Zimun

Privacy Policy

This Privacy Policy describes how personal data is processed when using this Service.

Last updated: 2025-11-21

Data Controller (Art. 4(7) GDPR)

Germany
Email: info@zimun.online

1. Introduction

This Privacy Policy describes how personal data is processed when using this website (“Service”). The Service enables end-users to schedule appointments with Service Customers (businesses using the platform). All processing is carried out in accordance with the General Data Protection Regulation (GDPR) and applicable national laws.

2. Categories of Data Processed

2.1 Technical Access Data

When accessing the Service, the hosting provider (Google Cloud Platform, EU region) automatically processes:

  • IP address
  • Date and time of access
  • Browser type and version
  • Operating system
  • Referrer URL
  • Transferred data volume
  • HTTP status codes

Legal basis: Art. 6(1)(f) GDPR.

3. Appointment Scheduling & Related Communications

3.1 Data Required for Appointment Scheduling

When scheduling an appointment, users provide:

  • Name
  • Email address
  • Selected service/customer
  • Chosen appointment time
  • Optional information added to the form

This data is required to complete and manage the booking. Appointment data is stored for one (1) month after the appointment date to allow the Service Customer to perform necessary administrative, follow-up, or verification processes.

3.2 Appointment Emails & Reminders

The Service sends confirmations, reminders, updates or changes, cancellations, and other messages strictly required to provide the appointment service. Legal basis: Art. 6(1)(b) GDPR. No marketing messages are sent without explicit consent.

3.3 Roles and Responsibilities

  • The platform operator acts as the data controller for processing necessary to schedule appointments.
  • The Service Customer is an independent data controller regarding the delivery of the booked service itself.

4. User Accounts and Authentication

Users may log in through Google OAuth or Microsoft OAuth. Data transmitted may include: email address, name/display name, provider-specific user ID, and (optionally) profile picture (Google). These providers act as independent controllers. No passwords are stored by the Service. Legal basis: Art. 6(1)(b) GDPR.

5. Optional Analytics (Deactivated by Default)

Analytics tools remain disabled unless the user explicitly opts in. If enabled, analytics run exclusively with user consent (Art. 6(1)(a) GDPR).

6. Cookies and Local Storage

The Service uses only strictly necessary cookies to maintain session functionality and user preferences. Legal basis: Art. 6(1)(f) GDPR.

7. Data Storage Location

Data is stored exclusively in Google Cloud Platform EU Datacenters, under an Art. 28 GDPR Data Processing Agreement.

8. Data Sharing

Data is shared only with:

  • Google Cloud Platform (processor)
  • Google/Microsoft when using OAuth login
  • The Service Customer, solely for executing the booked appointment
  • Authorities when legally required

No data is sold or shared for advertising.

9. Retention Periods

  • Technical logs: 30 days
  • Appointment data: retained for one (1) month after the scheduled appointment date, then deleted or anonymized
  • User account data: until the user deletes their account
  • Analytics data: retained only while consent is active

10. User Rights (Art. 12–23 GDPR)

Users have the right to access, rectification, deletion, restriction, portability, withdrawal of consent, and objection. Requests may be submitted via the contact details above.

11. Security Measures

The Service applies security measures pursuant to Art. 32 GDPR: HTTPS, encryption at rest (Google Cloud), access controls, monitoring and audit logs.

12. Contact

For privacy enquiries: info@zimun.online