EU General Data Protection Regulation (GDPR)

A list of questions and answers about the EU General Data Protection Regulation (GDPR).  

What is the GDPR?

The EU General Data Protection Regulation (GDPR) is set of data protection laws that take effect on May 25, 2018.  It is designed to protect all EU residents and citizens and give them more control over their personal data.

Does the GDPR affect my business?

Every business with a presence in the EU or processes personal data for an EU resident or citizen will be affected by this regulation.

We are a small business, does it apply to us as well?

Yes! Every business that processes the personal data of EU citizens and residents must comply with the GDPR.

Where is Ennoview’s Envision Cdata stored? Where are Ennoview’s backup servers located?

Ennoview stores all its data on servers located in the United States.  Ennoview has a privacy shield certification which complies with GDPR regulations related to storing / processing and transferring of data outside of the EU.  Please review our privacy statement for more information: privacy policy.

Will my clients have the option to be “Forgotten”?

There is an option in Envision to assist customers with requests from their clients to remove their information from the Envision databases.  Please note, our option to remove their information from the Envision ]databases does not remove files from your system i.e. pictures and documents.  You must manually remove them yourself.

Will Ennoview introduce a data export option for our clients requesting a “Copy of their Data”?

Yes, the Envision service has an option that allows you to export all of a specific client’s data into PDF / Excel format.  Please note, our option to export data only exports data from the Envision databases, any other files must be manually exported for the client.

Will Ennoview introduce a retention policy for our data?

Yes, the Envision service will provide you with options to determine how long you wish to keep client history.

Does Ennoview have a documented Breach Notification Process?

Yes, we have an internal, documented Breach Notification Process.

What do I have to do to prepare for GDPR?

As a customer ("data controller" under GDPR terminology), you are responsible for ensuring compliance with the key requirements of the GDPR. This includes notifying individuals of how you handle their personal information, obtaining their consent where appropriate, addressing their requests for access to their information, etc.

Ennoview will provide you with assistance in meeting those requirements where possible and appropriate. For example, Ennoview will provide you with tools and processes to assist you in honoring individuals’ requests, including requests for deletion, data portability, access, and rectification. However, please note that you remain ultimately responsible for compliance with these requirements, including, for example, to answer your clients’ requests.

Where can I post my privacy notices, consent requests or other similar elements within Envision to help me prepare for GDPR?

Envision allows you to setup a custom privacy policy that will be available to your clients on the SalonVision website, Custom Websites and MyDash custom mobile applications.

Ennoview may provide tools to help customers track communications preference consents for communications that are sent through the Envision software. However, as explained above, you as a customer are responsible for ensuring proper consents are obtained for all activities that require consent, including those activities facilitated by third party integrators.

How can my clients unsubscribe from text / emails sent from my Envision site?

Your clients can Opt-Out of texts by replying STOP to any text message received from our service.  Additionally, you can change any client’s email preference via the Client Edit Screen.

Is Ennoview planning to release new features to support GDPR?

Yes, we have added several additional features to Envision to allow you to respond to your client’s requests for copies of their data, requests for removal of data, email and text messages opt out/in.

Will my financial data be affected if a client requests to be forgotten?

No. Envision will automatically remove client personal information from all financial transactions, while still removing their personal information from all other areas of the system.  You will continue to have access to your financial data, just without the client information it belongs to.

What emails inside of Envision are not subject to the Opt-Out feature.

The following auto emails are considered operational, and will be sent regardless of whether a client has opted out of communication preferences:

• Appointment Confirmation
• Forgot Login Information
• Gift Card Delivery Email
• Point of Sale Receipts

A client still owes us money, do I have to comply with a request to remove their data?

You are the data controller, and it is ultimately your responsibility to decide when to comply with the request to be forgotten.

Is there a way I can mass opt out all of my clients so they can opt-in individually after May 25?

We do not offer an automatic opt-out for all clients.  You will have to address opt-outs in a manual process.

Will Ennoview sign a customer's Data Protection Agreement (DPA)?

The Envisio terms / cookie storage / privacy policy are part of your agreement with Ennoview.  These documents cover the additional regulations for data that originates in the EU.  They are intended to serve the needs that a DPA provides.

Our agreement must by nature operationally support all of our customers, including how we handle their data, technical operations, privacy of data and the GDPR.

Unfortunately, different forms of DPA contracts or alterations of our agreements do not satisfy this need and therefore we do not sign client’s DPA’s.