In this guide you'll learn how to record marketing consent within Timely. This will ensure you remain GDPR compliant, and are able to run your business smoothly while keeping your clients information secure. For more information on GDPR and your responsibilities, see our high-level guide on keeping your clients information secure.
Important disclaimer: The contents of this guide and other related GDPR guides are for general information purposes only and do not constitute legal advice. We recommend or talking with your lawyer, or seeking legal advice, about what your business needs to do to be compliant.
How do I best collect and process information?
Under GDPR, it is the responsibility of the businesses using the data (that’s you) to prove that an individual’s information is being collected and stored legally/lawfully. You can find out more about the lawful basis for processing information on the Information Commissioner’s Office (ICO) website.
Important considerations:
- You will need explicit consent to send customers any marketing material via SMS or email. This includes things like newsletters, special offers and other promotional materials. You will need to provide adequate proof that your customers have consented or agreed to receiving marketing messages.
- This will apply to any new customers, but will also affect any existing customers added prior to the 25th May, 2018. If a customer's consent was given in line with the regulations (i.e. they gave explicit consent and weren't automatically opted-in), then you don't have to collect their consent again.
- If customers were automatically opted-in to marketing messages, you must get consent from the customer before you can resume any further marketing messages. Soliciting consent via SMS or email, after the 25th of May 2018, will directly violate the GDPR regulations.
- Customers must be able to consent to marketing communications separately from your privacy policy, and be able to revoke or withdraw their consent at any time.
How do I best record and manage consent?
In Timely, you can send a variety of messages to customers via SMS (text) or email. A customer’s settings and preferences are recorded in their profile and can be updated at any time. This includes:
-
SMS/email reminders and SMS/email booking changes
SMS/email reminders and booking changes are covered under service-based messages, so as long as these are covered in your privacy policy they don’t require a specific opt-in or additional consent from customers. These settings can always be updated in Timely to suit the customer’s requirements.
-
Follow up messages and Rebooking reminders
As Rebooking reminders and Follow up messages can be used for service delivery or marketing purposes, we recommend collecting explicit consent from customers before sending them these types of messages. This can be done by updating their settings, at the time of their visit. Our guide on how to set individual reminder settings for customers has detailed instructions for updating a customer's notification settings.
Bulk SMS marketing via Timely
Timely has a bulk SMS option that allows you to send a single SMS to all of your customers. At the moment, customers are able to opt-out of receiving those messages by replying with "STOP". Customers will have been opted-in to receive those messages by default.
To comply with GDPR, customers will need to explicitly opt-in to this service; this includes both new and existing customers. Failure to opt out of these messages (by replying STOP to a previous bulk SMS message) is not a valid measure of consent.
Email marketing via MailChimp
If you have the MailChimp connection active, customers will be given the option to opt-in to email marketing via MailChimp when they are booking online. They can check the box next to “I want to receive emails with the latest news and updates from <Your Business>” to opt in:
Once a customer is subscribed to MailChimp, you can manage their subscription in MailChimp directly: Unsubscribe people from a list. We recommending reviewing the resources below:
- Timely's guide on troubleshooting with MailChimp.
- MailChimp's guides for Getting Ready for the GDPR and Tools to Help with the GDPR.
Complying with a rights request
Under the GDPR, individual’s also have a number of rights around how their information is used by organisations. Our guide on how to manage personal information requests walks you through those rights and the tools available in Timely to ensure your business remains compliant.