We are classed as a Data Processor as we hold and secure your data.
You (The Property) would be classed as the Data Controller and would be the owner of the data.
As you can imagine our responsibility is to secure that storage of all the data, we already have a high security policy and encryption of all database content with secure communication protocols. HTTPS.
All the data that we get into our platform is essential to complete a purpose (Hotel Reservation) and we do not require any sensitive data or personal information.
Credit Card Security is taken care of by our partners PCI Booking, who are level 1 PCI Compliant.
As an user of our systems we will help you stay compliant with the law by helping you or providing you tools to stay out of trouble.
We have an agreement for all our customers and future customers available here where we will guarantee in contract we will apply with GDPR. The contract is only valid if your a current paying customer:
https://docs.google.com/document/d/16Au1dUN9q6eJ4i9kSOlbCiYP4gilpcdvQLesb2qLHXo/edit?usp=sharing
Please fill in the pre signed contract and send back to us at hello@thebookingfactory.com
The contract is valid upon receipt of the signed document in our email inbox.
You have it really easy! Thanks to us taking most of the pain for you there’s only some small rules you need to worry about.
You as a hotel or accommodation provider receive bookings with personal information. You are allowed to contact the guest leading up to the booking about things regarding their stay. This can include offering upgrades or upsells. And also an email to ask for review after they have left.
Unless legally required to do so like Police Reports that pass over personal details to the police or government. You must not use all the data you have collected to do any email marketing, sell the information to 3rd parties etc.
If you wish to do email marketing the best way is to gain consent from the guest and you also need proof of this action. So maybe in your emails add a link to your mailing list and they can choose to add themselves into it.
Mailchimp would help with this.
I know many hotels print everything, this puts the liability on you to securely store and have a system to search this information if someone requests if you have their information. Remember to cross shred all information and not put into the bin in bulk.
With invoices there is often a legal requirement to keep this information for many years so don’t delete if asked to do so without checking for your legal requirements. Check with your country regulations on the length you need to keep. I believe the UK requires you to keep this info for up to 7 years. It’s possible that we can keep the invoice but delete all personal information but we should get advice on this before implementing any mass deletion of data.
As default we don’t allow you to delete anything. Please contact us if you have any requests to find or delete data.
If you have any issues with the new regulations or need anything deleted, searched etc because of a customer request we can help you. We don’t charge and you also cannot charge the customer for this service.