This GDPR Privacy Policy explains how JKZ NETWORK, doing business as BookKei (“BookKei”, “we”, “us” or “our”), processes personal data of individuals located in the European Economic Area (EEA), the United Kingdom (UK), and Switzerland (together, “EU/UK Users”) in accordance with the EU General Data Protection Regulation (“GDPR”) and equivalent local laws.

This GDPR Privacy Policy supplements our general Privacy Policy and Cookie Policy. In case of conflict, this GDPR Privacy Policy will prevail for EU/UK Users.

1. Data Controller

For the purposes of the GDPR, the data controller responsible for your personal data is:

JKZ NETWORK (BookKei)
Puerto Plata, Dominican Republic
Email: support@bookkei.com

If we are required to appoint an EU or UK representative in the future, their contact details will be added to this Policy and published on our website.

2. Scope of This Policy

This GDPR Privacy Policy applies when EU/UK Users:

Visit or browse our website and landing pages;
Create a BookKei account or are added as staff by a business owner;
Make an online booking, purchase, or reservation with a business that uses BookKei;
Connect external calendars (e.g., Google Calendar, Outlook) to our platform;
Interact with our customer support or marketing communications.

Businesses that use our platform (“Merchants” or “Business Owners”) may also act as independent controllers of your personal data. In such cases, their own privacy policies will apply in addition to this one.

3. Categories of Personal Data We Collect

We may collect and process the following categories of personal data about you:

3.1 Account & Profile Data

Full name
Email address
Password (hashed and not visible to us)
Business name and contact details (for owners)
Role (e.g., owner, staff, administrator)

3.2 Booking & Transaction Data

Booking dates, times, and services booked
Location of the business and selected staff member
Customer notes or additional information you choose to provide
Payment status and basic billing information (actual card data is handled by payment processors)

3.3 Calendar & Availability Data

Information imported from connected calendars (busy/available time slots, event titles where applicable)
Manual availability blocks and scheduling preferences

3.4 Communication Data

Messages and emails exchanged through the platform
SMS reminders and notification logs (date, time, recipient number, status)
Support tickets, chats, or other communications with our team

3.5 Technical & Usage Data

IP address and approximate location (based on IP)
Browser type and version, device identifiers, operating system
Log data about how you interact with the platform (pages visited, actions taken, date and time, errors)
Cookies and similar technologies as described in our Cookie Policy

3.6 Marketing & Preference Data

Marketing preferences (email, SMS, push notifications)
Information about your responses to campaigns or messages

3.7 Special Categories of Data

We do not intentionally collect special categories of personal data (such as health data, religious beliefs, or biometric data) through BookKei. If you voluntarily provide such information in booking notes or messages, you do so at your own discretion, and we will process it only as necessary to deliver the requested services and as permitted by law.

4. Purposes and Legal Bases for Processing

Under the GDPR, we must have a legal basis to process your personal data. We generally rely on the following legal bases:

Performance of a contract (GDPR Art. 6(1)(b))
Consent (GDPR Art. 6(1)(a))
Legitimate interests (GDPR Art. 6(1)(f))
Legal obligation (GDPR Art. 6(1)(c))

4.1 Performance of a Contract

We process your data when it is necessary to:

Create and manage your BookKei account;
Enable bookings, payments, calendar synchronization, and reminders;
Provide customer support related to your account or bookings;
Communicate essential information about changes to our services or your account.

4.2 Consent

We rely on your consent to:

Send certain marketing communications via email, SMS, or other channels (where required by law);
Use non-essential cookies and similar technologies for analytics and advertising;
Access certain third-party services (e.g., external calendar providers) when you authorize the connection.

You may withdraw your consent at any time by using the unsubscribe links in our emails, adjusting your account settings, or contacting us at support@bookkei.com. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

4.3 Legitimate Interests

We may process your personal data where it is necessary for our legitimate interests, provided that those interests are not overridden by your fundamental rights and freedoms. These interests include:

Maintaining and improving the security, performance, and stability of our platform;
Understanding how our Services are used to improve features and user experience;
Preventing fraud, abuse, and unauthorized access;
Defending our rights and responding to legal claims;
Marketing BookKei to existing customers (soft opt-in), where permitted by law.

4.4 Legal Obligations

We may process your data when needed to comply with legal obligations, such as tax and accounting rules, regulatory reporting, or responding to lawful requests from public authorities.

5. How We Share Your Personal Data

We may share your personal data with the following categories of recipients, always in accordance with applicable data protection laws:

Business Owners / Merchants: When you make a booking with a business using BookKei, your relevant booking details and contact information are shared with that business so they can manage your appointment.
Service Providers (Processors): Third parties that help us operate the platform, such as hosting providers, payment processors, email and SMS providers, analytics services, and customer support tools.
Calendar Providers: When you connect external calendars (e.g., Google Calendar, Outlook), we communicate with those providers according to your permissions and their APIs.
Professional Advisors: Lawyers, accountants, and consultants who assist us in running our business.
Public Authorities: Where legally required, or where we believe it is necessary to protect our rights, users, or the public.
Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.

We do not sell your personal data to third parties.

6. International Data Transfers

BookKei is based in the Dominican Republic, and many of our service providers are located outside the EEA/UK, including in the United States and other countries. This means that your personal data may be transferred to, and processed in, countries that may not provide the same level of data protection as your home jurisdiction.

Where required by GDPR, we implement appropriate safeguards for international transfers, such as:

Standard Contractual Clauses (SCCs) approved by the European Commission;
Contractual commitments requiring recipients to protect your personal data;
Technical and organizational measures to protect data in transit and at rest.

You may contact us if you would like more information about the specific safeguards applied to the export of your personal data.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, including for the purposes of satisfying any legal, accounting, or reporting requirements.

In general, we use the following criteria to determine retention periods:

Account data: Retained for as long as your account is active and for a reasonable period afterward, unless you request deletion or we are required to retain it by law.
Booking and transaction data: Retained for the duration of the business relationship and in accordance with tax and accounting laws (usually 5–10 years in many jurisdictions).
Calendar and availability data: Retained while synchronization is enabled and for a limited period afterward for logs and troubleshooting.
Marketing data: Retained until you opt out or withdraw consent, plus a short period to record your preference.
Technical logs and security data: Retained for a limited period necessary for security monitoring, incident response, and legal defense.

When we no longer need personal data, we will delete or anonymize it in a secure manner.

8. Your Rights Under GDPR

As an EU/UK User, you have certain rights regarding your personal data, subject to applicable law and some limitations:

Right of access: You can request confirmation as to whether we process your personal data and obtain a copy of that data.
Right to rectification: You can request that inaccurate or incomplete personal data be corrected.
Right to erasure (“right to be forgotten”): You can request deletion of your personal data in certain circumstances (for example, when it is no longer needed for the purposes for which it was collected).
Right to restriction of processing: You can ask us to restrict processing of your data in specific situations (for instance, while we verify accuracy or handle an objection).
Right to data portability: You can request that we provide your personal data in a structured, commonly used, machine-readable format and, where technically feasible, transmit it to another controller.
Right to object: You can object to processing based on our legitimate interests, including direct marketing. If you object to direct marketing, we will stop processing your data for that purpose.
Right to withdraw consent: Where we rely on your consent, you may withdraw it at any time. This will not affect processing carried out before withdrawal.
Rights regarding automated decision-making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless permitted by law and subject to appropriate safeguards.

To exercise any of these rights, please contact us at support@bookkei.com. We may need to verify your identity before responding to your request.

9. Complaints to Supervisory Authorities

If you believe that our processing of your personal data infringes applicable data protection laws, you have the right to lodge a complaint with your local data protection authority. You can find contact details for EU data protection authorities at https://edpb.europa.eu .

We would, however, appreciate the chance to address your concerns first, so please contact us before contacting a supervisory authority.

10. Security of Your Personal Data

We use appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include, where appropriate:

Encryption of data in transit and at rest when feasible;
Access controls and authentication mechanisms for staff and administrators;
Logging and monitoring of critical systems;
Regular security updates and vulnerability patches;
Internal policies and staff training on data protection and security.

Despite these measures, no system can be completely secure. You are responsible for keeping your account credentials confidential and for notifying us promptly if you suspect any unauthorized access to your account.

11. Children’s Data

Our Services are not intended for children under the age of 16, and we do not knowingly collect personal data from children under 16 without appropriate parental consent where required by law. If you believe that a child has provided us with personal data without consent, please contact us so that we can take appropriate action.

12. Changes to This GDPR Privacy Policy

We may update this GDPR Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make material changes, we will update the “Last Updated” date at the top of this page and, where appropriate, notify you through the platform or by email.

Your continued use of our Services after the effective date of any changes indicates your acceptance of the revised GDPR Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this GDPR Privacy Policy or our data protection practices, you can contact us at:

Email: support@bookkei.com
Postal Address: JKZ NETWORK (BookKei), Puerto Plata, Dominican Republic