Privacy Policy

1. Data controller

The data controller is Francesco Capriotti, a natural person. Reference address: CC San Blas, Tenerife, Spain. Privacy contact email: timegestioni@gmail.com. Data Protection Officer: not appointed.

2. Data we collect

• When you submit a booking request, the form collects your full name, email address and phone number.
• The booking request also includes the selected partner company, selected date and time, session duration, and the language/locale used on the site.
• No visitor account or login is created for booking.
• No payment is taken on the site and no card or payment data is collected.
• Essential cookies may be used for functions such as language/locale preference.

3. Why we use the data and legal bases

• To receive and manage your booking request, including the selected partner, date/time and session duration. Legal basis: steps requested by you before an appointment is confirmed, GDPR Article 6(1)(b).
• To share the booking data with the selected partner company so they can confirm and fulfil the appointment. Legal basis: steps requested by you before an appointment is confirmed, GDPR Article 6(1)(b).
• To send transactional emails about the booking request: booking received and pending, booking confirmed, or booking not confirmed in time / expired. Legal basis: steps requested by you before an appointment is confirmed, GDPR Article 6(1)(b).
• To operate the website, backend and essential language/locale functionality. Legal basis: legitimate interest in providing a functional and secure website, GDPR Article 6(1)(f).
• To meet legal obligations where they apply. Legal basis: GDPR Article 6(1)(c).

4. Recipients and processors

• The selected partner company receives the booking data needed to confirm and fulfil the appointment.
• The operator's own Keope CRM backend stores the booking and customer record.
• Vercel provides hosting and infrastructure for the site and backend.
• Neon provides the PostgreSQL database where data is stored.
• Resend sends transactional emails to the email address provided.
• No advertising or third-party tracking is currently used.

5. International transfers

Some technical providers, such as hosting, database or email services, may process data through infrastructure or subprocessors also outside the EEA. In those cases, processing is carried out under their data processing terms and the safeguards required by the GDPR, including adequacy decisions or Standard Contractual Clauses where needed.

6. Retention

• Unconfirmed booking requests automatically expire after 24 hours and are marked as expired.
• Customer and booking records are retained in the CRM only for as long as needed to manage requests, appointments, support and applicable legal obligations.

7. Your GDPR rights

• You may request access to your personal data.
• You may request rectification of inaccurate or incomplete data.
• You may request erasure of your data where the legal requirements are met.
• You may request restriction of processing where the legal requirements are met.
• You may object to processing based on legitimate interests.
• You may request data portability where it applies.
• You may lodge a complaint with a supervisory authority. For the site currently aimed mainly at Spain, the reference authority is the Agencia Espanola de Proteccion de Datos (AEPD).

8. Wellness and non-medical context

Keope is presented as a wellness method for relaxation, posture, circulation and recovery. It is not medical treatment, diagnosis or therapy.

9. Contact

For privacy requests, contact timegestioni@gmail.com.

10. Analytics

No analytics are currently used.