GDPR and accommodation facilities

GDPR and accommodation facilities

With the advent of GDPR, many accommodation operators have certainly raised questions about the processing of their guests' personal data. There are still many operators who feel uneasy and still do not know how to proceed correctly in accordance with GDPR. So what have this regulation brought for accommodation facilities?

Consent to the processing of personal data

The accommodation operators are most interested in whether guests need to be asked for their consent to the processing of personal data. No, this is not necessary if you have this information in your accounting system because you provided them with accommodation. This data is collected for performance of the contract. In addition, they are also collected from a legal obligation under Act No. 404/2011 on the stay of outlanders, which obliges the accommodation providers to verify the identity of the outlander. This Act entails obligations such as the need to enter the book of accommodated persons and to fill in the official form of the outlander's residence report. At that time, the accommodation provider is obliged to register data such as: name and surname, date and place of birth (country), nationality, permanent residence in the home country, travel document number, type, number and validity of the visa and names and surnames of traveling children. If the operator saves the e-mail and phone number of the guest, it is also OK. For example, this way you can send guests instructions and call them if they forget some stuff.

Most commonly, three types of consent will be used:

• consent to the processing of personal data,
• consent to marketing purposes
• acceptance of the General Terms and Conditions, including the cancellation terms.

Personal data that the accommodation facilities can process for accommodation purposes:

Monitoring guests

If there are cameras in the premises for the safety of guests, it is okay because of legitimate interest. However, these data should not be recorded for a long time. It is recommended to set up such a CCTV system to automatically delete data after the time it takes to store it. Of course, guests need to be informed.

Conclusion

Indeed, owners of accommodation facilities should only store data that they really need and to which they are entitled. This means that the guest has approved their possession and is familiar with the purpose for which they are provided.

This is not easy, because the accommodation providers today make extensive use of services such as Booking.com, through which they receive a large number of reservations and thus personal data. At the same time, they build their own marketing, communicate with customers directly and process personal data of clients for this purpose.

For accommodation owners who use their clients' contacts for marketing purposes, the new European legislation may seem restrictive. On the other hand, GDPR can improve the databases, since they will have more valid contacts. And it is the more loyal and active guests who really want to receive content about accommodation. In addition, anonymization of data may be a possible solution for some marketing purposes and statistics. As far as business announcements are concerned, there will be a new possibility to send relevant information to current guests to an appropriate extent, without the need for consent.