Booked & Paid Service is committed to protecting the personal data of everyone who uses our platform. This page explains our commitments under the EU General Data Protection Regulation (GDPR), the UK GDPR, and similar data-protection laws, and how you can exercise your rights.
1. Roles
- Controller — we act as the data controller for account, billing, and support data.
- Processor — for the client, lead, booking, and financial content you enter into the Service, you are the controller and we act as your processor. A Data Processing Agreement (DPA) is available on request.
2. Lawful bases we rely on
- Contract — to deliver the Service you subscribed to.
- Legitimate interests — to secure the Service, prevent fraud, and improve features, balanced against your rights.
- Consent — for optional analytics cookies and marketing emails, which you can withdraw at any time.
- Legal obligation — to meet tax, accounting, and regulatory duties.
3. Your rights
Subject to conditions in applicable law, you have the right to:
- Access — receive a copy of the personal data we hold about you.
- Rectification — correct inaccurate or incomplete data.
- Erasure — request deletion of your personal data ("right to be forgotten").
- Restriction — ask us to limit how we process your data.
- Portability — receive your data in a structured, machine-readable format.
- Object — object to processing based on legitimate interests or direct marketing.
- Withdraw consent — where processing is based on consent.
- Lodge a complaint — with your local supervisory authority.
4. How to exercise your rights
Email privacy@bookedandpaidservice.live from the address associated with your account. We respond within 30 days, extendable by two additional months for complex requests. We may need to verify your identity before acting on a request.
5. International data transfers
Where personal data is transferred outside the EEA or UK, we rely on adequacy decisions or Standard Contractual Clauses (SCCs), supplemented with additional safeguards where necessary, to ensure a level of protection equivalent to that in your country.
6. Sub-processors
We engage a limited set of vetted sub-processors to run the Service (cloud hosting, database, email delivery, payment processing, error monitoring, analytics). A current list is available on request. We enter into written agreements requiring them to meet GDPR-appropriate security and confidentiality standards.
7. Security measures
- Encryption of data in transit (TLS 1.2+) and at rest.
- Hashed and salted passwords using industry-standard algorithms.
- Role-based access control and least-privilege principles.
- Continuous logging, monitoring, and periodic reviews.
- Automated backups with tested restore procedures.
8. Data breach notification
In the unlikely event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay, in line with GDPR requirements.
9. Retention
Personal data is retained only for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Account data is deleted or anonymized within a reasonable period after account closure.
10. Data Protection Contact
For any GDPR-related inquiry, contact privacy@bookedandpaidservice.live.