Loading...
Smart Booker UK Smart Booker UK Start Free Trial

Privacy Policy

Code Smart Web Ltd (trading as Smart Booker UK)

Last Updated: 1th September 2025

1. Introduction

This Privacy Policy explains how Code Smart Web Ltd, trading as SmartBooker ("SmartBooker", "we", "our", "us"), collects, processes, stores, shares and protects personal data in connection with the SmartBooker booking platform, mobile applications, websites, APIs, and related services ("Services").

We are committed to complying with:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • Privacy and Electronic Communications Regulations (PECR)
  • ICO guidelines and best practices

This policy sets out your rights, our obligations, and the principles governing how we process personal data.

2. Data Controller and Data Processor Roles

Depending on the activity, SmartBooker acts as:

2.1. Data Controller

We act as a Controller when collecting and processing:

  • Data of individuals registering accounts on smartbooker.co.uk
  • Data processed for marketing, analytics, support and onboarding
  • Communications with us via email, contact forms or customer support
  • Data related to administration of subscriptions, billing or payments

2.2. Data Processor

We act as a Processor for businesses ("Customers") using SmartBooker to process their client data.

This includes processing:

  • Customer appointment details
  • Names, emails, phone numbers
  • Booking notes
  • Staff availability and schedules
  • Services and locations
  • Transactional notifications
  • Loyalty points (if enabled)

In such cases, the Customer assumes responsibility as the Data Controller.

3. Personal Data Processed

SmartBooker processes the following categories of personal data:

3.1. Account Data

  • Full name
  • Business name
  • Email address
  • Phone number
  • Password (encrypted – never stored in plain text)
  • Industry and business details
  • Time zone, language preferences

3.2. Booking and Customer Data (Controller or Processor)

  • End-customer names
  • Contact details
  • Service preferences
  • Appointment schedules
  • Staff allocation
  • Booking notes
  • Cancellation or no-show records
  • SMS/email notification history

3.3. Payment and Billing Data

Handled via Stripe (PCI DSS Level 1 compliant):

  • Customer IDs
  • Subscription plans
  • Billing addresses
  • Payment status

SmartBooker never stores card numbers, expiry dates or CVV codes.

3.4. Technical and Usage Data

Collected automatically through cookies, logs and analytics:

  • IP address
  • Browser type
  • Device identifiers
  • Session data
  • Login timestamps
  • Error logs
  • Usage patterns
  • Traffic routing information

3.5. Marketing Data

  • Newsletter preferences
  • Consent records
  • Email engagement metrics
  • SMS marketing consent

4. Legal Bases for Processing

SmartBooker processes data on the following bases:

4.1. Contractual Necessity

To provide, operate and maintain the booking system.

4.2. Legitimate Interest

  • Platform improvement
  • Fraud prevention
  • Logging and analytics
  • Security monitoring
  • Customer support

4.3. Legal Obligation

  • Tax, accounting, and invoicing
  • Compliance with UK law

4.4. Consent

For email and SMS marketing.

5. How Data Is Used

We use personal data to:

  • Create and administer accounts
  • Provide booking and scheduling services
  • Support customers and resolve issues
  • Deliver automated notifications
  • Perform analytics and improve performance
  • Personalise the user experience
  • Maintain security and prevent fraud
  • Send marketing communications when consent is given

We never use end-customer data for our own marketing or profiling.

6. Sharing and Disclosure

Data may be shared with:

  • Stripe – payment processing
  • Brevo – email and SMS
  • Cloud hosting partners
  • Analytics providers
  • Support and infrastructure services

All third-party providers are GDPR-compliant.

We never sell or rent personal data.

7. International Transfers

Where data is transferred outside the UK, we ensure compliance via:

  • Adequacy Regulations
  • Standard Contractual Clauses
  • Additional safeguards

8. Data Retention

  • Account data: kept for the duration of the subscription
  • Booking data: as determined by the Customer
  • Logs: 30–180 days
  • Support records: up to 24 months
  • Legal/accounting records: 6 years

Data may be deleted upon request.

9. Data Subject Rights

You have the right to:

  • Access your data
  • Correct inaccuracies
  • Request deletion
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent
  • Complain to ICO

Requests may be submitted to: privacy@smartbooker.co.uk

10. Security Measures

SmartBooker implements:

  • TLS/HTTPS encryption
  • Hashed passwords
  • Encrypted backups
  • Access control and role separation
  • MFA for administrators
  • Firewall and server hardening
  • Data isolation per tenant
  • Monitoring and auditing tools

11. Cookies and Tracking

SmartBooker uses:

  • Essential cookies (required)
  • Functional cookies
  • Analytical cookies
  • Google Consent Mode v2
  • Tag Manager (if enabled)

Consent banner controls apply according to PECR and GDPR.

Full details in our Cookie Policy.

12. Automated Decision-Making

SmartBooker does not use automated decision-making with legal or significant impact.

13. Children's Data

SmartBooker is not intended for use by children under 13.

We do not knowingly process children's data.

14. Changes to This Policy

This policy may be updated.

The latest version will always be published on this page.

15. Contact Information

Data Protection Contact:

info@smartbooker.co.uk

ICO Registration Number: ZC047407

Top