Privacy Policy

1. Introduction

Bookura is a trade name of NIO Media, a sole proprietorship based in Enschede. We attach great importance to the privacy of our users and handle personal data with care. In this privacy policy, we explain what data we collect, why we do so, and how we protect this data.

Bookura provides a platform that enables salon entrepreneurs (such as hairdressers, massage therapists, and beauticians) to manage their business, including website, online bookings, payments, and invoicing.

2. Contact details of the data controller

NIO Media (trading as Bookura)
Roomweg 68
7523 BR Enschede
The Netherlands
Chamber of Commerce number: 69855773
Email for privacy inquiries: privacy@niomedia.nl

3. What personal data do we collect

3.1 Data from salon entrepreneurs (users)

When you register as a salon entrepreneur, we collect the following data:

• Name and email address
• Password (stored encrypted)
• Language preference
• Salon details: name, address, phone number, email address, and website
• Business details: Chamber of Commerce number and VAT number
• Payment details for connection with payment provider Mollie

3.2 Data from end users (salon clients)

When clients use a salon that uses Bookura, we collect:

• First and last name
• Email address
• Phone number
• Appointment details: date, time, selected treatment, and any notes
• Event registrations: event name, date, number of tickets, and price
• Waitlist data: email address, preferred days and times, notification preferences
• Gift card data: name and email of purchaser and recipient, personal message, amount

3.3 Data from support requests

When you contact us through the support form, we collect:

• Name and email address
• IP address and browser information (for fraud prevention)

3.4 Data via the mobile app

The Bookura app requests access to:

• Push notifications (for reminders and alerts). Device push tokens are stored for this purpose.

The app does not request access to camera, location, or other sensitive device functions.

4. Purposes of data processing

We process personal data for the following purposes:

• Creating and managing user accounts
• Enabling online bookings and appointment management
• Processing payments
• Sending transactional messages (confirmations, reminders)
• Sending SMS messages for appointment reminders
• Generating invoices
• Facilitating gift card sales and redemption
• Managing event registrations and waitlists
• Improving our services
• Analyzing website and product usage

5. Legal grounds for processing

We process personal data based on the following legal grounds:

• Performance of the contract: for providing our services to salon entrepreneurs and facilitating bookings
• Legitimate interest: for improving our services and analyzing website usage
• Consent: for sending marketing communications (if applicable)

6. Sharing data with third parties

We share personal data with the following parties, only to the extent necessary for our services:

*Appropriate safeguards have been established with these parties in accordance with GDPR, such as Standard Contractual Clauses (SCCs).

7. Cookies and tracking

We use the following cookies and tracking technologies:

Necessary cookies

• Session cookies: for the functioning of the website and keeping users logged in

Analytical cookies and tracking

• Google Analytics 4: for analyzing website usage and improving our services. IP addresses are anonymized.
• PostHog: for product analytics and improving the user experience. Data is stored within the EU.

You can manage cookies through your browser settings. Disabling necessary cookies may affect the functioning of the website.

8. Data security

We take appropriate technical and organizational measures to protect personal data against loss, misuse, and unauthorized access:

• Passwords are stored encrypted (hashed)
• All connections are via HTTPS
• Data is stored on secure servers within the European Union (Hetzner, managed via Laravel Forge)
• Regular backups are stored encrypted at a geographically separated location within the European Union
• Access to data is limited to authorized persons

9. Retention periods

We do not retain personal data longer than necessary for the purposes for which they were collected:

• Account data: until the account is deleted
• Appointment data: in accordance with legal retention periods for administration (7 years)
• Payment data: in accordance with legal retention periods for financial administration (7 years)
• Activity logs: user actions are retained for a maximum of 1 year
• Gift card data: in accordance with legal retention periods for financial administration (7 years)

10. Your rights

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right of access: you can request which data we process about you
• Right to rectification: you can have incorrect data corrected
• Right to erasure: you can request that your data be deleted
• Right to restriction: you can request that processing be restricted
• Right to data portability: you can receive your data in a common format
• Right to object: you can object to certain processing activities

Delete account

You can delete your account yourself via Settings → "Delete account" in the Bookura app or web app. After confirmation with your password, all your data will be permanently deleted.

Contact us

For questions about your privacy or to exercise your rights, you can contact us at privacy@niomedia.nl. We will respond to your request within 30 days.

11. Complaints

If you have a complaint about the processing of your personal data, you can contact us. You also have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): www.autoriteitpersoonsgegevens.nl

12. Changes

We may update this privacy policy from time to time. The most current version is always available on our website. We will inform you of significant changes.