Privacy notice

1. Data controller

BookingGood
Data Protection Officer: dpo@bookinggood.org

2. Data and legal basis

• SaaS subscribers: Company, billing, usage logs — contract and legitimate interest
• Booking end-users: Name, email, phone, booking data — contract (6(1)(b))
• Contact: Name, email, message — consent (6(1)(a))
• Technical logs: IP, browser, cookies — security (6(1)(f))

3. Retention period

Financial: 8 years. Bookings: 5 years. Technical logs: 12 months. Contact: 3 years.

4. Data transfer

Processors: Stripe Payments Europe (DUB), Brevo SAS (FR), AWS EU-Central-1 (DE). No transfers outside the EU.

5. Data subject rights

Access (15), rectification (16), erasure (17), restriction (18), objection (21), portability (20), and right to complain to NAIH.

6. Cookies

Only strictly necessary cookies (language, session). No analytics or marketing cookies.

Effective: 1 January 2026 · Version 4.2