Sneha Thuppul / photo: Agilysys

The Agilysys Spa solution provides valuable information to employees to enhance the guest experience and retain wallet share for future visits, whether that’s via automated, targeted campaigns or one-to-one outreach. Onsite, staff can use Agilysys’ common profile and single itinerary view to identify and cater to guests – if they’re only staying and playing golf, for example, staff can target specific offers to entice them to book a spa appointment too.

Agilysys Spa enhancements allow properties to create custom policies that enable staff to collect guest consent to retain guest information for a specified period. After the specified period, if guest consent to keep their data longer isn’t obtained, that data is rendered anonymous to comply with region-specific data protection and privacy acts, such as GDPR and CCPA.

Craig Griffin / Journey

With Journey, spas can easily capture customer information and send messages via the client’s preferred contact method – email, call or SMS. Marketing is restricted to clients who opt-in for such messages; this complies with GDPR requirements. Contacts can be segmented based on times of visit, treatment types and spending history. Those who’ve not explicitly opted-in to receive marketing are marked for service emails only such as booking and/or payment confirmations.

Spas must maintain customer records within Journey’s system, including removing and deleting their data and updating preferences when required. Spa clients can update their details and preferences online; updates act as an electronic signature meeting the ‘right to rectification’ requirement of GDPR.

Journey helps simplify data processes for spas. Our software is GDPR and PCI-DSS compliant, keeping customer data secure. We regularly audit customers and assess our software’s functionality, releasing updates to ensure spas meet and retain GDPR compliance.

Devon McKercher / photo: SpaSoft

Due to the nature of the spa industry and the type of services offered, guests share a lot of information and operators need to be careful that all their systems and data processes – not just software – are GDPR compliant and that employees are trained on how to respond to inquiries and requests.

SpaSoft has strong reporting capabilities allowing staff to pull reports on past guests. Combined with customisable wellness intake forms and post-service surveys spas have all the data they need to recommend services that are personalised to guest preferences.

SpaSoft has developed a series of features that allow spas to comply with GDPR and enhance overall guest data security.

These include:

• Enhanced change logs that allow spas to track any guest anonymisation with change reason codes

• A report that lists the personal information that is retained for a guest. This report can also be shared with a guest for verification

• An anonymisation feature that removes all guest information retained in the system on demand – although references to some items are inserted with generic tags that allow the operational data to remain intact for reporting and historical accuracy.

Sal Capizzi / photo: Book4Time

It’s been proven that when a guest feels seen and heard, they’re more likely to spend more time at your spa, increasing the overall ticket amount. Book4Time offers a digital intake solution which guests fill out before they even arrive on site, allowing operators to get to know them before their treatment and potentially provide an exceptional experience. Our system also easily enables spas to create customised marketing campaigns.

Book4Time ensures that personal data stored on the system is compliant with ever-changing regulations. Enterprise and global reporting gets stripped of personal data (name, address). We also have a data processing agreement with operators and give recommendations on how to use the information once collected.

Charity Hudnall / photo: Vagaro

Vagaro’s spa software offers spas a robust suite of marketing features to effectively keep in touch with clients to help with retention, loyalty and recurring revenue.

In addition, Vagaro’s Forms feature allows service providers to create client SOAP notes – to further customise treatment plans and product suggestions – as well as intake questionnaires and surveys for feedback.

This amounts to a lot of personal information and spa owners are ultimately responsible for keeping records of their clients safe and secure. Any data breach can compromise the trust between a business and its customers and has the potential to invite huge fines and litigations.

Regularly updating staff training on best practices for data protection is essential for maintaining GDPR compliance. Software systems can help too – Vagaro encrypts all customer data and stores it securely. In addition, spas can limit which employees have access to view, add, edit or delete SOAP notes.

As per GDPR guidelines, customers can request businesses to delete all their data. If spa owners are manually managing their customer data, this could pose a major issue. It’s beneficial in this instance to use spa software such as Vagaro, which provides a process for customer data deletion and helps businesses to be GDPR compliant at all times.