New Data Protection Regulations

Agencies and other headaches, keys and cleaners, running costs and contracts...in short, all the things we spend so much of our time doing behind the scenes.<br>
GillianF
Posts: 826
Joined: Mon Aug 20, 2012 12:06 pm
Location: Dordogne

New Data Protection Regulations

Post by GillianF »

I've been reading up about this and still confused?

My understanding is that it only applies to guest information stored on line?

Somebody, I think, posted up a simple sort of 'disclaimer' to put on their Booking Form explaining that guest information would be kept etc. etc.

Anybody know where I can find this? I want to keep my life as simple as possible but stay on the right side of the law ........

Interesting that, yet again, nothing on this from our tourist office who claim to use the taxe de sejour to keep us "informed on all matters affecting our rights, obligations and business".
User avatar
greenbarn
Posts: 6146
Joined: Sat May 30, 2009 6:41 pm
Location: The Westmorland Dales, Cumbria

Re: New Data Protection Regulations

Post by greenbarn »

GillianF wrote:I've been reading up about this and still confused?
There seem to be two categories - those of us who’ve read something about it and are confused, and those of us who’ve not read anything and aren’t yet confused....
GillianF wrote: My understanding is that it only applies to guest information stored on line?
It applies to all personal data that is collected and filed, whether it’s on a computer or on paper - same as existing Data Protection Act.
GillianF wrote:Somebody, I think, posted up a simple sort of 'disclaimer' to put on their Booking Form explaining that guest information would be kept etc. etc.
I don’t think we can have a disclaimer as we all have to abide by GDPR. I do think we need an updated Privacy Statement which seems to require (this is where I get muchly confused...) the inclusion of such things as Who we are, why we collect data, what we collect, what we do with it, how we store it, how long we keep it....
GillianF wrote:Anybody know where I can find this? I want to keep my life as simple as possible but stay on the right side of the law ........

Interesting that, yet again, nothing on this from our tourist office who claim to use the taxe de sejour to keep us "informed on all matters affecting our rights, obligations and business".
I’m still searching for an example statement. In the UK Visit Britain have yet to come up with something really helpful, I get the feeling they might be confused as well...
It’s going to take a very long time for any authorities to get around to putting the microscope on and issuing warnings to tiddly businesses like ours - and the authorities will have to understand GDPR first; no sign of that anywhere...
GillianF
Posts: 826
Joined: Mon Aug 20, 2012 12:06 pm
Location: Dordogne

Post by GillianF »

Thank you Greenbarn. So pleased I am not alone and you raised a smile.

The 'disclaimer' I was referring to was something along the lines of a sentence on the booking form saying that by filling in the form the guest agrees to us storing their information which will be destroyed in ???? months/year or not destroyed ever.

I'd agree though that it is hard to imagine who/what/when is ever going to get around to checking up on all of us although it would certainly make some nice 'jobs for the boys'!
User avatar
CSE
Posts: 4414
Joined: Mon Nov 06, 2006 3:34 pm
Location: Galicia

Post by CSE »

Some other threads on LMH mainly in the section for Spain.
viewtopic.php?t=28433
viewtopic.php?t=28486
Then there is an app for Spanish property owners which Could fall fail of this law.
viewtopic.php?t=28380

It is not an easy law to understand at all. :evil:
I hope the webinar will shed a bit of light.
Never try to out-stubborn your guests.
newtimber
Posts: 1945
Joined: Sat Nov 24, 2012 5:57 pm
Location: Brighton
Contact:

Post by newtimber »

I've been looking around and I cannot find a single owner with a privacy policy that is going to comply with GDPR.
It's quite ridiculous that thousands of owners are going to have to create their own because of the lack of a decent template.
As if anyone is going to read these long privacy statements before they contact a website or book a hotel...
Zingara
Posts: 618
Joined: Tue Apr 09, 2013 8:36 am
Location: Antibes, PACA

Post by Zingara »

I have a template from the Landlord's association, along with a step-by-step guide. Obviously, this is aimed at those who do long-term rentals: however, the reasons for acquiring and keeping the data (including passport data) are very similar.

For other reasons, we have been registered with the ICO for many years, but it was only on reviewing all this that I realised that we needed to adjust / add to our registration.

Registration with the ICO is straightforward, on-line, takes about 10 minutes,and costs £35.

Most renters will probably be expecting something as they'll be getting daily e-mails from various sources 'How we use your data' : this will give you some hints too.
GillianF
Posts: 826
Joined: Mon Aug 20, 2012 12:06 pm
Location: Dordogne

Post by GillianF »

On another forum someone has suggested the following wording on the booking form with the Ts&Cs:

"Completing the booking form implies that you agree for the Owners to hold data securely on you and your party. The data shall not be passed to any third party without your prior written permission. This is a requirement under European Law for data security (25 May 2018 - GDPR General Data Protection Regulation)."
e-richard
Posts: 5008
Joined: Sun Oct 17, 2004 11:33 am
Location: Algarve, Portugal
Contact:

Post by e-richard »

I have a slight variation at the end of my booking form:
[] * In accordance with GDPR 2018 I give my permission for you to store my name and address and other contact details so that we may communicate with one another about our holiday. I understand that you will not do anything else with any of the data I have submitted.
I am the archetypal cynic when it comes to GDPR for the private owner of a rental home. We are but a teeny weeny itsy bitsy little business in the grand scheme of things and I feel there is just far too much of a song and dance around the topic in our business.

On my booking form it is a tick box and is mandatory.

In other words, "you have a free choice to elect to opt-in to give me your data OR you may of your own volition, without any pressure or shenanigans choose not to book with me". Who really needs GDPR ?
** Richard
PIMS: Holiday Rental Management system
They say we learn from our mistakes. That makes me a genius !
newtimber
Posts: 1945
Joined: Sat Nov 24, 2012 5:57 pm
Location: Brighton
Contact:

Post by newtimber »

GillianF wrote:On another forum someone has suggested the following wording on the booking form with the Ts&Cs:

"Completing the booking form implies that you agree for the Owners to hold data securely on you and your party. The data shall not be passed to any third party without your prior written permission. This is a requirement under European Law for data security (25 May 2018 - GDPR General Data Protection Regulation)."
Not true though is it? Might you not be required to give their data to the tax authorities or law enforcement? If they damage your property, are you not going to pass over their details to a 3rd party like your insurers? You won't be able to take legal action without their written permission since to do so you'd have to pass on their information to a 3rd party.
GillianF
Posts: 826
Joined: Mon Aug 20, 2012 12:06 pm
Location: Dordogne

Post by GillianF »

Good point newtimber. But, if someone damaged the property or was breaking the law and required me to disclose their details then I would consider it 'reasonable' to pass their details to a third party.

I do, though, think e-Richard's suggestion is better.

Others here have suggested that the 'powers that be' who are going to 'police' this new law are going to have far too much to do to worry about a little gite business in the middle of nowhere particular in rural France ..................
newtimber
Posts: 1945
Joined: Sat Nov 24, 2012 5:57 pm
Location: Brighton
Contact:

Post by newtimber »

GillianF wrote:Good point newtimber. But, if someone damaged the property or was breaking the law and required me to disclose their details then I would consider it 'reasonable' to pass their details to a third party.
.
I'm sorry but if you've said you won't pass on the information in your privacy policy, you cannot then give the information to your insurers without the risk that the guests will respond by claiming your privacy policy does not allow you to do this.
User avatar
greenbarn
Posts: 6146
Joined: Sat May 30, 2009 6:41 pm
Location: The Westmorland Dales, Cumbria

Post by greenbarn »

From what I’ve read and attempted to understand so far it doesn’t look as though a disclaimer will come even remotely close to being enough.

Whereas it was sufficient to say that we complied with the DPA, which has been a requirement for years, the GDPR seems to introduce the need to detail and document how you comply.
Hence it looks as though a Privacy Statement has to include a number of headings that include Why we collect your data (justification), What we collect, How we collect it, How we keep it secure, How long we keep it (“a reasonable time” won’t cut it), Who we share it with, Your right to see what we hold and how to contact us to find out/get it deleted/changed/remove your inside leg measurement. If we also use data for direct marketing mailshots, newsletters etc there are further requirements.

If (BIG IF) the ICO workers get bored and have time on their hands after deleting their FB accounts, the obvious step they will take to check on compliance is to look for the Privacy Statement on somebody’s website. So I’m going to write something to rival War and Peace. :wink:
User avatar
greenbarn
Posts: 6146
Joined: Sat May 30, 2009 6:41 pm
Location: The Westmorland Dales, Cumbria

Post by greenbarn »

newtimber wrote:
GillianF wrote:Good point newtimber. But, if someone damaged the property or was breaking the law and required me to disclose their details then I would consider it 'reasonable' to pass their details to a third party.
.
I'm sorry but if you've said you won't pass on the information in your privacy policy, you cannot then give the information to your insurers without the risk that the guests will respond by claiming your privacy policy does not allow you to do this.
There are circumstances in which we’d be legally required to pass on information; it should be possible to cover that with a statement that “we don’t pass your data to any third party except if we are legally required to do so for the purposes of lawful investigation” or some such blx.
Either way I imagine the law would override your statement even if you swore on your mother’s life not to pass any data to plod.

ps Need to think about whether we pass data on to local housekeepers etc as well.
newtimber
Posts: 1945
Joined: Sat Nov 24, 2012 5:57 pm
Location: Brighton
Contact:

Post by newtimber »

e-richard wrote:I have a slight variation at the end of my booking form:
[] * In accordance with GDPR 2018 I give my permission for you to store my name and address and other contact details so that we may communicate with one another about our holiday. I understand that you will not do anything else with any of the data I have submitted.
I am the archetypal cynic when it comes to GDPR for the private owner of a rental home. We are but a teeny weeny itsy bitsy little business in the grand scheme of things and I feel there is just far too much of a song and dance around the topic in our business.

On my booking form it is a tick box and is mandatory.

In other words, "you have a free choice to elect to opt-in to give me your data OR you may of your own volition, without any pressure or shenanigans choose not to book with me". Who really needs GDPR ?
Unfortunately this won't work - in the UK at any rate, I don't know about Portugal.
You need to have established why you need the data and document it. You have to say how long you're going to keep it and how it will be stored etc etc. https://ico.org.uk/for-organisations/gu ... rocessing/
User avatar
greenbarn
Posts: 6146
Joined: Sat May 30, 2009 6:41 pm
Location: The Westmorland Dales, Cumbria

Post by greenbarn »

GillianF wrote:On another forum someone has suggested the following wording on the booking form with the Ts&Cs:

"Completing the booking form implies that you agree for the Owners to hold data securely on you and your party. The data shall not be passed to any third party without your prior written permission. This is a requirement under European Law for data security (25 May 2018 - GDPR General Data Protection Regulation)."
That’s an interesting one... The requirement under GDPR is that consent cannot be implicit. So the statement "Completing the booking form implies that you agree for the Owners to hold data securely on you and your party" is the direct opposite of what GDPR requires. :roll:

Having another look at that, they’ve missed the point completely. Clear consent by way of a an explicit opt-in is required for sending mailshots etc. Consent is not required for collecting data for the purposes of handling the enquiry and booking process; what is required is the documented detail of what you collect and why etc etc
Post Reply