Once you have made your own independent determination that your organization is impacted by the GDPR, you should follow the below instructions to update your account and ensure compliance.
AppointmentCore provides its users with the tools necessary to comply with the GDPR. However, you are ultimately responsible for ensuring that your use of AppointmentCore is compliant. Below are some considerations for you to use in making this determination, followed by step-by-step instructions on how to enable and use our GDPR Compliance Feature.
Lawful Basis for Processing & Data Protection/Minimization: Where the scheduling process is initiated by a prospect or customer, you likely have a lawful basis for processing the prospect or customer data. However, users should be mindful to only collect that information necessary for their lawful business purposes, and should not collect extraneous information. Businesses are responsible for assessing their own policies regarding the data collected from customers via our system. Users should also be mindful to set strong passwords, and to limit access to customer data by only providing Admin access to qualified/necessary individuals.
Compliance Officers: Depending on the nature of their business, our users may be required to appoint a Data Protection Officer. If your company is required to appoint a data protection officer, you should provide the name and contact information of this officer by emailing [email protected]. Please be sure to update this information if any changes are made.
Data Requests: AppointmentCore provides users with the tools required to respond to data access requests regarding appointments from their customers using the Manage Appointments tab under Account Setting and Extensions.
Data Breach Notifications: In the event of a data breach, AppointmentCore will provide notice to affected parties in a manner consistent with GDPR’s requirements. In the event of a breach, our users may have an obligation to notify the persons from whom data was collected of the breach. In order to ensure you receive this information, please email [email protected] and provide the name and contact information of your appointed representative. Please note that you are responsible for keeping this information up to date.
Step 1: Provide a point of contact for GDPR related matters.
There may be times where the GDPR requires us to communicate certain information to your designated representative. This representative’s name and contact information should be sent to [email protected] with the subject line “GDPR Contact.”
Please have your account admin complete the following:
First, login to your AppointmentCore account: https://www.appointmentcore.com/app
Then click on the tab called “Account Setting and Extensions”
Please read the instructions within this feature. If you determine your company must comply with the GDPR, go ahead and turn on the GDPR Compliance feature! This will turn on the GDPR Compliance feature for all users in your account. As stated in the instructions, turning on the GDPR Compliance feature will add a consent checkbox to every booking link. Individual users will not be able to and do not need to go through this process, and consent checkboxes will appear in their booking links as long as the Admin has turned on this feature.
Step 3: Analyze whether additional steps are necessary to comply.
AppointmentCore provides its users with the tools necessary to comply with the GDPR. However, you are ultimately responsible for ensuring that your use of AppointmentCore is compliant and should conduct your own analysis of whether any additional measures are required.
Please visit our GDPR page to access additional information to learn about and prepare for your company’s compliance with the GDPR.