GDPR Module

TABLE OF CONTENTS

• Introduction
• 2.    Enabling the GDPR Module
• 3.    GDPR ‘Lookup Groups’
  • 3.1    GDPR. 'How Customer Data Used'
  • 3.2    GDPR. Reason for Customer data
  • 3.3    GDPR. Who can use Customer data
• 4.    Where the GDPR Account Preferences Appear
  • 4.1    Back Office Software and PoS
  • 4.2    E-Commerce. Basket Page
• 5.    Customer Data Extract
• 6.    Customer Data Anonymisation
• 7.    Auto-Anonymisation

 

Introduction

Once the GDPR module has been purchased and is turned on, then whenever data that is subject to GDPR requirements is collected (e.g. the customer or member contact details), a screen pops up during the data collection. This screen contains a tick-box list of GDPR preferences that can be filled in by your staff when this form appears on the till or in the Merac back-office software, or by the customer themselves when making a purchase on a Merac e-commerce page. As well as choosing the GDPR preferences for customers that chose to be contacted, there is also the ability to choose to not be contacted.

The manual explains the following:

• How to turn on the GDPR module (* see above).
• Setting up the responses to the GDPR questions as per your business requirements.
• Capturing customer GDPR preferences.
• Extracting GDPR compliant customer data into Microsoft Excel.
• How to anonymise a single customer record.
• How to delete all photos and documents that were stored against all customer records.
• Auto-anonymisation of customer data.

Please Note: 

Once the GDPR module has been turned on, the check boxes of “Ok to Mail” and “Ok to Email” are now redundant and will no longer show on the system. If you require existing customer marketing preferences data to be transformed into the new GDPR options, please contact your Account Manager who can quote for this work and training on setting up and using the GDPR module. So do not tun the GDPR module on without discussing this with Merac.  For this reason if you do not already have the GDPR module, then you will not be able to turn this on (as detailed in Section 2) unless Merac have enabled this functionality in the background.

Enabling the GDPR Module

To turn on the GDPR module, please follow the steps below:

1. Click the ‘Setup’ icon. 2. Click the ‘System’ icon. 3. Double click on ‘System Options’.

4.    Click on the ‘General’ tab.

5.    Click in the box next to ‘Use GDPR Module’, so the box becomes ticked.

6.    Click the ‘Apply’ button

7.    Finally, click the ‘Close’ button.

GDPR ‘Lookup Groups’

To comply with the new General Data Protection Regulation (GDPR), three additional ‘Lookup Groups’ describing your GDPR account preference options have been added to the ‘Merac’ back office software.

These can be found by:

1. Clicking on ‘Setup’. 2. Next click on ‘System’. 3. Finally, double click on ‘Lookup Items’.

The three new ‘Lookup Groups’ that have been created for use with the GDPR module are shown below:

As shown above the three new ‘Lookup Groups’ are named as follows:

• GDPR. Reason for Customer data.
• GDPR. How Customer data used.
• GDPR. Who can use Customer data.

There are default entries (‘Lookup Items’) in each of these ‘Lookup Groups’ and these are detailed on the following pages. As usual you can add, amend and delete the ‘Lookup Items’ so that they meet the GDPR requirements of your specific business. Please note that adding / editing ‘Lookup Items’ is not covered in this manual. If you do not know how to add or edit ‘Lookup Items’, then this will be covered in the training that comes along with the purchase of the GDPR module. The ‘Lookup Groups’ used by the GDPR functionality are detailed in the following pages, you simply need to add the required ‘Lookup Items’ into each of these ‘Lookup Groups’ in the usual way.

3.1    GDPR. 'How Customer Data Used'

A sample of the above ‘Lookup Group’ and ‘Lookup Items’ are shown below.

3.2    GDPR. Reason for Customer Data

A sample of the above ‘Lookup Group’ and ‘Lookup Items’ are shown below.

3.3    GDPR. Who can use Customer data

A sample of the above ‘Lookup Group’ and ‘Lookup Items’ are shown below.

Where the GDPR Preferences Appear

4.1    Back Office Software and PoS

Once the GDPR module is turned on, the system will prompt the operator to enter the ‘GDPR Account Preferences’ automatically, immediately after you have added the relevant contact details. If adding a record using the ‘New’ record button in either the Members screen, or the Customers screen, then the ‘GDPR Account Preferences’ will appear after adding the contact details (as per the screen below). 

Note: The operator must select the “Do not make any contact” option if the customer prefers not to be contacted. The system will not allow the customer record to be saved with no option selected!

Once the GDPR module is turned on, the ‘GDPR Account Preferences’ screen will also appear after adding the contact details via either the Member, Booking or Event Wizards screens in either the Merac software or on the till.

Please Note: once the GDPR module has been turned on, the check boxes of “Ok to Mail” and “Ok to Email” are now redundant and will no longer show on the system. If you require existing customer marketing preferences data to be transformed into the new GDPR options, please contact your Account Manager who can quote for this work and training on setting up and using the GDPR module.

4.2    E-Commerce. Basket Page

Once the GDPR module has been turned on, the same ‘GDPR Account Preferences’ options will also appear on the ‘Basket’ page of all your ‘Merac’ e-commerce pages.

A sample of how the ‘GDPR Account Preferences’ may appear on a Merac e-commerce page is shown below. The customer simply selects from the GDPR tick box options you configured earlier.

Please Note:

How this may appear on your e-commerce pages will obviously depend on the styling of your e-commerce pages, and your online payment provider, so your ‘Customer Preferences’ may not appear exactly the same as shown above (the above screenshot is just a sample for demonstration purposes). However, the ‘GDPR Account Preferences’ that show on your e-commerce pages will be the ones you have created, as detailed in the previous pages of this manual. For customers using his first time online then please discuss this with your Account Manager. WK3 may need to be commissioned to do some web page styling work, which will need to be agreed before this can go live on our e-commerce pages.

Customer Data Extract

A button has been added to both the Customers and Members screens to extract customer data to Microsoft Excel (as long as you or your own IT team have installed this on the required computers).

The button is as per the one shown below.

On clicking the data will automatically create and open a data extract in Microsoft Excel that includes:

• Customer personal information (names, addresses, telephone numbers etc.)
• Account Preferences
• Booking History
• Transaction History
• Information about customer letters (subject, when sent)
• History of Account Actions

Customer Data Anonymisation

Functionality has been added to the ‘Merac’ back office to anonymise personal data upon the request from a customer. The button is in both the Customers and Members screens and is as shown below:

When the operator clicks this button and confirms they wish to proceed with anonymisation the system will check for Bookings, Invoices and Sales Orders outstanding for the account (and if there are not any outstanding), then this will delete all personal customer information including:

• Names.
• Addresses.
• Telephone numbers.
• Emails.
• Direct Debit Details (only for customers who have purchased this module).
• Anonymise Sales Orders and Invoices.
• Reset account preferences to the “Do not make any contact” GDPR option.

If a single customer on an account with more than one member gets anonymised, then any photos of that customer will be deleted but not the documents linked to the account (because we cannot tell which contact documents relate to). If it’s a single customer account or the last contact, then any linked documents will also be deleted. N.B. the system will keep an audit of who has changed account preferences, when they did it and what change they made. An audit will also be kept of when customer data has been anonymised, which records are affected and who performed the action.

Please Note:

If you need to delete any photos or documents stored on the SQL server, then please raise a ticket with Merac Support. A procedure can be carried out to delete such data by running commands in SQL, so this will need to be carried out by Merac.

Auto-Anonymisation

Anonymisation of customer data stored in the Merac software can be configured to run automatically.

However this is a chargeable "add on" and if required, please contact your Account Manager.

Once turned on, this option will ensure customer records are automatically anonymised in bulk  (e.g. once per month)

The criteria for anonymisation will need to be discussed but anonymisation is usually set up for for customers who:

1. Have not renewed their membership for over X years.
2. Have not had any bookings for over X years.
3. Have not raised a sales order for over X years.
4. Have not been invoiced for over X years.
5. Have not purchased any item through the Merac system for over X years.

Please note that the auto-anonymisation of Gift Aid transactions (where applicable) will only be for Gift Aid transactions that are greater than 7 years old. Unless Merac are advised otherwise by your organisation