It looks like you're using an old web browser that we no longer support, so some parts of the site may not work as well as they should and you won't be able to make a booking. Please update your browser (view more details) to make sure you get the best experience.

GDPR

GDPR - What it means for you

GDPR (General Data Protection Regulation) came into effect in 2018 and regulates the way we all handle the information we store. 

What is GDPR?

GDPR (General Data Protection Regulation) is stringent regulation concerning how companies of all sizes store and use people’s contact details and other personal information. It aims to protect and strengthen the privacy rights of consumers through stricter, more defined requirements for handling and processing of all personal data. Non-compliant businesses can see fines of up to 4% of annual turnover.

What does this mean for you?

This means there strict rules around how businesses can collect data and share it, even if there is a contract between them and they are linked by a transactional process, such as booking. Consequently, the way you handle our data and that of our guests needs to be carefully considered.

What should be done with any personal data that has been given to you by Canopy & Stars in the past?

Any data which has been provided by Canopy & Stars for the requirements of a previous booking must be deleted once the guest has stayed. The individuals should not be contacted except in the case of existing bookings whereby the guest has not yet stayed (see below).

Personal data refers to:

  •        Name
  •        Address
  •        Phone number
  •        IP address
  •        Transaction history
  •        Travelling habit

If an individual requests to have their data deleted, we will contact you to ask that all record of this person be removed from any database. You must be able to provide proof and confirmation that this has been done. Typically, this would be shown by a blank search result run on your database for the individual’s name.

What should I do with Canopy & Stars data once a guest leaves?

The guest must not be contacted about anything unrelated to their booking, as this would be classed as a marketing message. All contact must relate specifically to their stay in which the data was given for booking purposes. This unfortunately includes feedback. Any feedback requests must be sent by Canopy & Stars, and we will pass on the results to you.

Am I no longer able to email Canopy & Stars guests?

You can email people with information directly relating to their booking (service messages), but not for any other purpose (marketing messages). A person can no longer be contacted with anything that is not a service message without proof of consent. Proof of consent requires individual companies to have explicit consent before using someone’s personal data. This means that when we collect a Guests data they have given Canopy & Stars permission to contact them. The only reason they can be contacted by you is for the purposes of service messaging for that particular booking. Guests from Canopy & Stars cannot be added to your email database for mailing and any that have been added need to be removed. You need to delete a Guest’s data once they have stayed and it must not be kept in your database.

What’s the difference between marketing and servicing messages?

Marketing messages

  •        Generic newsletters
  •        Encouragement to book for next year

Service message

  •        Anything directly related to that stay e.g. directions, questions about arrival time etc.

What do I do with the data of guests that have not yet stayed?

This can stay on your system but must not be used to profile a customer or send any marketing information. The data also needs to be password protected individually for every member of your team, if you have one. Multiple people should not be using one password to access this data.

Who needs to know about this legislation?

Anyone in your team who accesses customer data should be given training to make them aware of these changes. Training should include the following key points.

  •        Limit access to personal data to only those who need to see it
  •        Advise employees on how to properly dispose of documents containing any personal  
      data, particularly details of card payments.
  •        Canopy & Stars Guests should only be contacted regarding their bookings (servicing
       messaging).

To find out more about how to remain compliant with data regulation , there is a lot of useful information on the Information Commissioner’s Office Website and their small business hub.