.svg "Full Color (1)")
This article has been updated on May 23, 2018, to announce the release of our GDPR compliant features, Policies and Marketing Preferences.
As we previously announced in March, On May 25th, the General Data Protection Regulation (GDPR) will come into effect across Europe and we’re excited to use this as an opportunity to review our data handling policies. The responsibility we have to businesses and customers that use TeamUp is not one we take lightly. We have always made security, privacy, and transparency top priorities as we’ve built TeamUp over the past 6 years.
Though TeamUp acts as a platform for fitness businesses to interact with their customers, we are responsible for all data passing through our system. We will ensure the principles of the GDPR (transparency, purpose limitation, data minimization, accuracy, storage limitation, confidentiality, and accountability — see below) are upheld throughout our product and company. To comply with the new policies, we have released several new features to assist you in ensuring that your business is protected and compliant with the policies as well.
We’ll always ask customers to opt into TeamUp’s own Privacy Policy and Terms of Service. Businesses can add their own Privacy Policy, Terms of Service, or any other policy to TeamUp. New and existing customers will be prompted to agree to these policies on the Customer Site. TeamUp will record customers’ acceptance of these policies.
Here’s a quick run-through of the newest features and updates to our existing policies.
Policies
Policies live in the Documents/Questions section.
We want to highlight two important fields you’ll see when you create a Policy: Effective date and Text location.
Effective date controls when a policy goes into effect (as you might have guessed!) When a policy is in effect, all customers must agree to the policy before using the Customer Site. New customers must agree to these policies on the signup form. Existing customers will be prompted to agree to the policy from within TeamUp.
Text location controls where the text of your policy lives. Most of the time, you’ll upload the text of your policy directly to TeamUp. You’ll also have the option to host the policy at an external URL. In that case, “View policy” will take the customer to that external URL to review your policy.
Policy Versions
For obvious reasons, TeamUp does not allow you to edit the text of policy customers have already agreed to. We understand that sometimes you need to make non-material changes to policies. That’s why we built versions.
In the example above, customers who sign up on or after 23 May will agree to the 2018–5–23 version, while customers who sign up before that will agree to the 2018–5–14 version. TeamUp logs which version of a policy each customer agrees to, and the text of a given version can never change, so you’ll always have a record of exactly what the customer agreed to.
A customer only accepts a policy once, even if you add a new version. If a change requires customers to re-agree, you should make a new policy.
Marketing preferences
You now have the ability to collect marketing preferences from customers directly from your TeamUp dashboard. To get started, head over to the new Marketing Preferences section in your Customer Settings.
Customer Site
Once enabled, your customers will be required to choose a marketing preference during signup:
And any existing customers will be gently prompted to set their preference:
Customer Field Change Report
You can use the new Customer Field Change Report to view a list of when a customer changes their Marketing Preferences or any other field for that matter. This report will be enhanced over the coming months to also include the user that made the change.
MailChimp Enhancements
You can respect a customer’s marketing preferences when exporting to MailChimp.
If you enable the “MailChimp Auto-Unsubscribe” in your Customer Settings and you have a linked MailChimp account, customers will automatically be unsubscribed from all of your MailChimp lists when their Marketing Preference is updated to indicate they’d like to not receive messages.
We’ve also added the ability to use MailChimp’s Double Opt-In when exporting customers to MailChimp, which is another way to ensure you are receiving consent from the customer to send them messages.
What we’re doing
We’ve been preparing for the GDPR for a few months now, and we’re pleased to outline some changes we’re making before the regulation goes into effect on the 25th of May. These changes will ensure TeamUp is fully compliant with the GDPR, and will also streamline compliance for businesses that use TeamUp. As a company that handles the personal data of many European citizens, we are committed to fully complying with the GDPR. Here are some of the steps we’re taking:
- Mapping how all data passes through our system
- Updating our Privacy Policy and Terms of Service to improve clarity around personal data
- Making changes to our product to ensure compliance with GDPR, including improved messaging around how personal data will be used and shared
- Training our staff about TeamUp’s data handling policies as well as the GDPR in general
An updated TeamUp privacy policy
Our current privacy policy is almost 7 years old and we think this is a great time to update it to make it more approachable and understandable. The only material change we are making is to state that marketing messages will be opt-in. TeamUp will only send marketing messages to business users who opt-in under our new Privacy Policy.
You can view our all-but-final working draft of our updated privacy policy. We’re planning to put it into effect in about two weeks time.
Business privacy policies and terms of service
By the 25th of May, we will be releasing a feature that will give businesses the ability to record acceptance of company policies, such as Privacy Policies and Terms of Service, if you’d like to have policies in addition to TeamUp’s. You will be able to specify an external URL where your policy is hosted, for when you have an existing website, or you can host your policy directly on TeamUp.
When a customer signs up for an account at your business, they will be required to agree to these policies. New and existing customers will be prompted to agree to these policies before they will be allowed to interact with your Customer Site.
Customizable birthday and gender collection
Last week we released a new feature that lets you toggle if birthday and gender should be collected from your customers. This is to allow you to fully comply with the GDPR’s data minimization principle so that you are only collecting the data that you need to run your business. Check it out in Settings > Customers within your Business Dashboard.
With this change, the only data that TeamUp requires from customers is their name and email address. Everything else is configurable by you.
We are also working on an exciting improvement that will allow you to completely customize what data is collected from customers and when including support for multiple-choice fields. This feature will be replacing the current Questions, Contact Information, and Custom Fields functionality with one robust, flexible system for collecting and managing information about customers. This is a very large project and is tentatively planned to be released in mid-late summer 2018.
Updated marketing preferences
By the 25th of May, we will allow you to collect and maintain each customer’s marketing preferences. Initially, we will only allow for “Yes, I’d like to receive occasional marketing messages” and “No, do not send me any marketing messages,” but in the coming months we will allow for customization of these options.
If enabled, new customers will be required to make a choice about their marketing preference during signup. Existing customers will not have a choice selected for this field. All customers will be able to update their choice within their notification settings. You will be able to export this data in CSV format, as well as intelligently sync customers with your MailChimp lists according to this preference.
Your responsibility as a business
As a business using TeamUp, compliance with the GDPR is simplified but not eliminated. You should educate yourself about the GDPR and ensure its principles are being followed in all aspects of your business. The European Commission has a great website to help small businesses understand and ensure compliance with the GDPR. For example, any data you collect directly from customers or download from TeamUp must comply with the GDPR. Here’s a quick run-through of what the principles mean:
- Transparency — Customers should clearly understand what their personal data will be used for and understand how to revoke consent
- Purpose Limitation — Personal data must only be used for what it was originally intended
- Data Minimization — Personal data should only be collected if absolutely necessary
- Accuracy — Personal data will be kept up to date as best as possible
- Storage Limitation — personal data will only be stored for as long as necessary to satisfy the original purpose
- Confidentiality — personal data will be protected against unauthorized access
- Accountability — compliance with the GDPR can be demonstrated within your business
Looking forward
In the months and years ahead we will continue to develop TeamUp with data privacy as one of our top priorities. We strive to always be improving our processes and product to protect and serve our customers. If you have any questions, concerns, or suggestions, please get in touch.
Thanks for reading!
