ESP

Privacy Policy, Data Protection and Cookies

Version 1.0

Last updated: 25 November 2025

1. IDENTITY OF THE DATA CONTROLLER

In compliance with Regulation (EU) 2016/679 (GDPR), Organic Law 3/2018 (LOPDGDD) and other applicable legislation, users are informed that the personal data processed through the Bookniapp digital platform are controlled by:

Miquel Puente Matute

Tax Identification Number (NIF): 43571582Z

Address: C/ Cinca 104, 7º 3ª, 08030 Barcelona, Spain

Contact email: info@bookniapp.com

The Controller ensures full compliance with current data protection regulations.

2. CATEGORIES OF PERSONAL DATA PROCESSED

Bookniapp may process the following categories of personal data:

2.1. Data provided directly by the User

  • First and last name
  • Email address
  • Phone number (optional)
  • Password (encrypted; never accessible in plain text)
  • Profile image (optional)
  • Business information (for Business accounts)
  • Photos or multimedia content uploaded to the platform
  • Professional data optionally provided by the User:
    – professional status (isProfessional)
    – identification document (DNI/NIF)
    – business name
    – fiscal address

2.2. Data generated through the use of the Platform

  • Booking history
  • Calendars and schedules
  • Internal business notes
  • Push notification tokens
  • IP address
  • Device identifiers
  • Operating system, browser and device model
  • Activity logs (access logs, errors, technical events)

2.3. Location data

  • Approximate or precise geolocation (with the User’s permission)
  • Business addresses on maps
  • Coordinates generated through Google Maps APIs

2.4. Third-party data entered by Businesses

Businesses may upload or manage data belonging to their own clients, such as:

  • Name
  • Phone number
  • Email address
  • Booking history
  • Internal notes

In these cases, the Business acts as the data controller, and Bookniapp acts as the data processor.

2.5. Communication data

  • Emails exchanged with Bookniapp
  • Support interactions
  • WhatsApp communication

3. PURPOSES OF THE PROCESSING

Personal data will be processed for the following purposes:

3.1. Core functionalities of the service

  • Creation and management of the User account
  • Management of bookings between Clients and Businesses
  • Management of calendars, schedules and availability
  • Display of nearby businesses using geolocation
  • Sending appointment reminders and push notifications
  • Real-time synchronisation of Platform data across devices

3.2. Administrative, contractual and legal purposes

  • Providing and maintaining the contracted service
  • Ensuring system security, stability and availability
  • Preventing fraud and unauthorised access
  • Complying with legal, tax and accounting obligations

3.3. Personalisation, continuous improvement and new features

Data may be processed to:

  • Personalise the User experience
  • Conduct statistical and usage analysis
  • Improve navigation, performance and system stability
  • Detect technical issues and optimise functionalities
  • Develop, test and implement new features, tools or services within Bookniapp
  • Enhance the performance of both the website and mobile applications

These operations may involve anonymised or pseudonymised data whenever possible.

3.4. Commercial communication

  • Sending newsletters (only to Users who subscribe voluntarily)
  • Sending promotional or commercial messages (with explicit consent)

3.5. Communication of Data to Businesses for Reservation Management

When a User makes a reservation, Bookniapp communicates the data strictly necessary to the selected Business in order to manage the reservation.

The Business will receive the following Client data: full name, email address, phone number, any notes or comments provided by the Client, and in the case of professional Users, the relevant fiscal information (identification document, business name and fiscal address).

The purpose of this communication is to allow the Business to execute, confirm, modify or cancel the reservation, manage the relationship with the Client, and issue documentation where required.

4. LEGAL BASIS FOR THE PROCESSING

The legal bases for processing are:

a) Performance of a contract

For:

  • account and profile management,
  • booking management,
  • notification services,
  • access to the Platform,
  • including the communication of Client data to the Business for reservation management.

b) User consent

For:

  • newsletters and marketing communications,
  • analytics cookies (non-essential),
  • geolocation,
  • push notifications,
  • mobile app permissions.

c) Legitimate interest

For:

  • security and fraud prevention,
  • service improvements,
  • anonymised analytical insights,
  • platform performance optimisation.

d) Legal obligation

For:

  • retention of records,
  • accounting and tax compliance,
  • obligations imposed by authorities.

5. DATA RETENTION

Personal data will be retained:

  • for the duration of the contractual relationship,
  • while the User maintains an active account,
  • as long as required by legal or tax obligations,
  • and, where applicable, for up to 5 years for audit or fraud-prevention purposes.

Booking history may be retained in anonymised form even after account deletion, when necessary for the functionality of the Platform.

6. RECIPIENTS AND TECHNICAL SERVICE PROVIDERS

To provide Bookniapp’s services, data may be shared with service providers acting as data processors, including:

6.1. Infrastructure and backend

  • Supabase
  • Google Cloud Run
  • Firebase Authentication

6.2. Geolocation and Maps

  • Google Maps Platform (Maps, Geocoding, Places APIs)

6.3. Analytics

  • Google Analytics 4
  • Google Search Console

6.4. Communications and payments (current or future)

  • Push notification services (APNS, FCM)

6.5. Website hosting

  • Hostinger
  • WordPress

6.6. Communication of Data to Businesses with Which the User Makes a Reservation

When a User makes a reservation, the corresponding Business becomes the data controller for the Client information it receives.

Bookniapp acts solely as a technological intermediary and does not control or supervise the subsequent processing carried out by the Business.

All service providers implement GDPR-compliant safeguards, including Standard Contractual Clauses (SCC) where necessary.

7. INTERNATIONAL DATA TRANSFERS

Bookniapp may transfer personal data outside the European Economic Area due to the use of certain third-party providers, particularly in:

  • The United States
  • Other jurisdictions recognised under GDPR-compliant agreements

These transfers rely on:

  • Standard Contractual Clauses approved by the European Commission
  • Additional security measures
  • Data encryption in transit and at rest
  • Risk assessment in accordance with GDPR requirements

8. USER RIGHTS

Users may exercise the following rights at any time:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to object
  • Right to data portability
  • Right to restriction of processing
  • Right to withdraw consent
  • Right to lodge a complaint with the relevant Data Protection Authority

To exercise these rights, Users may contact: info@bookniapp.com

The supervisory authority in Spain is the Spanish Data Protection Agency (AEPD).

9. SECURITY AND CONFIDENTIALITY

Bookniapp applies appropriate technical and organisational measures, including:

  • encryption of data in transit and at rest,
  • secure authentication mechanisms (Firebase/Auth),
  • role-based access controls,
  • activity logging and audit trails in Supabase,
  • secure hosting on Google Cloud,
  • firewalls and intrusion prevention systems,
  • regular backups and redundancy.

10. PRIVACY IN THE MOBILE APPLICATION

The Bookniapp mobile application may request access to:

  • Geolocation 
  • Push notifications
  • Camera
  • Photos/media files

Permissions may be revoked by the User at any time through the device settings.

11. MINORS

Use of the Platform is strictly limited to Users aged 18 or older.

Bookniapp does not knowingly collect or process data from minors.

Accounts identified as belonging to minors will be suspended or deleted.

12. AUTOMATED DECISION-MAKING AND PROFILING

Bookniapp does not engage in automated decision-making that produces legal or similarly significant effects.

The Platform may use basic logic for:

  • displaying nearby businesses
  • sorting results by relevance
  • sending automated reminders

These do not produce significant effects on the User.

13. COOKIES

The Bookniapp website uses cookies:

a) Technical cookies (essential)

Necessary for platform operation and security.

b) Analytical cookies

Used to analyse website usage (Google Analytics).

Consent is required unless anonymised.

Users may manage or withdraw consent using the cookie banner.

14. CHANGES TO THIS POLICY

Bookniapp may update this Privacy Policy at any time.

Any significant changes will be communicated clearly to Users.

15. CONTACT

For privacy-related questions or rights requests send us an emal to info@bookniapp.com

Catalunya, España

Todos los derechos ©2025 Bookniapp

Legal

Política privacidad y Cookies

Términos y condiciones

Ayuda y FAQs

Síguenos

Scroll al inicio