1. About these Terms
1.1 Who we are
OneDiary is operated by OneDiary Ltd, a company registered in England and Wales under company number 17286402, whose registered office is at 28 West Haddon Road, Northampton, NN6 8QL (“OneDiary”, “we”, “us” or “our”).
You can contact us at support@onediary.co.uk.
1.2 What these Terms cover
These Terms govern access to and use of the OneDiary websites, mobile applications, business portal, public marketplace, booking pages, appointment-management tools, messaging features, payment integrations and related services that we make available from time to time (together, the “Platform”).
Different provisions apply depending on whether you use the Platform as:
- a business, sole trader, partnership, company or other organisation offering services through the Platform (a “Business”);
- an owner, administrator, employee, worker or contractor authorised to use a Business Account (a “Business User”); or
- an individual who searches for, books, manages, pays for or reviews an appointment (a “Client”).
The provisions applying to Businesses and Business Users are business-to-business terms. The provisions applying to Clients are consumer terms.
1.3 When these Terms become binding
You agree to these Terms when you do any of the following:
- create or activate an Account;
- accept an invitation to join a Business Account;
- click to accept these Terms or otherwise confirm that you agree to them;
- submit a booking as a guest after being shown a link to these Terms; or
- continue to use the Platform after being notified of an applicable update in accordance with clause 28.
A person accepting these Terms for a Business confirms that they are at least 18 years old and have authority to bind that Business.
1.4 Other documents
The following documents also apply where relevant:
- the plan, price, trial, discount, Platform Fee or other commercial details displayed and accepted during sign-up or in the Portal (the “Order”);
- our Privacy Policy;
- the data-processing terms in Schedule 1;
- the marketplace transparency information in Schedule 2;
- any content, review, acceptable-use, payment or feature-specific policy that we clearly identify as forming part of these Terms; and
- any separate terms agreed directly between a User and Stripe or another third-party provider.
If there is a conflict, an expressly agreed Order takes priority for the particular commercial matter it addresses, Schedule 1 takes priority for the processing of Business Personal Data, and these Terms otherwise take priority over a general help article or policy.
1.5 Definitions
In these Terms:
“Account” means a Business Account or Client Account;
“Appointment” means a booking for Business Services made or managed through the Platform;
“Business Account” means the Account through which a Business and its authorised Business Users access the Platform;
“Business Content” means information or material supplied, uploaded or made available by or for a Business, including its name, description, images, services, prices, availability, policies, staff profiles and responses;
“Business Data” means data stored in or generated through a Business Account, including Business Content, diary information, booking records, payment-status information and reports;
“Business Personal Data” has the meaning given in Schedule 1;
“Business Services” means the appointment-based or other services offered or supplied by a Business to Clients;
“Client Account” means an optional Account used by a Client to view or manage Appointments;
“Client Content” means information or material supplied by a Client, including booking information, notes and reviews;
“Client Payment” means a deposit, full payment, balance payment or other amount paid by or for a Client in connection with Business Services;
“Content” means Business Content, Client Content and any other material submitted by a User;
“Fees” means Subscription Fees, Platform Fees and any other amount expressly agreed to be payable to OneDiary;
“Location” means a separately configured physical or operational business location to which a subscription is applied;
“Platform Fee” means the fee payable to OneDiary when a payment is successfully captured through a OneDiary-enabled payment flow;
“Portal” means the OneDiary business administration portal or corresponding business area of an application;
“Service Contract” means the contract between a Business and a Client for Business Services;
“Stripe” means Stripe Payments UK Limited and/or any relevant Stripe group company providing payment or connected-account services; and
“Subscription Fee” means the recurring fee for a Business’s access to a paid OneDiary plan.
Part A — Terms applying to all Users
2. OneDiary’s role
2.1 The Platform
OneDiary provides software and online intermediation tools that help Businesses advertise availability, manage diaries and staff, receive Appointments, communicate with Clients, facilitate payments and display reviews.
2.2 OneDiary does not supply the Business Services
Unless we expressly state otherwise for a particular service:
- the Business, not OneDiary, advertises and supplies the Business Services;
- the Service Contract is between the Business and the Client;
- OneDiary is not a party to the Service Contract;
- OneDiary does not employ, engage, supervise or control the Business or its staff;
- a listing, search position, rating, verification indicator or availability display is not a recommendation, guarantee or endorsement by OneDiary; and
- OneDiary is not responsible for the quality, safety, suitability, legality or performance of Business Services.
Nothing in these Terms removes any responsibility that OneDiary has for operating the Platform with reasonable care and skill or any liability that cannot lawfully be limited.
2.3 Automated actions
A Business may configure the Platform to carry out actions automatically, including displaying availability, allocating staff, accepting or confirming bookings, requesting payment, releasing provisional time slots and sending messages. The Business authorises OneDiary to carry out those configured actions on the Business’s behalf. The Business remains responsible for its settings and for the resulting Service Contracts.
2.4 No guarantee of Users
We may carry out checks, request information or remove Content, but we do not guarantee the identity, credentials, financial position, reliability or conduct of any User. Users must make their own reasonable checks before entering into a Service Contract or sharing information.
4. Accounts and security
4.1 Accurate information
You must provide accurate, current and complete information and keep it up to date. You must not impersonate another person or create an Account using information you are not authorised to use.
4.2 Credentials
You must:
- keep passwords and authentication details confidential;
- use reasonable security measures for devices and email accounts connected to the Platform;
- not share individual login credentials;
- notify us promptly at support@onediary.co.uk if you know or suspect that an Account has been compromised; and
- cooperate with reasonable steps we take to secure an Account.
4.3 Account activity
Subject to applicable law, we may treat activity performed through valid Account credentials as authorised by the Account holder. This does not excuse us from acting reasonably after receiving notice of suspected unauthorised access.
4.4 Business Users and permissions
The Business controls invitations, roles and permissions for its Business Users. The Business is responsible for:
- deciding who should have access;
- assigning appropriate permissions;
- promptly removing or restricting access when a person no longer requires it; and
- the acts and omissions of its Business Users when using the Business Account.
Business Users must use only the access granted to them and follow the lawful instructions of the Business.
5. Acceptable use
You must use the Platform lawfully, honestly and only for its intended purposes. You must not, and must not help anyone else to:
- offer, arrange, promote or carry out anything unlawful, fraudulent, deceptive, unsafe or abusive;
- upload or transmit malware, malicious code or material designed to damage, disrupt or gain unauthorised access to systems or data;
- attempt to access another User’s Account, data or restricted areas without permission;
- probe, scan or test the vulnerability of the Platform except under a written security-testing arrangement agreed by us;
- interfere with the operation, security, integrity or performance of the Platform;
- scrape, harvest, copy or extract data or Content at scale except through an interface or export feature we expressly provide;
- reverse engineer, decompile, disassemble or attempt to derive source code, except to the limited extent that law does not permit that restriction;
- bypass, conceal or manipulate Fees, payment flows, usage restrictions or technical controls;
- send spam, unlawful marketing, misleading communications or messages unrelated to a genuine Business relationship or Appointment;
- harass, threaten, discriminate against, exploit or unlawfully monitor another person;
- submit Content that is defamatory, obscene, hateful, threatening, exploitative, misleading, infringing or otherwise unlawful;
- manipulate reviews, ratings, marketplace position, availability or booking demand;
- collect, upload or disclose personal information without an appropriate lawful basis and authority;
- use booking notes to store information that is excessive or unrelated to providing the Business Services;
- use the Platform to provide services requiring a licence, qualification, registration, consent or insurance that the Business does not hold; or
- use the Platform in a way that could expose OneDiary, Stripe, another User or the public to material legal, financial, security or reputational risk.
6. Content and intellectual-property permissions
6.1 Ownership
As between a User and OneDiary, the User retains ownership of the Content they submit. OneDiary and its licensors retain ownership of the Platform, its software, designs, databases, branding, documentation and all associated intellectual-property rights.
6.2 Licence to OneDiary
A User grants OneDiary a non-exclusive, worldwide, royalty-free licence to host, copy, process, adapt, format, transmit and display their Content to the extent reasonably necessary to:
- provide, secure, maintain and improve the Platform;
- operate public booking pages, marketplace search and integrations selected by the Business;
- send booking and account communications;
- investigate complaints, prevent misuse and comply with law; and
- promote the relevant Business listing and the availability of Businesses through OneDiary, provided we do not materially alter the meaning of the Content or falsely imply an endorsement.
This licence lasts for as long as reasonably required for those purposes. Public display will normally end when the relevant listing or Account is removed, subject to cached copies, legal record-keeping, dispute evidence and Content that another User is independently entitled to retain.
6.3 Content assurances
You confirm that:
- you own the Content or have all rights and permissions needed to submit and use it;
- the Content is accurate in all material respects and is not misleading by omission;
- our permitted use of it will not infringe another person’s rights; and
- where Content includes personal information about another person, you have a lawful basis and have provided any required information to that person.
6.4 Moderation
We may reject, restrict, edit for formatting, de-index, disable or remove Content where we reasonably believe that it:
- breaches these Terms or a published policy;
- is unlawful or may expose a person to harm;
- infringes rights;
- is misleading, fraudulent or technically harmful;
- creates a security or operational risk; or
- must be restricted under a legal or regulatory requirement.
Where appropriate and lawful, we will tell the affected User the principal reason and explain how to challenge the decision.
7. Reviews and ratings
7.1 Genuine experiences only
A review or rating must reflect a genuine first-hand experience of the Business Services or booking journey. A User must not:
- submit, commission, purchase, sell or arrange a fake review;
- review their own Business or a Business with which they have an undisclosed personal, employment, ownership or financial connection;
- offer or accept an incentive that is conditional on a positive review;
- conceal an incentive or material connection;
- threaten, pressure or improperly influence a person to leave, alter or remove a review;
- selectively suppress genuine negative reviews while publishing positive reviews; or
- use multiple Accounts, automation or coordinated activity to distort a rating.
7.2 Review invitations
A Business may invite genuine Clients to leave a review, provided invitations are neutral and are not selectively sent only to Clients expected to leave positive feedback.
7.3 Verification and display
We may use booking and Account information to determine whether a review is linked to a booking, mark it as verified, detect suspicious patterns, calculate an aggregate rating and decide how reviews are ordered. A verification indicator means only that the review meets the stated verification method; it is not a guarantee that every statement in the review is true.
7.4 Moderation
We will not remove a review merely because it is critical. We may restrict or remove a review that breaches these Terms, is not based on a genuine experience, contains prohibited personal information, is unlawful or is otherwise misleading. We may ask the reviewer or Business for information and may temporarily hide a review while investigating.
7.5 Reporting and challenge
A User may report a review through the available reporting function or by emailing support@onediary.co.uk with the relevant page, review and reason. A reviewer or Business may ask us to reconsider a moderation decision and should provide any relevant evidence.
8. Reporting illegal or harmful Content
8.1 How to report
Anyone may report Content or conduct believed to be illegal, harmful or contrary to these Terms by using the reporting tool made available on the Platform or emailing support@onediary.co.uk. A report should identify the Content, its location and the reason for concern.
8.2 Our response
We may investigate, request further information, restrict access, preserve evidence, remove Content, suspend an Account, notify an affected person or make a report to Stripe, law enforcement or another competent body where reasonably appropriate.
8.3 Fairness
When making and reviewing content-moderation decisions, we will act reasonably and have regard to the rights and legitimate interests of affected Users, including privacy and freedom of expression, while giving priority to legal duties and the prevention of harm.
8.4 No emergency service
The Platform and support service are not emergency services. A person facing an immediate risk of harm should contact the appropriate emergency service.
9. Communications
9.1 Service messages
We may send messages reasonably necessary to operate the Platform or an Account, including security notices, booking confirmations, reminders, payment links, changes to an Appointment, receipts, support replies and legal notices.
9.2 Contact details
Users must keep their email address and telephone number accurate. We are not responsible for a missed message caused by incorrect details, a recipient’s device or filtering, a mobile or email provider, or another matter outside our reasonable control.
9.3 Reminders are a convenience
Appointment reminders and notifications are a convenience and are not guaranteed. A failure or delay in a reminder does not cancel an Appointment or remove a User’s responsibility to keep track of it.
9.4 Marketing
A Business must not use Platform data or messaging tools for direct marketing unless it has a lawful basis and complies with applicable privacy and electronic-marketing rules. OneDiary’s own marketing is governed by our Privacy Policy and the recipient’s preferences.
Part B — Additional terms for Businesses and Business Users
10. The Business contract
10.1 Business capacity
The Business confirms that it obtains and uses the Platform wholly or mainly for the purposes of its trade, business, craft or profession.
10.2 Start and duration
The contract between OneDiary and the Business starts when the Business first accepts these Terms or activates a Business Account and continues until terminated in accordance with these Terms.
10.3 Account owner
The person identified as owner or primary administrator may make decisions and receive notices for the Business. We may require reasonable evidence of authority before changing ownership or disclosing Business Data.
11. Business responsibilities
The Business is responsible for its Business Services and must:
- provide its correct legal or trading identity, physical or service address, contact details and any information that Clients are legally entitled to receive;
- keep Business Content, services, prices, durations, availability, staff details, images and policies accurate and up to date;
- display the total price and all unavoidable charges clearly before a Client submits a booking or payment;
- describe any deposit, advance payment, cancellation charge, no-show charge or refund restriction clearly, prominently and fairly;
- ensure that its booking, cancellation and refund terms comply with applicable consumer law and are not disproportionate;
- hold all licences, registrations, qualifications, consents, permits and insurance reasonably required for its activities;
- comply with health and safety, safeguarding, equality, employment, professional and sector-specific requirements applying to it;
- ensure that Business Users are properly trained, authorised and supervised;
- honour confirmed Appointments or promptly contact affected Clients, offer appropriate alternatives and make any refund legally or contractually due;
- provide Business Services with reasonable care and skill and in accordance with the description and agreed price;
- handle Client questions, complaints, refunds, disputes and aftercare relating to the Business Services;
- maintain appropriate business, payment and accounting records independently of the Platform;
- provide and comply with its own privacy information, booking terms and cancellation policy where required;
- collect only information reasonably needed for the Business Services and avoid entering excessive or inappropriate information in free-text notes;
- tell OneDiary promptly about material errors, unlawful Content, suspected fraud or security incidents affecting the Business Account; and
- not state or imply that OneDiary provides, endorses, guarantees or is responsible for the Business Services.
12. Formation and management of Appointments
12.1 Business offer and Client request
The Business controls the Business Services, prices, availability, booking rules and payment requirements shown on its booking page. Unless the Business clearly states otherwise, a Client’s submission of a booking is an offer to enter into a Service Contract.
12.2 Confirmation
A Service Contract is formed when a booking confirmation is issued on the Business’s behalf, subject to successful completion of any payment required for confirmation. By enabling automatic confirmation, the Business instructs OneDiary to communicate its acceptance when the configured conditions are met.
12.3 Payment-dependent bookings
Where a deposit or full payment is required:
- the selected time may be held provisionally while payment is attempted;
- an Appointment is not confirmed until Stripe reports the required payment as successful and a confirmation is issued;
- a provisional time may be released if payment is not completed within the stated period; and
- a delayed or interrupted payment may result in a temporary hold or payment link, but does not guarantee the Appointment unless confirmed.
12.4 Booking errors
The Business must promptly correct configuration, availability or pricing errors. A Business should honour a confirmed price unless there is an obvious error and applicable law permits the Service Contract to be cancelled or corrected. Where the Business cannot honour an Appointment, it is responsible for notifying the Client and arranging any required refund.
12.5 Changes and cancellations
The Platform may allow a Business or Client to request cancellation or rescheduling. Whether a request is accepted and whether a payment is refundable are determined by the Business’s disclosed policy, the Service Contract and applicable law.
12.6 Future Appointments after termination
Ending the Business’s OneDiary subscription does not automatically cancel existing Service Contracts. The Business remains responsible for all future Appointments, Client communications, refunds and legal obligations and must make alternative arrangements before losing access.
13. Subscription Fees
13.1 Standard subscription
Unless an Order states otherwise, the standard Subscription Fee is £9.99 per active Location for each monthly billing cycle. Additional Business Users are included without a separate per-seat fee under the standard plan.
13.2 Billing
The Subscription Fee is charged in advance on a recurring basis using the payment method linked to the Business Account. The Business authorises OneDiary and its payment provider to take each recurring payment until cancellation takes effect.
13.3 Locations and plan changes
The Portal will show the charge and effective date before a Business activates an additional Location or changes plan. A charge for an additional Location may be taken immediately or included in the next billing event as shown before confirmation.
13.4 Trials and promotions
Any free trial, introductory price, discount, credit, eligibility condition and end date will be shown at sign-up or in the Order. If a trial will convert automatically to a paid subscription, that fact and the first charge will be shown before activation. Promotions may be limited to new or qualifying Businesses and may not be combined unless stated.
13.5 Cancellation
The Business may cancel its subscription through the Portal. Cancellation normally takes effect at the end of the current paid billing cycle, and paid features remain available until then unless the Account is suspended for another reason.
13.6 Refunds
Subscription Fees are not normally refunded for a partly used billing cycle, an unused Account or a cancellation made after a renewal. This does not affect a refund due because of a billing error, an express service commitment or a right that cannot lawfully be excluded. We may issue a discretionary credit without creating an obligation to do so again.
13.7 Failed payment
If a Subscription Fee is overdue, we may:
- retry the payment method;
- notify the Business and allow a reasonable opportunity to remedy the failure;
- restrict activation of new bookings or paid features;
- suspend some or all Platform access; and
- terminate the Business Account under clause 23.
We will, where reasonably practicable and safe, preserve enough access for the Business to understand the issue, manage imminent Appointments and export relevant data during a stated grace period.
13.8 Fee changes
We may change a recurring Subscription Fee by giving the Business at least 30 days’ notice. The change will apply no earlier than the next billing cycle beginning after the notice period. The Business may cancel before the change takes effect. A bespoke fee expressly fixed for a stated period will not change during that period except as permitted by the Order.
14. Platform Fees
14.1 Standard Platform Fee
Unless an Order or the Portal states a different agreed rate or cap, the Platform Fee is 0.5% of the gross amount of each Client Payment successfully captured through a OneDiary-enabled payment flow.
The Platform Fee is calculated per successful capture, before deduction of Stripe’s fees and before any later refund, reversal, dispute or chargeback, and is rounded to the nearest penny.
14.2 How the Platform Fee is collected
The Business authorises OneDiary and Stripe to deduct the Platform Fee from the relevant Client Payment, connected-account balance or another amount due to the Business, and to transfer it to OneDiary.
14.3 When earned
The Platform Fee is earned when the Client Payment is successfully captured. Unless the Order or Portal expressly states otherwise, it is not returned merely because the Business later refunds the Client Payment, an Appointment is cancelled, or the payment is disputed or charged back. We will correct a Platform Fee charged because of our error.
14.4 Stripe and other charges
Stripe’s processing, connected-account, hardware, dispute, currency or other charges are separate from the Platform Fee, are determined under the Business’s arrangements with Stripe and may change independently of OneDiary.
14.5 No marketplace booking commission
The Platform Fee is a fee for facilitating a payment through OneDiary. It is not an additional commission simply because a new Client discovered the Business through the OneDiary marketplace.
14.6 Changes
We may change the standard Platform Fee for future transactions by giving at least 30 days’ notice. The Business may stop using OneDiary payment features or terminate its subscription before the change takes effect. A bespoke rate fixed for a stated period will not change during that period except as permitted by the Order.
15. Stripe and Client Payments
15.1 Connected Account
To accept Client Payments, the Business must create or connect an eligible Stripe account, accept Stripe’s applicable terms, complete identity and business verification, keep its information current and maintain the payment capabilities required for the features it uses.
15.2 Merchant and supplier
The Business is the supplier of the Business Services and, under the payment configuration assumed by these Terms, the merchant of record for Client Payments. The Business must be clearly identified as the seller in the booking and payment journey, confirmation, receipt and relevant statement descriptor.
15.3 OneDiary’s limited payment role
OneDiary supplies a technical integration that may create or manage payment requests, payment links, application fees, refunds and related instructions through Stripe on the Business’s behalf. OneDiary:
- is not a bank;
- does not provide the Business with a payment account;
- does not hold Client funds as trustee or deposit-taker;
- does not determine whether Stripe approves a payment or payout; and
- does not store complete card numbers or card security codes.
15.4 Payment authorisation
The Business authorises OneDiary to send instructions to Stripe that are reasonably necessary to provide the payment features selected by the Business, including creating payment objects, collecting the Platform Fee, displaying payment status and initiating a refund when properly instructed.
15.5 Stripe control
Stripe may apply onboarding requirements, transaction limits, reserves, payout schedules, holds, reviews, restrictions, account closures and fraud or risk controls. OneDiary does not guarantee that Stripe will approve a Business, transaction, payment method, device, refund or payout.
15.6 Refunds
The Business decides and is responsible for whether a Client is entitled to a refund. A refund initiated through OneDiary remains subject to Stripe’s systems, available balance and rules. OneDiary may refuse or delay an instruction that appears unauthorised, unlawful, technically impossible or materially risky while it is checked.
15.7 Disputes and negative balances
The Business is responsible for:
- responding to payment disputes and supplying evidence on time;
- refunds, chargebacks, reversals, dispute fees and other amounts attributable to its Client Payments;
- maintaining sufficient funds for those amounts; and
- any negative connected-account balance, subject to its arrangements with Stripe.
The Business authorises Stripe and, where technically applicable, OneDiary to recover amounts in accordance with the Stripe agreements and the payment flow.
15.8 Payment records
The Platform may display payment status and reports for convenience. The Business must reconcile them with Stripe and its own records. A status may change following a refund, reversal, dispute or later information.
15.9 Fraud and prohibited activity
The Business must not use payment features for sham transactions, cash advances, money transmission, unsupported goods or services, or any activity prohibited by law or Stripe. We may restrict payment features where required by Stripe, law, a regulator, card-network rules or a reasonable risk assessment.
15.10 Devices and hardware
Tap to Pay, card-reader and in-person payment features depend on compatible devices, operating systems, connectivity, Stripe support and third-party hardware. Unless OneDiary expressly sells hardware under separate terms, hardware is supplied and warranted by the relevant third party.
16. Marketplace and public booking pages
16.1 Publication
The Business instructs OneDiary to publish the Business Content it marks as public and to make it available through booking links, marketplace search, search-engine indexing and selected integrations. The Business can control available publication settings through the Platform where provided.
16.2 Accuracy and legal information
The Business must ensure its public page clearly and accurately identifies the Business, describes the Business Services and shows material information a Client needs before booking, including price, duration, location or delivery method, material restrictions and cancellation terms.
16.3 Search and ranking
The main parameters used to determine eligibility and ranking in the OneDiary marketplace, and their relative importance, are described in Schedule 2. OneDiary does not disclose information that would enable manipulation, fraud or harm to the Platform.
16.4 No guaranteed position or demand
OneDiary does not guarantee publication in a particular position, a minimum number of views, enquiries, Appointments, Clients or revenue. Search results may vary according to a Client’s query, location, filters, date, availability and other stated parameters.
16.5 No parity restriction
The Business may offer its Business Services through other channels and may set different lawful prices, availability or terms elsewhere. OneDiary does not require the Business to give OneDiary users the lowest price or most favourable terms.
16.6 Differential treatment
As at the effective date, OneDiary does not offer its own competing appointment services and does not give preferential ranking to a Business because OneDiary owns or controls it. Sponsored or paid placement, if introduced, will be clearly labelled and the relevant ranking effect will be explained before it applies.
17. Business Data and marketplace data access
17.1 Business access
During an active subscription, the Business may access Business Data made available through the Portal, including its Business Content, diary, Business Users, Appointments, Client contact details needed to manage them, payment status and reviews.
17.2 Limits
The Business has no right to:
- another Business’s non-public data;
- a Client’s data unrelated to the Business’s own relationship with that Client;
- security, fraud or risk information whose disclosure would undermine safeguards or rights; or
- OneDiary’s source code, confidential analytics or derived data that does not identify the Business or its Clients.
17.3 OneDiary access and use
OneDiary may access and use Business Data to provide support, operate and secure the Platform, process payments and messages, enforce these Terms, comply with law, improve the Platform and create aggregated or de-identified statistics.
17.4 Export and post-termination access
The Business should export data it needs before termination. Following an ordinary termination, we will normally make an available export or reasonable read-only access to relevant Business Data available for 30 days, unless:
- continued access would be unlawful, unsafe or technically impracticable;
- the Account was terminated for fraud, serious security risk or other urgent cause; or
- a different period is stated in the Order.
After that period, data may be deleted or anonymised in accordance with the Privacy Policy, Schedule 1 and our retention arrangements.
17.5 Client and third-party access
Clients may access information about their own Appointments through their Client Account or booking communications. Stripe and other service providers may access data as described in their terms, our Privacy Policy and Schedule 1.
18. Data protection
18.1 Independent responsibilities
Each party must comply with the data-protection law applying to it. Depending on the activity:
- the Business is normally the controller of personal data used to arrange and provide its Business Services, and OneDiary acts as its processor as described in Schedule 1;
- OneDiary is a controller for purposes it determines itself, including Account administration, subscription billing, security, fraud prevention, support, legal compliance, service analytics and OneDiary’s own communications; and
- Stripe may act as an independent controller or processor under its own terms for onboarding, payments, fraud prevention and legal compliance.
18.2 Business obligations
The Business must:
- have a lawful basis for the personal data it collects and instructs OneDiary to process;
- provide Clients, staff and other individuals with an appropriate privacy notice;
- issue only lawful, fair and documented instructions;
- respond to individuals’ rights requests for data it controls;
- tell OneDiary promptly where assistance is reasonably required;
- avoid collecting special-category or highly sensitive information unless genuinely necessary and lawfully supported; and
- not use Client contact details obtained through an Appointment for unrelated marketing without an appropriate lawful basis.
18.3 Data-processing terms
Schedule 1 forms part of the Business contract and applies whenever OneDiary processes Business Personal Data on the Business’s behalf.
19. Confidentiality
19.1 Confidential information
Each party may receive non-public information that is marked confidential or would reasonably be understood to be confidential, including commercial, technical, security, pricing and Client information (“Confidential Information”).
19.2 Use and protection
The receiving party must:
- use Confidential Information only to perform or receive the contract;
- protect it using at least reasonable care;
- disclose it only to personnel, professional advisers and subcontractors who need it and are bound by confidentiality obligations; and
- not disclose it to another person without permission except as allowed below.
19.3 Exclusions
Confidential Information does not include information that the receiving party can show:
- is lawfully public through no breach;
- was already lawfully known without restriction;
- was received lawfully from a third party without restriction; or
- was independently developed without using the other party’s Confidential Information.
19.4 Required disclosure
A party may disclose Confidential Information where required by law, court or competent authority. Where lawful, it will give reasonable prior notice and disclose only what is required.
20. Platform licence and restrictions
20.1 Licence
Subject to payment of Fees and compliance with these Terms, OneDiary grants the Business a limited, non-exclusive, non-transferable and revocable right during the contract to permit its authorised Business Users to access and use the Platform for the Business’s internal operations and provision of Business Services.
20.2 Restrictions
The Business must not resell, sublicense, commercially exploit or make the Platform available as a service to another organisation, except that it may permit properly authorised Business Users to use its Business Account.
20.3 Feedback
If a User voluntarily provides an idea, suggestion or feedback about the Platform, OneDiary may use it without restriction or payment, provided this does not give OneDiary ownership of the User’s pre-existing Content or Confidential Information.
21. Platform operation, support and changes
21.1 Reasonable care
We will provide the Platform with reasonable care and skill. Unless an Order expressly includes a service level, we do not guarantee a particular uptime, support response time or resolution time.
21.2 Maintenance and incidents
We may perform planned or emergency maintenance, deploy updates and temporarily restrict features to protect security, integrity or Users. Where reasonably practicable, we will give advance notice of material planned disruption.
21.3 Third-party dependencies
Features may depend on Stripe, Brevo, app stores, operating-system providers, telecommunications networks, hosting providers, mapping services, search engines, device manufacturers or other third parties. We are not responsible for a third party’s independent act or omission, but this does not remove our responsibility to select and manage our suppliers with appropriate care where the law requires it.
21.4 Feature changes
We may add, improve, replace or discontinue features. We will give reasonable advance notice where a change materially reduces a core paid feature on which an active Business reasonably relies, unless the change is urgent for security, legality, third-party availability or prevention of harm.
21.5 Beta features
A feature clearly labelled preview, trial, beta or experimental may be changed or withdrawn at any time and may be less reliable. We will not use that label to avoid responsibility for conduct that cannot lawfully be excluded.
21.6 Business continuity
The Business should maintain reasonable contingency arrangements for imminent Appointments and should not rely on the Platform as its only record of information that it is legally required to retain.
22. Restriction and suspension
22.1 Grounds
We may restrict Content, payment features, new bookings or access to some or all of a Business Account where we reasonably believe that:
- Fees are overdue;
- the Business or a Business User has breached these Terms or a legal duty;
- the Account, Content or activity creates a security, fraud, payment, safeguarding or other material risk;
- the Business no longer meets Stripe or feature eligibility requirements;
- a complaint or report requires proportionate investigation;
- restriction is required by law, court, regulator, law-enforcement body, Stripe or another competent third party; or
- immediate action is reasonably necessary to prevent harm.
22.2 Proportionality
Where reasonably possible, we will use the least extensive restriction that adequately addresses the issue and give the Business an opportunity to remedy a remediable breach.
22.3 Reasons and notice
Where applicable law governing online intermediation services requires it, we will provide the Business with a statement of the principal reasons for a restriction or suspension on a durable medium before or when it takes effect. We may withhold or limit information where disclosure is prohibited, would undermine an investigation or safeguard, or would create a material security or legal risk.
22.4 Review
The Business may challenge a restriction by emailing support@onediary.co.uk and providing relevant evidence. We will arrange a reasonable review by a person not solely reliant on the original automated signal, where appropriate, and will restore access if the grounds no longer apply.
23. Termination of a Business contract
23.1 Termination by the Business
The Business may terminate by cancelling its subscription in the Portal. Termination normally takes effect at the end of the current paid billing cycle, unless the Account is closed sooner at the Business’s request and we confirm that earlier date.
23.2 Termination by OneDiary on notice
We may terminate a Business contract for convenience or a non-urgent contractual reason by giving at least 30 days’ written notice and a statement of the principal reasons.
23.3 Immediate or shorter-notice termination
We may terminate immediately or on shorter notice where:
- we are subject to a legal or regulatory obligation requiring it;
- an imperative reason under applicable law requires it;
- the Business repeatedly or materially breaches these Terms;
- the Business commits fraud, serious misuse or unlawful activity;
- continued access creates a serious security, payment, safeguarding or public-safety risk;
- the Business becomes insolvent, ceases trading or cannot lawfully provide the Business Services; or
- Stripe or a critical provider permanently withdraws a necessary capability and no reasonable alternative is available.
Where lawful and appropriate, we will provide a statement of reasons.
23.4 Platform closure
We may discontinue the Platform or a material service line by giving affected Businesses at least 30 days’ notice where reasonably practicable. We will explain available export arrangements and refund any prepaid Subscription Fee relating solely to a period after discontinuance.
23.5 Consequences
On termination:
- the Business’s licence to use paid Platform features ends when termination takes effect;
- outstanding Fees and other accrued rights remain payable or enforceable;
- the Business remains responsible for Service Contracts and future Appointments;
- public listings may be unpublished and new bookings disabled;
- clauses intended to continue, including confidentiality, intellectual property, liability, payment responsibilities, dispute provisions and data-retention provisions, survive; and
- Business Data is handled under clause 17 and Schedule 1.
23.6 Appeal and complaints
A Business may ask us to reconsider termination by emailing support@onediary.co.uk. An appeal does not automatically suspend a termination, but we may pause or reverse it where appropriate.
24. Business warranties, indemnity and liability
24.1 Business assurances
The Business confirms on an ongoing basis that:
- it has authority to enter into and perform the contract;
- its Business Services, Content, policies and instructions comply with law and these Terms;
- it has all rights needed to provide Business Content and Business Personal Data; and
- it will not knowingly cause OneDiary to breach law, Stripe requirements or another person’s rights.
24.2 Business indemnity
The Business will reimburse OneDiary for reasonable losses, damages, liabilities, lawfully recoverable penalties, settlements and external legal costs arising from a third-party claim to the extent caused by:
- the Business Services or the Business’s failure to provide them;
- Business Content or a claim that it infringes rights;
- the Business’s unlawful processing or disclosure of personal data, or an unlawful instruction given to OneDiary;
- the Business’s employment, worker, contractor, professional, licensing or regulatory responsibilities;
- a refund, chargeback, dispute or Client claim for which the Business is responsible; or
- the Business’s fraud, wilful misconduct or material breach of these Terms.
This indemnity does not apply to the extent the claim was caused by OneDiary’s breach, negligence or unlawful act. OneDiary must notify the Business reasonably promptly, take reasonable steps to mitigate loss and allow the Business reasonable participation in the defence. The Business may not settle a claim in a way that admits fault by or imposes a non-financial obligation on OneDiary without our consent, not to be unreasonably withheld.
24.3 Liabilities not limited
Nothing in these Terms excludes or limits either party’s liability for:
- death or personal injury caused by its negligence;
- fraud or fraudulent misrepresentation; or
- any other liability that cannot lawfully be excluded or limited.
Nothing limits the Business’s obligation to pay Fees, Client refunds, chargebacks or other amounts properly due.
24.4 Excluded Business losses
Subject to clause 24.3, OneDiary is not liable to a Business for:
- indirect or consequential loss;
- loss of profit, revenue, anticipated savings, goodwill, reputation, opportunity or business;
- business interruption;
- the cost of procuring a replacement service; or
- loss or corruption of data, except for reasonable direct restoration costs to the extent caused by OneDiary’s breach and not avoidable through reasonable Business backups or exports.
24.5 Liability cap
Subject to clause 24.3, OneDiary’s total aggregate liability to the Business arising out of or in connection with the Business contract in any rolling 12-month period will not exceed the greater of:
- £500; and
- the total Fees paid or payable by that Business to OneDiary during the 12 months immediately preceding the event giving rise to the first claim in that period.
24.6 Matters outside OneDiary’s responsibility
Subject to clauses 21.1, 24.3 and applicable law, OneDiary is not responsible for loss caused by:
- the quality, safety, legality, cancellation or non-performance of Business Services;
- inaccurate Content, availability, prices, policies or Account settings supplied or controlled by the Business;
- unauthorised access resulting from the Business’s failure to protect credentials or remove a Business User after being able to do so;
- a Client, Stripe or another third party acting independently;
- unsupported devices, connectivity or systems outside OneDiary’s control; or
- an event covered by clause 27.
24.7 Reasonableness
The parties agree that the allocation of risk in this clause reflects the Fees, OneDiary’s role as a software and intermediation provider, the Business’s control over its Business Services and the availability of suitable business insurance.
Part C — Additional terms for Clients
25. Client Accounts and bookings
25.1 Client Accounts
A Client Account is optional unless a particular feature requires one. A Client must provide accurate contact information, protect their credentials and use the Account only for themselves or a person for whom they are authorised to act.
25.2 Choosing a Business
A Client is responsible for deciding whether a Business and Business Service are suitable. The Client should review the Business’s identity, description, price, location, qualifications where relevant, cancellation policy and any health, age or other restrictions before booking.
25.3 Service Contract
When a booking is confirmed, the Service Contract is between the Client and the Business. The Business is responsible for providing the Business Services, handling changes and complaints about them, and making refunds that are due.
25.4 Client information
The Client must provide information reasonably needed for the booking and must not submit false, abusive or unlawful information. Sensitive health or personal information should be provided only where genuinely relevant and, where practicable, directly to the Business through an appropriate channel.
25.5 Attendance and conduct
The Client must take reasonable steps to attend on time, follow lawful and reasonable safety or conduct requirements, and notify the Business promptly if unable to attend.
26. Client Payments, cancellations and refunds
26.1 Payment to the Business
A Client Payment is payment to the Business for Business Services. Stripe processes the payment and OneDiary provides the technical booking and payment interface. The Business should be identified in the payment journey and confirmation.
26.2 Deposits and advance payments
Before payment, the booking page should state the total price, amount due immediately and material cancellation or refund terms. A description of an amount as a deposit does not remove any legal rights the Client may have.
26.3 Cancellation and no-show policies
The Business sets its cancellation, rescheduling and no-show policy, subject to applicable law. A Client should review it before booking. A Business may retain a payment or impose a cancellation charge only to the extent permitted by its disclosed terms and law; a charge must not be unfair or disproportionate.
26.4 Refund decisions
The Business decides whether a refund is due and is responsible for funding it. OneDiary may process the Business’s instruction through Stripe but does not determine the Client’s legal entitlement. Processing times and payment-method delays may apply.
26.5 Statutory rights
Nothing in these Terms or a Business policy affects a Client’s statutory rights. Where mandatory consumer law gives the Client a cancellation, refund, repeat-performance, price-reduction or other remedy, that remedy continues to apply.
26.6 Payment disputes
A Client should first contact the Business about a payment or Business Service. The Client may also use rights available through Stripe, their card issuer or law. A knowingly false or abusive payment dispute may breach these Terms.
27. OneDiary’s responsibility to Clients
27.1 Platform standard
We will provide the parts of the Platform we supply to Clients with reasonable care and skill.
27.2 Foreseeable loss
If we breach these Terms or fail to use reasonable care and skill, we are responsible for loss or damage a Client suffers that was a foreseeable result of that breach or failure. Loss is foreseeable if it was obvious or both the Client and OneDiary knew it might happen when the relevant contract was made.
27.3 Business Services
We are not responsible for loss arising solely from the acts, omissions, advice, premises, products or Business Services of a Business, because those matters are supplied and controlled by the Business. This does not exclude responsibility for OneDiary’s own breach or negligence.
27.4 No business-use losses
The Client-facing Platform is intended for personal use. We are not liable to a Client for business losses, including loss of profit, revenue, opportunity or business interruption.
27.5 Non-excludable liability
Nothing in these Terms excludes or limits liability for death or personal injury caused by negligence, fraud or fraudulent misrepresentation, breach of statutory rights, or any other liability that cannot lawfully be excluded or limited.
27.6 Complaints
A complaint about Business Services, cancellation or a refund should be directed first to the Business. A complaint about the OneDiary Platform, Account, review moderation or our conduct may be sent to support@onediary.co.uk. We may ask for information needed to investigate and may share the complaint with the relevant Business where appropriate and lawful.
27.7 Closing a Client Account
A Client may ask to close their Account at any time. Closing an Account does not automatically cancel an Appointment or remove a review that OneDiary has a lawful reason to retain or display. Personal information will be handled under the Privacy Policy.
Part D — General legal provisions
28. Changes to these Terms
28.1 Business changes
We may change these Terms to reflect legal or regulatory requirements, security needs, Platform development, new features, third-party requirements or changes to our business model.
For a change affecting Businesses, we will normally give at least 30 days’ notice on a durable medium. We will give a longer period where reasonably necessary for a Business to make technical or commercial adaptations.
28.2 No improper retrospective changes
A change will not apply retrospectively to the Business’s detriment unless it is required by law or addresses an urgent risk. A change may apply immediately where it is required by law, is necessary to prevent fraud, malware, data breach or another urgent threat, or is solely beneficial to Users.
28.3 Business right to terminate
A Business may terminate before a notified material change takes effect. Continued use after the effective date constitutes acceptance, provided the notice and change were presented in accordance with applicable law.
28.4 Client changes
For material changes affecting Clients, we will provide reasonable notice through the Platform, email or another appropriate channel. We may ask a Client to accept updated Terms before continuing to use an Account. Changes do not remove rights that arose before they took effect.
28.5 Previous versions
We will keep the current Terms available and retain a reasonable record of previous versions and effective dates.
29. Notices
29.1 Notices from OneDiary
We may send a notice to the email address registered to an Account, display it prominently in the Portal or application, or use another durable electronic method associated with the Account. A notice is treated as received when sent or displayed, unless we receive a delivery-failure message or applicable law requires otherwise.
29.2 Notices to OneDiary
A legal or contractual notice to OneDiary should be emailed to support@onediary.co.uk and, where it concerns formal proceedings or termination outside the Portal, also sent by prepaid post to OneDiary Ltd at its registered office.
29.3 Keeping details current
Users must keep contact details current. A Business must monitor the email address of its Account owner.
30. Complaints and dispute resolution
30.1 Internal complaint process
A Business may complain about an alleged failure by OneDiary to comply with these Terms, a technical issue, a restriction, suspension, termination, ranking concern or other conduct by emailing support@onediary.co.uk. The complaint should explain the issue, relevant dates, Account and requested outcome.
We will consider the complaint within a reasonable period, taking account of its urgency and complexity, and communicate an outcome or next step.
30.2 Good-faith escalation
Before starting court proceedings, OneDiary and a Business will each make a reasonable attempt to resolve a dispute through good-faith discussion between people authorised to settle it. This does not prevent urgent injunctive relief, debt recovery or action needed to preserve a limitation period.
30.3 Mediation
OneDiary and a Business may agree to refer an unresolved dispute to an independent mediator. Unless agreed otherwise, mediation costs will be shared equally and each party will bear its own other costs. Mediation does not remove either party’s right to bring proceedings.
31. Events outside reasonable control
Neither OneDiary nor a Business is liable for delay or failure caused by an event outside its reasonable control, including widespread internet or telecommunications failure, power failure, cyberattack despite reasonable safeguards, natural disaster, epidemic, war, terrorism, civil disorder, industrial dispute, government action or failure of a critical third-party network.
The affected party must take reasonable steps to reduce the impact and resume performance. This clause does not excuse payment already due or responsibilities for the safety of people, Client funds or Business Services already supplied.
32. Assignment and subcontracting
32.1 OneDiary
We may assign or transfer our contract to a group company, purchaser of our business or successor to the Platform, provided this does not materially reduce a User’s rights. We will give notice where required.
We may use subcontractors to perform parts of the Platform. We remain responsible for our contractual obligations, subject to these Terms.
32.2 Business
A Business may not assign or transfer its contract or Business Account without our prior written consent, not to be unreasonably withheld for a genuine sale or reorganisation of the Business, subject to verification, payment and data-protection requirements.
33. Relationship
Except for the limited authority to transmit or automate booking and payment instructions expressly described in these Terms, nothing creates a partnership, joint venture, employment, fiduciary or general agency relationship between OneDiary and a Business, Business User or Client.
34. Entire agreement and reliance
For a Business, these Terms, the Order and incorporated documents form the entire agreement concerning the Platform and replace earlier discussions or statements about the same subject.
Neither party relies on a statement not set out in those documents, but nothing excludes liability for fraud or fraudulent misrepresentation. This clause does not apply to a Client in a way that would exclude a statutory right or remedy.
35. Severability, waiver and third-party rights
35.1 Severability
If a provision is unlawful or unenforceable, it will be treated as modified to the minimum extent necessary or, if that is not possible, deleted. The remaining provisions continue.
35.2 Waiver
A delay or failure to enforce a right is not a waiver. A waiver is effective only for the specific matter for which it is given.
35.3 Third-party rights
Except where these Terms expressly give a right to a Stripe entity or permitted successor, no person who is not a party may enforce these Terms under the Contracts (Rights of Third Parties) Act 1999.
36. Governing law and courts
36.1 Businesses
The Business contract and any non-contractual dispute arising from it are governed by the law of England and Wales. The courts of England and Wales have exclusive jurisdiction, subject to any right that applicable platform-to-business law does not permit the parties to restrict.
36.2 Clients
These Terms are governed by the law of England and Wales. A Client living in England or Wales may bring proceedings in the courts of England and Wales; a Client living in Scotland may bring proceedings in Scotland or England and Wales; and a Client living in Northern Ireland may bring proceedings in Northern Ireland or England and Wales. Mandatory local consumer rights remain unaffected.
37. Contact
Questions, complaints and notices relating to these Terms may be sent to:
OneDiary Ltd Company number: 17286402 Registered office: 28 West Haddon Road, Northampton, NN6 8QL Email: support@onediary.co.uk
Schedule 1 — Data Processing Terms
1. Purpose and application
1.1 Scope
This Schedule applies where OneDiary processes Business Personal Data on behalf of a Business in providing the Platform.
1.2 Roles
For that processing:
- the Business is the controller;
- OneDiary is the processor; and
- each party will comply with the obligations applying to it under UK data-protection law.
This Schedule does not govern processing for which OneDiary or Stripe acts as an independent controller.
1.3 Definitions
In this Schedule:
“Business Personal Data” means personal data processed by OneDiary on behalf of the Business through the Platform;
“Data Protection Law” means the UK GDPR, the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 and other applicable UK law relating to privacy or personal data, in each case as amended or replaced;
“Personal Data Breach”, “personal data”, “processing”, “processor”, “controller” and “data subject” have the meanings given by Data Protection Law; and
“Subprocessor” means another processor engaged by OneDiary to process Business Personal Data.
2. Processing details
| Item | Description |
|---|---|
| Subject matter | Hosting and operation of appointment booking, diary, staff, communication, payment-status, support and related Platform functions selected by the Business. |
| Duration | For the duration of the Business contract and any limited post-termination period needed for export, deletion, backups, dispute resolution or lawful retention. |
| Nature and purpose | Collection, recording, organisation, structuring, storage, retrieval, consultation, transmission, messaging, availability display, booking administration, support, security, deletion and other processing reasonably necessary to provide the Platform on the Business’s documented instructions. |
| Data subjects | Clients and prospective Clients; Business owners, staff, workers and contractors; authorised representatives; and other people whose information the Business lawfully enters into the Platform. |
| Personal-data types | Names; email addresses; telephone numbers; account and role information; booking dates and times; selected services, staff and add-ons; attendance, cancellation and no-show status; notes; correspondence; preferences; payment amount, status and Stripe identifiers; audit, device, security and support information; and other data the Business lawfully submits. |
| Special-category data | The Platform is not intended as a general medical-record system. Limited health, accessibility or other special-category information may be processed where a Business lawfully decides it is necessary for a Business Service and enters it through a supported field. The Business is responsible for identifying a valid legal condition, giving appropriate information and limiting collection. |
| Business instructions | These Terms, the Business’s configuration and authorised use of the Platform, lawful instructions submitted through supported features, and additional written instructions accepted by OneDiary. |
3. Documented instructions
3.1 Processing only on instructions
OneDiary will process Business Personal Data only on the Business’s documented instructions, including as necessary to provide, secure and support the Platform, unless UK law requires other processing.
3.2 Unlawful instructions
If OneDiary reasonably believes an instruction breaches Data Protection Law, it will inform the Business unless prohibited and may suspend the affected processing while the parties address the issue.
3.3 Legally required processing
Where law requires OneDiary to process Business Personal Data other than on the Business’s instructions, OneDiary will inform the Business before processing unless the law prohibits that information.
4. Confidentiality and personnel
OneDiary will ensure that people authorised to process Business Personal Data:
- are subject to an appropriate duty of confidentiality;
- receive access only where needed for their role;
- receive appropriate privacy and security guidance; and
- process the data only as permitted by this Schedule.
5. Security
5.1 Measures
Taking account of the state of the art, implementation cost, nature and scope of processing and risks to individuals, OneDiary will maintain appropriate technical and organisational measures, which may include:
- encryption in transit and appropriate protection of stored data;
- password hashing, authentication controls and role-based access;
- least-privilege access and prompt removal of unnecessary access;
- logging, monitoring and investigation of security events;
- secure development, dependency management, patching and vulnerability handling;
- backups and recovery arrangements appropriate to the service;
- change control and separation of production access;
- incident-response procedures;
- supplier due diligence and contractual safeguards; and
- periodic review and improvement of controls.
5.2 No reduction
OneDiary may update its measures as technology and risks change but will not materially reduce the overall level of protection during the contract.
5.3 Business security
The Business is responsible for secure use of the Platform, including Account permissions, devices, exports, passwords, local copies and lawful configuration.
6. Subprocessors
6.1 General authorisation
The Business gives OneDiary general written authorisation to appoint Subprocessors needed to provide the Platform.
6.2 Current list
OneDiary will maintain a current list of Subprocessors and relevant processing information at https://onediary.co.uk/subprocessors.php. The list identifies each relevant provider, the service supplied, its data-protection role and the principal processing location or international-transfer information. A provider acting as an independent controller for a particular activity is identified separately and is not a Subprocessor for that activity.
6.3 Changes
OneDiary will give the Business reasonable advance notice, normally at least 15 days, before a new or replacement Subprocessor begins materially processing Business Personal Data.
6.4 Objection
The Business may object during the notice period on reasonable, evidenced data-protection grounds. The parties will discuss a reasonable solution. If no solution is reasonably available, OneDiary may stop the affected feature or the Business may terminate the affected service before the change takes effect. An objection does not entitle the Business to prevent a supplier change for reasons unrelated to data protection.
6.5 Flow-down terms
OneDiary will enter into a written contract requiring each Subprocessor to provide protections materially equivalent to the relevant obligations in this Schedule. OneDiary remains responsible to the Business for the Subprocessor’s performance of those obligations.
6.6 Independent controllers
A provider acting as an independent controller for a particular activity is not a Subprocessor for that activity. Stripe may act as an independent controller for connected-account onboarding, payment processing, fraud prevention and legal compliance under its own terms.
7. International transfers
OneDiary will not make a restricted transfer of Business Personal Data outside the UK unless it uses a lawful transfer mechanism and completes any assessment or supplementary measures required by Data Protection Law.
Where a Subprocessor makes the transfer, OneDiary will require appropriate contractual protections and information reasonably necessary for the Business to understand the transfer.
8. Assistance with rights requests
Taking account of the nature of the processing, OneDiary will provide reasonable technical and organisational assistance to help the Business respond to a request by a data subject exercising rights under Data Protection Law.
If OneDiary receives a request relating principally to Business Personal Data, it may direct the requester to the Business and will notify the Business unless prohibited. OneDiary will not respond substantively on the Business’s behalf except on documented instructions or where legally required.
9. Personal Data Breaches
9.1 Notification
OneDiary will notify the Business without undue delay after becoming aware of a Personal Data Breach affecting Business Personal Data and, where reasonably practicable, within 48 hours.
9.2 Information
As information becomes available, the notice will include, so far as reasonably possible:
- the nature of the breach;
- categories and approximate numbers of affected people and records;
- likely consequences;
- measures taken or proposed; and
- a contact for further information.
OneDiary may provide information in stages and will not delay an initial notice solely because every detail is not yet known.
9.3 Cooperation
OneDiary will take reasonable steps to contain, investigate and remediate the breach and will provide information reasonably needed for the Business’s assessment and notifications. The Business is responsible for deciding whether it must notify a regulator or individual for data it controls.
9.4 No admission
Notification of an incident is not an admission of fault or liability.
10. Compliance assistance
Taking account of the nature of processing and information available, OneDiary will provide reasonable assistance with the Business’s obligations relating to:
- security of processing;
- breach assessment and notification;
- data-protection impact assessments; and
- prior consultation with the Information Commissioner.
Where assistance requires substantial work outside the normal Platform service and the need was not caused by OneDiary’s breach, OneDiary may charge reasonable costs agreed in advance.
11. Deletion and return
11.1 During the contract
The Platform may allow the Business to access, correct, export or delete Business Personal Data, subject to product functionality, legal requirements and the rights of others.
11.2 End of service
At the Business’s written choice, OneDiary will delete or return Business Personal Data after the relevant processing services end, unless law requires retention. If the Business makes no choice, OneDiary may delete or anonymise the data under its documented retention process after the post-termination access period.
11.3 Backups and retained records
Data in backups may remain until overwritten in the ordinary secure backup cycle, provided it is protected and not restored except for recovery. OneDiary may retain limited records needed to establish, exercise or defend legal claims, prevent fraud, maintain security or comply with law and will process them only for those purposes.
12. Information and audits
12.1 Compliance information
OneDiary will make available information reasonably necessary to demonstrate compliance with this Schedule, such as relevant policies, summaries of controls, supplier information and responses to proportionate questionnaires.
12.2 Audit process
The Business may audit OneDiary’s compliance no more than once in any 12-month period, unless a Personal Data Breach, regulator or reasonable evidence of material non-compliance justifies an additional audit.
The Business must:
- give at least 30 days’ notice unless urgency reasonably requires less;
- first use available reports and remote evidence where sufficient;
- ensure the auditor is independent, competent and bound by confidentiality;
- avoid access to another customer’s data, security secrets or systems where access would create risk;
- conduct the audit during normal business hours with minimal disruption; and
- bear its own and OneDiary’s reasonable costs, unless the audit identifies a material breach by OneDiary.
12.3 Regulatory inspection
Nothing in this clause prevents or restricts a competent regulator’s lawful powers.
13. Business obligations as controller
The Business confirms that:
- its instructions and processing have a valid lawful basis and are fair and transparent;
- it has provided all required privacy information and obtained any required consent;
- Business Personal Data is adequate, relevant, accurate and limited to what is necessary;
- it has authority to disclose the data to OneDiary;
- it will not use the Platform as a substitute for a specialist system where the nature or volume of sensitive data makes that inappropriate; and
- it will notify OneDiary of any relevant restriction, objection, correction or deletion requirement that cannot be implemented through the Platform.
14. Liability
Liability arising under this Schedule is governed by clause 24 of the Terms, except to the extent Data Protection Law does not permit a contractual limitation.
Schedule 2 — Marketplace Transparency
1. Eligibility for marketplace display
A Business may be eligible to appear where:
- its public profile is active and not restricted;
- it offers a service relevant to the Client’s search or selected category;
- the relevant Location falls within the Client’s chosen area or distance;
- it has bookable availability or otherwise meets the selected filter; and
- required profile, safety and Account information is sufficiently complete.
A Business may be omitted or de-indexed where its Account is paused, it has no relevant availability, information is incomplete or inaccurate, it breaches these Terms, or restriction is reasonably required for security, quality, fraud prevention or law.
2. Main ranking parameters
Among eligible results, OneDiary may use the following main parameters, in approximate order of relative importance:
- relevance — how closely the Business’s service, category and profile match the Client’s search and filters;
- location — distance from or relevance to the Client’s chosen location;
- availability — whether suitable bookable times are available for the requested date, time or period;
- profile quality and completeness — completeness, accuracy and usefulness of service, price, image, policy and business information;
- reliability and activity — whether the listing is active and reasonably up to date, and indicators connected with availability or booking management;
- reviews — aggregate rating, volume, recency and reliability indicators, without guaranteeing that reviews determine position; and
- rotation and diversity — limited rotation designed to avoid permanently static results and give Clients a useful range of relevant Businesses.
A Client’s query, chosen filters and location will usually have greater influence than the later parameters. We may test minor adjustments to improve relevance or prevent manipulation, provided this does not materially contradict this explanation.
3. Featured, new and sponsored presentation
A “new” label may be used for a recently published listing. A “featured” area may be selected or rotated using relevance, profile quality, geography, availability, recency or editorial suitability.
OneDiary does not currently accept payment for a higher organic ranking. If sponsored placement is introduced, it will be clearly labelled and the effect of payment on prominence will be explained.
4. Data access
4.1 Business data
A Business can access the data described in clause 17. It does not receive another Business’s non-public data or a Client’s activity outside that Business’s relationship.
4.2 OneDiary data
OneDiary can access data needed to operate, secure, support and improve the marketplace, including searches, listing views, booking events, review signals and aggregate performance information.
4.3 Client data
A Client can access their own Account and Appointment information where the Platform provides that functionality.
4.4 End of relationship
Post-termination access and export are described in clause 17.4. OneDiary may continue to use data that has been irreversibly aggregated or de-identified.
5. Other channels and restrictions
A Business may use other booking, marketplace, social, search or direct-sales channels. OneDiary imposes no price-parity or most-favoured-nation obligation.
Where the Business enables a Google, social, website or other distribution integration, Business Content and booking links may be transmitted to or indexed by that provider under its own terms.
6. Differential treatment
OneDiary does not currently supply competing appointment services to Clients. It may use its own test or demonstration profiles for controlled product testing, but those profiles must be clearly identified and must not mislead Clients, distort genuine ratings or displace genuine Businesses in ordinary marketplace results.
7. Complaints
A Business may raise a ranking, listing, data-access, restriction or other marketplace complaint under clause 30. It should identify the search, date, location, filters and evidence where possible.