GDPR and Data Processing
This page describes the roles and data processing rules when a salon uses Groomly for its own clients.
1. Processing roles
For client data entered into Groomly by a salon, the salon is usually the controller. The salon determines why and how it uses the data: appointment booking, client profiles, communication, visit history, and service delivery.
Groomly acts as a processor for that data when storing and processing it to provide the system to the salon. For data related to licensing, payments, support, security, and service administration, BALTO GROOM OOD may act as an independent controller.
2. Subject matter and purpose
Processing is performed so the salon can use Groomly: schedule, online requests, client profiles, visits, photos, notes, notifications, reports, team access, Google Calendar sync, and technical support.
3. Categories of data
- client and owner data: names, phone numbers, notes, and communication;
- pet data: name, breed, coat type, age, weight, photos, behavior, allergies, cosmetics, therapies, and history;
- appointment data: date, time, service, price, groomer, status, payment, no-show, and notes;
- online request data: requested service, requested time, phone, IP address, browser, and reCAPTCHA result when enabled;
- notification data: phone, template, content, status, delivery, seen status, errors, and replies;
- salon user data: name, email, role, active sessions, audit logs, and settings.
4. Salon instructions
Groomly processes client data according to the salon's actions and settings in the system: creating and editing profiles, confirming or rejecting requests, sending notifications, connecting Google Calendar, adding users, and other settings.
5. Salon obligations
The salon is responsible for having a legal basis for processing its clients' data, informing them appropriately, keeping data accurate, managing team access, and using notifications lawfully.
6. Groomly obligations
Groomly processes data to provide, secure, support, and technically improve the service; limits access to the data; applies technical and organizational measures; assists with reasonable salon requests; and does not sell client data.
7. Subprocessors
The service may use subprocessors for hosting, infrastructure, domains, email, backups, Google Calendar, Viber/Infobip, SMS, reCAPTCHA, security, and support. Subprocessors receive only the data needed for the relevant function.
8. International transfers
Where an external service processes data outside the European Economic Area, appropriate contractual, technical, or legal mechanisms are applied where required. Google Calendar use is also subject to the Google API Services User Data Policy.
9. Security
Groomly uses separate client databases, access controls, roles, active sessions, audit logs, signed internal requests, abuse-prevention limits, public booking protection, and runtime files stored outside the public web root. Administrative and technical access is limited by need.
10. Data subject requests
When a salon client requests access, correction, deletion, or another GDPR right, the salon handles the request as controller. Groomly provides technical assistance to the salon where necessary and possible.
11. Incidents
If a data security incident is identified, Groomly informs the affected salon without undue delay where the incident may affect that salon's data. The salon assesses its own obligations toward clients and supervisory authorities, while Groomly assists with available technical information.
12. Return and deletion
Upon termination, the salon may request reasonable assistance with export or deletion where technically possible and not inconsistent with legal obligations, security, backups, or protection of rights. Some technical records may be retained for a limited period for security and accountability.
13. Nature of this page
This page describes the main data processing rules for Groomly. Where a specific salon needs a separate agreement, addendum, or additional personal data processing terms, they may be agreed separately.
14. Contact
For data processing questions: contact@groomly.org