Are we GDPR compliant?
The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. It also addresses the export of personal data outside the EU.
GDPR Data Protection Principles
According to the GDPR, personal data must be processed in fulfillment of six data protection principles:
- Processed lawfully, fairly and transparently and should only be used in a way that a person would reasonably expect.
- Collected only for specific legitimate purposes and used for those purposes only.
- Adequate, relevant and limited to what is necessary. No more than the minimum amount of data should be kept for specific processing.
- It must be accurate and kept up to date.
- Stored only as long as is necessary and no longer.
- Ensure appropriate security, integrity, and confidentiality. Data should be processed “in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures” (article 5, clause 1f).
The organization should implement an opt-in policy and have a data subject’s consent to process their personal data. People covered by the GDPR have the right to access their own personal data, get a copy of their data, ask for an update, deletion, or their data to be moved to another organization.
What we did at Appointfix to be compliant:
- We’ve provided a way for businesses to request a data export of their Appointfix account or request permanent account deletion.
- We’ve changed our approach regarding marketing messages. Users now need to opt-in specifically to receive marketing messages via email or push notifications. Note: our users will continue to receive service-related messages.
- We’ve appointed a Data Protection Officer (DPO).
- We’ve tightened up internal access policies so the right people have the right access to customer data within Appointfix.
- We’re ensuring that our providers (Hetzner Online, Sendgrid, Nexmo) are GDPR compliant.
Exporting and deleting your information
You can export a copy of your information or delete your account from Appointfix at any time.
In order to export or delete your data:
- Open the App on your device
- Click the menu button in the top-left corner
- Scroll down and select the option showing your email and photo to open your account settings
- Scroll down to find the options to Export data or Delete account
- Enter your password again to verify your identity
If you’re exporting your data, you will receive an email with a link to download your data from Appointfix: clients, services, appointments.
If you’re deleting your account, you will have to confirm the deletion as it will permanently remove all your information from Appointfix.
Need more Information?