This article is available in the following languages:
Disclaimer: We would like to make clear that this article is provided for informational purposes only and may not be construed as legal advice. While Lodgify is making sure that its own operations will comply with GDPR, and to provide its customers with the tools to help comply with the GDPR, each customer is ultimately responsible for ensuring that their business complies with the laws of the jurisdictions in which they operate or have guests. Using Lodgify does not guarantee that a user complies with the GDPR.
As a lodging operator, you are generally the controller of your customers’ data, i.e. your guests. This means that you collect your guests’ data and choose how it is handled. This article serves as a very basic guideline on what you can do to be GDPR compliant with your Lodgify website and how Lodgify is assisting you to be GDPR compliant.
Learn how to set up a required consent checkbox on your website
The customer's consent is required when guests make a booking, as well as in any Lodgify-managed forms (e.g. Contact form, Reviews form, etc). Additionally, you need to be sure not to send unrelated marketing communication without having received explicit consent from your guest.
Enter into Data Processing Agreements
GDPR requires that when you engage a data processor (like Lodgify) to process your guests’ data, you (the data controller) impose contractual requirements on how they may use and process that data. This is typically done through a Data Processing Addendum, or DPA. Lodgify has automatically incorporated a Data Processing Agreement into its terms of service, which is designed to address these requirements. By using our services, you automatically accept the DPA as part of our Terms of Service. The DPA explains how we (the Data Processor) handle your personal information, as well as the personal information of others (i.e. guests and contacts) that you (the data controller) submit by using our services. The terms are available here and the DPA is available here.
Manage Data Subject Requests
The GDPR provides data subjects (in this case, your guests) with certain rights over their personal data including but not limited to erasure, access, portability, rectification, etc.. Whilst you are responsible for handling any requests or complaints from data subjects with respect to their personal data, Lodgify will assist you in dealing with those requests: For example, if you receive a request from a guest to delete their personal data, you can request Lodgify to erase the guest's data for you in your Lodgify account. Before you submit this request to us, you should:
Verify that the requester is the same as the data subject (that is, the requester is not asking to erase someone else’s personal data).
Confirm there is no legal reason to preserve this data.
If both conditions are met, you can submit the request to us by emailing to email@example.com.
You can get more information on GDPR here:
The GDPR imposes different obligations on controllers and processors of data. As a processor of data, Lodgify fulfills its own legal obligations under the GDPR. However, you as a lodging operator (as controllers) also have your own separate obligations that you must consider. Lodgify provides you with a platform that can be configured to be GDPR compliant, but you must consider yourself how you would like to run your business. As much as Lodgify wants to help you to comply with the new law, you as the business owner need to ensure your own state of compliance as you may be required to take actions independent of the Lodgify platform.