GDPR and Privacy

So what is GDPR (General Data Protection Regulation)? It's an EU regulation that became law on 25 May 2018 that aims to increase the data protection of all EU citizens. It builds on existing data privacy regulations with an emphasis on increased transparency, openness and increased rights to individuals to access and control personal information held about them. It will no doubt take some time for GDPR to be fully understood as test cases and experience prove the way.

Useful Links

• The EU GDPR website https://www.eugdpr.org/

• UK's Information Commission Officer ICO - the UK body the will enforce GDPR provides lots of information and guidance tools. https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

• Wikipedia https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

• From ITPro http://www.itpro.co.uk/it-legislation/27814/what-is-gdpr-everything-you-need-to-know

Introduction

We at Guestbook 247 take our responsibility to data privacy and security very seriously and will endeavour to be transparent and provide features and information to assist you in this regard. We hold two types of subject data :

Guest data - details about guests such as name, address, contact details, dob, id information.

User data - information related to users of guestbook 247. Typically owners or managers of small to medium sized hotels, bed & breakfast, apartments or guesthouses.

Our role for the two data subjects differs in that for Guest data we are the "data processor", whilst for user data we are "data controller and processor". This is an important distinction within GDPR. Guestbook 247 does not have a relationship with your guests and does not control how you use that guest information, but we do provide software to allow you or your guest to provide information, hold it, process it, make back ups and display it back in various ways.

User Data

For the users of Guestbook 247 we consider ourselves as the data controller & operator of the personal information we collect about a user. This information includes:

• name

• business name and brief description

• business address

• business email

• business telephone

We regard this information as coming under "Contractual necessity" as the lawful basis for holding this data. Even though these are business related details we respect that the fact some many businesses we serve these details are constitute personal information. So we will treat this data las your personal information.

How we use User Data

We only use the above information to fulfil our service to you, this includes:

• emails to inform you of system issues, new release and feature update, request for feedback, newsletter related to tips and news about Guestbook 247, automated daily summary emails (*), notifications emails (*) such as when a new guest enquiry is made or a new booking has been made. (*) - can be opted out.

• telephone in order to provide one to one technical support but only on your request

• Address information is useful for us to track and analyse where our customers are based and helps us make decisions about future features and sales campaigns.

User Data - Right To Access, Erasure & Retention

The primary page to review the personal information we retain is from the Users management feature, available from menu Setting | User or click here. If you are using an account with property owner's rights then you will see a list of all users for your property otherwise you will see details for the current users. From here you can review, edit or delete users.

Also review the general settings page for business name and address details. From the menu Setup | Settings.

When you no longer wish to use Guestbook 247, there's an option on the settings menu called "Close Account" - only available to the property owner. When you close your account we will remove much of the data we hold on you and your guests. However we hold back some information for a while in order to fulfill accounting, regulatory, governance or taxation requirements that need to be met.

Guest Data

For guest data we at Guestbook 247 are the data processor. The information that can be captured and stored includes:

• name

• address

• contact details

  • email

  • telephone

• date of birth

• identity document info such as passport numbers

• nationality

• gender

• free text notes that you can provide via Guestbook 247

What information is collected is dictated by the users and guest of Guestbook 247. Guestbook does insist for a new booking that a name and one form contact is provided. But whether you collect passport details or date of birth of Guest is the decision of the hotel business.

Note guestbook never stores a guest's payment card details if they pay via our Book It application. We partner with payment providers such as swipe.com that means payment details never touch Guestbook 247 systems.

Guestbook provides a number of features to manage guest privacy, more information available at Guest Privacy Features