[{"data":1,"prerenderedAt":599},["ShallowReactive",2],{"og-image-business-privacy":3,"social-meta-business-privacy":4,"pricing-plan-EUR":5,"page-business,privacy":6},"",[],{},{"id":7,"title":8,"body":9,"description":589,"extension":590,"meta":591,"navigation":594,"path":595,"seo":596,"stem":597,"__hash__":598},"content/eswk.co.uk/business/privacy.md","Business Privacy Policy – EasyWeek",{"type":10,"value":11,"toc":575},"minimark",[12,19],[13,14],"blog-header",{":bullet_points":15,"description":16,"headline":17,"tag":18},"[{\"text\":\"1. Who we are\",\"href\":\"#_1-who-we-are\"},{\"text\":\"2. Scope and the controller-processor split\",\"href\":\"#_2-scope-and-the-controller-processor-split\"},{\"text\":\"3. Data we collect about Business Users\",\"href\":\"#_3-data-we-collect-about-business-users\"},{\"text\":\"4. Purposes and legal bases\",\"href\":\"#_4-purposes-and-legal-bases\"},{\"text\":\"5. Marketing communications\",\"href\":\"#_5-marketing-communications\"},{\"text\":\"6. Sharing and sub-processors\",\"href\":\"#_6-sharing-and-sub-processors\"},{\"text\":\"7. International transfers\",\"href\":\"#_7-international-transfers\"},{\"text\":\"8. Retention\",\"href\":\"#_8-retention\"},{\"text\":\"9. Your rights\",\"href\":\"#_9-your-rights\"},{\"text\":\"10. Security\",\"href\":\"#_10-security\"},{\"text\":\"11. Changes and contact\",\"href\":\"#_11-changes-and-contact\"}]","This Privacy Policy describes how EasyWeek GmbH processes personal data about business owners, employees, and other authorised users of the EasyWeek Business platform (\"you\", \"Business User\"). For personal data that you, as a business, process about your own clients through EasyWeek, EasyWeek acts as a data processor under our Data Processing Addendum.","Business Privacy Policy","h1",[20,21,22,29,34,37,50,63,67,70,93,96,100,200,208,212,298,301,305,308,311,337,340,344,347,383,386,390,396,400,461,464,468,471,502,508,512,515,535,540,544,547,550,557],"blog-content",{},[23,24,25],"p",{},[26,27,28],"em",{},"Last updated: 15 May 2026",[30,31,33],"h2",{"id":32},"_1-who-we-are","1. Who we are",[23,35,36],{},"The controller responsible for the processing of personal data about Business Users described in this Policy is:",[23,38,39,40,45,46],{},"EasyWeek GmbH\nHördtweg 65, 40470 Düsseldorf, Germany\nEmail: ",[41,42,44],"a",{"href":43},"mailto:privacy@easyweek.io","privacy@easyweek.io","\nData protection contact: ",[41,47,49],{"href":48},"mailto:dpo@easyweek.io","dpo@easyweek.io",[23,51,52,53,57,58,62],{},"For matters relating to data we process ",[54,55,56],"strong",{},"on your behalf"," (your customers' data stored in EasyWeek), please see Section 2 below and our ",[41,59,61],{"href":60},"/business/dpa","Data Processing Addendum",".",[30,64,66],{"id":65},"_2-scope-and-the-controller-processor-split","2. Scope and the controller-processor split",[23,68,69],{},"EasyWeek Business is a Software-as-a-Service platform that helps service businesses (\"Customers\") manage their bookings, clients, staff, finances, and marketing. This split matters for data protection:",[71,72,73,84],"ul",{},[74,75,76,79,80,83],"li",{},[54,77,78],{},"EasyWeek is the controller"," for personal data ",[54,81,82],{},"about Business Users"," — the business owners, employees, and authorised users who sign up, log in to, and use EasyWeek Business. This Policy describes that processing.",[74,85,86,89,90,92],{},[54,87,88],{},"EasyWeek is the processor"," for personal data that Business Users (their Customer) upload to EasyWeek to run their business — for example, end-customer contact details, booking history, notes, photos. That processing is governed by the ",[41,91,61],{"href":60},", where the Customer is the controller.",[23,94,95],{},"This Policy covers only the first case. For end-customer data, the Customer's own privacy notice applies.",[30,97,99],{"id":98},"_3-data-we-collect-about-business-users","3. Data we collect about Business Users",[101,102,103,116],"table",{},[104,105,106],"thead",{},[107,108,109,113],"tr",{},[110,111,112],"th",{},"Category",[110,114,115],{},"Examples",[117,118,119,130,140,150,160,170,180,190],"tbody",{},[107,120,121,127],{},[122,123,124],"td",{},[54,125,126],{},"Identification",[122,128,129],{},"First and last name, business name, position, profile photo",[107,131,132,137],{},[122,133,134],{},[54,135,136],{},"Contact",[122,138,139],{},"Email address, phone number, business address, country",[107,141,142,147],{},[122,143,144],{},[54,145,146],{},"Account",[122,148,149],{},"Username, hashed password, two-factor authentication tokens, login history, IP address, device and browser identifiers",[107,151,152,157],{},[122,153,154],{},[54,155,156],{},"Billing",[122,158,159],{},"VAT ID, billing address, last 4 digits of payment card, invoice history. Full card data is collected directly by Stripe and never reaches our servers",[107,161,162,167],{},[122,163,164],{},[54,165,166],{},"Communications",[122,168,169],{},"Support tickets, in-app chat history, call recordings (with your consent), survey responses",[107,171,172,177],{},[122,173,174],{},[54,175,176],{},"Usage telemetry",[122,178,179],{},"Pages and features used, clicks, performance metrics, crash reports, error logs",[107,181,182,187],{},[122,183,184],{},[54,185,186],{},"Marketing engagement",[122,188,189],{},"Email open and click events, newsletter preferences, webinar attendance, demo bookings",[107,191,192,197],{},[122,193,194],{},[54,195,196],{},"Public listing data",[122,198,199],{},"Where you opt in to the EasyWeek marketplace, the business name, logo, services, hours, location, photos, and aggregated ratings you publish",[23,201,202,203,207],{},"We collect this data directly from you (when you register, fill in forms, contact support, configure your account) and automatically (logs, telemetry, cookies on our marketing sites — see ",[41,204,206],{"href":205},"/cookies","Cookie Policy",").",[30,209,211],{"id":210},"_4-purposes-and-legal-bases","4. Purposes and legal bases",[101,213,214,224],{},[104,215,216],{},[107,217,218,221],{},[110,219,220],{},"Purpose",[110,222,223],{},"Legal basis (UK GDPR Art. 6)",[117,225,226,234,242,250,258,266,274,282,290],{},[107,227,228,231],{},[122,229,230],{},"Creating and operating your account, providing the EasyWeek Business platform you subscribed to",[122,232,233],{},"Performance of a contract — Art. 6(1)(b)",[107,235,236,239],{},[122,237,238],{},"Billing, accounting, tax records",[122,240,241],{},"Legal obligation — Art. 6(1)(c); contract — Art. 6(1)(b)",[107,243,244,247],{},[122,245,246],{},"Customer support and incident response",[122,248,249],{},"Performance of a contract — Art. 6(1)(b); legitimate interest — Art. 6(1)(f)",[107,251,252,255],{},[122,253,254],{},"Product analytics, debugging, capacity planning, security monitoring",[122,256,257],{},"Legitimate interest in operating a secure and reliable platform — Art. 6(1)(f)",[107,259,260,263],{},[122,261,262],{},"Marketing communications to existing Business Users about the EasyWeek ecosystem, new features, and partner offers",[122,264,265],{},"Legitimate interest under reg. 22 PECR and Art. 6(1)(f) UK GDPR — limited to similar products and services and subject to your right to object",[107,267,268,271],{},[122,269,270],{},"Marketing communications where you have explicitly opted in (newsletters, webinars)",[122,272,273],{},"Your consent — Art. 6(1)(a)",[107,275,276,279],{},[122,277,278],{},"Publishing your business on the EasyWeek marketplace, where you opt in",[122,280,281],{},"Performance of the marketplace addendum to your subscription — Art. 6(1)(b)",[107,283,284,287],{},[122,285,286],{},"Compliance with legal obligations and lawful requests from authorities",[122,288,289],{},"Legal obligation — Art. 6(1)(c)",[107,291,292,295],{},[122,293,294],{},"Defence against, exercise of, or establishment of legal claims",[122,296,297],{},"Legitimate interest — Art. 6(1)(f); Art. 9(2)(f) where special-category data is involved",[23,299,300],{},"We do not carry out any automated decision-making that produces legal or similarly significant effects on you within the meaning of UK GDPR Art. 22.",[30,302,304],{"id":303},"_5-marketing-communications","5. Marketing communications",[23,306,307],{},"By creating a Business User account, you agree that EasyWeek may send you transactional and marketing communications about EasyWeek and our ecosystem through email, SMS, WhatsApp, push notifications, and in-app messages. We may also use your business contact data to invite you to events, webinars, beta features, partner offerings, and to inform you about new EasyWeek mobile apps (such as the EasyWeek client app), provided this is compatible with the legal basis described in Section 4.",[23,309,310],{},"You can opt out of marketing communications at any time:",[71,312,313,319,325,331],{},[74,314,315,318],{},[54,316,317],{},"Email"," — unsubscribe link at the bottom of every marketing email",[74,320,321,324],{},[54,322,323],{},"SMS / WhatsApp"," — reply \"STOP\" to any marketing message",[74,326,327,330],{},[54,328,329],{},"Push notifications"," — turn off in your device or app settings",[74,332,333,336],{},[54,334,335],{},"In-app"," — Profile → Notification preferences",[23,338,339],{},"Withdrawal does not affect the lawfulness of processing carried out before the withdrawal and does not prevent us from sending you transactional messages required to operate the Service.",[30,341,343],{"id":342},"_6-sharing-and-sub-processors","6. Sharing and sub-processors",[23,345,346],{},"We share Business User data only with:",[71,348,349,359,365,371,377],{},[74,350,351,354,355,358],{},[54,352,353],{},"Sub-processors"," we engage to deliver the Service (hosting, email, SMS, support tooling, analytics, payment processing, AI features). The current list is available at ",[41,356,357],{"href":357},"/business/subprocessors",". All sub-processors are bound by contract to confidentiality and UK GDPR-equivalent obligations.",[74,360,361,364],{},[54,362,363],{},"Stripe",", our payment processor, for handling subscription billing.",[74,366,367,370],{},[54,368,369],{},"Auditors, accountants, legal advisers"," acting under professional confidentiality.",[74,372,373,376],{},[54,374,375],{},"Public authorities"," when we are legally compelled to do so, after verifying the legal basis of the request and, where lawful, notifying you.",[74,378,379,382],{},[54,380,381],{},"Successor entities"," in the event of a merger, acquisition, or sale of all or part of EasyWeek, in which case the acquirer becomes bound by an equivalent privacy commitment.",[23,384,385],{},"We do not sell your personal data and do not share it with third-party advertisers for cross-context behavioural advertising.",[30,387,389],{"id":388},"_7-international-transfers","7. International transfers",[23,391,392,393,395],{},"EasyWeek primarily processes Business User data on infrastructure located in the European Union (Hetzner data centres in Germany; Google Cloud Storage EU multi-region; Cloudflare edge with EU routing for EEA traffic). As the United Kingdom is no longer a member of the European Economic Area, transfers of personal data from the United Kingdom to EasyWeek's EU-based infrastructure constitute restricted international transfers under the UK GDPR; however, the European Union benefits from adequacy regulations made by the UK Secretary of State under the Data Protection Act 2018, meaning such transfers are lawful without further safeguards. Where a limited number of sub-processors are located outside the UK or EEA (for example, certain AI providers under a Zero Data Retention agreement), the transfer of UK personal data is protected by the ICO's International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses (both approved by the Information Commissioner's Office under s.119A of the Data Protection Act 2018), together with supplementary measures based on a transfer impact assessment, available on request from ",[41,394,44],{"href":43},". Transfers of EEA personal data to the same sub-processors are separately governed by the European Commission's Standard Contractual Clauses (Decision 2021/914) and corresponding supplementary measures.",[30,397,399],{"id":398},"_8-retention","8. Retention",[101,401,402,412],{},[104,403,404],{},[107,405,406,409],{},[110,407,408],{},"Data",[110,410,411],{},"Retention period",[117,413,414,422,430,438,446,454],{},[107,415,416,419],{},[122,417,418],{},"Account profile and configuration",[122,420,421],{},"While your account is active + 6 months after deletion request, then deletion or anonymisation",[107,423,424,427],{},[122,425,426],{},"Invoices and accounting records",[122,428,429],{},"10 years (HGB § 257, AO § 147)",[107,431,432,435],{},[122,433,434],{},"Support tickets",[122,436,437],{},"3 years from closure",[107,439,440,443],{},[122,441,442],{},"Login and access logs",[122,444,445],{},"90 days, with security-incident-related entries retained as long as legally necessary",[107,447,448,451],{},[122,449,450],{},"Backups",[122,452,453],{},"Up to 35 days rolling, after which they are overwritten",[107,455,456,458],{},[122,457,186],{},[122,459,460],{},"Until you unsubscribe + 6 months for proof of compliance",[23,462,463],{},"When the retention period expires, data is securely deleted or irreversibly anonymised, except where a longer period is required by law.",[30,465,467],{"id":466},"_9-your-rights","9. Your rights",[23,469,470],{},"You have the following rights with respect to your personal data:",[71,472,473,476,479,482,485,488,491,494],{},[74,474,475],{},"Right of access (Art. 15 UK GDPR)",[74,477,478],{},"Right to rectification (Art. 16)",[74,480,481],{},"Right to erasure (Art. 17)",[74,483,484],{},"Right to restrict processing (Art. 18)",[74,486,487],{},"Right to data portability (Art. 20)",[74,489,490],{},"Right to object (Art. 21) — in particular, to direct marketing",[74,492,493],{},"Right to withdraw consent at any time (Art. 7(3))",[74,495,496,497,62],{},"Right to lodge a complaint with the supervisory authority of your habitual residence, place of work, or place of alleged infringement. In the United Kingdom, the competent authority is the Information Commissioner's Office (ICO), ",[41,498,499],{"href":499,"rel":500},"https://ico.org.uk/",[501],"nofollow",[23,503,504,505,507],{},"To exercise any of these rights, write to ",[41,506,44],{"href":43},". We will respond within one month and free of charge, except where the request is manifestly unfounded or excessive.",[30,509,511],{"id":510},"_10-security","10. Security",[23,513,514],{},"We apply technical and organisational measures appropriate to the risk, including:",[71,516,517,520,523,526,529,532],{},[74,518,519],{},"Encryption in transit (TLS 1.3) and at rest (AES-256)",[74,521,522],{},"Multi-factor authentication and least-privilege access for our staff",[74,524,525],{},"Network segregation, audit logging, intrusion detection",[74,527,528],{},"Secure software development lifecycle, regular dependency scanning, penetration testing",[74,530,531],{},"Documented incident response and breach notification process",[74,533,534],{},"Personnel under written confidentiality obligations",[23,536,537,538,62],{},"Full details are described in the Technical and Organisational Measures annex to the ",[41,539,61],{"href":60},[30,541,543],{"id":542},"_11-changes-and-contact","11. Changes and contact",[23,545,546],{},"We may update this Policy from time to time. Material changes will be announced through the in-app notification centre or by email at least 14 days before they take effect. The \"Last updated\" date above always reflects the current version.",[23,548,549],{},"For questions or to exercise your rights:",[23,551,39,552,554,555],{},[41,553,44],{"href":43},"\nData protection: ",[41,556,49],{"href":48},[23,558,559,560,564,565,564,567,564,569,564,571,62],{},"See also: ",[41,561,563],{"href":562},"/privacy","Client Privacy Policy"," · ",[41,566,206],{"href":205},[41,568,61],{"href":60},[41,570,353],{"href":357},[41,572,574],{"href":573},"/imprint","Imprint",{"title":3,"searchDepth":576,"depth":576,"links":577},2,[578,579,580,581,582,583,584,585,586,587,588],{"id":32,"depth":576,"text":33},{"id":65,"depth":576,"text":66},{"id":98,"depth":576,"text":99},{"id":210,"depth":576,"text":211},{"id":303,"depth":576,"text":304},{"id":342,"depth":576,"text":343},{"id":388,"depth":576,"text":389},{"id":398,"depth":576,"text":399},{"id":466,"depth":576,"text":467},{"id":510,"depth":576,"text":511},{"id":542,"depth":576,"text":543},"How EasyWeek GmbH collects, uses, and protects personal data of business account holders, staff, and authorised users of the EasyWeek Business platform.","md",{"layout":592,"meta_keywords":593,"cover_text":17},"business","business privacy policy, B2B, UK GDPR, EasyWeek Business, data controller",true,"/eswk.co.uk/business/privacy",{"title":8,"description":589},"eswk.co.uk/business/privacy","I7hdvDJC0H8xgBaD5MqZD_tJL2HWbtK1Pkzy8bKxhmw",1779354974125]