This is not legal advice. We urge you to consult your own legal counsel to familiarize yourself with the requirements that govern your own specific situation.
The General Data Protection Regulation (GDPR) is a comprehensive new European data protection law that will provide greater data protection for individuals in the European Union (EU). The GDPR took effect on May 25, 2018.
At Frederick, we are working hard to ensure that our tools and processes support you in your plans to comply with GDPR. We have updated internal policies and procedures, conducted employee policy training, and released a new "right to be forgotten" feature in Frederick, along with other changes designed to align with GDPR requirements.
What are your obligations as a Subscriber?
If your business is based in the European Union (EU) or you have customers or contacts in the EU, then you will be responsible for ensuring compliance with the key requirements of the GDPR, including how the Frederick platform is used.
As a "data controller" under GDPR terminology, you are responsible for understanding the type of personal information you hold inside and outside of the Frederick platform and ensuring compliance with the key requirements of the GDPR. This includes notifying individuals of how you handle their personal information, obtaining their consent where appropriate, addressing their requests for access to their information, etc. Make sure you and your staff are aware of and fully trained on the type of information you are collecting and how to handle personal data.
What is Frederick doing to support Subscribers as they prepare for GDPR?
Here are some ways you can use the Frederick system to support you as you prepare for GDPR:
Right to be Forgotten:
Subscribers can honor customer requests for deletion by referring customers to the Request to Delete form, found here [link].
Customers can delete their information by filling out the Request to Delete form or by emailing Frederick directly at email@example.com. If a customer submits a deletion request, Frederick will automatically send a confirmation message to the email or phone number submitted. Once confirmed, Frederick will automatically process the request and will notify any Subscriber with that customer’s contact information.
Keep in mind the most common way that customer information is typically imported into Frederick is by syncing with the Subscriber’s business management system (e.g., MINDBODY or Booker). The Request to Delete form will only delete data from the Frederick platform, not the business management system, so if you receive a notification that a request for deletion was submitted by a customer in your contact list, you may need to instruct your customer to make a separate request to delete data from the business management system or handle that request using the controls provided to you by that system.
Exporting of Data:
As personal information stored in Frederick is usually imported as is from a business management system such as MINDBODY or Booker, and those systems provide customer export reports, Frederick is not maintaining a separate customer export report at this time. We will, however, handle requests for data exports of personal information via email to firstname.lastname@example.org.
Frederick has implemented multiple solutions to help customers update their communication preferences and help subscribers keep those preferences synced with the business management system.
- Subscription Preference Page: If customers choose to unsubscribe from communications, they have the option to unsubscribe from all messages or separately from promotional or transactional messages (e.g., reminders, follow ups). In addition, if multiple locations exist within the same Frederick account, customers have the option to unsubscribe from all locations or individual locations.
- Syncing Management System Subscription Preferences to Frederick: Subscribers have the option to "Sync email & text opt-in fields" from an integrated management system. Enable this feature to automatically sync any changes to customer subscription preferences made in your management system back to Frederick.
- Syncing Frederick Subscription Preferences to Management Systems: For participating management systems, a 2-way sync is provided, updating the management system subscription preferences any time a customer self-unsubscribes or self-subscribes in response to a Frederick communication. Currently, this functionality is supported by MINDBODY and Booker business management systems.
Vendors outside of the Frederick Platform:
Subscribers are responsible for destroying any customer data that is stored outside of the Frederick platform and ensuring the destruction of any customer data that the Subscriber shared with any third parties outside of the Frederick system. For example, if you are using an external analytics company, the deletion request should be conveyed to this external vendor so that the customer data may be deleted from this vendor as well. The Subscriber is also responsible for updating or correcting any customer data or preferences that may be stored with third parties.