GDPR
Glowreous is compliant to the European privacy and data protection changes.
You (the merchant/retailer) can read all the related information below. Glowreous is committed to data protection and welcomes the General Data Protection Regulation (GDPR), which was adopted by the European Union (EU) and goes into effect May 25, 2018.
Does GDPR affect a Merchant/ Retailer business?
The GDPR was created to harmonize data privacy laws across Europe. It protects and empowers all EU citizens data privacy and changes the way businesses handle data privacy. The GDPR applies to any organization inside or outside the EU who is marketing goods or services to, and/or tracking the behaviors of customers within the EU.
Glowreous and GDPR
Your customer data protection is a top priority for Glowreous. With customers making appointments every month through our software, we care deeply about their privacy and data security. Glowreous, Inc. collects data to operate effectively and provide better quality experiences. Below, you (the merchant/retailer) will find a list of our products, services, and processes that gather personal data, our purpose and legal basis for processing that information, who we share that information with, and how long we hold that information.
Description of Product, Service, or Process
Glowreous is a cloud-based software that helps lifestyle, travel, salon, spa, and wellness professionals run their business successfully. We offer everything from online scheduling to email marketing. For more information visit Glowreous.com.
Categories of Personal Data
Glowreous handles the following categories of personal data:
Identifying information (e.g. gender and name).
Personal history data (e.g. appointments/classes, memberships, packages, gift certificates, and products).
Social and contact information (e.g. address, email address, phone numbers, address, and birthday).
Financial data via Stripe (e.g. sales data and credit card information). Tracking data (e.g. customer’s IP location when booking online or via the app).
Category of Data Subjects
Glowreous manages information for users of the software. This includes employees of businesses as well as their customers.
Purpose of Processing
Data is used for authenticating user accounts, tracking sales data, booking appointments, sending communications related to services, and email marketing.
Legal Basis for Processing
Glowreous has a legitimate business interest in handling the information on behalf of our customers and their end-users.
Automated Processing or Profiling
Automated processing does not occur.
Categories of Recipients who Receive this Personal Data
Cloud service providers are used to store user data and payment card processors are used to process credit card payments.
Where is Data Stored
Data is stored on servers located in the United States.
Retention Period
Forever, unless Right to be Forgotten (right for individuals to have personal data erased) is requested by business or end user.
What do we do to ensure data protection for you (the merchant/retailer) and your customers?
All transmissions from your computer or mobile app are encrypted via HTTPS (SSL).
All credit card transactions are secured through Stripe and banking networks.
Our application data is hosted at data centers where rigorous security includes on-site 24/7 staff, alarm systems, card key access, CCTV archived video, fully redundant power supplies, multiple backup generators, hosts of Tier 1 Internet providers, and laser-based early smoke detection. Our data centers maintain all the compliant security certifications. For security reasons, we do not disclose any further information regarding our system and technology we use, but rest assured that we use enterprise-class hosting and security partners that are all GDPR complaint.
What a Merchant/ retailer needs to do when receiving a request
While GDPR is a European Union (EU) Regulation, it can affect you if you do business with customers from the EU. GDPR stipulates that customers have the right to access their data or “be forgotten” (be permanently deleted) from your databases.
If you (the merchant/retailer) receive such a request from your customers, you can simply Click Here to fill out the form and we will process that request for you. You will not lose customer transaction data for your business reports, but all data that can identify that customer such as their name, address, email address, phone numbers, address and birthday as well as credit card information that may be on file will be removed from our databases.
Please remember that customers submitting a request to be forgotten may have active memberships, packages, products, gift certificates, prepayments for appointments or other. They may also have purchased merchandise that may be returned in the future. It will be up to you (the merchant/retailer) to decide to Void, Refund, Collect or do nothing with these items. It will also be your responsibility to delete any future appointments or classes booked by this customer.
Ultimately, you (the merchant/retailer) are responsible for following the GDPR and ensuring that you and your employees are compliant. This may include notifying individuals of how you handle their personal information, obtaining their consent when required, and processing their requests to either access their personal data or erasing their personal data (see points below: Right to Access and Right to be Forgotten).
What about Email Messages?
There are two types of emails in Glowreous and are defined as follows:
Transactional emails – these are sent in response to a customer’s interaction with a website or an app and are defined in strictly functional terms. Examples include password resets, shipping notifications, receipts, legal notices, appointment reminders & confirmations, etc. Opt-In is Not required for these types of emails.
Marketing emails – these are sent to a list of customers who have opted in for promotional content. Examples include Daily Deals, promotions, sales offers, newsletters, new product updates, and emails designed to increase user engagement, etc.
Existing Customers:
From May 25th 2018, all existing customer records will automatically have the Promotional Emails preference turned OFF.
In addition, all your customers will receive an email from your business asking them if they would like to turn ON Promotional Emails so they can begin receiving them.
New Customers:
To comply with GDPR, starting May 25th, any new customers entered or imported into Glowreous will have the Promotional Emails preference turned OFF by default. Here’s what to do to encourage them to receive promotional emails:
Customers manually added to Glowreous by your staff: Each customer will automatically receive a Welcome Email from your business and will be given the option to turn ON Promotion Emails.
Customers imported into Glowreous: Simply after the import, we send Customers a Welcome Email out and to give each customer the option to turn ON Promotional Emails.
Customers who add themselves to Glowreous: These customers will be prompted to turn ON Promotional Emails.
Reminders and Confirmations:
Don’t worry about appointment reminders, confirmations and other transactional emails. These are not restricted by GDPR and will continue to be sent out to customers whether or not they choose to opt out of promotional emails.
Customers will continue to have the ability Opt-Out of marketing emails anytime by either updating email marketing preferences in their account or simply by clicking on Unsubscribe at the bottom of any email marketing they receive from you (the merchant/ retailer).
Remember, the GDPR only applies to your customers who are citizens or residents of the EU.
What about SMS/Text Messages?
Since Glowreous does not do Text Marketing and all text messages are transactional only, there are no issues.
Right to Access
The GDPR stipulates that a person has the right to a copy of their personal data. With Glowreous, a customer has full access to their personal profile and can update, change or delete information at any time.
Right to be Forgotten
The GDPR stipulates that a person has a right to the erasure of personal data. We will process your customers’ requests to “be forgotten” for you. These are the steps we follow:
A merchant/retailer or a customer can simply Click Here to fill out the “be forgotten” request form.
Glowreous will send the requester (you or your customer) a confirmation email from DPO.Glowreous@gmail.com.
Once the requester confirms the “be forgotten” request it will be processed.
We have also updated our Privacy and Cookie Policy to:
Give you more clear and detailed information about your collective rights and responsibilities with respect to your privacy and personal information.
Make it easier for you to control the information you provide us. You’ll see that our policy explains your choices about this.
Provide more detail about the measures we have in place to keep your personal information secure. This privacy and cookie policy comes into effect from 25th May onwards.
Additional Changes
In order to ensure complete implementation, we have integrated privacy and security by design. We have also updated our Data Protection Policy, Data Retention Policy, IT Security Policy and Website Terms and Conditions. All the policies and other updates can be found at www.glowreous.com/privacy.
Compliance Contact
We now have a Data Protection Officer (DPO) to handle all your privacy requests. Please reach out to DPO.glowreous@gmail.com for any specific compliance related requests.
Questions?
If you have any questions regarding GDPR, you can simply email DPO.Glowreous@gmail.com or Info@Glowreous.com.
