GDPR

How will Remind1 help me be GDPR compliant?

Do I need to obtain explicit consent from my clients to send appointment reminders?

When sending text messages to clients, a distinction must first be made between transactional and marketing messages. Appointment reminders are transactional messages, because they are directly related to an order (or appointment). It is therefore your legitimate interest to send these messages in this context and you do not need the explicit consent of your clients.

Important: Depending on the industry, it is recommended to inform your clients in advance and/or ask for permission.

In addition, you should inform your clients about the processing of their data for sending text message reminders in your privacy policy.

Example wording for your privacy policy:

---------------------

We use the following service provider to send appointment reminder messages:

Remind1 - remind1.com - Heinrich-Hertz-Straße 7a, 22085 Hamburg, Germany - Privacy Policy

To send the text message reminders, the service provider needs your mobile number. The data collected is used exclusively for the provision of the service (appointment reminders). The service provider will only process and use this data to the extent necessary to provide the service you have requested. The data will be transmitted to the service provider in encrypted form and deleted from the online servers after processing.

---------------------

Is Remind1 GDPR compliant?

Remind1 is fully committed to compliance with the General Data Protection Regulation (GDPR). We understand the importance of incorporating standards put forth by GDPR into our data practices and making sure our customers, whether citizens of the EU or businesses that use Remind1 with European clients, feel secure and confident to continue using Remind1.

In response to GDPR, we have developed new features, improved our documentation, and incorporated a Data Processing Addendum into our Terms of Use.

However, since GDPR is a new and broad regulation with no certification process, we have no process of verifying our compliance. Nonetheless, through our good-faith efforts, we believe we are in compliance, both now and as future developments come along.

Does Remind1 have a Data Processing Addendum (DPA)?

We have incorporated a Data Processing Addendum into our Terms of Use that covers all visitors (including Remind1 users who have an account with us and Remind1 viewers who are simply visiting the website) located in the European Economic Area, Switzerland, and the United Kingdom. There is nothing additional for you to sign or execute, and by accepting the Terms of Use, the DPA is already in place for you.

Can I get a signed version of Remind1’s Data Processing Addendum (DPA)?

Please contact us at legal@remind1.com and we will be happy to process your request.

As a Remind1 user, how should I think about Remind1 with respect to the GDPR?

As a Remind1 user (i.e., someone who has signed up for a Remind1 account), Remind1 is a processor of your clients’ data. In technical terms, you are the controller. When a client schedules an appointment with you, you retain ownership and responsibility of that data.

How does Remind1 help you uphold the data rights of your invitees?

The right to be informed

Your clients have a right to know about what, why, and how data about them is collected and processed. Remind1 informs your clients through our Terms of Use, Data Processing Addendum, and Privacy Policy.

The right of access

If requested by an EU citizen, you have an obligation as a data controller under GDPR to inform your client (often referred to as "data subjects") what personal data is being held and for what purposes. For requests by your clients regarding the access of personal data you may contact us at legal@remind1.com.

The right to rectification ('right to correction')

If a client contacts you regarding an inaccuracy in their mobile number for an upcoming event, you can delete the calendar event and create a new one with the correct number or correct your contact data.

The right of erasure (the 'right to be forgotten')

Please notify us if you have been contacted by one of your clients with a deletion request. Unless we have reasonable grounds to refuse the erasure, we will work to remove the personal data in question securely. We will also communicate the erasure to our third-party subprocessors.

The right to restrict processing

If a client doesn't want you to process personal data, you can simply choose not to send reminders with Remind1 to this client.

The right to data portability

Please notify us if you have been contacted by one of your clients with a data portability request and we will help you to fulfill this request.

The right to object

For Remind1 clients (who are not also Remind1 users), please be assured that we do not use the mobile number that they provide when scheduling an appointment for any marketing or promotional purposes.

Automated decision-making and profiling

Remind1 does not make decisions that have a legal (or similar effect) on you or your clients via automatic processing.

Disclaimer

This document is for informational purposes only and does not constitute legal advice. Remind1 users should always seek legal advice before taking any action with respect to these matters.

Last updated