You are using an outdated browser. For a faster, safer browsing experience, upgrade for free today.

Below we will discuss the scenario where you are using our Customer Relationship Manager (CRM) functionality to store data about your customers. Let’s first make some definitions as laid out by GDPR:

Personal Data

Personal Data means data about a living individual who can be identified from the data (or from the data and other information either in your possession or likely to come into your possession).

This is information you may store using our CRM functionality. For example, customer name, address, Date of birth, favourite table or stylist.

Data Controller

Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information is, or is to be, processed.

As a merchant you are in control of this data and you are the data controller.

Data Processors (or Service Providers)

Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller.

As the provider of the service, the software developers (Smart Volution Limited) are the data processor.

You may want to consider external assistance on how GDPR specifically affects your business, but here are a few pointers. As you have control of what data is stored and are the entity creating the data you are the Data Controller. As the data controller for the customer data it is your responsibility to ensure GDPR compliance.

What to data to store

The CRM element of RMS-Register is highly configurable, and you can add or delete data items to record against the customer. In general terms, you should only store information you actually need to use and is relevant for your business.

Security

We recommend using different logins and associated pin numbers. I.e. do not use a generic pin number across clerks and do not share clerk logins.

RMS-Register has its own log in and timeout settings for security. However, we would also recommend you set a timeout and password on the EPOS computer itself to lock the whole computer down. This could be on the tablet or integrated computer device.

Gaining Authority to store the data

Customers must be asked if they are happy for you to store use and process their data. This must also be recorded for reference. Within RMS-Register under the CRM configuration you can use any or all of the following pre-configured questions.

GDPR Button within Portal

You can also configure any custom question and answers as you see fit.

As you are storing customer information, the customer has certain rights under GDPR. This section describes them and how to handle them.

The right to access, update or to delete the information you have on the customer

If the customer requests access to view their data, you can look them up on the CRM locally on the RMS-Register if in store and show the customer. Or look them up via the Web Portal and export and provide this to the customer. If the customer requests an update to their information, this can be made on the RMS-Register or via the Web Portal. If the customer wants their data deleted from RMS-Register, known as “the right to be forgotten” you can delete them from the RMS-Register client or the Web Portal.

The right of rectification

The customer has the right to have their information rectified if that information is inaccurate or incomplete. This can be implemented on the RMS-Register client or the web portal.

The right to object

The customer has the right to object to your processing of their Personal Data. You can configure this as questions on the CRM see above under “Gaining Authority to store the data”. If they are existing, you can either delete them or not enter them on the system if they are new.

The right of restriction

The customer has the right to request that you restrict the processing of their personal information. You can record their preferences under the CRM. It is your responsibility to ensure they are met. For instance, if they state they are OK for appointment text reminders, but do not email, then do not email them.

The right to data portability

Customers have the right to be provided with a copy of the information you have on them in a structured, machine-readable and commonly used format. You can export their information to an Excel Spreadsheet via the Web Portal.

The right to withdraw consent

Customers also have the right to withdraw their consent at any time where you relied on their consent to process their personal information. You can update this either on the Web Portal or via the RMS-Register client. You could delete them entirely or alter an answer to a question from yes to no. For instance, “Accept Marketing”, change the answer from yes to no. You may then need to alter this in any marketing tools that you use.

Should you have any further questions, please contact us and our sales team will be more than happy to discuss these further. You can do so by phoning 0800 138 0050 or send us a message from the contact us page.