Client Studios can add a Privacy Statement to the zingfit system by navigating to Admin > Site Content > Web Content > + Web Content. Adding a URL in the slug field such as “privacy statement” will allow the file to be displayed at your zingfit URL - this is typically in the format of https://Client-Studio.zingfit.com/privacy-statement depending on your integration type.
Can I limit access to my zingfit system based on IP address?
zingfit offers the ability to see all IP Addresses logging into the system. You can view this by navigating to Admin > People > System Logs > and selecting System Access.
You cannot exclude an IP address from accessing the system, rather you can choose which IP addresses to include by setting which roles can access the system from anywhere and set the other roles who do not have this permission to login via an authorized computer. Only a role with access to Admin > Configuration > System Settings can authorize a computer.
Does zingfit have a breach notification procedure?
Zingfit has defined and will continue to refine notification procedures in case of breach of personnel for both our Client Studios as well as Client Studio End Users. The GDPR requires timely reporting of certain personal data breaches to the relevant authority, and inform individuals as necessary.
Right to be Forgotten
End Users can request to be deleted from the zingfit system by the Client Studios. Client Studios can do this in the Booker, by finding the End User, editing the End Users info, and clicking the “Delete” button at the bottom of the form.
zingfit has created new opt-in functionality for MailChimp integrations so that customers will need to explicitly choose to have their information passed onto the studio’s MailChimp lists. To implement this, Client Studios should navigate to Admin > Configuration > Configure Customer Forms and then, at the bottom of the form, click the checkbox in the Display column for MailChimp Subscribe.
For other opt-ins, Client Studios can create a support ticket to request access to Forms. Forms add additional fields to the sign-up process - You can request this through the web development request form found here.
Fields can be set for alerts such as if an End User does not agree with the Privacy Statement, or if an End User is underage. Client Studio can decide on a proper action based on the alert.
zingfit-generated Customer Journey emails (and soon-to-be-released Abandoned Series emails) will display a button to prompt the end-user to easily opt-out.
No changes need to be made under GDPR around emails that are sent from the zingfit system to mediate End User scheduling - these emails include attendance reminders, purchase receipts and expiry emails.
Client Studios can choose which information fields to collect (and which to make required) on sign-up forms - navigate to Admin > Configuration > Configure Customer Forms
zingfit places cookies on system transactions pages. The cookies are used only to maintain the session/flow through to check-out, not for tracking outside of the zingfit sites.
Credit Card Data
zingfit passes credit card information from the web payment form onto a payment gateway (e.g. Stripe an Authorize.net) without that information passing through zingfit servers. Credit card information is stored here and a “token” is returned to zingfit to store in its system for further use in recurring and other card-on-file transactions. You can refer to this document for more information: https://stripe.com/docs/security