In this document:
Everything you need to know about how Simply Schedule Appointments handles GDPR and privacy.
See below for some of the most asked questions when it comes to GDPR compliance and how we handle data.
Is this GDPR Compliant?
According to this blog post, Web Privacy, and WordPress GDPR Compliance, the easiest way to make a plugin like ours compliant is to add a required checkbox. This is to verify your customers’ consent to you collecting and storing their personal data.
But! Depending on the customer information that you’re collecting, you may not need a required checkbox. Since you may fall under the lawfulness of processing.
Basic Edition/Free Users
We’re not lawyers but we have spent a lot of time learning and dealing with GDPR since it was introduced.
We believe you can accept bookings and be GDPR compliant without a checkbox. Since SSA is not specifically for marketing or adding to your newsletter, clicking the “Book This Appointment” button shows clear intent to receive transactional emails about the appointment only.
For example, if you sell a product with e-commerce, you’re allowed to send order confirmations and shipment/tracking information without any checkboxes. To add customers to the newsletter, of course, requires additional (opt-in checkbox) consent.
- There seems to be a pretty good consensus around this under The New Definition of Valid Consent. TermsFeed is a reputable legal company.
- Mailerlite provides several live examples from big companies under
How to ask for consent to one thing
- Thrive Themes goes over GDPR myths under The Checkbox Myth section
We don’t want to force our users to upgrade just to be GDPR compliant. We strongly believe that when visitors book an appointment they give clear consent to receive booking related emails (again, not for marketing/newsletter purposes of course).
We do not collect cookies.
If you’re using the Tracking feature, it’ll track events but only for the tools that you use on your site. The data that Tracking collects is anonymous and not user-specific.
Do You Collect User Data?
We do not collect or save any customer data. And, we do not receive any data from your plugin.
Simply Schedule Appointments is a self-hosted plugin. Meaning it lives and operates completely from your site.
All of the appointment information saves in your personal databases and servers. This information is for your own personal scheduling purposes.
The customer data you request from your booking form is out of our control, we don’t regulate these fields beyond the required Name and Email.
It’s up to you to comply to your country or state policies on collecting customer information.
Can You Auto-Check MailChimp and SMS Consent Boxes?
No, we don’t have any settings to enable auto-checking the consent boxes. Regulations around the world such as GDPR and CCPA prohibit checking subscription checkboxes by default.
Is this plugin HIPAA compliant?
No, but Simply Schedule Appointments is HIPAA-Capable. Read more about this topic in our HIPAA-Capable guide.
File a support ticket with our five-star support team to get more help.