Privacy Policy

Effective Date: [Date Policy Becomes Effective, e.g., 1 January 2026]

1. Introduction and Contact Details

**Calendo** (operated by **HexaFlexa**, henceforth referred to as "we," "us," or "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, and process the personal data of our website visitors, customers, and registered users of our smart scheduling service.

Contact Details

**Full Legal Name:** [Your Company Legal Name]
**Email address (for privacy matters):** [Dedicated Privacy Email, e.g., privacy@[yourdomain.com]]
**Postal Address:** [Your Company's Registered Address]
**Data Protection Officer (DPO):** [Name or Title, e.g., Chief Compliance Officer]

2. The Data We Collect and Why

We collect and process various types of personal data, primarily to provide our service, manage user accounts, and comply with legal obligations. We rely on the following legal bases for processing data:

Data Type	Purpose / How We Use It	Legal Basis (GDPR)
Identity Data (Name, email, phone)	To create and manage your service account; to process bookings.	Performance of a contract with you.
Technical Data (IP address, browser type, OS)	To ensure the security and functionality of our website; diagnose system errors.	Our legitimate interests (network security and optimization).
Transaction Data (Payment details, service history)	To process payments for subscription services and track historical bookings.	Performance of a contract and legal obligation (tax/accounting).
Marketing Data (Preferences, survey responses)	To send relevant promotions and news if consent is given.	Consent (Opt-in).

3. Cookies and Tracking Technologies

We use cookies, which are small text files placed on your device, to distinguish you from other users. We classify our cookies as follows:

**Strictly Necessary Cookies:** Required for core site functions (e.g., login, security). These cannot be turned off.
**Analytical/Performance Cookies:** Allow us to recognize and count the number of visitors and see how they move around the site (e.g., Google Analytics). We require your consent for these.
**Marketing Cookies:** Used to track your browsing habits to deliver targeted advertising. We require your explicit consent for these.

You can manage your cookie preferences anytime via the 'Settings' link in the cookie banner, or by adjusting your browser settings.

4. Data Sharing and Transfers

We may share your personal data with the following categories of third parties to help us run our service:

**Service Providers:** [Name of Payment Processor, e.g., Stripe] for payment processing.
**Analytics Providers:** [Name of Analytics Provider, e.g., Google Analytics] for tracking usage.
**Cloud Hosting:** [Name of Hosting Provider, e.g., Amazon Web Services] to store data securely.

If we transfer your personal data outside of the European Economic Area (EEA), we ensure that the same degree of protection is afforded to it by relying on **Standard Contractual Clauses (SCCs)** or the recipient being covered by an adequacy decision.

5. Your Legal Rights (GDPR Rights)

Under data protection laws, you have the right to:

**Right to Access:** Request a copy of the personal data we hold about you.
**Right to Rectification:** Request we correct incomplete or inaccurate data.
**Right to Erasure (Right to be Forgotten):** Ask us to delete your personal data.
**Right to Restrict Processing:** Request we suspend the processing of your data.
**Right to Data Portability:** Request we transfer your data to you or a third party.
**Right to Withdraw Consent:** Withdraw any consent you have previously given.

To exercise any of these rights, please contact us at the email address provided in Section 1.

6. Data Security and Retention

**Data Security:** We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way.

**Data Retention:** We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements. Generally, we keep customer contract data for **[Number]** years after the contract ends.