In these guidelines we will explain the most important points on the subject of data protection, and also highlight what we have done at bookingkit to ensure that we comply 100% with GDPR and what steps you might have to take. Please note that this article does not represent or replace legal advice, but is simply for information.
1. What is the GDPR?
The new General Data Protection Regulation (GDPR for short) has been in force since 25.05.2018. This is a European Union regulation which aims to harmonise the processing and storage of personal data and strengthen the rights of EU citizens in data protection matters.
The GDPR applies to all legal entities and natural persons within the European Union who process or store personal data. The regulation also applies to organisations outside the European Union which process data on EU citizens.
In general, the purpose of the GDPR is to ensure that end consumers obtain better control of their personal data. Customers should be able to find out what is happening to their data or request that their data be deleted at any time.
But what exactly are personal data?
Article 4 of the GDPR defines what exactly personal data are: “All information which relates to an identified or identifiable natural person”
So all data which can be traced back or assigned to an individual. In specific terms, this could mean the following information, for instance:
Name
Email address
Date of birth
Address
Telephone no.
Cookies
2. Am I affected by it?
In general terms, all businesses which collect, store or process personal data on end customers, employees or even competitors are affected by the GDPR.
As a provider of Experiences who sells and markets your activities online, you collect and store the personal data of your customers. On the one hand, if you specifically receive a booking on your website. On the other also via cookies or newsletter messages. So in all cases you must take the necessary steps to comply with GDPR. Otherwise there is a risk of a substantial fine of up to 20 million Euros or 4% of worldwide annual turnover.
3. Steps we have taken at bookingkit:
It is of course an important concern for us that we comply 100% with the GDPR.
Your end customers can call up a Data protection declaration at the bookingkit Checkout where all the important information about use of personal data is explained.
Under Account > Company data you can also upload your data protection declaration in addition to your T&Cs and legal notice. Your end customers can look at these at the Checkout, as well as bookingkit’s data protection declaration. Both have to be confirmed together with the T&Cs.
We have a privacy policy, terms and conditions and DPA which are all up to date to current GDPR regulations.
4. Your part in GDPR compliance with bookingkit
Of course it’s not enough that we at bookingkit adjust our processes to comply with the GDPR. You may also need to make a few changes:
Create your data protection declaration in accordance with the GDPR and place it on your website. You should add this to your bookingkit account under Account > company data.
In your data protection declaration you should mention the payment provider as well as bookingkit, as we both process your customers’ personal data. If you also offer PayPal as a method of payment, please include this in your data protection declaration. It is advisable to list all the service-providers mentioned above under “Third party services” in your data protection declaration.
The Terms of Conditions and DPA are agreed to when you sign up for your bookingkit account.
At the request of your customers, you must delete customer information from your data sets. This may mean, for instance, email addresses from email marketing, or also data from an order. Invoices, or other documents related to bookings, may not be deleted for tax reasons. If you do have to delete data, feel free to contact us at dataprotection@bookingkit.de.
If you still feel uncertain about any of this, you can contact us at any time at dataprotection@bookingkit.de. Please be aware, however, that we do not offer legal advice on the subject of the GDPR and are not a substitute for this. If you need this sort of help, a lawyer specialising in IT matters will be able to advise you.