Disclaimer: We would like to make clear that this article is provided for informational purposes only and may not be construed as legal advice. While Lodgify is making sure that its own operations will comply with GDPR, and to provide its customers with the tools to help comply with the GDPR, each customer is ultimately responsible for ensuring that their business complies with the laws of the jurisdictions in which they operate or have guests. Using Lodgify does not guarantee that a user complies with the GDPR.
As a lodging operator, you are generally the controller of your customers’ data, i.e. your guests. This means that you collect your guests’ data and choose how it is handled. This article serves as a very basic guideline on what you can do to be GDPR compliant with your Lodgify website and how Lodgify is assisting you to be GDPR compliant.
Create (or update) your privacy policy
The GDPR (General Data Protection Regulation) requires that you provide specific information to individuals whose data you are collecting, generally in the form of a privacy notice or privacy policy. For this reason, you are advised to consider creating a dedicated privacy policy page on your Lodgify website. Lodgify provides you the editing tools to do so. This article shows how to create a Privacy Policy page in the footer of your Lodgify Website.
Here are examples where you can generate a GDPR compliant privacy policy text for free:
Require guests to consent to your privacy policy
Under the GDPR, you need to obtain consent to process your guests’ personal data or change how you currently obtain that consent. Lodgify released a functionality that requires your guests to accept your privacy policy before being able to make a booking.
Learn how to set up a required consent checkbox on your website
The customer's consent is required when guests make a booking, as well as in some Lodgify-managed forms (Contact form and Call me back form). Additionally, you need to be sure not to send unrelated marketing communication without having received explicit consent from your guest.
💡 Learn how to set up a required privacy consent checkbox on your website.
Create a cookie policy and notify your visitors
Consider adding a cookie policy to your Lodgify website and notify your visitors about your Cookie Policy. Lodgify offers the functionality to automatically display a popup, drawing your visitors' attention to your Cookie policy.
💡 Learn How to add a cookie policy to your website
Enter into Data Processing Agreements
GDPR requires that when you engage a data processor (like Lodgify) to process your guests’ data, you (the data controller) impose contractual requirements on how they may use and process that data. This is typically done through a Data Processing Addendum, or DPA. Lodgify has automatically incorporated a Data Processing Agreement into its terms of service, which is designed to address these requirements. By using our services, you automatically accept the DPA as part of our Terms of Service. The DPA explains how we (the Data Processor) handle your personal information, as well as the personal information of others (i.e. guests and contacts) that you (the data controller) submit by using our services. The terms are available here and the DPA is available here.
Manage Data Subject Requests
The GDPR provides data subjects (in this case, your guests) with certain rights over their personal data including but not limited to erasure, access, portability, rectification, etc.. Whilst you are responsible for handling any requests or complaints from data subjects with respect to their personal data, Lodgify will assist you in dealing with those requests: For example, if you receive a request from a guest to delete their personal data, you can request Lodgify to erase the guest's data for you in your Lodgify account. Before you submit this request to us, you should:
-
Verify that the requester is the same as the data subject (that is, the requester is not asking to erase someone else’s personal data).
-
Confirm there is no legal reason to preserve this data.
If both conditions are met, you can submit the request to us by emailing to privacy@lodgify.com.
Get informed
You can get more information on GDPR here:
The GDPR imposes different obligations on controllers and processors of data. As a processor of data, Lodgify fulfills its own legal obligations under the GDPR. However, you as a lodging operator (as controllers) also have your own separate obligations that you must consider. Lodgify provides you with a platform that can be configured to be GDPR compliant, but you must consider yourself how you would like to run your business. As much as Lodgify wants to help you to comply with the new law, you as the business owner need to ensure your own state of compliance as you may be required to take actions independent of the Lodgify platform.