This Privacy policy explains how [COMPANY_LEGAL_NAME] (“OnJoy”, “we”, “us”) collects, uses, and protects your personal data when you use the OnJoy platform (the “Platform”). We are committed to processing your data in accordance with the applicable data-protection law, including the EU General Data Protection Regulation (“GDPR”).
1. Data controller
The data controller is:
[COMPANY_LEGAL_NAME] — [COMPANY_ADDRESS]
Data-protection contact: [PRIVACY_EMAIL]
Data Protection Officer: [DPO_DETAILS]
2. What data we collect
Depending on how you use the Platform, we may collect:
- Account data — first and last name, email address, password (stored encrypted), and account type (Client or Practitioner).
- Profile and contact data — phone number, postal address, and, for Practitioners, profile photo, biography, languages, qualifications and supporting documents, services offered, prices, and availability.
- Booking data — appointments made, service chosen, location (at home or at the Practitioner’s premises), date and time, and booking history.
- Payment data — payments are processed by our payment provider (Stripe). We do not store your full card details; we only receive the information needed to confirm a transaction (e.g. status, last digits, transaction reference).
- Communications — messages and notifications sent through the Platform (email and in-app) and your notification preferences.
- Technical data — IP address, browser and device information, and usage data collected through cookies and similar technologies (see our Cookies policy).
3. Why we use your data and on what legal basis
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Create and manage your account | Performance of a contract |
| Process bookings and connect Clients with Practitioners | Performance of a contract |
| Process payments and prevent fraud | Performance of a contract; legal obligation; legitimate interest |
| Send transactional emails and in-app notifications (booking confirmations, reminders, changes) | Performance of a contract |
| Send marketing communications | Consent (you can withdraw it at any time) |
| Improve and secure the Platform | Legitimate interest |
| Comply with legal and accounting obligations | Legal obligation |
4. Who we share your data with
We share your data only as necessary to operate the Platform, with:
- Other users — when you make a booking, the relevant Client and Practitioner receive the data needed to deliver the service (e.g. name, appointment details, and, where relevant, the address for an at-home service).
- Payment provider — Stripe, for processing payments securely.
- Service providers — our hosting provider, email/notification provider, and mapping/address services used to display locations and assist address entry.
- Authorities — where required by law or to protect our rights.
We do not sell your personal data.
5. International transfers
Some of our service providers may process data outside your country. Where this involves a transfer outside the European Economic Area, we ensure appropriate safeguards are in place (such as the European Commission’s Standard Contractual Clauses).
6. How long we keep your data
We keep your data only for as long as necessary for the purposes described above: account data for the lifetime of your account and a reasonable period afterwards; booking and transaction data for the period required by accounting and tax law; marketing data until you withdraw your consent. After these periods, data is deleted or anonymised.
7. Your rights
Subject to applicable law, you have the right to access, rectify, and erase your data, to restrict or object to its processing, to data portability, and to withdraw your consent at any time. To exercise these rights, contact us at [PRIVACY_EMAIL]. You also have the right to lodge a complaint with the competent supervisory authority ([SUPERVISORY_AUTHORITY]).
8. Security
We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or alteration, including encryption of passwords and secure (HTTPS) connections.
9. Children
The Platform is not intended for persons under the age of 16. We do not knowingly collect data from children.
10. Changes to this policy
We may update this Privacy policy from time to time. The “last updated” date at the top indicates the latest revision. Material changes will be communicated through the Platform.
11. Contact
For any question about this Privacy policy or your data, contact us at [PRIVACY_EMAIL].