Treatwell is 100% committed to GDPR compliance. We have a dedicated team who helped us prepare for the changes in regulations for over a year, meaning that we are the perfect partner to help you comply with GDPR.
There are a number of ways in which Treatwell can help you to be compliant with GDPR. These include:
- Secure storage of personal data. Treatwell Connect allows you to securely store your customer data whether that be customers who have booked via the Treatwell marketplace, the booking widget or directly at your salon. Connect is a cloud-based software, which means that all data is safely stored on servers with the highest levels of reliability. These servers have fail safe procedures in place so that, in the unlikely event anything should happen, the system retains its resilience, meaning your customer data remains safe at all times.
- Helpful reminders & prompts to keep GDPR at front of mind. You will receive reminders and prompts in Treatwell Connect to ensure you are keeping GDPR in mind at all times. These are designed to be helpful without being intrusive. These will ask you whether your customers have given GDPR consent to be sent marketing communications via email and SMS or remind you if a customer has previously unsubscribed from marketing and when they did so. These reminders will appear when you add an appointment, add a new individual customer or when you do a bulk upload of your customer database. You will be required to individually confirm whether or not each customer is happy to receive marketing communications from you.
- Full visibility & control over access to Treatwell Connect. Treatwell Connect allows you to segment which customer data is exposed to which Connect users. It is however your responsibility to ensure you make the most of these controls to the benefit of your customers.
- Obtaining GDPR compliant marketing consent on your behalf. We are updating our opt-ins to make it even clearer for our customers what they are opting in to and what to do if they change their mind. This applies to consents obtained for both the Treatwell newsletter and by us on your behalf so that you can send your own marketing emails and SMS to customers. You will see this in place by 25 May 2018.
- We have put in place clear processes for dealing with individual requests such as deletion requests and subject access requests. If you ever receive one from a customer and need our support, please let us know. Likewise if we receive one and need your support, we will contact you. We must work together as partners to comply with GDPR and individual customer requests.
- We have updated our Partner Terms of Business to include GDPR compliant data processing terms between us (see [clause 8]) which we are both required to have in place. See here for further details for the UK, and here for IE. Our relationship and responsibilities differ depending on the type of customer as follows:
- Direct Customers: you are controller, we are processor. We act in accordance with your instructions.
- Widget Customers: you are controller, we are processor, except where customers opt-in to the Treatwell newsletter when booking, in which case we are independent controllers in respect of that data. We act in accordance with your instructions except with regard to our own marketing communications.
- Treatwell Customers: we are independent controllers, both collecting personal data from customers to fulfil our own obligations to the customer: us to process the booking and you to provide the service.