Skip to main content

How baxus complies with the GDPR

The General Data Protection Regulation (GDPR) is effective as of 25 May 2018. We’ve been working with a specialist team to make sure we’re compliant and wanted to let you know what we’ve done.

How can baxus help you comply with the GDPR?

To see how our software and processes will help you be compliant with the GDPR, check out our blog.

How does baxus comply with the GDPR?

Here’s what we’ve done:

  • baxus now has a Data Processing Addendum (DPA) for customers in the EU. The DPA outlines our privacy commitments and sets out the terms for baxus and our customers to meet the GDPR requirements. If you’re a baxus customer in the EU, you’ve been sent a copy of the DPA to sign. You can also view the DPA here.
  • We updated our Privacy Policy which you can read here.
  • We’ve looked at our staff contracts and they meet the GDPR requirements.
  • The team has been trained to correctly use and process customer information.  
  • We’ve reviewed our software and can confirm it’s compliant with the GDPR. To see how our software meets the requirements, read our blog.
  • Our internal processes have been updated to make sure baxus and our customers can be compliant. To learn more about our internal processes, visit our blog.
  • We’ve looked at, and where required, re-signed our agreements with our partners to ensure they and baxus are compliant with the GDPR.

If you have any questions about baxus and the GDPR, please get in touch with our support team via

Helping you be GDPR compliant

The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018. If you’re in the UK, find out more and see how baxus can help you be GDPR compliant.


For more information about the GDPR, visit our blog.

baxus is preparing for the GDPR

baxus has been working with a team of specialists to ensure we’re compliant with the new regulations by 25 May 2018. Read our blog preparing for the GDPR for the details.

How you can get ready for the GDPR

If you need more information on the GDPR, check out these resources from ICO:

We’re here to ensure baxus helps you be GDPR compliant too.

How baxus can help you be GDPR compliant

In our last blog we let you know what baxus is doing to prepare for the GDPR. Part of that was reviewing our software and internal processes to ensure it’ll help you be GDPR compliant. Here’s what you need to know:

Unsubscribe clients in baxus

Your clients have the right to choose whether they receive your marketing messages under the GDPR’s ‘Right to Object’.

Here’s how baxus allows your clients to unsubscribe from your marketing messages:


Your clients can use the unsubscribe link in your MailChimp emails to opt-out. This will automatically turn off their ‘Send marketing messages’ preference in their Client Card so they’re no longer included in future marketing campaigns. Visit our support guide for more details.

Text messages

Your clients can opt-out of text message campaigns in a couple of ways:

  • By replying to your text messages with an unsubscribe request.
  • You can add a ‘Reply STOP to unsubscribe’ to your text messages to prompt your clients who wish to unsubscribe.

In both cases you’ll need to monitor your email inbox for replies and untick the ‘Send marketing messages’ preference in their Client Card.

Update client information in their Client Card

The ‘Right to Rectification’ gives your clients the right to ask you to change their details if you’re storing incorrect information. You’ll have to do this within 30 days.

If a client asks you to change their information, update their baxus Client Card or use the Give to Client feature so they can update their details themselves.

Ask us to delete client information

The GDPR states that your clients can ask you to delete their personal information if there isn’t a good reason for you to have it. You must do this within 30 days under the ‘Right to Erasure’.

If your clients ask their data to be deleted from baxus, contact our support team and they’ll make it happen.

Ask us to deactivate your clients

Where the ‘Right to Erasure’ doesn’t apply, the ‘Restriction to Processing’ requirement might come into play. This means while you can continue storing the client’s data, you can no longer use it in any way.

If a client asks you to stop using their data, contact our support team and they’ll deactivate them for you.

Ask us to supply client information

Your clients the ability to ask you to provide them with a copy of the information you have about them, and receive a response in 30 days. This refers to the GDPR’s ‘Right to Data Portability’ and ‘Right of Access’.

Contact our support team if your client asks for this and we’ll supply you with this information.