Only upload customer data into Treatwell Pro from clients who have willingly provided their data in the course of making a direct booking with you (never from any other source) and only mark them as having consented to receive marketing if you have obtained GDPR consent.

Use strong passwords for Treatwell Pro.

Never share your Treatwell Pro login details.

Make full use of different access control types (for owners, receptionists, employees) to ensure salon employees have no more access to personal data than they need to perform their role.

Always ensure that login details are changed when an employee leaves.

Make sure your employees are aware of their responsibilities to GDPR and train them to understand the importance of looking after customer personal data. We all have a part to play.

If you have a website, ensure you have a GDPR compliant privacy statement that clients can see. You can find Treatwell’s current privacy statement here for the UK or here for IE.

Do not upload credit card details into Treatwell Pro as this is sensitive data that is not required to be held in Treatwell Pro.

Always think before writing notes into Treatwell Pro regarding customers and remember that all data could be requested by a client as part of a “Data Subject Access Request”. Only store data that you actually need.