Skip to main content
If you have any questions or want to know more about our product, schedule a free call with us now!

Overview

At Appointy, we are deeply committed to businesses who use our product suite and services and prioritize the utmost protection of their data. As part of this commitment, we actively assist our business users in understanding and, when relevant, adhering to the General Data Protection Regulation (GDPR). Appointy is fully committed to complying with GDPR regulations as a data processor. We have implemented robust data protection measures, privacy protocols, and security practices to safeguard personal data. Our compliance efforts are regularly updated to stay in line with the evolving GDPR guidelines.

We take a comprehensive approach to GDPR compliance, with a strong focus on serving our business users and individual data subjects. As a data processor, Appointy works on behalf of its business users (data controllers) to process personal data within the context of our services. We handle this data strictly according to the instructions provided by our customers. The following sections outline our dedicated efforts and investments in ensuring GDPR compliance to safeguard both our business customers and the personal data of the end users involved.

Appointy’s Compliance

Table of Content

Data protection by design

At Appointy, data protection and security measures are deeply ingrained in our platform. Throughout the years, we have diligently monitored web developments, allowing us to adapt our platform in line with the latest web advancements while maintaining compliance with GDPR guidelines.

Compliant as a data processor under GDPR Guidelines

As a data processor fully aligned with GDPR guidelines, Appointy takes data protection and privacy seriously in all aspects of our services. We understand the significance of our role in processing personal data on behalf of our business users, the data controllers. To ensure strict compliance with GDPR regulations, we have implemented robust data security measures and privacy protocols. Our data processing activities are conducted with utmost transparency and in accordance with the specific instructions provided by our customers. As a trusted data processor, we strive to handle personal data responsibly and securely, maintaining its confidentiality and integrity throughout its lifecycle. By continuously monitoring and updating our processes, we ensure that Appointy remains a reliable and GDPR-compliant data processor, giving our customers peace of mind and confidence in their data handling practices.

International Data Transfers

As a globally-oriented company serving customers worldwide, Appointy adheres to GDPR guidelines while facilitating the transfer and access of data across borders. We recognize and honor the regulations governing international data transfers outside of the European Economic Area, the UK, and Switzerland. In alignment with our commitment to data protection, Appointy, as a data processor, offers a robust international data transfer framework through our Data Processing Addendum (DPA) . The DPA serves as a safeguard, enabling our valued business users to lawfully transfer personal data to Appointy’s related entities and cloud products beyond the EEA. This is achieved by relying on the industry-Standard Contractual Clauses, ensuring secure and compliant data handling throughout the process.

The revised DPA supplements our Business Terms of Service and provides contractual safeguards to our customers for the processing of the personal data sent across Appointy and its related entities, enabling our business users to be compliant with the GDPR. If you, as a business user, are looking to procure a signed copy of our DPA, you can request the same by requesting a secure signing link via contact@appointy.com.

Choice and consent

We value choice and transparency around how we collect, use, and share information, and provide optionality within different product settings. You can read more about how we handle your personal information in our updated, simple to understand Privacy Policy which summarizes those choices, how to exercise them, and any relevant limitations. We also surface consents for cookies and marketing messages to provide clarity and control at points of collection. Our internal processes centralize consents to ensure we’re consistently honoring your choices across Appointy products suite.

Security Practices and Controls

Appointy gives utmost importance to Data Security and Privacy. We obtained our ISO 27001:2013 certification in 2017, and do regular internal and external audits of our security infrastructure and organisational controls. We use the most secure data centers, with the most security certifications and SOC reports. Our systems were designed to automate scans that regularly check for security vulnerabilities and make us aware of issues that would require additional review by a member of our security team. As a result, Appointy has a firm security foundation.

Data subject rights

Appointy has enacted policies to protect users’ rights. We allow Appointy business and end users to opt-out of our notifications, and are ready to respond to any data access requests from our business users and end users. All business users also have the ability to export and transfer their data.

Data protection by design

At Appointy, data protection and security measures are deeply ingrained in our platform. Throughout the years, we have diligently monitored web developments, allowing us to adapt our platform in line with the latest web advancements while maintaining compliance with GDPR guidelines.

Compliant as a data processor under GDPR Guidelines

As a data processor fully aligned with GDPR guidelines, Appointy takes data protection and privacy seriously in all aspects of our services. We understand the significance of our role in processing personal data on behalf of our business users, the data controllers. To ensure strict compliance with GDPR regulations, we have implemented robust data security measures and privacy protocols. Our data processing activities are conducted with utmost transparency and in accordance with the specific instructions provided by our customers. As a trusted data processor, we strive to handle personal data responsibly and securely, maintaining its confidentiality and integrity throughout its lifecycle. By continuously monitoring and updating our processes, we ensure that Appointy remains a reliable and GDPR-compliant data processor, giving our customers peace of mind and confidence in their data handling practices.

International Data Transfers

As a globally-oriented company serving customers worldwide, Appointy adheres to GDPR guidelines while facilitating the transfer and access of data across borders. We recognize and honor the regulations governing international data transfers outside of the European Economic Area, the UK, and Switzerland. In alignment with our commitment to data protection, Appointy, as a data processor, offers a robust international data transfer framework through our Data Processing Addendum (DPA). The DPA serves as a safeguard, enabling our valued business users to lawfully transfer personal data to Appointy’s related entities and cloud products beyond the EEA. This is achieved by relying on the industry-Standard Contractual Clauses, ensuring secure and compliant data handling throughout the process.

The revised DPA supplements our Business Terms of Service and provides contractual safeguards to our customers for the processing of the personal data sent across Appointy and its related entities, enabling our business users to be compliant with the GDPR. If you, as a business user, are looking to procure a signed copy of our DPA, you can request the same by requesting a secure signing link via contact@appointy.com.

Choice and consent

We value choice and transparency around how we collect, use, and share information, and provide optionality within different product settings. You can read more about how we handle your personal information in our updated, simple to understand Privacy Policy which summarizes those choices, how to exercise them, and any relevant limitations. We also surface consents for cookies and marketing messages to provide clarity and control at points of collection. Our internal processes centralize consents to ensure we’re consistently honoring your choices across Appointy products suite.

Security Practices and Controls

Appointy gives utmost importance to Data Security and Privacy. We obtained our ISO 27001:2013 certification in 2017, and do regular internal and external audits of our security infrastructure and organisational controls. We use the most secure data centers, with the most security certifications and SOC reports. Our systems were designed to automate scans that regularly check for security vulnerabilities and make us aware of issues that would require additional review by a member of our security team. As a result, Appointy has a firm security foundation.

Data subject rights

Appointy has enacted policies to protect users’ rights. We allow Appointy business and end users to opt-out of our notifications, and are ready to respond to any data access requests from our business users and end users. All business users also have the ability to export and transfer their data.

FAQs:

What is GDPR and who does it apply to?

The General Data Protection Regulation (GDPR) is intended to harmonize data protection laws throughout the European Union (EU) by applying a single data protection law that is binding throughout each member state. The GDPR applies to all organizations established in the EU and to organizations, whether or not established in the EU, that process the personal data of EU data subjects in connection with either the offering of goods or services to data subjects in the EU or the monitoring of behavior that takes place within the EU. Personal data is any information relating to an identified or identifiable natural person.

What steps have been taken by Appointy to comply with GDPR guidelines in their role as a data processor?

At Appointy, we embrace our role as a GDPR-compliant data processor, providing essential services in processing personal data on behalf of our valued customers, who serve as the data controllers. To uphold the highest standards of data protection and privacy, we have implemented robust data security measures and privacy protocols across all aspects of our services. Transparency is of utmost importance to us, and we diligently adhere to the specific instructions provided by our customers while processing their data.

As part of our commitment to data protection, we offer a Data Processing Addendum (DPA) that outlines the terms and conditions of data processing in alignment with GDPR guidelines. Our dedication to data security extends to incorporating advanced encryption technology to safeguard the confidentiality and integrity of personal data throughout its entire lifecycle. We continuously monitor and update our processes, ensuring that Appointy remains a dependable and GDPR-compliant data processor.

Our customers can rest assured that their data handling practices align with GDPR regulations, fostering confidence and peace of mind when partnering with Appointy. As a trusted data processor, we prioritize the protection and privacy of personal data, laying a strong foundation of trust and reliability in all our data processing services.

How does Appointy ensure the legality of international data transfers outside the EEA and the UK?

In alignment with our commitment to data protection, Appointy offers a robust international data transfer framework through our Data Processing Addendum (DPA). The DPA serves as a safeguard, enabling our valued business customers to lawfully transfer personal data to Appointy’s related entities and cloud products beyond the EEA. This is achieved by relying on the industry-Standard Contractual Clauses, ensuring secure and compliant data handling throughout the process.

The DPA offered by Appointy supplements our Business Terms of Service and provides contractual safeguards to our business users for the processing of the personal data sent across through Appointy and its related entities, enabling customers to be compliant with the GDPR. For more information on how business users can enter into the Appointy Data Processing Addendum, please write to us at contact@appointy.com and data-protection@appointy.com.

What are Standard Contractual Clauses (SCCs) and how do they benefit our data transfers?

Standard Contractual Clauses are a set of contractual provisions established by the European Commission to safeguard personal data transferred outside the EEA and the UK. By signing the DPA with Appointy, our business users can rely on these SCCs as a secure and recognized mechanism for international data transfers, enabling lawful and GDPR-compliant data processing.

Are there any additional steps that business users need to take for international data transfers with Appointy?

As part of the DPA, Appointy ensures that the necessary safeguards are in place for international data transfers. However, it is recommended for business users to conduct a thorough assessment of their specific data transfer requirements and consult with legal experts to ensure full compliance with GDPR regulations.

What type of personal data does Appointy process as a data processor?

Appointy processes only the personal data necessary to provide our services to our business users. This may include information such as names, email addresses, phone numbers, and appointment details, among others. We never use the data for any purpose other than what is explicitly instructed by the business users, i.e. data controllers.

Does Appointy have sub-processors?

Yes, we do. Like any other software services provider, we employ resources from different providers and vendors to develop and provide you a great service and customer support experience. Full-list of our sub-processors can be found in our DPA .

What security measures does Appointy have in place to protect personal data?

Appointy employs a multi-layered approach to data security, including encryption, access controls, regular security audits, and employee training. We continuously monitor and update our security protocols to safeguard the data against potential risks.

Our security provides the foundation for our recognized certifications and accreditations, demonstrating compliance with rigorous international standards, such as ISO 27001:2013, and Cyber Essentials (UK). Appointy ensures that personal data is stored securely within highly protected data centers.

How is personal data encrypted at Appointy’s end?

While architecting and engineering the Appointy SaaS platform, we implemented stricter information security measures to comply with GDPR and OWASP guidelines. All the information and personal data processed and stored by Appointy is encrypted at rest and in transit. While data is at-rest, it is encrypted using 256-bit Advanced Encryption Standard (AES-256). And when data is in-transit, all the connections to databases and servers are encrypted using SSL/TLS frequently rotated certificates.

How long does Appointy retain personal data processed on behalf of its business users?

Appointy retains personal data only for the duration specified by our business users (data controllers) as part of their legal agreements with Appointy or as long as the business user remains a customer with Appointy. Appointy may also retain personal data as required to fulfill Appointy’s legal and regulatory obligations. Once the retention period ends, we securely delete or anonymize the data.

How does Appointy handle data subject requests, such as data access and deletion?

As a business user:

    • Appointy promptly assists our business users (data controllers) in responding to data subject requests, including requests for data access, rectification, and deletion that have been raised to such businesses by their end users. You can reach out to contact@appointy.com and data-protection@appointy.com in relation to a data subject request raised to you.
    • Apart from that, Appointy allows for the deletion of content by business users on demand, using delete feature at various spots in Appointy application.

As an individual data subject or end user:
If you wish to reach out to Appointy directly for data subject rights request when you had initially given your data to one of our business user, you can submit such a request to contact@appointy.com and data-protection@appointy.com or you can fill the form available here.

How can business users and data subjects contact Appointy for queries regarding GDPR?

Appointy has designated an internal Data Protection Officer (DPO) to oversee compliance. You can reach our DPO at data-protection@appointy.com. You can also write to us at contact@appointy.com.

If you have questions about Appointy or the sign up process, please email us at contact@appointy.com and we will be glad to answer all your questions

Sign up for a free trial today

Get a free 14 day trial with all features. No strings attached. No credit card required.