Is Calendly GDPR Compliant?

Image of Iron Brands

Veröffentlicht am 9. Juli 2025 und bearbeitet am 1. Sept. 2025 von Iron Brands

Dieser Inhalt ist noch nicht ins Deutsche übersetzt. Unten finden Sie die englische Version.

TL;DR

Yes - Calendly is GDPR-compliant by default when not using its embed feature. If you are embedding Calendly on your website, then necessary steps must be followed in accordance with GDPR law to make it compliant.

Note: Calendly does not have a way for users to opt out of cookies. This is a gray area, so you need to mention Calendly as an essential tool in your privacy policy.

  1. How to maintain GDPR compliance with Calendly
    1. Request user consent
    2. Don’t move data out of Calendly without explicit permission
    3. Add Calendly to the list of data processors
    4. Monitor data security
  2. Do I need a cookie banner with Calendly?
  3. What Calendly’s Privacy Policy/GDPR page says
  4. About Calendly
Logo of the Government of the United KingdomThe UK Government chose Simple AnalyticsJoin them

How to maintain GDPR compliance with Calendly

If you don’t add Calendly to your website, it is automatically GDPR compliant. But if you do add it, you need to take some extra steps.

Request user consent

Calendly embed by default has a cookie consent, but if you have disabled it knowingly or unknowingly, then adding a cookie consent on your site is mandatory.

<!--Embded with cookie consent disabled -->
<div class="calendly-inline-widget" data-url="https://calendly.com/YOUR_EVENT?hide_gdpr_banner=1" style="min-width:320px;height:630px;"></div>
<script type="text/javascript" src="https://assets.calendly.com/assets/external/widget.js"></script>

<!--Embded with cookie consent enabled -->
<div class="calendly-inline-widget" data-url="https://calendly.com/YOUR_EVENT" style="min-width:320px;height:630px;"></div>
<script type="text/javascript" src="https://assets.calendly.com/assets/external/widget.js"></script>

You can use a free CMP tool like Termly or Cookiebot to manage this step.

Cookie Banner

Don’t move data out of Calendly without explicit permission

By nature, Calendly collects user data such as name and email to schedule a meeting, but remember that you can’t transfer this data from Calendly to other marketing tools like Mailchimp without the user’s explicit permission.

Add Calendly to the list of data processors

Next, Calendly needs to be added to your list of data sub-processors on your privacy policy page. You need to mention what data is sent to Calendly and the reason behind it.

This is mandatory under the new GDPR regulations, and all businesses must comply.

Here’s how you need to mention Calendly in your privacy policy page

Example privacy policy

Monitor data security

According to Article 33 of the GDPR law, it is mandatory to notify users in the event of a data breach. To comply with this, it is essential to monitor Calendly to ensure no data breaches are reported by them. While such incidents are unlikely, they remain a possibility.

Additionally, it’s recommended that you ensure security by having a strong password with Multi-Factor Authentication (MFA) enabled. Even though it's not mandatory, doing this will help you with any possible data leaks due to account hacking, which may cause legal trouble.

Do I need a cookie banner with Calendly?

Yes, you’ll need to add a cookie banner to your website if you are using Calendly’s embeddable booking page feature, as it requires a cookie on your website.

What Calendly’s Privacy Policy/GDPR page says

Source: https://help.calendly.com/hc/en-us/articles/360007032633-GDPR-FAQs

Calendly is committed to ensuring compliance with the General Data Protection Regulation (GDPR) for users and businesses, especially those engaging with European customers. The company has adapted its data privacy practices to meet GDPR requirements and continues to enhance and document its processes.

Key Points:

  • GDPR Compliance:

    Calendly has implemented GDPR standards across its practices, including adding new features such as cookie management tools and streamlined data deletion processes. Documentation and user opt-ins have also been updated to reflect compliance.

  • Data Processing Addendum (DPA):

    Calendly’s Data Processing Addendum is integrated into its Terms of Use. Users automatically benefit from the DPA when accepting these terms, with no separate agreement required.

  • UK Addendum for Standard Contractual Clauses:

    Following Brexit-related changes, Calendly revised its DPA in September 2022 to incorporate the UK Addendum alongside the 2021 EU Standard Contractual Clauses. This covers legal transfers of UK personal data to regions without equivalent data protection standards, such as the United States.

  • Obtaining a Signed DPA:

    For customers needing a signed version of Calendly’s DPA, direct contact with Calendly support is available to facilitate this request.

Related Resources:

Calendly provides additional information and support on topics like data storage, data subject rights, privacy and security, platform security and compliance, and deleting personal data through linked help articles.

Useful Links (included on the page):

About Calendly

Calendly is an easy-to-use online tool that helps you schedule meetings without the back-and-forth emails. By sharing your Calendly link, others can book time on your calendar based on your availability, making scheduling quick and hassle-free for everyone involved.

Worried about GDPR? Skip the legal headaches.

Try Simple Analytics - No cookies, no tracking, no worries.

Jetzt kostenlos starten