GDPR

Timely Magic's Guide to European Privacy and Data Protection

Timely Magic, a CastGlobe Corporation product, is committed to safeguarding your data privacy and fully supports compliance with the General Data Protection Regulation (GDPR), which was implemented by the European Union (EU) effective May 25, 2018.

What is GDPR?

GDPR standardizes data privacy laws throughout Europe, strengthening the privacy rights of EU citizens and reshaping how organizations handle personal data.

Does GDPR Apply to Your Business?

GDPR affects any business, whether located inside or outside the EU, that offers goods or services to, or monitors the behavior of, EU residents. If your business processes or stores personal data of EU individuals, GDPR applies to you.

Timely Magic and GDPR

Protecting customer data is our highest priority. Our platform supports numerous appointments and transactions each month, and we are dedicated to maintaining the highest standards of privacy and data security.

Below you'll find details on our data collection practices, purposes, legal basis, data sharing partners, and retention policies.

Description of Timely Magic's Services

Timely Magic provides cloud-based scheduling and management solutions designed to assist businesses in beauty, wellness, fitness, and similar industries.

Categories of Personal Data

Timely Magic processes:

  • Identifying Data: Name, gender

  • Transactional Data: Appointment history, services booked, memberships, packages, gift certificates, products

  • Contact Information: Email addresses, physical addresses, phone numbers, birthdays

  • Financial Data: Payment details and credit card information

  • Tracking Data: Customer IP addresses and booking locations

Category of Data Subjects

We manage data from our software users, their employees, and their clients.

Purpose of Processing

We use collected data to authenticate users, manage appointments, process transactions, communicate service-related updates, and facilitate marketing communications.

Legal Basis for Data Processing

Timely Magic processes data based on legitimate business interests to effectively deliver services to users and their clients.

Automated Decision-Making and Profiling

Timely Magic does not engage in automated decision-making or profiling.

Categories of Data Recipients

We partner with secure cloud-hosting providers for data storage and reputable payment processors for transactions.

Data Storage Location

All user data is securely stored on servers located in the United States.

Data Retention Period

We retain data indefinitely unless users or their customers invoke their "Right to be Forgotten," requesting personal data deletion.

How Does Timely Magic Protect Your Data?

  • All platform transmissions use HTTPS (SSL) encryption.

  • We implement cryptographic hashing for data protection.

  • Credit card transactions adhere to PCI compliance standards.

  • Our data hosting facilities feature advanced security protocols including 24/7 surveillance, controlled access, redundant power sources, backup systems, and comprehensive security certifications (ISO 27001, SOC 1 & 2 Type 2, FedRAMP, PCI Level 1).

Your Responsibilities

If you serve customers from the EU, GDPR compliance is your responsibility, including informing individuals about data handling, securing necessary consents, and processing requests regarding personal data access or deletion.

If a customer requests data access or deletion, simply contact us directly, and we will manage this request efficiently without impacting your business reports. We will delete all identifiable customer information upon request.

Please note customers requesting data deletion might have active memberships, pre-booked appointments, or purchased items subject to returns. It's your responsibility to manage cancellations, refunds, or other necessary actions.

Email Communications

Emails from Timely Magic fall into two categories:

  • Transactional Emails: Functional communications such as appointment confirmations, reminders, password resets, and receipts. No opt-in required.

  • Marketing Emails: Promotional communications. Opt-in required.

For Existing Customers

All existing customers will initially have their marketing email preference set to OFF. They will receive a notification to opt-in if desired.

For New Customers

Marketing email preferences default to OFF. New customers will be prompted to opt-in during account setup or through subsequent communications.

Customers can unsubscribe at any time via their account settings or the unsubscribe link in emails.

SMS/Text Messages

Timely Magic exclusively sends transactional texts (appointment reminders, confirmations). Text marketing is not practiced, thus GDPR compliance issues do not apply.

Right to Access

GDPR entitles individuals to access their data. Timely Magic allows customers to access, update, or delete their information at any time through their user profiles.

Right to be Forgotten

Customers can request personal data erasure. Submit requests directly to Timely Magic, after which we confirm the request and erase the relevant data upon confirmation.

Questions?

For questions or assistance regarding GDPR, please contact:

CastGlobe Corporation
212 King St W #600, Toronto, ON M5H 1K5
hello@castglobe.com
+1 (647) 694-8882