The General Data Protection Regulation (GDPR) went into effect on May 25, 2018. It provides data subjects (Calendly users and invitees) privacy rights and greater transparency into and control over how companies, like Calendly, use their personal data.
How does Calendly uphold these data rights and comply with other provisions of the GDPR?
The right to be informed |
Your invitees have a right to know about what, why, and how data about them is collected and processed. Calendly informs your invitees through our Terms of Use, Data Processing Addendum, and Privacy Policy, as well as in articles and educational resources. |
The right of access |
If requested by an EU citizen, you have an obligation as a data controller under GDPR to inform your invitee (often referred to as "data subjects") what personal data is being held and for what purposes. To fulfill this request, you can export your event details, filter, and provide the resulting data to your invitee. |
The right to rectification ('right to correction') |
If an invitee contacts you regarding an inaccuracy in their email address for an upcoming event, you can edit it from the Scheduled Events tab on your Home page. Just click the "details" section for your upcoming event then click on the pencil icon to edit. For other requests regarding personal data that needs to be corrected, please contact us. |
The right of erasure (the 'right to be forgotten') |
Please notify us if you have been contacted by one of your invitees with a deletion request. Unless we have reasonable grounds to refuse the erasure, we will work to remove the personal data in question securely. We will also communicate the erasure to our third-party subprocessors. |
The right to restrict processing |
Please contact us and we will do our best to comply with your invitee's objection. Please note that this may require deletion of their data, as we process data to provide the Calendly service to both you and your invitees. |
The right to data portability |
To fulfill this request, you can export your event details, filter, and provide the resulting data to your invitee. |
The right to object |
For Calendly invitees (who are not also Calendly users), please be assured that we do not use the email addresses that they provide when scheduling a meeting for any marketing or promotional purposes. Your EU invitees can withdraw consent from the use of cookies at any time. To learn more, please visit our Cookies FAQ. If you integrate Calendly to share invitee information with another application, we designate invitees in GDPR countries as "transactional contacts" so their information is only used to send information about orders, shipments, test message, etc., unless they explicitly opt-in to future, marketing-related emails. |
Automated decision-making and profiling |
Calendly does not make decisions that have a legal (or similar effect) on you or your invitees via automatic processing. |