Skip to main content
Enhanced Privacy

What is it and how can it help you comply with new regulations

Aron avatar
Written by Aron
Updated over a week ago

Enhanced Privacy Mode

Enhanced Privacy mode lets a location follow strict guidelines around data privacy. This can be useful if you need to comply with strict data protection laws, such as the GDPR (EU) or CASL (Canada). It is enabled by default for all countries in the EU.

Enabling enhanced privacy for a location will enforce the following:

  • Leads must opt in to receive marketing communication

  • You must store and track a lawful processing basis for each lead that enters the system.

To enable or disable enhanced privacy, head to locations and select the location you want to enable/disable and scroll down to enhanced privacy.

Marketing Opt in

Leads must explicitly opt in to receiving marketing before GymLeads will allow you to send them any marketing communication.

The legal requirements around a valid opt in require that the lead explicitly clicks a checkbox or link that describes what they are opting into receiving.

There are four ways leads can be ‘opted in’ in GymLeads:

  • Send them an individual or automated email or SMS with the opt in link merge field. The timing of this is up to you, however you might want to set up a trigger to send the opt in email after a completed presentation for example. GymLeads can then track if they have clicked the link and will flag them as opted in.

  • An email to lead map can capture a marketing opt in field. (Under the GDPR, legally this must be a specific, separate checkbox that users can optionally click to submit their details)

  • Send a bulk email with an opt in link. This can be useful if you have run a seminar, or want to opt in an existing mailing list through GymLeas. If we detect an opt in link in a bulk email or SMS, we classify it as an ‘opt in communication’, and it is treated as a transactional message. To protect against spam, you can only send a lead a bulk opt in email or SMS once.

  • If your lead is coming in from MINDBODY, we will bring in the ‘opted into marketing’ value.

  • If you are performing an import, you can set an ‘opted in date’ column that shows the date the lead opted in. If you do this, you must keep a record of this for auditing purposes.

Due to privacy laws, you can not manually opt a lead in at this time.

Lawful Processing Basis

Many data privacy laws require that you have a legal reason (basis) for processing and holding a persons personal data, such as name, email, etc.

For most clubs, this is usually one of two reasons. Someone has expressed interest in joining, or they are a member. You can just keep these two, or you can create more and set different ones as defaults for different lead sources.

When a lead changes to closed, your basis for keeping their data also changes. Instead of talking to them about your services, you need to communicate timetable changes, pricing updates, etc. So the lawful basis needs to change as well.

You can set a basis to be the ‘closed lead default’. Any time a lead is closed, we will change their lawful basis to keep things up to date.

Common Issues

Leads are enquiring through one of my webforms and ticking the opt-in box, but when it comes through my email map to GymLeads, this hasn't been registered?

It is likely that the formatting of the notification email that comes through the email map is not labelled correctly.

The field (question) needs to be labelled with one of the following:

opt in

opted in

marketing opt in

The value (answer) needs to be labelled with one of the following:




Example of submission that will be successfully parsed by GymLeads

First name: John

Last name: Jones

Phone: +44 234 567 890

opt in: true

For more information on email to lead mapping and how to format notifications that are picked up by those maps, click HERE

Did this answer your question?