your local data protection agency. Ensure it’s drafted in a straightforward and succinct way.
Also, don’t forget to provide a link to our Privacy Policy, which details how we handle the subject’s data on your behalf and the nature of any data transfers.
Interested in learning how Vivocalendar can streamline your online bookings? Check out the video to discover the capabilities of our scheduling software.