Your data, your rights

Privacy Policy

How GjejTermin collects, uses, and protects your personal information. We are committed to transparency and compliance with applicable data protection laws.

Last updated: 4 February 2025

1. Who we are and how to contact us

GjejTermin ("we", "us", "our") operates the booking platform at our website. We act as a data controller for the personal data we process in connection with the platform. For questions about this policy or your personal data, please contact us via our contact page.

2. Information we collect

We collect the following categories of information:

Account and profile: When you register, we collect your name, email address, phone number, and password (stored in hashed form). If you sign in with a third-party provider, we may receive your name and email from that provider.
Booking and transaction: When you make or manage a booking, we collect the appointment details (date, time, service, business), the name and contact details you provide for the booking (including for guest checkout), and any payment-related information you submit. Payment may be processed by the business; we do not store full payment card numbers.
Communications: When you contact us (e.g. via the contact form or support), we collect the content of your message and your contact details.
Usage and technical: We collect information about how you use the platform (e.g. pages visited, actions taken) and technical data (e.g. IP address, browser type, device type) for operation, security, and improvement of our services. We may use cookies and similar technologies as described below.

We do not sell your personal data to third parties.

3. Legal basis and how we use your information

We use your information for the following purposes, where permitted by applicable law:

Providing the service: To create and manage your account, process bookings, send confirmations and reminders, and communicate with you about your use of the platform. Legal basis: performance of a contract with you (or steps at your request) and, where relevant, our legitimate interest in providing the service.
Improvement and analytics: To understand how the platform is used, fix errors, and improve functionality and user experience. Legal basis: legitimate interest.
Security and compliance: To protect against fraud, abuse, and security risks, and to comply with legal obligations (e.g. responding to lawful requests from authorities). Legal basis: legitimate interest and legal obligation.
Marketing (where applicable): If you have given consent or we are otherwise permitted, we may send you news or offers. You can opt out at any time.

4. Sharing your information

We may share your information with:

Businesses you book with: When you make a booking, we share the booking details and the contact information you provide with the relevant business so they can provide the service and contact you if needed.
Service providers: We use trusted providers for hosting, email delivery, analytics, and other technical services. They process data on our instructions and are bound by appropriate agreements.
Legal and safety: We may disclose data where required by law, or to protect our rights, users, or the public.

We do not sell or rent your personal data to third parties for their marketing.

5. International transfers

Your data may be processed in countries outside your country of residence. Where we transfer data to countries that are not recognised as providing an adequate level of data protection, we implement appropriate safeguards (e.g. standard contractual clauses approved by relevant authorities) in accordance with applicable law.

6. Data retention

We retain your personal data only for as long as necessary to fulfil the purposes set out in this policy, including to satisfy legal, accounting, or reporting requirements. For example, we retain account data while your account is active and for a reasonable period after closure; booking and transaction data as needed for the service and for legal and dispute purposes. You may request deletion of your data subject to applicable law (see "Your rights" below).

7. Your rights

Depending on your location, you may have the following rights regarding your personal data:

Access: To request a copy of the personal data we hold about you.
Rectification: To request correction of inaccurate or incomplete data. You can update much of your information in your profile and settings.
Erasure: To request deletion of your personal data, subject to certain exceptions (e.g. where we must retain data for legal reasons).
Restriction: To request that we limit how we use your data in certain circumstances.
Portability: To receive your data in a structured, commonly used format where technically feasible.
Object: To object to processing based on legitimate interests or, where applicable, to processing for direct marketing.
Withdraw consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
Complaint: You have the right to lodge a complaint with a supervisory authority in your country of residence.

To exercise these rights, please contact us via our contact page. We will respond within the timeframes required by applicable law.

8. Cookies and similar technologies

We use cookies and similar technologies (e.g. local storage) to operate the platform, remember your preferences, and analyse usage. Essential cookies are necessary for the site to function. We may also use analytics and performance cookies to improve our service. You can control non-essential cookies through your browser settings. Disabling certain cookies may affect the functionality of the platform.

9. Data security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes secure transmission (e.g. HTTPS), access controls, and secure storage. No method of transmission over the internet or electronic storage is 100% secure; we cannot guarantee absolute security but we strive to protect your data in line with industry standards.

10. Children

The platform is not directed at children under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will take steps to delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in the law. We will post the updated policy on this page and update the "Last updated" date. For material changes, we may notify you by email or through a notice on the platform where appropriate. We encourage you to review this page periodically.

12. Contact

For any questions about this Privacy Policy or our handling of your personal data, please contact us via our contact page.