OnceHub is a provider to organizations across the European Union and is committed to helping you achieve robust compliance with the GDPR and similar legislation in other jurisdictions.
Read on to learn how OnceHub can help you meet your GDPR compliance obligations while streamlining operations with best-of-breed appointment scheduling software.
GDPR and appointment scheduling software
The General Data Protection Regulation (GDPR) is European Union legislation aimed at safeguarding the personal information of individuals within the European Union (EU). The GDPR is considered the most stringent such set of rules in the world, if not also the broadest in scope. Entities in compliance with the GDPR will typically find that they can meet other data privacy requirements with little additional effort.
The GDPR was introduced to ensure that businesses and other organizations gather, store, and use personal data responsibly and that Europeans’ privacy rights are protected. Since the online scheduling of appointments typically involves the collection and processing of personal data, such as names, contact details, or the particular circumstances in which the meeting is taking place, users of appointment scheduling software must ensure GDPR compliance.
OnceHub for GDPR-compliant appointment scheduling
Records of processing activities
OnceHub’s customers are obliged by the GDPR to maintain a full record of their data processing activities, listing among other things the kinds of people whose information they collect, the categories of information they collect, why they need it, and what they do with it. The OnceHub system includes settings to record these details.
Data protection agreements
Standard GDPR contractual clauses are included in the data protection addendum to the master services agreement OnceHub signs with customers. We hold similar agreements with any third parties that process customer data on our behalf in order to provide functions like email and SMS notifications.
Disclaimers and opt-in controls
Businesses are in many cases only permitted to collect personal data by explicit consent from the individuals concerned, and they must clearly explain how this information will be used. Our booking pages, forms, and chatbots can all be customized to include disclaimers and opt-in controls for this purpose.
Data retention and deletion
Our users have full control over the data they collect from their customers using our system, what they choose to retain, and for how long. They can easily generate customer reports to respond to data access requests, and we provide a process to permanently delete customer data from our servers on their request. (All personally identifiable user information is similarly purged from our databases when a business stops using our appointment scheduling software.)
Data access controls
Technical controls OnceHub uses to protect customer data from unauthorized disclosure include:
- AES-256 encryption of all data and backups at rest and securely managed encryption keys.
- HTTPS-only applications and encryption of data in transit using TLS 1.2 and higher.
- Secure server-to-server authentication protocols for calendar integrations.
- Robust access controls to ensure that our system and any patient data it gathers and stores are solely accessible by authorized personnel:
- Single sign-on (SSO)
- Two-factor authentication (2FA)
- Role- and user-based access management
- Password policies, account lockout, and session controls
- Audit trails to register who logged into the system and when, in addition to tracking meeting lifecycle changes, like who canceled or rescheduled a meeting.
OnceHub privacy and security program
OnceHub runs a multi-layered privacy and security program to protect our assets and that of our customers. All prospective and existing customers can assess these measures themselves by requesting our due diligence pack, which includes a completed CAIQ and our latest SOC 2 report.
