The EU General Data Protection Regulation (“GDPR”) comes into effect on May 25, 2018 and will replace the existing EU data protection law.
GDPR gives individuals control over how their personal information is stored and used by companies.
We recommend reading our Privacy, GDPR and Timely guide first, for more information.
If you are based in the EU, or have customers based in the EU, then your customers will need to consent to sharing their personal information with you.
Any personal information that you use and store as part of delivering your services must also meet the requirements under the GDPR framework.
In this guide we'll show you how to:
- Collect and record consent via the online booking process .
- View or update a customer’s consent.
- Head to Setup > Online bookings from the main menu:
- You will be able to apply some basic styles to this policy. Check out the "these shortcuts" link to find out more about formatting your policy:
- Click Save to apply your changes.
- That you are the data controller;
- The full name of your business and your contact details (as the data controller);
- The purpose and legal basis for processing the customer's data (this may be that you have obtained the customer's consent to the processing, or that it's required for the performance of a contract between you and the customer);
- Whether the customer is required to provide personal data (and the consequences for not doing so);
- Your source of the personal data if it has not been provided by the customer directly;
- If you transfer the customer's data, or the recipient of the customer's personal data (i.e. you should include that you transfer the customer's data to Timely for processing);
- If you transfer data internationally and the safeguards you have in place when doing this (i.e. you should include that you transfer the data from the EU to Timely's servers in the US and that there is a contract in place between us to provide safeguards (Timely's Terms of Service and our Data Processing Addendum));
- The retention period of the data, or criteria used to determine the retention period (this could be that you'll only hold data for so long as you are lawfully entitled to, or until the customer requests deletion);
- The customer's rights as a data subject (including the right to access, correct and delete data, and to have the data provided to them in a commonly used and electronic format so they could provide the information to another data controller);
- The right for the customer to withdraw their consent to the processing of their data at any time;
- The right for the customer to lodge a complaint with a supervisory authority about how their data has been handled; and
- Whether the data is used to make automated decisions (and if so, how the decisions are made).
What your customers will see
- When customers book online and get to the last Enter details step, there will be three separate boxes for them to check:
- I want to receive emails with the latest news and updates from <Your Business>.
- I agree to the following cancellation policy.
- Head to the customer’s record.
- Click Edit in the top right corner:
- On the Details tab, you can see the customer's current status:
- Click Save to apply, or x (in the top right corner) to close out of the screen:
This can be viewed or updated by editing their record: