Is Calendly GDPR compliant?

Calendly is fully committed to compliance with the General Data Protection Regulation (GDPR). We understand the importance of incorporating standards put forth by GDPR into our data practices and making sure our customers, whether citizens of the EU or businesses that use Calendly with European customers, feel secure and confident to continue using Calendly.

In response to GDPR, we have developed new features (including cookie management tools and data deletion processes), enhanced existing functionality (such as Terms of Use opt-ins), improved our documentation, and incorporated a Data Processing Addendum into our Terms of Use.

Calendly has designed its data privacy program to be compliant with GDPR, both now and as future developments come along.

If you integrate Calendly to share invitee information with another application, we designate invitees in GDPR countries as "transactional contacts" so their information is only used to send information about orders, shipments, test message, etc., unless they explicitly opt-in to future, marketing-related emails. 

Does Calendly have a Data Processing Addendum (DPA)?

We have incorporated a Data Processing Addendum into our Terms of Use that covers all visitors (including Calendly users who have an account with us, Calendly invitees who schedule meetings with a Calendly user, and Calendly viewers who are simply visiting the website) located in the European Economic Area, Switzerland, and the United Kingdom. There is nothing additional for you to sign or execute, and by accepting the Terms of Use, the DPA is already in place for you.

Does Calendly’s Data Processing Addendum (DPA) include the UK Addendum to the Standard Contractual Clauses?

Yes. Calendly updated our DPA in September, 2022 to include the new UK Addendum.
As one of the many data privacy law changes the UK is working through since Brexit, the UK’s
Information Commissioner's office released in May, 2022 its own data transfer agreement, as
well as an addendum it will allow entities to add to the 2021 EU Standard Contractual Clauses
to allow for legal transfers of UK personal data to countries not deemed adequate with regard to
their data protection laws, such as the United States. Parties are required to start using the
transfer agreement or Standard Contractual Clauses addendum in new contracts on September
21, 2022, and are required to update existing contracts by March 21, 2024. More information
regarding the UK addendum can be found on the ICO’s website. Calendly previously updated our DPA so that it includes the new version of EU Standard Contractual Clauses which came out last year. Since our DPA already incorporates the EU Standard Contractual Clauses, we have added the UK addendum to them to account for customers transferring personal data to us from the UK.

Can I get a signed version of Calendly’s Data Processing Addendum (DPA)?

Please contact us and we will be happy to process your request.