Privacy Policy
1. Who we are
AlwaysOn Booking ("we", "us", "our") provides a done-for-you communication and booking automation service for UK tradespeople and small businesses. We operate at alwaysonbooking.co.uk.
We act as a data controller for personal data you provide to us directly. Where we process end-customer data on behalf of our clients, we act as a data processor.
Contact us at: lee@alwaysonbooking.co.uk
2. Data we collect
- Name and job title
- Business name, address, and website
- Email address and telephone number
- Payment information (processed securely - we do not store card details)
- Name and contact information (phone number, email)
- Appointment booking details
- Messaging history (SMS, Facebook, Google Business)
- IP address and browser information
- Pages visited, time on site, referral source
3. How we use your data
We use personal data to:
- Provide and manage your AlwaysOn Booking subscription
- Set up and configure your booking calendar, messaging automations, and lead management
- Send automated appointment reminders and confirmations on your behalf
- Process payments and issue invoices
- Respond to enquiries and provide support
- Send service-related communications
- Improve our service and website
4. SMS communications
AlwaysOn Booking uses automated SMS messaging via GoHighLevel/LeadConnector to deliver appointment reminders, confirmations, missed-call text-backs, and review requests on behalf of clients.
Appointment reminders, booking confirmations, and missed-call responses are transactional messages. Under PECR, explicit opt-in consent is not required for transactional messages, but customers must be informed at the point of booking that they will receive these communications.
Review request messages are sent to customers after a job is completed under the PECR soft opt-in rule. Recipients can opt out at any time by replying STOP.
Any individual who receives SMS communications via our platform may opt out at any time by replying STOP. Requests will be actioned promptly.
Our SMS infrastructure is provided by GoHighLevel/LeadConnector. See the LeadConnector Privacy Policy.
5. Legal basis for processing
We process personal data under the following lawful bases (UK GDPR Article 6):
- Contract - processing necessary to provide services you have subscribed to
- Legitimate interests - delivering transactional communications and improving our service
- Consent - where we send marketing communications
- Legal obligation - where required by applicable law
6. Sharing your data
We do not sell your personal data. We may share data with:
- GoHighLevel/LeadConnector - our core platform provider, certified under the EU-US Data Privacy Framework including UK extensions
- Payment processors - to process subscription fees securely
- Analytics providers - to understand how our website is used
- Professional advisors - where required for legal or financial compliance
7. Data retention
- Active client data: duration of subscription plus up to 2 years after it ends
- Enquiry data: up to 12 months if no contract is entered into
- Financial records: 7 years as required by UK law
- Website analytics: up to 26 months
8. Your rights
Under UK GDPR you have the right to:
- Access - request a copy of the personal data we hold about you
- Rectification - ask us to correct inaccurate or incomplete data
- Erasure - request deletion of your personal data
- Restriction - ask us to limit how we process your data
- Portability - receive your data in a machine-readable format
- Object - object to processing based on legitimate interests or direct marketing
To exercise any right, contact lee@alwaysonbooking.co.uk. We will respond within 30 days.
To make a complaint, contact the Information Commissioner's Office (ICO): ico.org.uk | 0303 123 1113
9. Security
We take appropriate technical and organisational measures to protect your personal data. Our platform provider GoHighLevel maintains ISO 27001 certification and implements encryption, access controls, and role-based authorisation. In the event of a data breach, we will notify the ICO within 72 hours where required.