KD Techs is committed to data protection and welcomes the General Data Protection Regulation (GDPR), which was adopted by the European Union (EU) and goes into effect May 25, 2018.
What is GDPR?
The GDPR was created to harmonize data privacy laws across Europe. It protects and empowers all EU citizens data privacy and changes the way businesses handle data privacy.
Does GDPR affect your business?
The GDPR applies to any organization inside or outside the EU who is marketing goods or services to, and/or tracking the behaviours of customers within the EU. If you do business with citizens and residents of the EU that involves the processing or storage of their personal data, this applies to you.
KD Techs and GDPR
Your customer data is a top priority for KD Techs. With millions of customers making appointments every month through our software, we care deeply about their privacy and data security.
We collects data to operate effectively and provide better quality experiences. Below, you will find a list of our products, services, and processes that gather personal data, our purpose and legal basis for processing that information, who we share that information with, and how long we hold that information.
Description of Product, Service, or Process
Our MSC Loyalty System is cloud-based software that helps salon, spa, and fitness professionals run their business successfully. We offer everything from online scheduling to email marketing.
Categories of Personal Data
KD Techs handles the following categories of personal data:
Category of Data Subjects
KD Techs manages information for users of the software. This includes employees of businesses as well as their customers.
Purpose of Processing
Data is used for authenticating user accounts, tracking sales data, booking appointments, sending communications related to services, and email marketing.
Legal Basis for Processing
KD Techs has a legitimate business interest in handling the information on behalf of our customers and their end-users.
Automated Processing or Profiling
Automated processing does not occur.
Categories of Recipients who Receive this Personal Data
Cloud service providers are used to store user data.
Where is Data Stored?
Data is stored on servers located in the United Kingdom
Forever, unless Right to be Forgotten (right for individuals to have personal data erased) is requested by business or end user.
What do we do to ensure data protection for you and your customers?
For security reasons, we do not disclose any further information regarding our system and technology we use, but rest assured that we use enterprise-class hosting and security partners that are all GDPR complaint.
What do you need to do?
While GDPR is a European Union (EU) Regulation, it can affect you if you do business with customers from the EU. GDPR stipulates that customers have the right to access their data or “be forgotten” (be permanently deleted) from your databases.
If you receive such a request from your customers, you can simply contact us to fill out the form and we will process that request for you. You will not lose customer transaction data for your business reports, but all data that can identify that customer such as their name, address, email address, phone numbers, address and birthday information that may be on file will be removed from our databases.
Please remember that customers submitting a request to be forgotten may have active memberships, packages, gift certificates, prepayments for appointments and classes and IOUs. They may also have purchased merchandise that may be returned in the future. It will be up to you to decide to Void, Refund, Collect or do nothing with these items. It will also be your responsibility to delete any future appointments or classes booked by this customer.
Ultimately, you are responsible for following the GDPR and ensuring that you and your employees are compliant. This may include notifying individuals of how you handle their personal information, obtaining their consent when required, and processing their requests to either access their personal data or erasing their personal data (see Right to Access and Right to be Forgotten).
What about Email Messages?
There are two types of emails in our MSC Loyalty System and are defined as follows:
Transactional emails – these are sent in response to a customer’s interaction with a web site or an app and are defined in strictly functional terms. Examples include username and password and password resets.
Marketing emails – these are sent to a list of customers who have opted in for promotional content. Examples include promotions, sales offers, newsletters, new product updates, and emails designed to increase user engagement, etc.
To comply with GDPR, starting May 25th, any new customers entered or imported into MSC Loyalty System will have option to choose the Promotional Emails preference turned OFF by default by the first time they log in on Customer App. Here's what to do to encourage them to receive promotional emails:
Customers manually added to MSC Loyaly System by your staff: Each customer will automatically receive a Welcome Email from your business with their user name and password. After the first log-in, they will be given the option to turn ON Promotion Emails.
Reminders and Confirmations:
Don’t worry about appointment reminders, confirmations and other transactional emails. These are not restricted by GDPR and will continue to be sent out to customers whether or not they choose to opt out of promotional emails.
Customers will continue to have the ability Opt-Out of marketing emails anytime by clicking on OFF button on the Customer App.
Remember, the GDPR only applies to your customers who are citizens or residents of the EU.
Right to Access
The GDPR stipulates that a person has the right to a copy of their personal data. With MSC Loyalty System, a customer has full access to their personal profile and can update, change or delete information at any time.
Right to be Forgotten
The GDPR stipulates that a person has a right to the erasure of personal data. We will process your customers’ requests to “be forgotten” for you. These are the steps we follow:
You as our business customer can simply fill out the “be forgotten” request form.
We will send a confirmation email to you to get the final confirm before the request processed.