As you know, General Data Protection Regulation is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
It was adopted on 14 April 2016, and after a two-year transition period, becomes enforceable by May 25th 2018.
The GDPR replaces the 1995 Data Protection Directive.[4] Because the GDPR is a regulation, not a directive, it does not require national governments to pass any enabling legislation and is directly binding and applicable
If your business is based in the European Union (EU), or you process the personal data of EU citizens, the General Data Protection Regulation (GDPR) affects you.
As you already know, if you are in the cases provided by the GDPR, you as CONTROLLER of the data must comply with the regulations (customer consent, obligation to inform, appoint a data protection officer, record of processing activities, user rights, etc.).
More information on Privacy and GPRD:
Clic hereGespet in this case is a PROCESSOR that provides you with the means to process the data that you collect and control.
The GDPR indicates that you must obtain specific, informed, unequivocal and freely expressed consent from your users and/or customers. You must also clearly explain how you intend to use their personal information.
We recommend that you consult the regulations or a professional who advises you to comply with all the points of this regulation.
Gespet Solutions make your job easier when it comes to collecting and keeping your users' information safe:
Data Protection Document: Create and format your own document with all the information you need (data processing, responsible parties, ARCO rights, etc.). You can have it printed beforehand or print it on the spot and hand it over to the user.
Store Documents: If you scan documents, for example when they have been signed by your users, as you know, you can store them in Gespet, directly in their profile.
Registration Date and Source of User in the System: When adding a new user, you can register the date and the source of data collection.
Acceptance of Inclusion in the System: When you record user data
in any type of register (database, Excel file, paper, software, etc.),
you must have their acceptance.
In Gespet, you’ll be able to
register their Acceptance.
Unregistration Date and Reason for User in the System: You can deactivate (unregister) a user and record the date and reason for doing so.
Completely Delete a User: Right to erasure or right to be forgotten. You can completely remove a user from the system, along with all their related information (services, sales, animals, etc.).
In Gespet Forms (Online Booking Request, Customers and Pet
Registration, etc.): Request user acceptance of your privacy
policy/legal terms, as well as acceptance to receive communications via
email (required to send them the subsequent
confirmation).
You’ll set the URL where your
privacy/legal terms are located, so users can read them before
accepting the conditions.
If you plan to send commercial or informational messages to the customer, you must have their clear and documented consent.
This can be worded in different ways ("Do you agree to receive
commercial messages?", "I consent to receiving reminders, updates and
promotions", "I agree to receive notifications via email/SMS/WhatsApp",
etc.)
This field is not legally mandatory on its own, but having proof
of consent **is**, and this field helps you cover your bases.
Keep in mind that consent must be:
Freely given (Not tied to anything else)
Explicit (No pre-ticked boxes)
Informed
Verifiable
This is not the same as sending:
Booking or appointment confirmations/cancellations
Appointment or booking reminders
Invoices
Messages required to deliver the agreed service
Or similar types of communication
These are considered transactional messages and, in general, they don’t require specific consent, since they’re essential for providing the service the customer has requested.
Keep in mind that these recommendations are for general guidance only. They may not fully align with the legal requirements in your specific country or region. That’s why we strongly recommend checking with your legal advisor or a data protection expert to make sure you’re fully compliant with the applicable regulations.
As you know, among the Gespet Connectors, you’ll find:
Gespet Connector Customers Registration: This allows the customer to fill in their details and those of their pets, and automatically, you’ll receive them to verify and they’ll be added directly to your database, without the need for you to enter them manually.
Gespet Connector Online Appointment and Booking Requests: You can place this on your website, send it to the customer via WhatsApp, or however you prefer, so the customer can request bookings or appointments online at your business.
These requests are automatically logged, and you decide whether to accept or reject them, notifying the customer directly.
When your customer fills out one of the forms (appointment/booking request, customer registration, etc.):
The corresponding information is recorded in your account: the booking request, customer/pet registration details, etc.
As for privacy/data protection: In the customer's profile > Privacy, the acceptance and all related details are recorded:
It’s automatically stored:
The user's IP address
The browser they used (Chrome, Safari, etc.)
The exact version of the browser
The operating system (Apple, Windows, Android, etc.)
The device (desktop, mobile, etc.)
The exact date and time
In the case above, the data is automatically recorded; you don’t need to do it manually.
The Gespet Connector Customer Registration was designed specifically to make
this task easier.
Simply click a button, and you can send an email or
WhatsApp to the customer with a link to fill in their details and their
pets’
details.
You’ll avoid making errors when entering information manually
It will enhance your business image with a modern and professional look
Privacy/data protection information will be automatically recorded
However, if you're the one adding a new customer, you can access their profile and, in this same Privacy option, you can enter the information.
Both when adding a new customer (option New > Customer) and in customer
profile > Privacy, you'll find the documents you’ve set up (in
the Tools > Documents and Contracts > Privacy type option) in case you want
to print them and hand them to the customer.
When you’re about to contact a customer from Gespet (sending an email, WhatsApp message, etc.), Gespet automatically checks if the customer:
Has that contact method set up. For example, if they have a WhatsApp number or email, etc.
Has accepted or not accepted to receive notifications from you.
Warning 1 will always appear, as if they don't have a WhatsApp number, for
example, it would be impossible to send them a WhatsApp message.
But
validation 2 is configurable. If you don’t need to comply with privacy/data
protection laws, you can deactivate it, and you won’t see these messages.
If you have it active, before sending anything, you’ll see a warning about whether that customer accepts or does not accept receiving communications or notifications from you.
Also, if you click on the View Details option from that
message, you’ll go directly to the customer profile > Privacy
if
you need to consult or make any changes.
Inform your users and/or customers about the processing of their personal data before or just when you give them their data (not afterwards); i.e., prior to obtaining or registering, and the data must has been collected directly from the user.
For this, you can place information on your website, in your business, give them a document with this information that you can have printed in advance or print it at the moment.
The GDPR says you must obtain freely given, specific, informed, and unambiguous consent from your contacts. You also must clearly explain how you plan to use their personal data.
We’ve updated Gespet online booking forms to help you stay compliant with this law. Our optional, GDPR-friendly forms include checkboxes for opt-in consent, and editable sections that explain how and why you are using data.
Gespet offers tools and information as a resource, but we don’t offer legal advice. We recommend you to contact your legal counsel to find out how the GDPR affects you.
As you know, all commercial communications must have been previously requested or expressly consented by the recipient (the user), unless there is a prior commercial relationship or has been obtained from public sources freely accessible.
Everything else, as well as the massive and systematic sending of emails, is considered SPAM and as such, is subject to sanctions.
Before sending emails to your users and/or customers, make sure you have their acceptance and still try to send "responsible" emails.
It is not the same to send an email with a reminder of an appointment that the user and/or customer has requested, with an invoice or with information relevant to a service, to send monthly newsletters or advertising mails.
Although a user has given his consent to send advertising emails, remember not to send too many emails or not relevant information to them. Try to make a responsible or reasonable mailing.
