GDPR and Anytime Booking

Advice from the Anytime Team about GDPR and email marketing

Here is what we know about how GDPR affects Anytime and our users. This article is provided as a resource, not legal advice. If you want to learn more about how the GDPR may affect your organisation, we would encourage you to seek expert legal counsel.

Over the past few months we have released new tools in the booking process and the “My Account” area for your customers to set preferences for email marketing. We hope you have found these useful. We have also in the past few days created a new email marketing preference centre for your customers to opt in or out of your marketing - more on this later in the article.

Understanding who is responsible for what

Under the terms of GDPR, Anytime Booking is the ‘Data Processor’ and you as the business owner, are the ‘Data Controller’. This essentially means that you are in control of and responsible for how the data is used for your marketing purposes and we are responsible for storing that data.

 This will be further explained by our updated Terms & Conditions which will be available before the 25th May.

Explicitly opting in

For your customer to receive emarketing, they need to explicitly opt in themselves under GDPR guidelines, knowing what their data will be used for, by whom and how they can opt out in the future. 

The consent given must be clear and affirmative and given actively. You cannot make this decision for them.

Verbal Instruction from your Customer to Opt In or Opt Out

The ICO (Information Commissioner’s Office) recognises that this permission does not always need to be taken electronically or in writing, so verbal instruction to opt in from the customer is allowed (eg during a telephone booking) so long as the customer knows how their data will be used, by whom and how to easily opt out. 

If you are taking a telephone booking, a walk-in booking, or your customer has phoned you or emailed you to ask you to add them or remove them from e-marketing, you will have the tools in Anytime to action this on their behalf.

As part of the telephone booking process, you will be prompted to mark whether they have verbally opted in or out. If you receive a request unrelated to a booking, you can search for the customer in Anytime and make the preference change directly against their record.

Under GDPR, verbal opt ins need to be auditable, so within Anytime Booking, such verbal consents against a customer’s record are recorded with the ID of the user indicating consent has been given and are time stamped.

A single link to opt in or out

We’ve reviewed your questions and the most pressing request has been for us to develop a single link to opt in or opt out of email marketing rather than asking your customers to login to the ‘My Account’ area to make their preference. The technical team has now constructed a page that will enable your customers to do this. 

The link to this new e-marketing preference centre is: https://yourbusinessname.anytimebooking.eu/my_account/preferenceCentre

You will need to replace the term yourbusinessname in this URL with your business name or number. For example if the URL you use on your browser to log into and access Anytime Booking is https://123456.anytimebooking.eu then replace yourbusinessname with 123456 in the URL.

Your customer will be taken to a preference centre where they simply need to enter their email address and opt in or out. 

You may communicate this link out to your customers any way you like: an email marketing campaign, by SMS text, or even on your website. If you’re handy with simple website design, you can wrap a button around the link to make it stand out more.

The benefit will be that if you have a customer on our system who has made a booking or simply made an enquiry, they will be able to set their GDPR preferences really easily.

For more information on all of our GDPR compliancy measures, see: https://intercom.help/anytime-booking-6e675f649956/gdpr/obtaining-consent-from-your-guest-for-future-marketing-gdpr-compliancy

Tips for using Anytime Booking e-marketing 

If you use the Anytime Booking eMarketing module, here are some useful tips :-

  • Use one list for your emarketing. This master list will be automatically created when you set up an email marketing account with us. Your customer data from Anytime Booking will be synced with this list only. That means that your customers’ email addresses and their GDPR marketing preferences that they have set in Anytime will be the same for both. Any opt ins and outs via Anytime Booking will sync with this list and automatically create a GDPR sublist to which you can send out emarketing going forward after the 25th May 2018.

  • Create customer sublists (also known as segments), out of your master list, eg. loyal customers, customers who booked last year with a dog etc.

  • If you create other lists either manually or that you have imported into the Anytime emarketing module from other third parties, bear in mind that if one of your customers makes a booking as a result of a campaign from that list, and then updates their preference to opt out, this will only be reflected on the Anytime Booking master list. You would need to unsubscribe them separately from the imported list.

Tips for using other email marketing services

  • If you are using a third party email marketing provider such as mailchimp, you can export your data from Anytime Booking by .csv file and import it into mailchimp. We have written the GDPR Y/N filter into the export so that you only need to mail those who have said Yes. 

  • Please bear in mind that Anytime will not sync with an external mailing list and therefore for the list to stay current with GDPR opt ins you would need to export the .csv and overwrite the list in your external platform each time you do a campaign.

For help on exporting and importing data for mailing lists, see: https://intercom.help/anytime-booking-6e675f649956/managing-bookings/exporting-and-importing-data

GDPR after the 25th May 2018

We have had a discussion with the ICO (Information Commissioner’s Office) and they’ve told us themselves that people must not panic about the deadline of the 25th. 

So long as everyone is demonstrating an understanding of GDPR and what it means for their business, and showing that they are taking steps towards being compliant, they will be fine. The Commissioner understands everyone's challenges and is not out to cripple small businesses with fines.

Industries the world over are going to continuously learn and adapt their processes where GDPR is concerned. Anytime Booking is no different, we will listen to feedback, learn and implement wherever necessary to help you market to your customers more easily under GDPR compliance.