In order to comply with GDPR, it's important to:
- Only upload customer data into Treatwell Connect from customers who have willingly provided their data in the course of making a direct booking with you (never from any other source) and only mark them as having consented to receive marketing if you have obtained GDPR consent.
- Use strong passwords for Treatwell Connect.
- Never share your Treatwell Connect login details.
- Make full use of different access control types (for owners, managers, employees) to ensure salon employees have no more access to personal data than they need to perform their role.
- Always ensure that login details are changed when an employee leaves.
- Make sure your employees are aware of their responsibilities to GDPR and train them to understand the importance of looking after customer personal data. We all have a part to play.
- If you have a website, ensure you have a GDPR compliant privacy statement which customers can see. You can find Treatwell’s current privacy statement here.
- Do not upload credit card details into Treatwell Connect as this is sensitive data which is not required to be held in Treatwell Connect.
- Always think before writing notes into Treatwell Connect regarding customers and remember that all data could be requested by a customer as part of a “Data Subject Access Request”. Only store data that you actually need.