If you are collecting your client's data in order to process a booking and provide your service, you have a clear contractual need to do so and your clients will be aware of that when making the decision to book. Transactional emails and SMS messages such as booking confirmations and appointment reminders fall into this category and are permitted.
However, in order to send marketing communications, you must obtain separate GDPR compliant consent.
We will take care of consents obtained via the Treatwell marketplace and booking widget and will ensure that each client’s preferences are reflected in Treatwell Pro. It is however your responsibility to ensure consents you obtain from direct clients are GDPR-compliant and correctly reflected in Treatwell Pro at all times.
In order for consent to be GDPR-compliant and for you to confirm in Treatwell Pro that you have the necessary consent from your client, it must be:
Freely given: e.g. not a condition to booking a treatment with you
Specific: to a particular type of marketing (e.g. it should say whether it’s for email or SMS or both)
Informed: given after the client has been provided with full details about how their data will be used and what marketing will be sent
Unambiguous: very clear what they are agreeing to
Given with a clear affirmative action: pre-ticked boxes are banned!
You should also ensure you keep a record of when that consent was given (time and date) and how and what message was communicated to the customer at the time. This will be useful to rely on if a client later forgets they opted in and complains about receiving marketing.