Back to Questions Guides

This guide applies to:

  • Basic Edition
  • Plus Edition
  • Pro Edition
  • Business Edition

Introduction

Everything you need to know about how Simply Schedule Appointments handles GDPR and privacy.

See below for some of the most asked questions when it comes to GDPR compliance and how we handle data.


Is this GDPR Compliant?

According to this blog post, Web Privacy, and WordPress GDPR Compliance, the easiest way to make a plugin like ours compliant is to add a required checkbox. This is to verify your customers’ consent to you collecting and storing their personal data.

Our Custom Fields feature is part of SSA Plus (a paid upgrade) and would let you easily create a checkbox with any text which you could use for GDPR compliance.

But! Depending on the customer information that you’re collecting, you may not need a required checkbox. Since you may fall under the lawfulness of processing.

Basic Edition/Free Users

We’re not lawyers but we have spent a lot of time learning and dealing with GDPR since it was introduced.

We believe you can accept bookings and be GDPR compliant without a checkbox. Since SSA is not specifically for marketing or adding to your newsletter, clicking the “Book This Appointment” button shows clear intent to receive transactional emails about the appointment only.

For example, if you sell a product with e-commerce, you’re allowed to send order confirmations and shipment/tracking information without any checkboxes. To add customers to the newsletter, of course, requires additional (opt-in checkbox) consent.

  • There seems to be a pretty good consensus around this under The New Definition of Valid Consent. TermsFeed is a reputable legal company.
  • Mailerlite provides several live examples from big companies under How to ask for consent to one thing
  • Thrive Themes goes over GDPR myths under The Checkbox Myth section

We don’t want to force our users to upgrade just to be GDPR compliant. We strongly believe that when visitors book an appointment they give clear consent to receive booking related emails (again, not for marketing/newsletter purposes of course).


Does SSA Collect Cookies?

We do not collect cookies.

If you’re using the Tracking feature, it’ll track events but only for the tools that you use on your site. The data that Tracking collects is anonymous and not user-specific.


Do You Collect User Data?

We do not collect or save any customer data. And, we do not receive any data from your plugin.

Simply Schedule Appointments is a self-hosted plugin. Meaning it lives and operates completely from your site.

All of the appointment information saves in your personal databases and servers. This information is for your own personal scheduling purposes.

The customer data you request from your booking form is out of our control, we don’t regulate these fields beyond the required Name and Email.

It’s up to you to comply to your country or state policies on collecting customer information.


Can You Auto-Check MailChimp and SMS Consent Boxes?

No, we don’t have any settings to enable auto-checking the consent boxes. Regulations around the world such as GDPR and CCPA prohibit checking subscription checkboxes by default.


Is this plugin HIPAA compliant?

No, but Simply Schedule Appointments is HIPAA-Capable. Read more about this topic in our HIPAA-Capable guide.


Still stuck?

File a support ticket with our five-star support team to get more help.

File a ticket

  • Please provide any information that will be helpful in helping you get your issue fixed. What have you tried already? What results did you expect? What did you get instead?
  • This field is for validation purposes and should be left unchanged.