In this document:
Introduction
Everything you need to know about how Simply Schedule Appointments handles GDPR and privacy.
Please take a look below for some of the most asked questions regarding GDPR compliance and how we handle data.
Is this GDPR Compliant?
According to this blog post, Web Privacy and WordPress GDPR Compliance, the easiest way to make a plugin like ours compliant is to add a required checkbox. This is to verify your customers’ consent to you collecting and storing their personal data.
Our Custom Fields feature is part of SSA Plus (a paid upgrade) and lets you easily create a checkbox with any text for GDPR compliance.
But! Depending on the customer information you’re collecting, you may not need a required checkbox since you may fall under the lawfulness of processing.
Prevent External Fonts from Loading
As long as you keep the SSA Style font setting set to Roboto or use a system font, this will prevent the Google Fonts loading from external sources.
Prevent ip2c.org from Loading
The booking form uses a call to ip2c.org to auto-detect the users phone number country code using their IP address. Set a default phone number country in the SSA General settings, so that the plugin no longer makes that external call.
Avoid Sending User’s Booking Information to External Services
If you’re using the Google Calendar integration, please take some time to review the Calendar Customizations feature to review the booking details you’re including in your events.
Consent to Send Emails
Use the Notification Opt-In feature to give your customers the option to opt in to receive email and SMS notifications from their SSA appointments.
We do not collect cookies.
If you’re using the Tracking feature, it’ll track events but only for the tools that you use on your site. The data that Tracking collects is anonymous and not user-specific.
Do You Collect User Data?
We do not collect or save any customer data. And, we do not receive any data from your plugin.
Simply Schedule Appointments is a self-hosted plugin. Meaning it lives and operates entirely from your site.
All of the appointment information saves in your personal databases and servers. This information is for your own personal scheduling purposes.
The customer data you request from your booking form is out of our control; we don’t regulate these fields beyond the required Name and Email.
It’s up to you to comply with your country or state’s policies on collecting customer information.
Can You Auto-Check MailChimp and SMS Consent Boxes?
No, we don’t have any settings to enable auto-checking the consent boxes. Regulations around the world, such as GDPR and CCPA, prohibit checking subscription checkboxes by default.
Is this plugin HIPAA compliant?
No, but Simply Schedule Appointments is HIPAA-Capable. You can read more about this topic in our HIPAA-Capable guide.