Matrix Booking Knowledge Base
Matrix Booking Knowledge Base

GDPR, data retention, privacy, limiting visibility and access

This page explains the different security settings available in Matrix Booking:

  1. Introduction

  2. Data retention

  3. Limit booking data visibility

  4. Booking data anonymisation

  5. Visitor data anonymisation

  6. Deactivated users anonymisation

Introduction

While Matrix Booking is designed as a secure system with the ability to set security at various levels, there are some organisations that would like to implement more restrictions around what their staff can see and what data is stored. To help with this, there are a number of different settings that can be added or used to restrict access to data.

Note:

Data retention

As a standard, we retain your booking data in Matrix Booking for the lifespan of your contract. This gives you a number of benefits, including the ability to run historical reports on things like utilisation. If you need a shorter data retention period, normally this will be agreed at the start of your contract and included in there. If you decide at a later date that you wish to hold the data for a shorter period, you can use the anonymisation options outlined below which will allow you to anonymise your data after a certain period in any given location.

Limit booking data visibility

When switched on, this feature affects your whole organisation and booking details that standard users could view will be hidden. A standard user won’t be able to view specific details of meetings (for example, titles or attendees).

When a standard user is logged in and they look at someone else's booking, some of the booking information will be hidden when the feature is switched on.

With booking data visibility:

All bookings tab with booking data visibility and all the booking information.
The view booking pop-up with booking data visibility and all the booking information.

Without booking data visibility:

All bookings tab without booking data visibility and some of the booking information not displaying.
The view booking pop-up without booking data visibility and some of the booking information not displaying.

If you want the limit data visibility feature switched on, raise a change setup support ticket .

Notes:

  • Location managers, location administrators, and administrators can always view all of the booking data.

  • Booking notes can only be viewed by the booking owner, any attendees, location managers, location administrators, and administrators.

Booking data anonymisation

This is the highest level of security for data or bookings that you can have as this allows you to totally anonymise your booking data after X number of days for a location or resource (for example, a meeting room all the way up to your entire organisation). If you want this feature switched on, raise a change setup support ticket .

Once you’ve received confirmation that it’s been switched on:

  1. Access the Advanced booking rules settings .

  2. Select the Anonymise booking after tick box.

  3. Enter the number of days you want bookings to become anonymised by.

  4. Select either of the following and the pop-up will close to return you to the Locations and resources hierarchy:

    • Save to keep you changes.

    • Close to discard your changes.

      Maximum duration and anonymise bookings settings switched on.

  5. Select Save changes.

Notes:

  • Settings from a location or resource that’s higher in your hierarchy will be inherited by locations and resources below it. These settings will appear greyed out in the locations or resources lower in the hierarchy. If they are, this means that these settings are inherited from a higher level in your hierarchy. You may have them switched on at that level for a reason.

  • Changing the settings described above may affect other features you have for your organisation.

If you change this setting for your entire organisation, all bookings in your system older than the number of days you set will be completely anonymised. Bookings and their information are there so your reports on utilisation will still be intact. There won’t be any personal data in them, so this setting should only be used when absolutely necessary.

This data can’t be recovered.

For example:

If the rule was set to 7 days, any bookings older than 7 days would have their data either removed or anonymised. Where the booking title is removed, the booking owner’s name and email address are anonymised.

Regardless of whether the data was removed or anonymised, it can’t be recovered. This process will continue on a daily basis anonymising all data over X days old.

All bookings tab with some bookings being anonymised.

Visitor data anonymisation

You can add a visitor either by:

  • including them to a booking as an external attendee.

  • adding them in the Visitor list by selecting Add Visitor.

When you add a visitor, they are added to your external directory. This means that if that person were to visit again, you don’t need to add all their details again. You can begin entering their name and select them from the list of previous visitors.

By default, Matrix Booking will store your external contacts (for example, visitors) until the end of your contract.

Although this saves time, you may not want to keep this data and would rather have that data removed X number of days after they have visited. The shortest period is 1, which means 1 day after the visit has occurred. The visitor information in Matrix Booking will be permanently deleted and Microsoft 365 will keep the data for a year.

The visitor data anonymisation feature is different to the Anonymise bookings after setting under Advanced booking rules :

  • Visitor “anonymisation” permanently deletes the visitor (not visit) data from the External directory.

  • The Anonymise bookings after setting anonymises booking and visit data while maintaining both the Internal and External directories.

Any removed external contacts on the Visitors list will:

  • Have their information removed and their name updated to External [X].

  • Have their check-in and checkout functionality disabled.

  • Not be able to update the record.

In the example below, the visitor (Jaya Menon) was anonymised:

Example visitor's name anonymised with External X.

Notes:

  • Once anonymised, this data can’t be recovered. If you need to discuss whether this option is right for you, contact your customer success manager .

  • If you’re going to have this feature switched on, you may need to consider what other information is left available. In the example above, we still know it was Jaya Menon who visited because the visitor’s name was included in the booking title.

  • Raise a change setup support ticket to get this feature switched on and let our Support Team know what time period you want before the anonymisation starts.

  • External contacts who have a future visit won’t be anonymised.

Deactivated users anonymisation

Matrix Booking doesn't delete users – they are deactivated only. The reasons for this are that it:

  • Preserves the integrity of your system – if users were deleted, this would delete their bookings, which would affect, for example, utilisation data.

  • Prevents the deactivated user from accessing and using Matrix Booking.

  • Prevents staff from seeing deactivate users.

The preferred approach would be a user anonymisation process. If needed on a periodic basis, we can anonymise your deactivated users so they are unrecognisable. This satisfies data privacy needs and maintains the integrity of the reports. As this a manual process to initiate, we suggest only running the deactivated user anonymisation once every 6 to 12 months. If you want this feature, raise a change setup support ticket .