APPENDIX NO. 1 – SCOPE OF PERSONAL DATA ENTRUSTED FOR PROCESSING
1. Categories of Data Subjects
Timerise processes Personal Data on behalf of the Controller in relation to the following categories of data subjects:
- End-users (clients or customers) using the Controller’s booking system powered by the Timerise Platform;
- Controller’s authorized personnel (e.g., administrators, team members with access to the Timerise account);
- Potential business partners who interact with the Controller’s public booking forms or communication tools integrated with the Platform.
2. Categories of Personal Data
Depending on the Controller’s configuration of the Platform and the Services used, Timerise may process the following categories of Personal Data:
| Category | Examples | Purpose of Processing |
|---|---|---|
| Identification data | First name, last name | Creating and managing bookings; customer identification |
| Contact data | E-mail address, phone number | Sending booking confirmations, notifications, reminders |
| Booking data | Service name, date and time of booking, location, notes, resource availability | Managing appointments and service scheduling |
| Communication data | Message content submitted via forms, e-mail, or chat | Customer support and service inquiries |
| Device and system data | IP address, browser type, time zone, operating system, session metadata | Security, diagnostics, analytics |
| Billing data (if applicable) | Company name, tax ID (NIP/VAT), payment reference | Invoicing and payment handling through integrated processors |
3. Special Categories of Personal Data
Timerise does not require or intentionally process any special categories of Personal Data as defined in Article 9 GDPR (e.g., health data, political opinions, religious beliefs).
If the Controller chooses to collect such data through customized booking forms, the Controller remains solely responsible for ensuring compliance with applicable data protection laws.
4. Nature and Purpose of Processing
Personal Data are processed exclusively to enable the proper functioning of the Timerise Platform and provision of related services, including:
- hosting and storing booking data,
- transmitting confirmation e-mails and messages,
- monitoring system performance and ensuring security,
- providing support and maintenance,
- analyzing usage patterns (aggregated and anonymized).
5. Retention Period
Timerise stores Personal Data for the duration of the Main Agreement and no longer than necessary to fulfill contractual obligations or comply with legal requirements.
Upon termination of the Main Agreement, Timerise will delete or return all Personal Data as described in Section 11 of the DPA.
6. Place of Processing
Personal Data are processed primarily within the European Economic Area (EEA).
If data are transferred outside the EEA (e.g., to Sub-Processors in the United States), such transfers are protected by appropriate safeguards such as Standard Contractual Clauses (SCCs) adopted by the European Commission.