How will Calendly help me be GDPR compliant?

Calendly, through certain features, functionality, and support, can assist with your data controller obligations under GDPR.

As a Calendly user, how should I think about Calendly with respect to the GDPR?

As a Calendly user (i.e., someone who has signed up for a Calendly account), Calendly is a processor of your invitees’ data. In technical terms, you are the controller. When an invitee schedules a meeting with you, you retain ownership and responsibility of that data.

How does Calendly help you uphold the data rights of your invitees?

The right to be informed

Your invitees have a right to know about what, why, and how data about them is collected and processed. Calendly informs your invitees through our Terms of Use, Data Processing Addendum, and Privacy Policy, as well as in articles and educational resources.

The right of access

If requested by an EU citizen, you have an obligation as a data controller under GDPR to inform your invitee (often referred to as "data subjects") what personal data is being held and for what purposes. To fulfill this request, you can export your meeting details, filter, and provide the resulting data to your invitee.

The right to rectification ('right to correction')

If an invitee contacts you regarding an inaccuracy in their email address for an upcoming meeting, you can edit it from the Meetings tab on your Home page. Just click the "details" section for your upcoming meeting then click on the pencil icon to edit.

For other requests regarding personal data that needs to be corrected, please contact us.

The right of erasure (the 'right to be forgotten')

Please notify us if you have been contacted by one of your invitees with a deletion request. Unless we have reasonable grounds to refuse the erasure, we will work to remove the personal data in question securely. We will also communicate the erasure to our third-party subprocessors.

The right to restrict processing

Please contact us and we will do our best to comply with your invitee's objection. Please note that this may require deletion of their data, as we process data to provide the Calendly service to both you and your invitees.

The right to data portability

To fulfill this request, you can export your meeting details, filter, and provide the resulting data to your invitee.

The right to object

For Calendly invitees (who are not also Calendly users), please be assured that we do not use the email addresses that they provide when scheduling a meeting for any marketing or promotional purposes. Your EU invitees can withdraw consent from the use of cookies at any time. To learn more, please visit our Cookies FAQ.

If you integrate Calendly to share invitee information with another application, we designate invitees in GDPR countries as "transactional contacts" so their information is only used to send information about orders, shipments, test message, etc., unless they explicitly opt-in to future, marketing-related emails. 

Automated decision-making and profiling

Calendly does not make decisions that have a legal (or similar effect) on you or your invitees via automatic processing.

 

How does Calendly help you uphold other GDPR standards?

  • Calendly obtains consent from your EU invitees before storing non-session cookies. For more information, please visit our Cookies FAQ.
  • You can collect consent from your invitees when booking using custom questions. For more information, please see this article.

Disclaimer: This document is for informational purposes only and does not constitute legal advice. Calendly users should always seek legal advice before taking any action with respect to these matters.