Privacy Policy

The Privacy Policy outlines how we collect, use, and protect your personal information, effective from 21st November 2023.

This Privacy Policy applies between you, the User of this Website, and Priorly LTD, the owner and provider of this website. The Policy applies to our use of any and all Data colleted by us or provided by you in relation to your use of the Website.

Please read the Privacy Policy carefully.

Definitions

The following definitions are used in this Privacy Policy:

"Data" refers to all information submitted to Priorly LTD via the website. This definition incorporates, where aplicable, the definitions provided in the Data Protection Laws.

"Cookies" are a small file placed on your computer when you use certain parts of the website. Details of the Cookies we use can be found below.

"Data Protection Laws" refers to any applicable law relating to the processing of personal Data, including but not limited to the GDPR, and any national implmenting and supplementary laws, regulations and secondary legislation.

"Priorly", "we", "us" or "our" refers to Priorly LTD, a company incorporated in England and Wales with registered number 15113327.

"Website" refers to Priorly.io and any subdomains as well as other websites and online servides that we cover in this Privacy Policy.

"Services" any service we provide to other businesses, which can include our white-label and other integrated booking solutions.

"User" or "you" this depends on why you are using the Website as you may be a Business User, Business Customer or Visitor.

You will be classed as a Business User when you sign up on behalf of a business.

You will be classed as a Business Customer when you do business with a business that uses services provided by us (e.g. when you book with a business that uses us for their booking solution) but are not doing business with us directly.

You will be classed as a Visitor when you are visitng the site and are not logged in.

Depending on how you are using the Website, Priorly will act as a "data controller" and/or "data processor (or service provider)".

Data we collect

The Data we collect will depend on how you are using the wesbite. We collect Data from data you give to us and data that is collected automatically.

Business Users

To provide your business with Services, in order to onboard as a Business user with a business we will need to collect Data the Business including:

• Legal business name
• Trade name
• Business registration number
• Business registration country/region
• Address
• Contact number
• All directors/representatives will also need to provide proof of identity which can be seen below

Each director of a business or if you are signing up as a sole trader we will need to collect the following Data for each person:

• First name
• Middle names
• Last name
• Date of birth
• Occupation
• Country/Region of Citizenship
• Address
• Phone number
• ID document

We will also collect the IP address, date, times and frequency with which you access the Website. This data is collected when you register or login.

Business Customer

When you do business that uses one of our services (e.g. booking via a website that uses one of our solutions). The business will process any Data in accordance with their terms.

Business Users are responsible for their own Privacy Policies and ensuring their Business Customers privacy rights are protected.

We may collect the following information, although the actual information collected will be dependent on the Business User:

• First name
• Middle names
• Last name
• Date of birth
• Occupation
• Country/Region of Citizenship
• Address
• Phone number
• Email address
• IP address

This information may be collected even if you do not complete the booking.

Visitor

If you use our site as a visitor and choose to contact us via form on our Website we may collect any Data you give to us as well as automatically collect your IP address and location.

How we use and share your Data

We may use your Data in the following ways:

• Fraud detection: We use Data collected from Business Users to build a risk profile. This allow Business Users to assess fraud or risk associated with a booking. This can be collected from completed bookings, attempted bookings, attempted order or completed orders.
• Advertising by Business Users: Attempted bookings / completed bookings / attempted orders / completed orders may be used by Business Users to advertise their products services, subject to the terms of their privacy policy. Review their privacy policy to find how they use your data for marketing purposes.

Any Data given to us may be shared with:

• Our payment processor to facilitate payments
• To address legitimate legal process requests from courts, law enforcement agencies, regulatory bodies, and other public and government authorities, which may extend to authorities beyond your country of residence.

Data storage

Unless a longer retention period is required or permitted by law, we will only hold your Data on our systems for the period neccessary to fulfil the purposes outlined in this Privacy Policy or until you request that the Data be deleted.

If you request your Data to be deleted it may persist on backup or archival media for legal, tax or regulatory purposes

Data retention

If you are located in the European Economic Area (EEA) or the United Kingdom, we will store and process your personal data within the EEA (and, for UK residents, within the UK or the EEA). We will not transfer your personal data outside of these areas unless (i) you ask us to, (ii) the transfer is necessary to perform a contract at your request, or (iii) we are legally required to do so. If such a transfer is necessary, we will apply appropriate safeguards (such as the EU Standard Contractual Clauses and/or UK International Data Transfer Addendum) and take reasonable steps to protect your data.

We encourage strong password usage, and do not use the same password for your Priorly account that you use for other website. If you believe your account has been compromised please contact us immediately.

All data is securely stored on our servers distributed globally, and any communication between you and the server or between servers is encrypted by SSL (Secure Sockets Layer).

If the chat service is used, chat data is only stored for the Audit account to access. These messages are not stored in plain text and are stored encrypted. Only the Audit account can decrypt these messages. Any other messages sent are stored encrypted until the other user appears online, when they are downloaded to the users device and deleted from our server.

If the video chat service is used, we only provide a "Peer" system, video calls can only be viewed by the people on the call and no data is collected, some Business Users may use screen recording software to record and keep calls. Check the Business Users privacy policy for information on if they do this.

Call recording & AI transcription

What this covers. Some video/voice calls on our platform can be recorded and transcribed. A banner is shown when recording/transcription is enabled.

Who is the controller.

If a business uses our platform to host calls (e.g., healthcare consultation, personal training, mentoring, education), that business is the data controller for the call content. We act as their data processor.

We are the controller for limited account, security, and service-operation data (see “How we use your data”).

What we process. Call audio, limited technical metadata (timestamps, participants), and the resulting text transcript. Recordings/transcripts may include special-category data (e.g., health information) depending on the call's subject.

Purpose & legal basis (EEA/UK). We process recordings/transcripts on the controller’s documented instructions to provide the recording/transcription feature (GDPR Art. 6(1)(b) or 6(1)(f) as determined by the controller). Where special-category data is involved, the controller must identify a valid Art. 9 condition (e.g., Art. 9(2)(h) for health care or explicit consent). We implement appropriate technical and organisational measures.

Processor & sub-processor. We use DeepInfra to run OpenAI Whisper for speech-to-text. DeepInfra acts as our (sub-)processor under a written data processing agreement; they state GDPR/HIPAA-aligned security controls and describe how they handle data during inference.

Location & transfers.

EEA/UK users: By default we store and process recordings/transcripts within the EEA (and, for UK users, within the UK/EEA). We will not transfer this data outside these areas unless required by law or you/your organisation request it. If a transfer is necessary, we apply appropriate safeguards such as the EU Standard Contractual Clauses and/or the UK IDTA.

Non-EEA/UK users: Data may be processed in other countries with appropriate safeguards.

Retention. Recordings/transcripts are retained only as long as needed for the controller's stated purposes or legal/clinical recordkeeping requirements, then deleted or anonymised.

Your choices. The meeting host controls whether recording/transcription is on. If you do not want a call transcribed, ask the host to disable it. You can exercise your data-protection rights via the controller (the business hosting the call) or by contacting us where we are the controller (see “Your rights”).

HIPAA (if applicable). Where calls involve US protected health information, we enter into a Business Associate Agreement (BAA) with the controller and with relevant processors, and processors may only use/disclose PHI as permitted by the BAA. (Controllers should ensure a suitable HIPAA/GDPR basis before enabling transcription.)

Cookies

We only use the following cookies on our platform:

• Business User Session: These are necessary to use the platform and allow us to identify registered users.
• Business Customer Session: These are necessary to collect the data needed to fill out the booking information and keep the time slot free.
• Functionality: These are used to personalise our content for you and remember your preferences (e.g. your choice of language or region).

Contact us

If you are a Business User and would like to contact us regarding the privacy policy and / or your Data, you can find us at [email protected]. If you are a Business Customer please see their policy and contact them.