BOOKLY AS Privacy Policy

Effective Date: 01.12.2025

At BOOKLY AS ("we", "us", or "our"), we are committed to protecting your privacy and handling your personal data in a transparent and secure manner. This Privacy Policy explains how we collect, use, process, store, and share personal data when you use our online platform ("Platform"), which includes features for posting jobs, receiving bids, browsing and booking services from experts (such as hairstylists, massage therapists, nail techs, and carpenters), and subscribing to premium plans.

We are the data controller for the personal data we process, as defined under the General Data Protection Regulation (GDPR) and other applicable data protection laws. If you have any questions about this Privacy Policy or our data practices, please contact us using the details provided in Section 12.

By using the Platform, you consent to the practices described in this Privacy Policy. If you do not agree with this Policy, please do not use the Platform.

1. Introduction

1.1 Purpose of This Policy: This Privacy Policy outlines our data processing activities and your rights regarding your personal data. It applies to all users, including job posters, service providers, and subscribers.

1.2 Scope: We process personal data in compliance with GDPR and Norwegian data protection laws. Our Platform is operated by BOOKLY AS, a company registered in Norway.

1.3 Changes to This Policy: We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on the Platform or via email (if you have provided your email address). Your continued use of the Platform after changes are posted constitutes your acceptance of the updated Policy.

2. Data Controller and Contact Information

BOOKLY AS is the data controller responsible for your personal data.

Company Name: BOOKLY AS
Registered Address: [Insert Registered Address, e.g., 123 Example Street, Oslo, Norway]
Data Protection Officer Contact: If you have questions or concerns, please contact our Data Protection Officer at: dpo@booklyas.com or via postal mail at the above address.
3. Types of Personal Data We Collect

We collect various types of personal data depending on how you interact with the Platform. We only collect data that is necessary for our services.

3.1 Data You Provide Directly:

Account Information: When you register, we may collect your name, email address, phone number, password, and profile details.
Job Posting and Bidding Data: Details you provide when posting a job (e.g., job description, budget) or submitting bids (e.g., proposals from providers), which may include professional information.
Booking and Service Data: Information related to bookings, such as service preferences, appointment details, and provider interactions.
Subscription Data: Payment information (e.g., credit card details, handled via third-party processors), subscription preferences, and billing address for premium plans.
Communication Data: Messages, feedback, or inquiries you send through the Platform.
3.2 Data Collected Automatically:

Usage Data: Information about your interactions with the Platform, such as IP address, browser type, device information, and pages visited.
Cookies and Tracking Technologies: We use cookies and similar technologies to enhance your experience (e.g., for login sessions, personalized recommendations). See Section 10 for more details.
3.3 Data from Third Parties:

We may receive data from third-party services (e.g., payment processors like Stripe or social media logins) with your consent.
We do not intentionally collect sensitive personal data (e.g., health information) unless required for specific services (e.g., booking a massage therapist), and we will only do so with your explicit consent.

4. How We Collect Your Data

We collect personal data through:

Direct Interactions: When you register, post jobs, submit bids, book services, or subscribe to premium plans.
Automated Technologies: Via cookies, web beacons, and analytics tools when you visit the Platform.
Third-Party Sources: From partners or services you authorize (e.g., Google Analytics for site usage).
5. How We Use Your Personal Data

We process your personal data for specific, legitimate purposes. Our legal bases for processing include your consent, contractual necessity, legal obligations, and legitimate interests.

5.1 Purposes of Processing:

To provide and maintain the Platform (e.g., processing job posts, bids, and bookings).
To communicate with you (e.g., sending updates, confirmations, or customer support).
To improve and personalize your experience (e.g., recommending providers based on your preferences).
To process payments and manage subscriptions for premium plans.
To ensure security and prevent fraud (e.g., monitoring for suspicious activity).
To comply with legal obligations (e.g., responding to lawful requests from authorities).
5.2 Legal Bases:

Consent: For optional features like marketing emails.
Contract: To fulfill our services (e.g., booking appointments).
Legitimate Interests: For analytics and platform improvements, balanced against your rights.
Legal Obligation: For tax, regulatory, or dispute resolution purposes.
6. Sharing and Disclosure of Your Data

We do not sell your personal data. We may share it with third parties only as necessary and in accordance with GDPR.

6.1 Third-Party Service Providers: We may share data with:

Payment processors (e.g., Stripe) for handling subscriptions.
Email service providers for communications.
Analytics tools (e.g., Google Analytics) to improve the Platform.
6.2 Legal Requirements: We may disclose data if required by law, court order, or to protect our rights (e.g., in investigations).

6.3 Business Transfers: If BOOKLY AS is involved in a merger or acquisition, your data may be transferred as part of the business assets.

6.4 International Transfers: Your data may be transferred outside the EEA (e.g., to U.S.-based providers). We ensure appropriate safeguards, such as Standard Contractual Clauses, are in place to comply with GDPR.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or breach. These include:

Encryption of sensitive data.
Secure servers and firewalls.
Regular security audits.
Access controls for employees.
If a data breach occurs that poses a risk to your rights, we will notify you and the relevant authorities as required by GDPR.

8. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this Policy, or as required by law. For example:

Account data: Up to 2 years after your last activity, unless you request deletion.
Transaction data: For 7 years for tax and accounting purposes.
After the retention period, we will securely delete or anonymize your data.

9. Your Rights Under GDPR

As a data subject, you have rights regarding your personal data. You can exercise these by contacting us at the details in Section 12.

9.1 Rights You Have:

Access: Request a copy of your personal data.
Rectification: Correct inaccurate or incomplete data.
Erasure: Request deletion of your data (e.g., if it's no longer needed).
Restriction: Limit how we process your data.
Portability: Receive your data in a structured format.
Objection: Object to processing based on legitimate interests.
Withdraw Consent: If processing is based on consent, you can withdraw it at any time.
9.2 How to Exercise Your Rights: We will respond to your requests within one month, as required by GDPR. If you believe your rights have been violated, you can complain to the Norwegian Data Protection Authority (Datatilsynet).

10. Cookies and Tracking Technologies

We use cookies to enhance your experience. Cookies are small files stored on your device.

10.1 Types of Cookies We Use:

Essential Cookies: For login and security.
Functional Cookies: For personalized features.
Analytics Cookies: To track usage (e.g., via Google Analytics).
10.2 Your Choices: You can manage cookies through your browser settings. For more details, visit our Cookie Policy (if applicable) or contact us.

11. Children's Privacy

Our Platform is not intended for children under 18. We do not knowingly collect data from minors. If we become aware of such collection, we will delete the data promptly. Parents or guardians should contact us if they believe their child has provided data.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Company Name: BOOKLY AS
Address: Nordfroyveien 443. 7260
Email: contact@bookly-app.no
Phone: 92568023
You can also contact the Norwegian Data Protection Authority (Datatilsynet) at:

Website: https://bookly-app.no/
Address: Nordfroyveien 443. 7260
Email: contact@bookly-app.no
By using the BOOKLY AS Platform, you acknowledge that you have read and understood this Privacy Policy.