The General Data Protection Regulation (GDPR) comes into effect on 25th May 2018 and applies not only to EU-based organisations, but also to anyone who has customers or contacts in the EU; we’ve introduced new tools to ensure that your business is compliant, and to help you explain (to your guests) how you manage & share data. If you use any PMS or OTA platforms, it’s important to understand where your business fits with relation to data ownership. For details about the steps YourWelcome has taken to comply with GDPR please scroll to the bottom of this page.

 

Ensuring You Are Compliant

Update Your Terms & Conditions

We have amended the check-in screens on the tablet to position the new terms screen more prominently. If you ever take bookings from guests who are EU citizens you are required to comply with GDPR, it is your responsibility to amend your own terms & conditions that guests agree to when checking in. Your new terms and conditions can be uploaded via the YourWelcome dashboard to be displayed to your guests, to upload them, please do so on the Settings screen.

Summarising The Data That You Capture

It is now a mandatory requirement to provide better clarity and transparency around how you manage customer data. We are providing the tools to display a summarised overview of your terms.

The updated Terms & Conditions screen on the tablet now helps make it explicitly clear how you use your guest’s data, and how it is stored. You can add a list of each individual data point that you collect and store, along with your custom terms and conditions.

Each bullet point in the list contains 3 fields:

  • Header: What you’re capturing
  • Description: How you’re using it
  • Storage Length: The length of time that you plan to store this data, before it is destroyed

You can add and amend your Data Collection List on the Settings screen here. For full instructions on how to update this screen, please read the tutorial in our Help & Learning Centre.

Data Collection List

We’ve provided some examples for topics that you might want to include below. However, YourWelcome can not offer legal advice so the following examples are designed for guidance purposes and should not be replicated unless specifically applicable to you and your business and are mentioned in your full terms.

EXAMPLE HEADER 1: Reservation Details (EXAMPLE STORAGE LENGTH 1: Stored indefinitely)

EXAMPLE DESCRIPTION 1: We use your name and contact details, entered during check-in (or synced via a calendar integration), to monitor key metrics such as occupancy rates and patterns so that we can adjust the services that we provide accordingly.

EXAMPLE HEADER 2: Identification / Passport Details

EXAMPLE DESCRIPTION 2: We capture this as we are required to do so by the local authorities – we share a copy of all passports via a secure online form with the local authority governing our region.

EXAMPLE HEADER 3: Email Address

EXAMPLE DESCRIPTION 3: We store this so that we can contact you during your stay and collect feedback after your reservation is complete.

Those are a few examples so you can see how to structure your summary points for your guests.

Opting out

Your guests will need a clear path to opt out of any communications should they feel they want to do that. We are adding our details clearly to the top of the Privacy Policy which is visible during check-in and from the Settings menu on the tablets. If a guest contacts us for any reason we will contact you to inform you so you can take the necessary actions to remove or correct the requested data. We have created a field within the dashboard where you can add your Data Protection Officer details who we will contact in the event of a guest request. You can add these details here. (Please note if you leave this field blank we will use the account owner email address).

Our Responsibilities: YourWelcome & GDPR

Updated Terms & Conditions

We have updated our own Terms & Conditions in order to comply with GDPR; by continuing to use our service after May 25th, you are authorising YourWelcome to act as a Data Processor on your behalf.

Data Anonymisation

If requested, YourWelcome is obligated to anonymise all data relating to an individual guest. Our details are displayed alongside yours in the Settings menu of the app and your guests can make this request by contacting us, or by logging in to their guest dashboard.

We are required to let you know when a guest has requested the deletion of their data, so that you can make the necessary arrangements to delete or anonymise their data if applicable. If a guest contacts you to make this request, it is your obligation to let us know as soon as possible if the data they are referring to is held by us.

Data Protection Officer

We have appointed our Chief Operating Officer, Paul Loram, as our Data Protection Officer. If you have any questions about YourWelcome’s GDPR compliance, please email gdpr@yourwelcome.com

 

John

Author John

Chief Product Officer, YourWelcome

More posts by John