To the extent any of the above rights are applicable, you may exercise your rights by contacting us at
. We will take steps to verify your identity before processing certain requests. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we collected Personal Data. If you have an Account with us, we will use our existing Account authentication practices to verify your identity. If you do not have an Account with us, we may request additional information about you to verify your identity. We will only use the Personal Data provided in the verification process to verify your identity or authority to make a request and to track and document request responses, unless you initially provided the information for another purpose. Calendly will retain the relevant records associated with your request to demonstrate our compliance in accordance with reasonable retention periods.
Based on your jurisdiction, you may be able to use an authorized agent to submit a rights request on your behalf. When we verify your agent’s request, we may verify both your and your agent’s identity and request a signed document from you that authorizes your agent to make the request on your behalf. To protect your Personal Data, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf.
Certain laws may give you a right to appeal any denials of your request to exercise your rights. If we deny your request and you would like to submit an appeal, please contact us at
.
Our Website may contain links to third-party websites and applications. Subject to your opt-out or consent preferences, we may also use third-party advertisers, ad networks, and other advertising, marketing, and promotional companies, to serve advertisements on our Website. Any access to and use of such linked websites and applications is not governed by this Privacy Notice but instead is governed by the privacy policies of those third parties. We do not endorse these parties, their content, or any products and services they offer, and we do not endorse these parties, their content, or any products and services they offer, and we are not responsible for the information practices of such third-party websites or applications.
Security and Storage of Information
Given the nature of communications and information processing technology, there is no guarantee that Personal Data will be absolutely safe from access, alteration, or destruction by a breach of any of our physical, technical, and managerial safeguards. However, Calendly takes the security of your Personal Data very seriously. We work hard to protect the Personal Data that you provide from loss, misuse, unauthorized access, or disclosure and we have taken reasonable steps to help protect the Personal Data we collect. We have obtained industry-recognized certifications and audits such as the ISO/IEC 27001, which affirm our commitment to our security program (certification not applicable to the Prelude service). More information on Calendly security and storage practices is available here.
You should also take steps to protect against unauthorized access to your device and account by, among other things, choosing a unique and complex password that nobody else knows or can easily guess and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.
We retain the Personal Data we collect for so long as is reasonably necessary to fulfill the purposes for which the data was collected, to perform our contractual and legal obligations (including any exemptions or exceptions contemplated by law), and for any applicable statute of limitations periods for the purposes of bringing and defending claims.
Users Outside the USA
Our application and database servers are located here in the United States.
If you are an individual located in the European Economic Area, the United Kingdom, Canada or another jurisdiction outside of the United States with laws and regulations governing Personal Data collection, use, and disclosure that differ from United States laws, please be aware that information we collect (including through the use of methods such as Cookies and other web technologies) will be processed and stored in the United States or in other countries where we or our third-party Service Providers have operations. By submitting your Personal Data to Calendly and using Calendly, you expressly consent to have your Personal Data transferred to, processed, and stored in the United States or another jurisdiction which may not offer the same level of privacy protection as those in the country where you reside or are a citizen. (For a list of applicable jurisdictions, you may check our subprocessors list.)
In connection with the operation of its Website, Calendly may transfer your Personal Data to various locations, which may include locations both inside and outside of the European Economic Area. We rely on the EU-U.S. Data Privacy Framework and Standard Contractual Clauses and the UK Addendum to legally transfer Personal Data submitted relating to individuals in the European Economic Area, the United Kingdom and Switzerland.
Calendly has designated representatives in the European Economic Area and in the United Kingdom in accordance with the applicable requirements in the GDPR and UK GDPR. If you are located in these jurisdictions, you can contact our representatives at any time with any questions you may have about data protection. Their contact details are found in the “Contacting Us” section below.
EU-U.S. Data Privacy Framework Notice
Calendly, LLC and its affiliate Interview Schedule, Inc. d/b/a Prelude (collectively referred to in this section as “Calendly” or “we”) comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Calendly has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Calendly has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit
https://www.dataprivacyframework.gov/
.
In compliance with the DPF principles, when we transfer Personal Data to a third party acting as our agent, we will be liable under the Principles if our agent processes such Personal Data in a manner inconsistent with the Principles unless we prove we are not responsible for the event giving rise to the damage. We may be required to disclose your Personal Data in response to a lawful request made by public authorities, including to meet national security or law enforcement requirements.
The Federal Trade Commission has jurisdiction over Calendly’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Calendly commits to resolve DPF Principles-related complaints about our collection and use of your Personal Data. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of Personal Data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Calendly at the contact methods set out in the “Contacting Us” section at the end of this Privacy Notice. Our goal is to address your complaint and make it right. However, if we can’t resolve your complaint, you may contact JAMS, our U.S.-based third-party dispute resolution provider at
https://www.jamsadr.com/DPF-Dispute-Resolution
(free of charge). You may also contact your local data protection authority within the European Economic Area, United Kingdom or Switzerland (as applicable) for unresolved complaints. It is also possible, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. Please see the Data Privacy Framework Annex I for more information on this option.
Additional California Resident Privacy Disclosures
Under the California Consumer Privacy Act of 2018 and any subsequent amendments including the California Privacy Rights Act of 2020 (collectively, “CCPA”), California residents are entitled to the following additional disclosures about our data processing. These disclosures apply solely to Users, Visitors, and Invitees who live in the State of California (“California Residents”). All terms used in this section have the same meaning as when used in the CCPA. California Residents may also review our Notice at Collection for our Website here.
In the preceding 12 months, we have collected the categories of Personal Data: identifiers, personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)); commercial information; and internet or other similar network activity. The purposes for which we have collected Personal Data and the sources of that information are described above in the Information we Collect and the How We Use Your Information sections above.
In the preceding 12 months, we have disclosed Personal Data for a business purpose as detailed in the With Whom We May Share Your Information section above.
We may also sell or share information to the extent our use of cookies and tracking technologies for targeted advertising constitutes a “sale” under the CCPA/CPRA. Your opt-out rights are described in the Your Rights and Choices section above. In the preceding 12 months, we have sold or shared the following categories of Personal Data with our targeted advertising service providers and partners: identifiers and internet or other similar network activity.
We do not knowingly sell the Personal Data of minors under age 18.
For an explanation of the rights you may have as a California resident, please see the Your Rights and Choices section above. We will attempt to respond to California Resident requests in as timely a fashion as possible. In the event of delays over 45 days, we will inform you of the reason and extension period in writing. If you have an account with us, we may deliver our written response to that account. Any disclosures we provide will only cover the 12-month period preceding the verifiable receipt of a California Resident’s request unless you request otherwise and that time period meets the regulatory requirements. The response we provide will explain the reasons we cannot comply with a request, if applicable.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before fulfilling your request.
This Privacy Notice describes how we may share your information, including for marketing purposes. California residents are entitled to request and obtain from us once per calendar year information about any of your Personal Data shared with third parties for their own direct marketing purposes, including the categories of information and the names and addresses of those businesses with which we have shared such information. To request this information and for any other questions about our privacy practices and compliance with California law, please contact us at
.
Changes to this Privacy Notice
This Privacy Notice is current as of the Effective Date set forth above. This Privacy Notice may change if there is a material change to the way information is handled at Calendly, or to clarify our Notice or adjust clerical errors. If any changes are made, we’ll post them on this page, so please be sure to check back periodically. If you continue to use Calendly after those changes are in effect, you agree to the revised Privacy Notice.
This Privacy Notice was updated on:
January 2023 – to improve flow, include required information to comply with newer requirements (e.g., CPRA), add clarification on scope, correct mailing and email addresses and expand on GDPR-specific information (e.g., clarity on the legal bases Calendly uses to process information).
March 2023 – to include EU and UK representative contact information.
May 2023 - to clarify terms, integrate processing details around the Prelude service in the notice, add reference to the ISO/IEC 27001 certification, and update Calendly’s entity information.
June 2023 - to add information about opting out of MNTN, add links to advertising organizations that allow consumers to opt out of targeted advertising, and adding reference to Colorado and Connecticut privacy laws
November 2023 - updates to comply with Calendly’s certification to the EU-U.S., UK, and Swiss Data Privacy Framework
March 2024 - to clarify how Users, Invitees and Visitors can opt out of cookies, to clarify access request details on retention and timelines from California, to add reference to Utah privacy law, to align definitions with updated Terms, and to add information about Personal Data collected in virtual meetings.
April 2024 - to include information about how to delete local storage.
November 2024 - Updates to the JAMS dispute resolution link and DPF’s binding arbitration page link.