Data protection is an annoying but nevertheless very important topic. Here you will find answers to the most frequently asked questions about the new data protection regulation.
Does Fitogram comply with the GDPR?
We at Fitogram take data protection very seriously, of course. Let’s answer the most important question first: Yes, Fitogram does meet the requirements of the GDPR.
The basic principles of the GDPR
For the processing of personal data, the consent of the person concerned must be obtained. This means that the consent of the person concerned must be obtained for data processing when registering for the newsletter, submitting the contact form and, under certain circumstances, when concluding a contract. At Fitogram, this is guaranteed by our improved registration process.
The right “to be forgotten”
At the request of a customer, all personal customer data that the studio has about the customer must be deleted. This means that the customer must be deleted from the customer database. This is particularly difficult if you have distributed your data across different systems, for example if you have saved a second Excel spreadsheet on your PC. Try to find out where your data is stored (e.g. with FitogramPro and in emails) and make sure that you can delete this data on request.
Appointment of a Data Protection Officer
If you have more than 10 employees in your studio, you are obliged to appoint a data protection officer. At Fitogram this is Marcus Gallein - you can reach him at [email protected].
What do I need to know about the GDPR as a site operator / studio owner?
If you have already fulfilled the requirements of the BDSG (German Data Protection Act), the changes are manageable. Here is a short checklist for your website:
If you use our online booking system, please proceed as follows:
- Download this file
- Under Section 1 (2) please add your name, your address, your email address. If you permanently employ more than 10 people, you must also appoint a data protection officer. In this case, please also include the name and email address of the data protection officer.
- Please attach the entire document to your privacy statement.
Can I enter customers from my old database and send out invitations without the customers' prior consent?
Yes - you are acting here in your legitimate interest. The customers still have the option of not using us as a booking software afterwards. In the invitation, the customers must confirm the account and also accept the data protection regulations beforehand. This means that the clients still have the right to independently object to the use of Fitogram afterwards.
The legislator requires appropriate technical measures to protect personal data. These should be “state of the art”. This means that you should use the "https:" standard. You can often request this via your web host.
Check contact form
If you use a contact form, you must also make sure that you obtain the customer's consent for data processing. Here it is also important that the customer actively agrees to the data protection declaration.
Agree to data processing agreements
If you share personal information - for example, with newsletter providers, payment service providers, web analytics providers, or other data processors, it is important that you have a contract with these partners. Our software will enable you to accept our data processing agreement in good time. If you want to read it now, you can find it here.
Where is your data stored?
Our data is stored on German servers (in Frankfurt). This enables us to comply with German data protection guidelines and, at the same time, provide faster access times.
What happens with a deletion request?
If one of your customers wants to be deleted from your system, you can do this directly via FitogramPro. If someone wants to delete their account with Fitogram, just forward this request to [email protected].
To what extent must I inform my customers?
In principle, you only have to inform your customers about changes to the terms and conditions. As far as the data protection conditions are concerned, it is only important that you make a note of when they were last updated. Nevertheless, it is still a good idea to keep your customers informed about them.
What happens if a customer does not agree to the data processing?
In most cases, you may enter the customer in your software because you have a legitimate interest in the data processing according to Art. 6 Para. 1 Sentence 1. If they register via your online booking system or if you invite them, then they must agree to the data protection declaration. However, if someone wants to be deleted from your software at a later date, you must comply with this request.
How long is data stored?
In principle, we are obliged to store some data for 10 years. This is data that is relevant under commercial or tax law. With all other data, we limit the processing after 2 years.