Legal

GDPR & Data Rights

Your rights under the General Data Protection Regulation and how to exercise them with AionBooking.

Last updated: March 1, 2026

1AionBooking and the GDPR

The General Data Protection Regulation (GDPR) gives individuals in the European Economic Area (EEA) and the United Kingdom specific rights over their personal data. AionBooking is committed to upholding these rights for all users and their customers, regardless of location.

For GDPR purposes: AionBooking Ltd acts as the data controller for the personal data of account holders. For end-customer booking data processed through your storefront, AionBooking acts as a data processor and you (the business) are the controller.

2Lawful Basis for Processing

Contract: Processing necessary to provide the AionBooking service you subscribed to.
Legitimate interests: Analytics and product improvement using aggregated, anonymised data.
Consent: Marketing communications — you can withdraw consent at any time.
Legal obligation: Retaining financial records as required by applicable law.

3Your Rights Under GDPR

Right of Access (Article 15): Request a copy of all personal data we hold about you.
Right to Rectification (Article 16): Request correction of inaccurate or incomplete data.
Right to Erasure / "Right to be Forgotten" (Article 17): Request deletion of your personal data.
Right to Restriction (Article 18): Ask us to pause processing while a dispute is resolved.
Right to Data Portability (Article 20): Receive your data in JSON or CSV format.
Right to Object (Article 21): Object to processing based on legitimate interests.
Right not to be subject to automated decisions (Article 22): AionBooking does not make automated decisions with legal or similarly significant effects.

4How to Exercise Your Rights

You can exercise your rights of Access, Rectification, and Erasure instantly through our self-service data portal — no waiting, no email required.

For rights that require human review (Restriction, Objection, Data Portability in CSV), email gdpr@aionbooking.com with the subject line "GDPR Request". We will acknowledge within 72 hours and respond within 30 days.

We may need to verify your identity before processing the request. Verification is typically done by confirming access to the email address associated with your account.

5Data Transfers Outside the EEA

AionBooking's primary infrastructure is hosted on AWS in the EU (Frankfurt region). Where data is transferred outside the EEA (e.g., Stripe's US-based processing), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection.

6Data Processing Agreement (DPA)

If you are a business subject to GDPR and process your customers' personal data through AionBooking, you may require a Data Processing Agreement. Email legal@aionbooking.com to request a signed DPA. Our standard DPA is available to all paid plan subscribers at no additional cost.

7Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to individuals' rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware, as required by Article 33 of the GDPR. Affected users will be notified without undue delay.

8Supervisory Authority

If you are not satisfied with our response to a GDPR request, you have the right to lodge a complaint with your local supervisory authority. In the EEA, find your authority at edpb.europa.eu. In the UK, contact the Information Commissioner's Office (ICO) at ico.org.uk.

9Data Protection Officer

For GDPR enquiries, contact our Data Protection Officer at dpo@aionbooking.com or by post: DPO, AionBooking Ltd, 14 Adetokunbo Ademola Street, Victoria Island, Lagos 101241, Nigeria.