If you are collecting customer data in order to process a booking and provide your service, you have a clear contractual need to do so and your customers will be aware of that when making the decision to book. Transactional emails and SMS messages such as booking confirmations and appointment reminders fall into this category and are permitted.
However, in order to send marketing communications, you must obtain separate GDPR compliant consent.
We will take care of consents obtained via the Treatwell marketplace and booking widget and will ensure that each customer’s preferences are reflected in Treatwell Connect. It is however your responsibility to ensure consents you obtain from direct customers are GDPR-compliant and correctly reflected in Treatwell Connect at all times.
In order for consent to be GDPR-compliant and for you to confirm in Treatwell Connect that you have the necessary consent from your customer, it must be:
- Freely given: e.g. not a condition to booking a treatment with you
- Specific: to a particular type of marketing (e.g. it should say whether it’s for email or SMS or both)
- Informed: given after the customer has been provided with full details about how their data will be used and what marketing will be sent
- Unambiguous: very clear what they are agreeing to
- Given with a clear affirmative action: pre-ticked boxes are banned!
We will provide you with prompts and reminders within Treatwell Connect so that each time you confirm that consent has been given, you are sure that it complies with the GDPR standard.
You should also ensure you keep a record of when that consent was given (time and date) and how and what message was communicated to the customer at the time. This will be useful to rely on if a customer later forgets they opted in and complains about receiving marketing.