Skip to content
Reservation StudioBusiness
Platform

Manage

Platform overview Appointments and front desk Client records and repeat visits Forms and pre-visit preparation Memberships, vouchers, and remaining visits Services, team, availability

Grow

Online booking, website, and widget Marketplace, public profile, and apps Notifications, reminders, and messaging Marketing, reviews, and repeat visits

Get paid

Payments, sales, and balances Commissions and payouts Inventory and retail Reports and analytics

Connect

Calendar sync and connected tools External connectivity NHIS (HIS BG) Access and apps

Help and intelligence

Support AI assistance
Solutions
Solutions overview Beauty and aesthetics Clinics and specialty practices Spa and wellness Sports and group activities Multi-location teams
Resources
System login Blog Data migration About Partnerships
Pricing
EN BG
Book demo

Menu

Mobile navigation

Platform

Manage

Platform overview Appointments and front desk Client records and repeat visits Forms and pre-visit preparation Memberships, vouchers, and remaining visits Services, team, availability

Grow

Online booking, website, and widget Marketplace, public profile, and apps Notifications, reminders, and messaging Marketing, reviews, and repeat visits

Get paid

Payments, sales, and balances Commissions and payouts Inventory and retail Reports and analytics

Connect

Calendar sync and connected tools External connectivity NHIS (HIS BG) Access and apps

Help and intelligence

Support AI assistance
Solutions
Solutions overview Beauty and aesthetics Clinics and specialty practices Spa and wellness Sports and group activities Multi-location teams
Resources
System login Blog Data migration About Partnerships
Pricing
Book demo
Language
EN BG

Cookies

We use cookies to run the site, and with your consent for analytics and marketing. Cookie policy

Legal information

Privacy Policy

This policy explains how personal data is processed when using Reservation.Studio and reservation.business.

Last updated: 21 January 2026

1. Scope

This Privacy Policy (“Policy”) explains how ProVision Media Group Ltd. (“we”, the “Operator”) processes personal data when using:

  • Reservation.Studio on the reservation.studio domain – a platform and marketplace for bookings and business management (the “Platform”);
  • reservation.business – an informational website for the software (the “Informational Website”).

Together, they are referred to as the “Service”.

2. Controller and contacts

  • Personal data Controller, where we act as Controller: ProVision Media Group Ltd.
  • VAT number: BG123644749.
  • UIC: 123644749.
  • Correspondence address: Sofia, 31 Eduard Totleben Blvd., office 21.
  • Contact and personal data email: [email protected].

3. GDPR roles – Controller and Processor

The Service is used by:

  • “Businesses” – for example fitness studios, salons, and healthcare providers;
  • “End Customers” – individuals who make bookings, purchases, or memberships with a specific Business.

Depending on the functionality, we act as:

  • Processor – when we process End Customer data on behalf of and under the instructions of a Business, for example bookings, visits, memberships, purchases, or booking-related files.
  • Controller – when we process data for the Platform’s own purposes: accounts, security, anti-fraud, logs, support, Platform subscription management, billing to Businesses, improvements, and analysis of Service performance.

When we act as Processor, the Business is the Controller and is responsible for providing the necessary information to its customers and for administering GDPR rights requests regarding the data it controls.

4. What data we process

4.1. Data about Businesses and business account users

Name or company name, contact details, employee user profiles, roles and permissions, service and policy settings, Platform subscription information (plan, status, billing), action history (audit log), technical identifiers, and logs.

4.2. End Customer data in the context of a specific Business

Name, email, phone number, bookings and visits, purchases and memberships, attached files, and other data that the Business enters or stores about the customer.

4.3. Payments and cards

Payments are processed through Stripe. Payment card data is stored and processed by Stripe (PCI-DSS). We do not store full card data. We use tokens, identifiers, and transaction data (amount, currency, status, reason) needed to administer payments and reports.

4.4. Special categories of data – NHIS and outpatient records

For healthcare providers and medical businesses, the Platform may store data from outpatient records and other medical documentation through an NHIS integration. This is a special category of personal data. In these cases, the specialist with a valid UIN number is the Controller, and the Platform acts as Processor under the specialist’s instructions.

4.5. Deletion of personal data

Users have the right to request deletion of their personal data.

If you want to submit a request for deletion of data related to Reservation Studio, you can do this in one of the following ways:

  • by sending an email to [email protected];
  • by submitting a request through the contact form: https://reservation.studio/en/pages/contacts.

Please include enough information in your request to allow us to identify your account.

Deletion requests are processed within 30 days of receipt, except where retention of certain information is necessary to comply with legal obligations or for legitimate administrative purposes.

If you used Facebook Login, you may also request deletion of your data through your Facebook account settings.

5. Purposes and legal bases when we act as Controller

We process personal data on the following bases:

  • performance of a contract or pre-contractual steps – providing access to the Service, account management, and support;
  • legal obligation – accounting and tax requirements, such as billing to Businesses;
  • legitimate interest – security, fraud prevention, protection of rights, improvements, and reliability;
  • consent – for certain cookies, analytics, or marketing technologies where applicable.

6. Automatic off-session charges and card linking

End Customers may add a card linked only to a specific Business. Where consent exists and under the policies of that Business, the Business may initiate automatic off-session charges without the customer’s presence, for example for subscriptions, memberships, visits, products, deposits, or no-show fees, where this relates to the customer’s bookings, purchases, or memberships.

The transaction description on the bank statement may differ depending on the Business configuration in Stripe. The Business remains the merchant that provides the service and determines cancellation or refund policies.

7. Communications and notifications

We send transactional notifications, such as confirmations, reminders, changes, cancellations, receipts, and payment statuses, through different channels such as email, SMS, or push. Some of these notifications are sent on behalf of or according to the settings of a specific Business.

8. Recipients and subprocessors

We share data only where necessary with:

  • Stripe – payment processing and card storage;
  • Google Cloud Platform (GCP) – hosting and data storage in the europe-west1 region;
  • email, SMS, and push notification providers – for sending notifications;
  • analytics and marketing tools, such as Google Analytics – according to cookie settings and applicable consent.

Due to commercial sensitivity, we do not publish a complete public list of specific messaging providers. We provide additional information upon a justified request to [email protected].

9. Transfers outside the EEA

Some providers, such as payment and analytics services, may process data outside the European Economic Area. Where applicable, we use appropriate safeguards, such as standard contractual clauses.

10. Retention periods

By default, we do not automatically delete booking or history data while the relevant Business has an active account, so that history, accountability, and protection in disputes can be preserved. The Business, as Controller, may have its own retention periods and may request deletion or anonymization where applicable.

Practical guidelines, unless the Business determines otherwise:

  • technical and security logs: up to 12 months, or longer during investigation of an incident or fraud;
  • backups: up to 90 days for technical reasons, after which they are overwritten;
  • payment and billing data for Businesses: according to applicable accounting and tax requirements;
  • medical documentation (outpatient records): retention periods are determined by the healthcare provider as Controller.

11. Data subject rights

You have the rights of access, rectification, deletion, restriction, objection, and portability, as well as the right to lodge a complaint with the Bulgarian Commission for Personal Data Protection.

For data that a specific Business processes as Controller, such as your bookings with that Business, address your request to the Business first. We will assist as Processor where applicable.

For processing where we act as Controller, write to [email protected].

12. Security

We apply organizational and technical measures to protect data, including role-based access control, action logging, encryption in transit, monitoring, and backups. For payment data, we rely on Stripe (PCI-DSS).

The Service is provided “as is” and does not guarantee uninterrupted availability, absence of technical errors, or absolute security.

13. Cookies and similar technologies

The Informational Website and/or the Platform use cookies and similar technologies for functionality, statistics, and marketing, for example Google Analytics. Where applicable, you will be able to give or refuse consent through a banner or settings.

14. Minors

Minors may use the Service only with the knowledge and participation or consent of a parent or legal guardian, according to the policies of the relevant Business and applicable law.

15. Restriction and termination

The Operator of the Service has the right to restrict access, temporarily suspend, or terminate an account in case of:

  • violation of the law;
  • violation of the Terms and Conditions;
  • misuse of the system;
  • unpaid obligations.

16. Changes to this Policy

We may update this Policy. The current version is published in the Service. In case of material changes, we may notify you through a notice.

Reservation.Business

Reservation.Studio Business brings scheduling, clients, staff, online booking, payments, marketing, and reports into one workspace.

Book demo
Platform
Platform overview Appointments and front desk Client records and repeat visits Notifications, reminders, and messaging Online booking, website, and widget Marketplace, public profile, and apps Payments, sales, and balances Marketing, reviews, and repeat visits Reports and analytics
Solutions
Solutions overview Beauty and aesthetics Clinics and specialty practices Spa and wellness Multi-location teams
Next steps
Pricing Book demo Data migration Contact
Company
Blog About Partnerships
Privacy policy Terms of use Cookie policy
Language
EN BG
Reservation.Business © 2026