Basically, there are some important things you need to know in connection with Calenso in compliance with the GDPR. We have therefore compiled the most important legal questions for you. The measures should help you to offer legally correct online appointments.
What do I have to consider during the customer's booking?
In principle, you may collect customer data in accordance with Art. 6 para. 1 lit. a GDPR if the customer consents. Important: You may only collect data that is related to the booking. For example, only use booking questions if they are related to the booked service.
You may process the data if it is necessary for the preparation or fulfillment of the order (Art. 6 para. I lit. b GDPR). Inform your customers about the processing, e.g. on your website or in the company description on your booking page. This information must appear before the data is entered and be visible to the customer. However, it does not necessarily require a box with an opt-in procedure.
It is essential that you inform your customers about the processing of their data. This must include information on how the data is processed, where it goes and what rights the customer has to the data. You can easily do this by accepting the privacy policy before completing the booking. Leave the link to your privacy policy in the box. Do you need help setting up a privacy policy? We recommend the data protection generator from easyRechtssicher.
If you use Calenso, you should add this to your privacy policy. We have already prepared the corresponding text for you ("Template: Implementing Calenso in your own privacy policy")! Copy and paste!
What do I need to consider in relation to the provider?
If the provider is located in the EU, there is no additional effort as they are GDPR-compliant. If you use a provider from a non-EU country, it matters whether the level of data protection is comparable to that of the EU. Switzerland, for example, is not a problem. For countries like the USA, it is problematic. You can find more information here.
The processing of customer data must be in your interest and on your behalf. You must sign an order processing contract with your provider. You can find a corresponding contract from Calenso here.
Make sure that your provider uses encrypted data transmission (Art. 5 para. I lit. f GDPR). You can recognize SSL encryption, for example, if the data is entered on an HTTPS page.
What topics can I inform my customer about?
In principle, you may only use the contact details collected when making an appointment online to confirm and remind the appointment. However, if you would also like to send your customer a newsletter, they must select a corresponding opt-in before confirming the booking. For example, you can add a box: "Keep me informed about news, product information and new products in the future. I would like to sign up for the newsletter." As soon as this box is ticked, you may use the data for advertising purposes.
You may not advertise the online appointment booking service to your customers without their consent. As above, they must agree to a corresponding advertising purpose so that you can inform them about the online appointment booking.
If you have any questions about legal topics, are worried about data security or are otherwise concerned about the processing of data, then get in touch with us! We also recommend the blog post by easyRechtssicher with their data protection generator! Calenso has already been added to easyRechtssicher 's data protection generator.
Are you worried about the risks of making appointments online? Read our article about the risks and the measures Calenso has implemented to counter them.
