How to record marketing consent in Timely
The EU General Data Protection Regulation (“GDPR”) comes into effect on May 25, 2018 and will replace the existing EU data protection law.
GDPR gives individuals control over how their personal information is stored and used by companies.
We recommend reading our Privacy, GDPR and Timely guide first, for more information.
In this guide, we’ll cover how Timely can help you to comply with those requirements:
Disclaimer: The contents of this guide and other related GDPR guides are for general information purposes only and do not constitute legal advice. We recommend or talking with your lawyer, or seeking legal advice, about what your business needs to do to be compliant.
Collecting and processing information lawfully Under GDPR, it is the responsibility of the businesses using the data (that’s you) to prove that an individual’s information is being collected and stored legally/lawfully.
You will need explicit consent to send customers any marketing material via SMS or email. This includes things like newsletters, special offers and other promotional materials. You will need to provide adequate proof that your customers have consented or agreed to receiving marketing messages.
This will apply to any new customers, but will also affect any existing customers added prior to the 25th May, 2018. If a customer's consent was given in line with the regulations (i.e. they gave explicit consent and weren't automatically opted-in), then you don't have to collect their consent again.
If customers were automatically opted-in to marketing messages, you must get consent from the customer before you can resume any further marketing messages. Soliciting consent via SMS or email, after the 25th of May 2018, will directly violate the GDPR regulations.
You can find out more about the lawful basis for processing information on the Information Commissioner’s Office (ICO) website ( Link).
Recording and managing consent In Timely, you can send a variety of messages to customers via SMS (text) or email. A customer’s settings and preferences are recorded in their profile and can be updated at any time. This includes:
- SMS/email reminders*
- SMS/email booking changes*
- Follow up messages
- Rebooking reminders
- SMS/text marketing (Bulk SMS)
- Email marketing (via Mailchimp)
As Rebooking reminders and Follow up messages can be used for service delivery or marketing purposes, we recommend collecting explicit consent from customers before sending them these types of messages. This can be done by updating their settings, at the time of their visit.
Our How to set individual reminder settings for customers guide has detailed instructions for updating a customer's notification settings.
Bulk SMS marketing via Timely
Timely has a bulk SMS option that allows you to send a single SMS to all of your customers. At the moment, customers are able to opt-out of receiving those messages by replying with "STOP". Customers will have been opted-in to receive those messages by default.
To comply with GDPR, customers will need to explicitly opt-in to this service - this includes both new and existing customers. Failure to opt out of these messages (by replying STOP to a previous bulk SMS message) is not a valid measure of consent.
To ensure compliance, we will be suspending the bulk SMS service for our UK/EU based customers after the 25th of May, 2018. This will be in place until we are able to develop a solution that allows you to easily re-permission (gain explicit consent) from customers.
Email marketing via MailChimp
If you have the MailChimp connection active, customers will be given the option to opt-in to email marketing via MailChimp when they are booking online.
They can check the box next to “I want to receive emails with the latest news and updates from <Your Business>” to opt in:
Once a customer is subscribed to MailChimp, you can manage their subscription in MailChimp directly: Unsubscribe people from a list. Check out our Troubleshooting | MailChimp guide for more information on managing consent and subscriptions via MailChimp.
MailChimp also have a few guides around GDPR that are well worth a read:
Complying with a rights request Under the GDPR, individual’s also have a number of rights around how their information is used by organisations.
Our How to manage personal information requests guide steps you through those rights and the tools available in Timely to ensure you can comply with them.