General Data Protection Regulation (GDPR)
eFind guide to the European privacy and data protection changes eFind is committed to data protection and welcomes the General Data Protection Regulation (GDPR), which was adopted by the European Union (EU) and went into effect May 25, 2018.
What is GDPR?
The GDPR was created to harmonize data privacy laws across Europe. It protects and empowers all EU citizens data privacy and changes the way businesses handle data privacy.
Does GDPR affect your business?
The GDPR applies to any organization inside or outside the EU who is marketing goods or services to, and/or tracking the behaviors of customers within the EU. Basically, if you do business with citizens and residents of the EU that involves the processing or storage of their personal data, this applies to you.
eFind and GDPR
Your customer data is a top priority for eFind and we care deeply about their privacy and data security.
eFind collects data to operate effectively and provide better quality experiences. Below, you will find a list of our products, services, and processes that gather personal data, our purpose and legal basis for processing that information, who we share that information with, and how long we hold that information.
Description of Product, Service, or Process
eFind is cloud-based software that helps people run their business successfully. We offer everything from online scheduling to email marketing.
Categories of Personal Data
eFind handles the following categories of personal data:
Category of Data Subjects
eFind manages information for users of the software. This includes employees of businesses as well as their customers.
Purpose of Processing
Data is used for authenticating user accounts, tracking sales data, booking appointments, sending communications related to services, and email marketing.
Legal Basis for Processing
eFind has a legitimate business interest in handling the information on behalf of our customers and their end-users.
Automated Processing or Profiling
Automated processing does not occur.
Categories of Recipients who Receive this Personal Data
Cloud service providers are used to store user data and payment card processors are used to process credit card payments.
Where is Data Stored
Data is stored on servers located in the United States.
Forever, unless Right to be Forgotten (right for individuals to have personal data erased) is requested by business or end user.
What do we do to ensure data protection for you and your customers?
For security reasons, we do not disclose any further information regarding our system and technology we use, but rest assured that we use enterprise-class hosting and security partners that are all GDPR complaint.
What do you need to do?
While GDPR is a European Union (EU) Regulation, it can affect you if you do business with customers from the EU. GDPR stipulates that customers have the right to access their data or "be forgotten" (be permanently deleted) from your databases.
You will not lose customer transaction data for your business reports, but all data that can identify that customer such as their name, address, email address, phone numbers, address and birthday as well as credit card information that may be on file will be removed from our databases.
Please remember that customers submitting a request to be forgotten may have active memberships, packages, gift certificates, prepayments for appointments and classes and IOUs. They may also have purchased merchandise that may be returned in the future. It will be up to you to decide to Void, Refund, Collect or do nothing with these items. It will also be your responsibility to delete any future appointments or classes booked by this customer.
Ultimately, you are responsible for following the GDPR and ensuring that you and your employees are compliant. This may include notifying individuals of how you handle their personal information, obtaining their consent when required, and processing their requests to either access their personal data or erasing their personal data.
What about Email Messages?
There are two types of emails in eFind and are defined as follows:
What about SMS/Text Messages?
Since eFind does not do Text Marketing and all text messages are transactional only, there are no issues.
Right to Access
The GDPR stipulates that a person has the right to a copy of their personal data. With eFind, a customer has full access to their personal profile and can update, change or delete information at any time.
Right to be Forgotten
The GDPR stipulates that a person has a right to the erasure of personal data. We will process your customers' requests to "be forgotten" for you.
If you have any questions regarding GDPR, you can simply email firstname.lastname@example.org