Help Topics‎ > ‎

GDPR and Privacy

GDPR is coming

So what is GDPR (General Data Protection Regulation)? It's an EU regulation that becomes law on 25 May 2018 that aims to increase the data protection of all EU citizens.  It builds on existing data privacy regulations with an emphasis on increased transparency, openness and increased rights to individuals to access and control personal information held about them. It will no doubt take some time for GDPR to be fully understood as test cases and experience prove the way.


Useful Links

  • The EU GDPR website https://www.eugdpr.org/ 
  • UK's Information Commission Officer ICO - the UK body the will enforce GDPR provides lots of information and guidance tools. https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
  • Wikipedia https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
  • From ITPro http://www.itpro.co.uk/it-legislation/27814/what-is-gdpr-everything-you-need-to-know

Introduction 

We at Guestbook 247 take our responsibility to data privacy and security very seriously and will endeavour to be transparent and provide features and information to assist you in this regard. We hold two types of subject data :

Guest data -  details about guests such as name, address, contact details, dob, id information. 

User data - information related to users of guestbook 247. Typically owners or managers of small to medium sized hotels, bed & breakfast, apartments or guesthouses. 

Our role for the two data subjects differs in that for Guest data we are the "data processor", whilst for user data we are "data controller and processor". This is an important distinction within GDPR. Guestbook 247 does not have a relationship with your guests and does not control how you use that guest information, but we do provide software to allow you or your guest to provide information, hold it, process it, make back ups and display it back in various ways. 

User Data

For the users of Guestbook 247 we consider ourselves as the data controller & operator of the personal information we collect about a user. This information includes:
  • name
  • business name and brief description
  • business address
  • business email
  • business telephone
We regard this information as coming under "Contractual necessity" as the lawful basis for holding this data. Even though these are business related details we respect that the fact some many businesses we serve these details are also personal information. So we will treat this data like personal information.

How we use User Data

We only use the above information to fulfil our service to you, this includes:
  • emails to inform you of system issues, new release and feature update, request for feedback, newsletter related to tips and news about Guestbook 247, automated daily summary emails (*), notifications emails (*) such as when a new guest enquiry is made or a new booking has been made. (*) - can be opted out. 
  • maybe telephone in order to provide one to one technical support but only on your request
  • Address information is useful for us to track and analyse where our customers are based and helps us make decisions about future features and sales campaigns. 

User Data - Right To Access, Erasure & Retention

The primary page to review the personal information we retain is from the Users management feature, available from menu Setting | User or click here. If you are using an account with property owner's rights then you will see a list of all users for your property otherwise you will see details for the current users. From here you can review, edit or delete users. 

Also review the general settings page for business name and address details. From the menu Setup | Settings.

When you no longer wish to use Guestbook 247, you either stop paying the required fees or tell us you longer need access, then we will look to delete your account information once any other overriding regulatory, governance or taxation requirements have been met.

Guest Data

For guest data we at Guestbook 247 are the data processor. The information that can be captured and stored includes:
  • name
  • address
  • contact details
    • email
    • telephone
  • date of birth
  • identity document info such as passport numbers
  • nationality 
  • gender
  • free text notes that you can provide via Guestbook 247
What information is collected is dictated by the users and guest of Guestbook 247. Guestbook does insist for a new booking that a name and one form contact is provided. But whether you collect passport details or date of birth of Guest is the decision of the hotel business. 

Note guestbook never stores a guest's payment card details if they pay via our Book It application. We partner with payment providers such as swipe.com that means payment details never touch Guestbook 247 systems.

Extract to own page....................................
Add other ways to access Guest Privacy page

Right to access, erasures & data retention.

Guestbook 247 provides features to help you respond to a guest right to access, erasure and data retention. First off we need to locate the guest through the "Find Guest" feature, menu Bookings | Find Guest

From here enter some search criteria such as firstname and surname then click Search. A list of matching guest will appear. For each guest returned there's a number of action buttons. Click the Privacy button. 

The Privacy page shows all the personal information for the guest that is available. The options from here are :

Copy Text : Will copy the displayed information to the clipboard. You can now paste to an email or other application to share the information with the appropriate guest.

Anonymise : If a guest request erasures of personal information or for your own data retention policy the anonymise function will overwrite the guest's info. This is a non reversible action. The personal details such as name and address will be overwritten blank strings or in some cases such as names with text such as "anonymised". Any associated bookings for the guest are unaffected.

Link to Guest Consent Review: There's also a URL link that can be shared with the guest. This allows a guest to review what consents they have with your business and to change optional consents such as Newsletter consent. This link is also included in any emails sent to a guest and on the booking confirmation page. 

 
Comments