Skip to main content

Privacy Statement

Who is responsible for your data

Bookwhen Ltd is responsible for your data. Our registered address is Belsyre Court 57 Woodstock Road, Oxford OX2 6HJ. We are registered as a company in England and Wales, company number 08914060.

We are the data controller of the data we collect from you. It is our responsibility to control the way your personal data is collected and the purposes for which your personal data is used.

We also act as the data processor for the data that you collect from attendees when using Bookwhen. You can learn more about the measures we have taken to ensure we are meeting the GDPR requirements as a processor on our support pages.

How we use your personal data

Data How is it collected? Legal basis for processing What we do with it Where is it stored?
Email address At sign up Legitimate interest and with your consent.
  • To create a secure log-in to access your account.
  • To send essential account notifications such as a new booking alert (these can be turned on and off within your settings).
  • To provide support and answer questions via email.
  • For a regular newsletter and occasional marketing messages.
Bookwhen’s secure cloud database in London, UK, hosted on the Google Cloud Platform.
Name In-app Legitimate interest
  • To provide support (it’s nice to know who we’re speaking with!)
Phone number
  • To provide support via phone and in the future to send text message notifications.
Business address and company number
  • We display it on your public booking page - a legal requirement of any business taking payments on the internet.
  • To determine whether you should be charged VAT on your subscription.
IP and browser information Via usage
  • Tailor messaging and language for specific countries or browsers.
  • To ensure your security.

Who we share your data with and why

To provide our service we use some sub-processors (listed below). We make sure they adhere to the same standards of data protection that we do. Personal data is never sold to third parties.

Who Why
Intercom ( We use your contact details (email, phone number) to provide you with support for using Bookwhen. It means we can respond to your questions via email or phone.
Postmark ( Postmark ‘powers’ all of our emails - any notifications (e.g. new booking, cancellation) from Bookwhen.
Stripe ( Stripe allow us to take subscription payments from you (if you’re a paying customer). We share your email address with them so that you receive invoice and refund notifications.
The Makaton Charity ( This is specific to those who are a sub-account Makaton Bookwhen user connected to The Makaton Charity master Bookwhen account only. We, Bookwhen, act as the data controller for all The Makaton Charity sub-accounts and master account and as a data processor for attendee information that is collected by The Makaton Charity when they are using Bookwhen.


Cookies are files saved on your phone, tablet or computer when you visit a website. We use cookies to store information about how you use the Bookwhen website.

Manage your cookies

Cookies we use

Type Name Services Duration Description
Essential _bookwhen_admin_session Bookwhen Session To customise your experience and save your settings
known Session To customise your experience and save your settings
intercom-session-{id} Intercom 1 week (from each log-in) To allow access to your conversations on Intercom
intercom-id-{id} 9 months To identify anonymous visitors
__stripe_mid Stripe 1 year To help prevent payment fraud
Analytics _gid Google Analytics 1 day To track website and app usage
_ga 2 years
_hjid Hotjar 1 year A unique user ID that enables Hotjar heatmaps, session recording and user feedback popups
amplitude_id_{id} Amplitude 10 years To track website and app usage

International data transfers and security

We take security extremely seriously and have technologies, processes and security protocols to protect against the loss or theft of personal data. Our security processes include:

  • Access Controls – we have physical, system and data access control systems in place.
  • Data Backup – we conduct regular backups of the data stored in Bookwhen.
  • Testing & Improving – we regularly test and review our security to continuously strengthen our data security systems.

We will report any breach of Personal Data, and do so as fast as we can; we aim to let people know within 24 hours.

We use external servers monitored by Google Cloud Platform, a world-leader in data storage and security. Access to any business account is strictly limited and a register is kept of all access. Personal information can only be partially accessed for business technical support, billing or maintenance reasons. Bookwhen has strict internal data handling policies that all employees with access to data commit to.

We will only send data outside of the European Economic Area (‘EEA’) to work with third parties who we use to deliver services to you or to comply with a legal duty. If we do transfer data outside the EEA, we will make sure that it is protected in the same way as if it were being used in the EEA. We will use one of the following safeguards to ensure that it is protected:

  • Transfer the data to a non-EEA country which has privacy laws at least as protective as those within the EEA.
  • Put in place a contract with the recipient of the data which means the recipient must protect the data to the same standards as required within the EEA.

How long we hold your data

We keep your data only for as long as we need it. How long we need data depends on what we are using it for, whether that is to provide services to you, for our own legitimate interests (described above) or so that we can comply with the law. We will actively review the information we hold and when there is no longer a customer, legal or business need for us to hold it, we will either delete it securely or in some cases anonymise it. These principles are extended to any third party services that we share your data with.

Your rights

You are entitled to see copies of all personal data held by us and to amend, correct or delete such data. You can also limit, restrict or object to the processing of your data. You can also log in to your Bookwhen account to update the details held there under your Personal settings page.

If you gave us your consent to use your data, e.g. so that we can send you marketing emails, you can withdraw your consent.

You can object to our use of your data where we rely on our legitimate interests to do so. We explained the legitimate interests we rely in the table above under the heading ‘How we use your personal data’.

To raise any objections or to exercise any of your rights, you can send an email to us at When you get in touch, we will come back to you as soon as possible and where possible within one month. We may also ask you to verify your identity before we provide any information to you.

If Bookwhen decides to change this privacy policy, the changes will be posted on this page.

Concerns or complaints

If you have any complaints concerning Bookwhen’s processing of your personal data please email us at Please note that you have the right to lodge a complaint with the supervisory authority which is responsible for the protection of personal data in the country where you live or work, or in which you think a breach of data protection laws might have taken place.