The General Data Protection Regulation (GDPR) outlines key principles designed to protect the privacy of individuals. It is important that users ensure their use of OnceHub is aligned with these principles.
Lawfulness, fairness, and transparency
Data controllers have certain responsibilities relating to how they collect and process data from customers. Article 5 of the GDPR outlines the principles for processing data:
- Lawful: There must be a legal basis for processing. Article 6 of the GDPR outlines several methods for ensuring a legal basis for processing. With online scheduling, you can most likely establish a legal basis on that grounds that processing is necessary for fulfilling a business obligation. Learn more about establishing a lawful basis for processing
- Fair: Any processing of data should be in line with the stated purpose for processing. Customers should be aware of the purpose for processing their data.
- Transparent: Data subjects should be informed how their data will be processed. For example, you could provide Customers with a link to your privacy policy when you invite them to schedule. Learn how to add a privacy policy to your Booking form
Purpose limitation
Data should only be collected for a "specific, explicit, and legitimate purpose." Any processing of data should be in line with the stated purpose. Data subjects should be aware of the purpose for processing their data, and controllers must obtain consent if the purpose of processing changes. For example, data provided by Customers via OnceHub is processed for scheduling meetings. You shouldn’t use this data for marketing unless you have explicitly advised the Customer that you will.
Data minimization
Data collection should be “adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.” For example, you should configure your OnceHub Booking form to include only fields that are necessary for scheduling the meeting with your client. Learn more about data minimization
Storage limitations
Personal data should only be kept if necessary. For example, OnceHub booking data is kept for the lifetime of your account, allowing you to generate reports and gain insights into your scheduling activity. When you delete you OnceHub account all OnceHub booking data is automatically deleted as well.
To learn more about OnceHub's compliance with the GDPR, read our ebook: A practical guide to using OnceHub in a GDPR compliant manner