My agent has sent me this...
My Agent will Do....
We’ll explain to customers what we’ll do with the personal data we collect about them including who we will share it with.
We’ll have written agreements in place with our suppliers and partners where we share personal data with them.
We’ll inform customers if we intend to send them direct marketing and where necessary, we’ll gather their consent to do so.
We’ll be able to respond to customers looking to enforce their rights (to know what data is held or to request deletion for example) and to any enquires by the information commissioner.
My agent asks that I should....
Draft a Privacy Notice, or update one if I already have one, in the form required by the GDPR to explain to customers how I will deal with their data.
Ensure that customer data is used only for the purpose of providing a booking and that I should not send any of my own marketing to a customer directly unless I have either told them that I will do so in advance or have their consent to do so where necessary.
I must handle and store customer data securely and safely.
I must make sure that I am able to respond quickly to queries from customers relating to their data, such as requests to send them copies of it and or to delete it.
I must have a process to make sure that customer data is not kept for longer than is necessary.
To help they have offered a series of questions / answers to consider...
What is meant by “personal data”?
"Personal data" is the term used to refer to any data which could be used to identify a living individual. This will include obvious things like name, address, date of birth, email address and telephone number. For more information, please take a look at
https://ico.org.uk/for-the-public/personal-information/.
What is a “Privacy Notice”?
A privacy notice explains to people who you are, what you are going to do with their information and who you will share it with. The main point is to explain in clear terms to customers what information you hold on them, how and why you use it and who you share it with (if anyone). The comprehensive advice on the Information Commissioner’s Office (ICO) website is a great reference point:
https://ico.org.uk/for-organisations/gu ... nd-control.
What should I do with the personal data of my guests?
The basic principles of GDPR require you to keep any personal data for no longer than is necessary for the purpose you obtained it for and disposing of it safely afterwards. Given accounting and auditing requirements around transactional data, there may well be a strong legitimate and legal basis to retain this data for a number of years. If this is the case, you must ensure the data is held securely. Again, we'd recommend consulting the ICO website
https://ico.org.uk/for-organisations/gu ... retention/ for more guidance.
I forward my guests details onto my keyholder / cleaner – Is this still OK?
Yes – we state in our policies that a customer can expect us to share data with accommodation and service providers to fulfil a booking contract. It would be worth checking with your keyholder / cleaner that they handle the data sensibly and dispose of when no longer needed.
Can I write a privacy notice but I don’t have my own website for my own cottage(s) – where should I put it so that guests can see it?
If you don’t have a website, we'd suggest adding it to the in house information pack, so that guests can see it alongside other holiday and service related information.
Why can’t you give owners a template to help us write a privacy notice?
Every accommodation owner is different and every owner will handle and use data in a variety of ways – whether a single property independent owner, or a multi-property letting business. It would be impossible for us to create a one size fits all solution to solve everyone's requirements.
I keep all my guests details on file and have done so for many years. I send them a Christmas card every year – Can I still do this?
As outlined above, ideally you should let your guests know about how you will use their data with a Privacy Notice. That said, we think that very few guests will object to receiving a Christmas card and there is probably little risk to doing this.
----------------------------------------------------
I'm guessing that the first thing to do is logically think about and write down a list of the information / data that we all collect. Break it down further and decide what you want to do with it and why and for how long it's needed and declare when it will be deleted. Declare who it is shared with.
Some of us inc myself will be surprised about just what we do know about our guests. Some of this info may be deletable right away, some of it may have to stored for a week or two, a year or six years and so on. I'm guessing that their is no strict predefined period of time that data can / must be stored for as far as the guests are concerned. But there may be mandatory time periods for us to store data re accounting and HMRC law. If you use an accountant, a cleaner, a keyholder, a nieghbour to help you then you have to declare what information is given to these people, why and how long that info is kept by those people.
I'm guessing that it is upto us / you to decide what data is kept and how long it is kept for and justify why and ensure it is deleted when it is not required anymore