Is this GDPR Compliant?

According to this blog post, Web Privacy and WordPress GDPR Compliance, the easiest way to make a plugin like ours compliant is to add a required checkbox. This is to verify your customers’ consent to you collecting and storing their personal data.

Our Custom Fields feature is part of SSA Plus (a paid upgrade) and would let you easily create a checkbox with any text which you could use for GDPR compliance.

But! Depending on the customer information you’re collecting, you may not need a required checkbox since you may fall under the lawfulness of processing.

Prevent External Fonts from Loading

As long as you keep the SSA Style font setting set to Roboto or use a system font, this will prevent the Google Fonts loading from external sources. 

Prevent ip2c.org from Loading

The booking form uses a call to ip2c.org to auto-detect the users phone number country code using their IP address. Set a default phone number country in the SSA General settings, so that the plugin no longer makes that external call.

Avoid Sending User’s Booking Information to External Services

If you’re using the Google Calendar integration, please take some time to review the Calendar Customizations feature to review the booking details you’re including in your events.

Consent to Send Emails

Basic Edition/Free Users

We’re not lawyers, but have spent a lot of time learning and dealing with GDPR since it was introduced.

We believe you can accept bookings and be GDPR compliant without a checkbox. Since SSA is not specifically for marketing or adding to your newsletter, clicking the “Book This Appointment” button shows clear intent to receive transactional emails about the appointment only.

For example, if you sell a product with e-commerce, you’re allowed to send order confirmations and shipment/tracking information without any checkboxes. To add customers to the newsletter, of course, requires additional (opt-in checkbox) consent.

• There seems to be a pretty good consensus around this under The New Definition of Valid Consent. TermsFeed is a reputable legal company.
• Mailerlite provides several live examples from big companies under How to ask for consent to one thing.
• Thrive Themes goes over GDPR myths under The Checkbox Myth section.

We don’t want to force our users to upgrade just to be GDPR compliant. We strongly believe that when visitors book an appointment, they give clear consent to receive booking-related emails (again, not for marketing/newsletter purposes, of course).

As a suggestion, you could utilize the instructions field of the Appointment Type’s Basics tab to include information that by booking an appointment, the user agrees to receive emails about the appointment.

Premium Users

With our Custom Fields feature, you can create a checkbox and set it to required so that users must check it before submitting their booking.

You could also create a separate page for Terms and Conditions, and link to the page via the instructions field for the checkbox. This way, people booking have to consent by checking the box and acknowledging the agreement.