Last updated: September 2023
Use of the Beyonk platform
Users of the Beyonk website that merely view the webpages do not need to provide any information to do so. When you create an account with Beyonk, you have the choice to opt into our newsletter which will allow you to be updated with the latest content from Beyonk. When you create an account with Beyonk, we store the information you provide so you can use the website, upload or buy experiences, send messages to other users and manage your bookings.
When you book experiences, you will be connected with providers/vendors through the website so you can message with each other. You will be notified of messages by email. In the normal course of business, we will never share personal or sensitive information. In order to comply with law or reasonable requests from law enforcement agencies or authorities, we may disclose your data if we are compelled to do so. We will never share your data beyond the necessary means we have outlined in this text.
The data we collect
The types of personal information we gather is: your name, phone number, email address, company name, physical address, as well as the responses you provide in surveys that third parties might request you to complete before or after making a booking. Additionally, this includes any correspondence you engage in with Beyonk-based websites through our platform and the specifics of the experiences you have reserved.
We possess the ability to view messages to assist with matters related to bookings, enquiries, and any queries. When you upload experiences, it's important to be aware that they will be disseminated throughout our network. Regarding Beyonk-based websites, we retain all the previously mentioned information, along with any extra data you provide. This includes details such as your business name, experience particulars, financial data, bookings, your current service availability status, information about your staff members including their names and details, as well as qualifications and insurance documents that are utilised for the vetting process.
How do we use personal information?
Personal information is used to monitor the use of the Beyonk website to aid with future improvements and in understanding of the effectiveness of marketing and communications. When you book through Beyonk, your information is available to the company you booked with so they are informed of purchase and can manage your booking.
Your information is available to authorised staff and contractors at Beyonk Group on a need-to-know basis only, to aid in the successful operations of the business, including responding to enquiries and messages. For a Beyonk-based website, your information is used to operate the Beyonk system to take bookings.
Opting out of communications
After you've subscribed to our communications, you have the option to choose the specific types of communications you prefer to receive by clicking on the ‘unsubscribe’ button to be redirected to the preferences page. However, once you create an account and buy an experience, there are some emails you cannot opt out of, to ensure you receive the right information about your trip e.g. booking confirmation, reminder email, summary booking email, amendments, refunds or message emails. If you wish to opt out of operational emails, you will no longer be able to use the website to find and book experiences or manage bookings.
For Beyonk-based websites, we send you critical emails to ensure you're aware of changes to the Beyonk system, key feature releases, latest initiatives if we require you to update your account and emails to do with you receiving bookings including: booking confirmation, reminder email, summary booking email, amendments, refunds or message emails. If you wish to opt out of these critical emails, you will be unable to use the Beyonk system.
When booking with Beyonk, your booking information and the personal information you submit will always be visible to the Beyonk-based website you have booked directly to. It will also be available to critical third-parties to support our service such as Stripe, which manages processing payments when you book via the Beyonk system.
Outside of sharing data with the Beyonk-based website you booked with and critical third parties supporting the Beyonk infrastructure, or unless we must comply with law or reasonable requests from law enforcement agencies or authorities, we will never share your data with third-parties without your explicit permission.
For Beyonk-based websites, by using Beyonk you can opt to share your business information, service offerings and availability across our third party websites to attract more customers and bookings.
Transfer of data to third parties
We do not transfer your personal data to third parties for purposes other than the purposes listed below.
We only transfer your data to third parties, if:
- You, in accordance with Article 6(1)(1)(a) GDPR, have given us express permission to do so;
- The transfer in accordance with 6(1)(1)(f) GDPR is required for the establishment, exercise or defence of legal claims, and there is no reason to believe that you have an overriding interest in your data not being transferred;
- A statutory obligation exists for transfer in accordance with 6(1)(1)(c) GDPR;
- This is legally permitted, and in accordance with 6(1)(1)(b) GDPR, this is necessary to carry out contractual relationships with you.
- Customer data, including email addresses, is not shared with any third parties. Customer data, such as names, addresses, and email addresses, are passed through Beyonk as part of the business processing the payment.
Retention of data
When using the Beyonk system, your data is held in our system for as long as is necessary to fulfil the booking system objectives and purpose for which you submitted it. We may retain your personal information for longer if it may be the subject of a legal claim, or may otherwise be relevant for future litigation. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.
The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. If you're a Beyonk-based website user and you only collect data via Beyonk, then you're already in compliance. After signing up, booking, or enquiring, you can request the data we store on you and can request this to be deleted. If you request us to delete your data, we will comply with this request. Please notify us so we can provide this support. Data removal requests are assessed and deleted within 30 days, with both customer and relevant company(ies) are notified. A Beyonk-based website you've booked with or enquired with will see [removed] in place of your name, address, phone and email.
Information and data security
Beyonk has in place appropriate technological and operational security processes designed to protect personally identifiable information from loss, misuse, alteration or destruction. Only authorised employees & contractors will have access to any data provided by you, and that access is limited by a need to know basis. Each employee or contractor having access to any personally-identifiable information is obligated to maintain its confidentiality.
Although we take steps that are generally accepted as industry standard to protect your personally-identifiable information, Beyonk cannot guarantee that your personally-identifiable information will not become accessible to unauthorised persons and Beyonk cannot be responsible for any actions resulting from a breach of security when information is supplied over the internet or any public computer network.
International data transfers
Please be aware that Beyonk is headquartered in London, United Kingdom and has operations globally. As a result, your information may be transferred to other jurisdictions where Beyonk has operations. The data protection laws in these locations may be different from your home country.
Please note that if we transfer personal information from the EU to the United States or any other country, we will implement appropriate legal mechanisms to ensure an adequate level of personal data protection consistent with the GDPR’s requirements. For example, if the recipient country has not received an Adequacy Decision from the EU, we will rely on the European Commission’s Standard Contractual Clauses(SCCs) as the lawful mechanisms for such transfers. Furthermore, we have entered into appropriate data processing agreements signed with all non-EU (sub)processors which contain SCCs and define security standards and measures to be employed by each of our (sub)processors (including state of the art encryption). We also contractually require our (sub)processors to provide us prompt notice of any data breach or security incident concerning processed data.
EU / UK Residents
- Rights Under GDPR
The GDPR affords certain rights to individuals in the European Economic Area (“EEA”) regarding their personal information. If you are located in the EEA, you have the rights to:
- withdraw consent to data processing at any time;
- access your personal information;
- request a copy of your personal information;
- correct any inaccuracies in your personal information;
- erase your personal information;
- data portability, meaning to request a transfer of your personal information from us to any other person or entity as chosen by you;
- restrict the processing of your personal information; and
- object to the processing of your personal information.
You will not typically need to pay a fee to exercise any of these rights. But we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Subject to exceptions, if you wish to exercise one of the rights identified above with regard to personal information subject to this Policy, you may do so by submitting a request to firstname.lastname@example.org. Once we have received your request, we will review it and contact you back within 1 month, but we retain the right to extend this period up to 2 months in exceptional circumstances. We will in any event inform you within 1 month after receipt of your request if we decide to extend the period for our response. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights).
Lastly, if you are located in the EEA and have a concern about our processing of your data, you may have the right to make a complaint to the appropriate data protection authority in the EEA.
- Lawful Basis Under GDPR
As a “controller,” our lawful basis for processing your information is typically either to (1) fulfil our legitimate business interests (such as ensuring the safety, security, and functionality of our website), (2) comply with a legal obligation, or (3) conduct processing to which you have specifically consented.
When we process your personal information for the purposes described in Section 3.a, and 3.e–3.g above, our lawful basis is our legitimate interest to present and optimise our website, detect and prevent potential security issues on our website, and develop and improve on service offerings. Likewise, when we process your personal information for the purposes described in Sections 3.c – 3.d, our lawful basis is our legitimate interest to monitor the efficacy of our marketing efforts, respond to inquiries about our business and services, and promote our service offerings. When we send promotional communications to you as described in Section 3.b, our lawful basis is typically your express consent. Where we use your personal data for our legitimate interests, we evaluate any potential impact of the processing on your rights and freedoms as required by the GDPR.
We take your data privacy seriously. When transferring international data to and from California, we adhere to all applicable regulations to ensure your personal information is handled with care and in compliance with the highest data protection standards.
Changes to this policy
Please note that we may change this Policy from time to time. If there are changes to our Policy, we will post them here and update the “Last Updated” date at the top of this document. Continued use of this website after any changes is deemed to be acceptance of those changes. Accordingly, we encourage you to check the Policy periodically for updates.
What are cookies?
You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help section for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of this site. Therefore, it is recommended that you do not disable cookies.
What are the different types of cookies
Web cookies can be categorised based on their purpose and functionality. Here are some common categories of web cookies:
These cookies are temporary and are stored in the user's browser only for the duration of their website visit. They are often used to store temporary information, such as items in a shopping cart, to maintain user session state.
Unlike session cookies, persistent cookies remain on the user's device even after they close their browser. They have an expiration date and time and are used to remember user preferences and login information across multiple sessions.
First-party cookies are set by the website that the user is currently visiting. They are used to store information like user preferences and session data to enhance the user experience on that specific website.
Third-party cookies are set by domains other than the one the user is currently visiting. These cookies are often used for tracking and advertising purposes across different websites. For example, they can be used by ad networks to track user behaviour and show targeted ads.
Secure cookies are transmitted over encrypted connections (HTTPS) to enhance security. They are particularly important for sensitive information like login credentials.
Same-Site cookies are designed to prevent cross-site request forgery (CSRF) attacks by restricting when cookies are sent to the server. They can be set as "Strict" (only sent on same-site requests) or "Lax" (sent on same-site top-level navigations and safe cross-site requests).
These cookies are used to gather data about how users interact with a website. They help website owners understand user behaviour, traffic patterns, and popular content.
Advertising cookies are used to track user behaviour across websites in order to display targeted ads. They can also be used to measure the effectiveness of advertising campaigns.
Functional cookies enhance the usability of a website by remembering user preferences and choices, such as language settings and customization options.
Performance cookies collect information about how users interact with a website, helping site owners identify performance bottlenecks and areas for improvement.
Tracking cookies, often associated with third-party cookies, are used to track users' online behaviour and create a profile that advertisers can use to deliver personalised content and ads.
The cookies we set
Account and login related cookies
Orders processing related cookies
This site offers e-commerce or payment facilities and some cookies are essential to ensure that your order is remembered between pages so that we can process it properly.
Third party cookies
This site uses Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and the ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.
For more information on Google Analytics cookies, see the official Google Analytics page.
We also use social media buttons and/or plugins on this site that allow you to connect with your social network in various ways. For these to work the following social media sites, including Facebook, Instagram and Twitter, will set cookies through our site which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.
Hopefully, that has clarified things for you and as was previously mentioned if there is something that you aren't sure whether you need or not it's usually safer to leave cookies enabled in case it does interact with one of the features you use on our site.
However, if you are still looking for more information then please contact us.