Install HoliSpot

    Add to home screen for quick access

    HoliSpot logo

    Privacy Policy

    Last updated: April 2025

    1. Introduction

    HoliSpot (holispot.com) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our platform. We comply with GDPR and other applicable data protection regulations in the Czech Republic and EU.

    2. Information We Collect

    We collect the following categories of data: • Information you provide directly: name, email address, phone number, profile information (bio, avatar, location), qualification and certification details (for practitioners). • Information collected automatically: device information, IP address, cookies, platform usage data, browser language. • Information from third parties: data from the Stripe payment gateway, data from Google Calendar (if you link your calendar), analytics data from Google Analytics.

    3. How We Use Your Information

    We use your information to: • Provide and improve platform services • Process bookings, payments, and refunds • Communicate about appointments, confirmations, and reminders • Manage user accounts, profiles, and subscriptions • Personalize your experience and language preferences • Ensure platform security and prevent fraud • Comply with legal obligations • Analyze usage patterns to improve the platform We do not sell your personal information to third parties.

    4. Information Sharing

    We share information only with: • Stripe – for processing card payments and managing subscriptions • Google – for Google Analytics (anonymized analytics data) and Google Calendar API (if you link your calendar) • Cloudinary – for storing and optimizing uploaded images • Practitioners – we share your name, email, and contact information with the practitioner when you make a booking • Law enforcement – only when required by law All third-party providers are contractually obligated to protect your data in compliance with GDPR.

    5. Booking Data

    When booking an appointment, we process the appointment date and time, service type and price, communication between you and the practitioner (in-booking chat), your answers to the practitioner's questionnaire (if configured), payment information and payment status. Practitioners can see client name and contact details only for confirmed bookings.

    6. Google Calendar API Usage

    Our application HoliSpot may, with your consent, access your Google Calendar through the Google Calendar API to synchronize bookings and availability. Data access includes: • Reading events (to determine your availability) • Creating and editing events (to record bookings made through the HoliSpot platform) We use this data exclusively to: • Ensure the proper functioning of the booking system • Synchronize availability between your calendar and the HoliSpot platform We do not store or share data from Google Calendar with third parties, except as necessary to provide the service (e.g., technical operations). You can revoke the application's access to your Google account at any time through your Google account settings.

    7. Google API Services User Data Policy Compliance

    HoliSpot uses Google user data in compliance with the Google API Services User Data Policy, including the Limited Use requirements. This means: • We use data from Google APIs only for the purposes described in this policy • We do not sell data from Google APIs to third parties • We do not use data from Google APIs for advertising purposes • We limit data access to the minimum necessary to provide the service • Human access to data occurs only with your explicit consent, for security purposes, or in compliance with legal requirements

    8. Payment Data

    We process payments through the Stripe payment gateway. We do not store credit card numbers or other sensitive payment data on our servers – this data is processed directly by Stripe in compliance with PCI DSS standards. We retain only transaction information (amount, date, payment status) for accounting purposes and dispute resolution.

    9. Data Security

    We implement industry-standard security measures including: • Encryption of sensitive data • Secure data transmission (SSL/TLS) • Access control via Row Level Security (RLS) • User authentication and authorization • Secure data storage in cloud infrastructure While we strive to protect your information, no method of transmission over the internet is 100% secure.

    10. Your Rights

    Under GDPR, you have the right to: • Access your personal data • Correct inaccurate information • Request deletion of your data (right to be forgotten) • Object to data processing • Withdraw consent at any time • Export your data (data portability) • Lodge a complaint with the Office for Personal Data Protection (ÚOOÚ) To exercise these rights, contact us at [email protected]. We will respond to requests within 30 days.

    11. Cookies and Tracking

    We use the following types of cookies: • Essential cookies: for platform functionality, login, and language preferences • Analytics cookies: Google Analytics for traffic analysis (anonymized data) • Functional cookies: remembering your preferences and settings You can control cookie settings through your browser. Essential cookies cannot be disabled as they are necessary for platform functionality.

    12. Children's Privacy

    The HoliSpot platform is not intended for persons under the age of 16. We do not knowingly collect personal data from children. If we discover that we have collected data from a person under 16, we will delete it immediately.

    13. Policy Changes

    We may update this Privacy Policy from time to time. We will notify you of significant changes through the platform or by email. The date of the last update is indicated at the beginning of this document.

    14. Contact Us

    For privacy-related questions or to exercise your rights, contact our Data Protection Officer at [email protected] or write to us at HoliSpot, Prague, Czech Republic.