As you know, General Data Protection Regulation is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
It was adopted on 14 April 2016, and after a two-year transition period, becomes enforceable by May 25th 2018.
The GDPR replaces the 1995 Data Protection Directive. Because the GDPR is a regulation, not a directive, it does not require national governments to pass any enabling legislation and is directly binding and applicable
If your business is based in the European Union (EU), or you process the personal data of EU citizens, the General Data Protection Regulation (GDPR) affects you.
As you already know, you as CONTROLLER of the data must comply with the regulations if you are in the cases provided by the GDPR and Gespet in this case is a PROCESSOR that provides you with the means to process the data that you collect and control.
The GDPR indicates that you must obtain specific, informed, unequivocal and freely expressed consent from your users and/or clients. You must also clearly explain how you intend to use their personal information.
We have updated the online booking forms to help you. Our forms Our forms include check boxes, to obtain the consent of:
Acceptance of receiving communications by email
* You can also configure the URL where your privacy / legal conditions are, so that users can read it before sending the form requesting the online booking.
The software helps you so that you can collect and maintain the secure information of your users:
Data Protection Document: Write and design your own document with all the information you want (data processing, responsible, consent, rights of access/erasure, ...). You can have it printed beforehand or print it at the moment and provide it to the user.
Store documents: If you scan the documents for example with the consent of the customers, you can store them in Gespet, in the customer magic desk.
Date and source of user's registration in the system: When you include a new user, you can record the date and source of the data collection
Consent to inclusion in the system: When you record the data of a user in any type of registry (database, Excel file, sheet of paper, software, ...) you must have the consent of that user.
In Gespet you can register your Consent and the date of it.
Date and reason for the deactivate or erasure: You can deactivate users and you can record the date and reason.
Completely remove a user: Right to erasure. You can completely remove a user from the system with all their related information (services, sales, animals, ...)
STEP 1. THE USER FILLS THEIR DATA IN THE FORM OF YOUR WEB TO REQUEST THE ONLINE RESERVATION
STEP 2. THE RESERVE IS RECORDED IN THE SOFTWARE
STEP 3. YOU RECEIVE AN EMAIL THAT NOTIFIES YOU OF THE NEW RESERVATION
User information is automatically stored:
The IP addess
The Web Browser (Chrome, Safari,...)
The exact version of the browser
The Operative System (Apple, Windows, Android,...)
The device (Desktop, mobile, ..)
The exact date and time
When you add a new client in the system, you can access its privacy tab and include this information to comply with the GDRP and in the same section appear the "Privacy" documents if you want to print them directly
Inform your users and/or clients about the processing of their personal data before or just when you give them their data (not afterwards); i.e., prior to obtaining or registering, and the data must has been collected directly from the user.
For this, you can place information on your website, in your business, give them a document with this information that you can have printed in advance or print it at the moment.
The GDPR says you must obtain freely given, specific, informed, and unambiguous consent from your contacts. You also must clearly explain how you plan to use their personal data.
Gespet offers tools and information as a resource, but we don’t offer legal advice. We recommend you to contact your legal counsel to find out how the GDPR affects you.
As you know, all commercial communications must have been previously requested or expressly consented by the recipient (the user), unless there is a prior commercial relationship or has been obtained from public sources freely accessible.
Everything else, as well as the massive and systematic sending of emails, is considered SPAM and as such, is subject to sanctions.
Before sending emails to your users and/or customers, make sure you have their acceptance and still try to send "responsible" emails.
It is not the same to send an email with a reminder of an appointment that the user and/or customer has requested, with an invoice or with information relevant to a service, to send monthly newsletters or advertising mails.
Although a user has given his consent to send advertising emails, remember not to send too many emails or not relevant information to them. Try to make a responsible or reasonable mailing.