Back to SchedulaSchedula

Draft — pending legal review

This document is a structural placeholder. The final wording must be reviewed and signed off by a qualified data-protection lawyer before it is relied upon.

Your GDPR Rights

How to access, port, correct, or delete your data.

Version 1.0Effective May 7, 2026

Under the EU General Data Protection Regulation (GDPR) and the UK GDPR, you have specific rights over personal data we process about you. This page explains each right and how to exercise it through Schedula.

Access (Article 15)

You have the right to a copy of the personal data we process about you. From your profile, click "Download my data" to receive a ZIP containing one JSON file per data category, plus a README explaining each file. Exports are limited to one per 24 hours and expire seven days after they become available.

Rectification (Article 16)

You have the right to correct inaccurate data. Personal information can be edited directly from your profile. Employment data held by your employer (the tenant) can be corrected by your facility manager.

Erasure (Article 17)

You have the right to ask for your data to be deleted. The action depends on your role: account owners can delete the entire tenant; non-sole managers can erase their personal account; staff can submit an erasure request that is forwarded to facility managers for approval. See the "Delete my account" action in your profile.

Restriction (Article 18)

You have the right to ask us to restrict processing in specific circumstances — for example, while a rectification request is being handled. Contact our Data Protection contact to invoke this right.

Portability (Article 20)

You have the right to receive your data in a structured, machine-readable format and to transmit it to another controller. The "Download my data" export is delivered in JSON for this purpose. Files marked as "portable" in the export README are eligible.

Objection (Article 21)

You have the right to object to processing based on legitimate interest, including marketing communications. Marketing emails are off by default; you can revoke consent at any time from your notification preferences.

Withdraw consent

Where processing is based on consent (e.g., WhatsApp messages, push notifications, marketing emails), you can withdraw consent from your notification preferences. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal.

Lodge a complaint

You can lodge a complaint with your local data protection authority. In Italy this is the Garante per la protezione dei dati personali. In the UK this is the Information Commissioner's Office. We encourage you to contact us first so we can try to resolve the matter directly.

How to contact us

For any of the rights above, write to our Data Protection contact at dpo@schedula.com, or send a Data Subject Access Request to privacy@schedula.com. We will respond within one month of a verified request, and within three months for complex cases (with notice).