Enhanced Privacy Mode
Enhanced Privacy mode lets a location follow strict guidelines around data privacy. This can be useful if you need to comply with strict data protection laws, such as the GDPR (EU) or CASL (Canada). It is enabled by default for all countries in the EU.
Enabling enhanced privacy for a location will enforce the following:
- Leads must opt in to receive marketing communication
- You must store and track a lawful processing basis for each lead that enters the system.
To enable or disable enhanced privacy, head to locations and select the location you want to enable/disable and scroll down to enhanced privacy.
Marketing Opt in
Leads must explicitly opt in to receiving marketing before GymLeads will allow you to send them any marketing communication.
The legal requirements around a valid opt in require that the lead explicitly clicks a checkbox or link that describes what they are opting into receiving.
There are four ways leads can be ‘opted in’ in GymLeads:
- Send them an individual or automated email or SMS with the opt in link merge field. The timing of this is up to you, however you might want to set up a trigger to send the opt in email after a completed presentation for example. GymLeads can then track if they have clicked the link and will flag them as opted in.
- An email to lead map can capture a marketing opt in field. (Under the GDPR, legally this must be a specific, seperate checkbox that users can optionally click to submit their details)
- Send a bulk email with an opt in link. This can be useful if you have run a seminar, or want to opt in an existing mailing list through GymLeas. If we detect an opt in link in a bulk email or SMS, we classify it as an ‘opt in communication’, and it is treated as a transactional message. To protect against spam, you can only send a lead a bulk opt in email or SMS once.
- If your lead is coming in from MINDBODY, we will bring in the ‘opted into marketing’ value.
- If you are performing an import, you can set an ‘opted in date’ column that shows the date the lead opted in. If you do this, you must keep a record of this for auditing purposes.
Due to privacy laws, you can not manually opt a lead in at this time.
Lawful Processing Basis
Many data privacy laws require that you have a legal reason (basis) for processing and holding a persons personal data, such as name, email, etc.
For most clubs, this is usually one of two reasons. Someone has expressed interest in joining, or they are a member. You can just keep these two, or you can create more and set different ones as defaults for different lead sources.
When a lead changes to closed, your basis for keeping their data also changes. Instead of talking to them about your services, you need to communicate timetable changes, pricing updates, etc. So the lawful basis needs to change as well.
You can set a basis to be the ‘closed lead default’. Any time a lead is closed, we will change their lawful basis to keep things up to date.