Published by Calendly - May 22, 2018

EU citizens and global businesses, we’ve got you covered for GDPR

Calendly’s GDPR roadmap and commitment to data transparency.

We understand the importance of incorporating standards put forth by the General Data Protection Regulation (GDPR) into our data practices and making sure our customers, whether citizens of the EU or businesses that use Calendly with European customers, feel secure to continue using Calendly. GDPR gives EU citizens more control, choices and rights over how their data is used and puts forth guidelines for the collection and processing of data for businesses.

We’ve been working hard these past few months to prepare for GDPR. After a thorough review of our approach to storing, handling and processing data, we’ve made changes to our terms and policies so all of our customers, whether abroad or in the United States, feel confident in continuing to use Calendly and have a greater understanding of their options for controlling personal data within Calendly.

Calendly’s GDPR Roadmap

*Read Calendly’s Terms of Use and Privacy Policy.

We look forward to continuing to build on our commitment to data security and privacy. If you have any questions about how GDPR affects you as a customer, our support team is happy to help.

  • Sebastian Jabbusch 🇪🇺 – Kommun

    It would be great if you could my clients know, that if they use Calendly they give me data and that they need to accept that.

    • Calendly

      Sebastian –

      Here to help as much as I can! I would suggest the same thing for you as I did for Diego (above ^). The best way to let your clients know and ask them to accept is to create a new required custom question that includes a link to your privacy policy. I would recommend using radio buttons instead of check boxes since that will let your invitees only select one option, see here: https://monosnap.com/file/85NG4evImgjqn3ZOwTP1fL26Qu6XXN

      Currently, you are unable to hyperlink within our custom questions. If your privacy policy link is long and you don’t aesthetically like the look of it in your question, you can always use bitly.com to shorten your link!

      Let me know if you have any other questions or feel free to reach out to our support team directly at support@calendly.com

      • Sharon Gardner

        Hi,

        I love the simplicity of calendly and it’s good to know you are taking GDPR seriously. Although, unless I am misunderstanding, your privacy policies need to be linked to by you and users need to check a box to notify you that they accept your stated treatment of their data. Personal information is being submitted to your databases and you are storing and processing it. Therefore, as I understand it, you are responsible for ensuring that data subjects explicitly accept your terms and policies.

        For an example, see the disqus signup form under each of these comments…

  • Diego Durante

    First of all thank you guys for the good job you do, I really like your product.
    Regarding GDPR I am happy to know that you are committed to be compliant with it, but there is still one big issue that prevent real businesses to use Calendly while keeping compliant to GDPR: there is no way to add a checkbox/flag with hyperlinks to the form.
    This is a big issue that make Calendly no compliant with GDPR.

    I am really sorry to say this but as first thing you should allow your customers to add flags to the form, where first flag must be required and must contains hyperlinks to the privacy policy and terms and conditions of the customer.
    I really hope you will soon add this feature, until that we can’t use anymore Calendly.

    • Calendly

      Diego –

      Happy to help you with this! We’ve had many users write in about creating a custom question to have invitees read and accept a new privacy policy. You can create a new required custom question that includes a link to your privacy policy. I would recommend using radio buttons instead of check boxes since that will let your invitees only select one option, see here: https://monosnap.com/file/85NG4evImgjqn3ZOwTP1fL26Qu6XXN

      Currently, you are unable to hyperlink within our custom questions. If your privacy policy link is long and you don’t aesthetically like the look of it in your question, you can always use bitly.com to shorten your link!

      I hope this helps! Let me know if you come across any other questions!

      • Richard de Nys

        That’s really not an adequate solution, Calendly. To manually add a custom question to every event type, and given we have a team account with many users – to expect them all to add the same question to every one of their events. And then to ensure on an ongoing basis that question is in place in all cases. It’s not an effective way to ensure compliance.

        • Calendly

          Hi Richard,

          Thank you for writing in with your feedback! Our team is looking into a solution, and we’ll be sure to keep you updated if the requested feature is implemented in the future.

  • Isabelle Kathrin Mall

    Thanks for the info regarding your efforts to comply with GDPR. What I am missing is the option to sign the data processing addendum and send it back to you. In one of your emails it was stated that this is not necessary, but in my point of view this doesn’t make the use of calendly compliant with GDPR.

    • Calendly

      Hi Isabelle,

      We are happy to sign offline copies of our DPA for current customers. If you email us at support@calendly.com (and either email from your user email or let us know what your current user email is so that we can verify that you are a current user), we can certainly process that request for you!

  • Tim Ebert

    Hi guys, I really like your product and it’s awesome that you are trying to comply with GDPR. But the one thing preventing us to really use Calendly is that you guys are not certified under the EU-US-Privacy-Shield. Or are you? I did not find you guys in the list on https://www.privacyshield.gov/list. Best, Tim

    • Calendly

      Hi Tim,

      We’re so glad you enjoy using Calendly! Thanks for reaching out.

      We have incorporated the Standard Contractual Clauses into our Data Processing Agreements as our transfer mechanism, an approved safeguard and a recognized alternative to Privacy Shield, and we are actively examining self-certification under Privacy Shield.

      Additionally, our sub processors of data are either Privacy Shield certified or have signed Data Processing Addendums (DPA) with Calendly.

      We’re monitoring the legal challenges (https://www.eaccny.com/news/member-news/digital-rights-ireland-challenges-eu-us-privacy-shield/) to the Privacy Shield framework but are continuing to explore whether we will certify to the framework. In the meantime, the Standard Contractual Clauses ensure that adequate safeguards are in place for any onward transfers of personal data to Calendly.

      We hope this helps! Let us know if you have any further questions.