If your organization has made a decision that you are impacted by GDPR, you may complete the following instructions to configure SUMO to ensure compliance.

SUMO offers administrators the tools required to comply with GDPR.  You are responsible for ensuring that your use of SUMO is compliant.  What follows are some suggestions you may use in making this determination, along with a step-by-step guide on how to configure SUMO to be GDPR compliant.

Lawful Basis for Processing & Data Protection/Minimization: When a prospect or customer initiates a self-scheduling process, you typically have a legal basis for processing the prospect or customer data.  Therefore, SUMO administrators should be careful to only collect information that is necessary for legal business purposes, and should never collect excessive information.  Organizations have a duty to assess their own policies regarding data collection from prospects or customers via SUMO.  All users must set strong passwords and limit access to prospect or customer data by only providing Admin access to qualified individuals.

Compliance Officers: Depending on the nature of their business, SUMO administrators and users may be required to appoint a Data Protection Officer. If your company is required to appoint a data protection officer, you should provide the name and contact information of this officer by emailing info@sumoscheduler.com.  If any changes are made, please be sure to update this information.

Data Requests: SUMO provides administrators and users with the tools required to respond to data access requests regarding appointments with your prospects or customers using the appointments related list under lead or contact layouts.  In addition, administrators may mass delete prospect or customer data, using the Salesforce Data Loader tool.

Data Breach Notifications: In the event of a data breach, SUMO will provide notice to affected parties in a manner consistent with GDPR’s requirements. In the event of a breach, our users may have an obligation to notify the persons from whom data was collected of the breach. In order to ensure you receive this information, please email info@sumoscheduler.com and provide the name and contact information of your appointed representative. Please note that you are responsible for keeping this information up to date.

Step 1: Provide a point of contact for GDPR related matters.

There may be times where the GDPR requires us to communicate certain information to your designated representative. This representative’s name and contact information should be sent to info@sumoscheduler.com with the subject line “GDPR Contact.”

Step 2: Setup the “Terms of Service” feature, and provide a link to your company privacy policy.

Each Self-Scheduling Site has the option to ask self-scheduling users if they would like to accept the “Terms of Service” or “Privacy Terms”.  The user may click “Terms of Service” to view them.

If you use this feature, you must first update the Terms of Service text document to include your Privacy Policy as it applies to GDPR.  Please have your SUMO Administrator complete the following:

STEP A: On the far right of the top nav menu, click +.

STEP B: Scroll down and click on “Documents”.

STEP C: Choose the “SUMO Documents” folder and click GO.

STEP D: Click the document titled “Terms of Service”.

STEP E: Click the “Replace Document” button at the top.  Upload your own text file with a .txt extension containing your Terms of Service.

Step 3: Enable the “Terms of Service” feature in a self-scheduling site.

OPTION 1: If you would like to change the text “Terms of Service” to “Privacy Policy” or anything else, you must:

  1. Go the SUMO Admin Settings.
  2. Click on Self-Scheduling tab.
  3. Click “Edit” to the left of a self-scheduling site (process).
  4. On the Global tab, scroll down to the two “Term Page” fields (as shown), make edits, and click “Display” to enable them.

OPTION 2: If you are using “Prospect Scheduling” mode and would like to change the text “By clicking this checkbox you are agreeing to the Terms” on the Lead Form page, you must:

  1. Go the SUMO Admin Settings.
  2. Click on Self-Scheduling tab.
  3. Click “Edit” to the left of a self-scheduling site (process).
  4. On the Lead Form tab, scroll down to the two “Term Page” fields (as shown), make edits, and click “Display” to enable them.

Look for the following field:

OPTION 3: If you are using “Customer Scheduling” mode and would like to change the text”By clicking this checkbox you are agreeing to the Terms” on the Guest Form page, you must:

  1. Go the SUMO Admin Settings.
  2. Click on Self-Scheduling tab.
  3. Click “Edit” to the left of a self-scheduling site (process).
  4. On the Lead Form tab, scroll down to the two “Term of service” field (as shown), make edits, and click “Display” to enable it.

Step 4: Confirm if additional steps are necessary to comply.

SUMO provides its users with the tools necessary to comply with the GDPR. However, you are ultimately responsible for ensuring that your use of SUMO is compliant and should conduct your own analysis of whether any additional measures are required.

Please visit our GDPR post to access additional information to learn about and prepare for your company’s compliance with the GDPR.