A calendar booking system on your website is indispensable for many companies. This is because it makes it super easy to coordinate and manage appointments. Calendly is one of the most popular of its kind in this field.
But be careful because integrating Calendly on your own WordPress website can negatively affect the data protection compliance of your website – which in the worst case can lead to high fines.
How you can embed Calendly GDPR compliant into your WordPress website to avoid exactly that, we’ll tell you in this article!
What is Calendly?
Calendly is a tool from the US company Calendly LCC that allows companies to manage appointment bookings directly on their own website – without the need for lengthy email correspondence.
Using the automated scheduling tool, customers can book appointments super easily by selecting the desired day and time.
Calendly’s features include:
- Embedding Calendly on the website and in emails
- Linking calendars
- Creation of surveys for meetings
- Compatibility with mobile devices
Is Calendly compliant with the GDPR?
When a client books an appointment on your website, they provide their name and email address. The problem here is that such data is personal data. Within the EU, you generally need the opt-in consent of your visitors to collect, store and process personal data.
You would only not need consent if Calendly were an essential service. This is not the case, however, because services and cookies are only considered essential if they are technically necessary for the basic functionality of your website.
If you now honestly ask yourself whether your website basically works without the use of Calendly, then the answer is definitely Yes. You could also display a calendar with booking options without involving an external provider.
The problem goes even further, because Calendly LLC is – as already mentioned – a US company. Caution is required when transferring personal data to the USA, because since the end of the Privacy Shield – a data protection agreement between the USA and the EU – which was overturned in July 2020 due to the inadequate level of the USA from the ECJ’s point of view, the USA is considered an unsafe third country from the EU’s point of view in terms of data protection.
Specifically, this means that you should get consent for data processing to the US.
How you can embed Calendly in your WordPress website in a GDPR-compliant way
Below, we’ll show you how to embed Calendly in WordPress to integrate your booking system into your website in a data protection compliant way.
✅ Opt-in consent
You already know that you need consent for data processing in the USA to use Calendly. In addition, Calendly sets various cookies. So getting opt-in consent for both is required.
The good thing is that you can do it easily and quickly using the Cookie Consent plugin Real Cookie Banner.
Real Cookie Banner provides you with an already completed template for the Calendly service. So you can simply take it over without doing any additional research – unless you feel like it 😉 .
And it gets even better: The template for Calendly and the corresponding content blocker is already included in the free version of Real Cookie Banner.
🤝 Order processing contract
In addition to the opt-in consent, you must also conclude a so-called “order processing agreement” with Calendly (in short: AV agreement). An order processing agreement must always be concluded if you, as a website operator, commission an external company with the processing of customer data. This contract roughly summarizes the data protection-compliant handling of this data. The legal basis for the order processing agreement is Article 28 of the GDPR.
For this purpose, Calendly provides you with a Data Processing Abbendum (DPA).