The General Data Protection Regulation (GDPR) comes into effect on 25th May 2018 and applies not only to EU-based organisations, but also to anyone who has customers or contacts in the EU; we’ve introduced new tools to ensure that your business is compliant, and to help you explain (to your guests) how you manage & share data. If you use any PMS or OTA platforms, it’s important to understand where your business fits with relation to data ownership. For details about the steps YourWelcome has taken to comply with GDPR please scroll to the bottom of this page.
Ensuring You Are Compliant
Update Your Terms & Conditions
We have amended the check-in screens on the tablet to position the new terms screen more prominently. If you ever take bookings from guests who are EU citizens you are required to comply with GDPR, it is your responsibility to amend your own terms & conditions that guests agree to when checking in. Your new terms and conditions can be uploaded via the YourWelcome dashboard to be displayed to your guests, to upload them, please do so on the Settings screen.
Summarising The Data That You Capture
It is now a mandatory requirement to provide better clarity and transparency around how you manage customer data. We are providing the tools to display a summarised overview of your terms.
The updated Terms & Conditions screen on the tablet now helps make it explicitly clear how you use your guest’s data, and how it is stored. You can add a list of each individual data point that you collect and store, along with your custom terms and conditions.
Each bullet point in the list contains 3 fields:
- Header: What you’re capturing
- Description: How you’re using it
- Storage Length: The length of time that you plan to store this data, before it is destroyed
Data Collection List
We’ve provided some examples for topics that you might want to include below. However, YourWelcome can not offer legal advice so the following examples are designed for guidance purposes and should not be replicated unless specifically applicable to you and your business and are mentioned in your full terms.
EXAMPLE HEADER 1: Reservation Details (EXAMPLE STORAGE LENGTH 1: Stored indefinitely)
EXAMPLE DESCRIPTION 1: We use your name and contact details, entered during check-in (or synced via a calendar integration), to monitor key metrics such as occupancy rates and patterns so that we can adjust the services that we provide accordingly.
EXAMPLE HEADER 2: Identification / Passport Details
EXAMPLE DESCRIPTION 2: We capture this as we are required to do so by the local authorities – we share a copy of all passports via a secure online form with the local authority governing our region.
EXAMPLE HEADER 3: Email Address
EXAMPLE DESCRIPTION 3: We store this so that we can contact you during your stay and collect feedback after your reservation is complete.
Those are a few examples so you can see how to structure your summary points for your guests.
Our Responsibilities: YourWelcome & GDPR
Updated Terms & Conditions
We have updated our own Terms & Conditions in order to comply with GDPR; by continuing to use our service after May 25th, you are authorising YourWelcome to act as a Data Processor on your behalf.
If requested, YourWelcome is obligated to anonymise all data relating to an individual guest. Our details are displayed alongside yours in the Settings menu of the app and your guests can make this request by contacting us, or by logging in to their guest dashboard.
We are required to let you know when a guest has requested the deletion of their data, so that you can make the necessary arrangements to delete or anonymise their data if applicable. If a guest contacts you to make this request, it is your obligation to let us know as soon as possible if the data they are referring to is held by us.
Data Protection Officer
We have appointed our Chief Operating Officer, Paul Loram, as our Data Protection Officer. If you have any questions about YourWelcome’s GDPR compliance, please email firstname.lastname@example.org