Skip to main content

GDPR Options

Setup > Configuration > History

General Data Protection Regulation

The European Union General Data Protection Regulation (GDPR) is designed to harmonize data privacy laws across Europe, to protect and empower all European Union (EU) citizens data privacy and to reshape the way organizations approach data privacy. The enforcement date for GDPR is May 25, 2018. The GDPR not only applies to organizations located within the EU but will also apply to organizations if they offer services to or monitor behavior of EU citizens. GDPR applies to all companies processing and storing personal data of individuals residing in the EU, regardless of the company's location.

What constitutes personal data?

Any information related to a natural person or "data subject", that can be used to directly or indirectly identify the person. This can include, but not limited to, a name, a photo, an email address, posts on social media, or a computer IP address. The bulk of personal data stored in roomMaster is contained in Guest Profiles, Guest History and Reservations.

GDPR Data Subject Rights

  • Breach Notification - Companies are required, under GDPR, to notify their customers within 72 hours after first becoming aware of a data breach if the breach is likely to result in a risk to individuals.

  • Right to Access - Data subjects have the right to obtain confirmation as to how their personal data is being processed and for what purpose. A data controller (business) is required to provide a copy of all personal data being stored at the request of a data subject in an electronic format.

  • Right to be Forgotten - A data subject has the right to have a data controller completely erase all personal data and cease further dissemination of the data. Personal data can only be stored provided it is relevant to the original purpose for processing.

  • Privacy by Design - Data controllers are required to implement appropriate technical and procedural measures to meet the requirements of GDPR and protect the rights of its data subjects. Access to personal data must be limited to only employees required to act out processing of the data. Data controllers can only hold and process data absolutely necessary for the completion of the good or service being provided.

For more information on the General Data Protection Regulation, please visit https://www.eugdpr.org/.

roomMaster GDPR Options

Mailing Options

  • Default new guest profiles to 'Consent Unknown' - GDPR requires guests provide consent to receive future communication and marketing efforts from the business storing their personal data. Setting this option will default all new Guest Profiles mailing option to opt out until a staff member receives consent from the guest.

  • Set existing records to 'Consent Unknown' or 'Do not mail or E-Mail' - Mass update all existing guest profiles or select guest profiles with a checkout date prior to (date entered) to a mailing option of consent unknown or opt out. This procedure would typically be used if consent from the guest is unknown for all existing records.

Purge Guest Data

Purge all personal guest data from Guest Profiles and/or Guest History where the checkout date is prior to (date entered). The following personal data is removed when the purge routine is completed:

  • Street, City, State, Zip/Postal Code, Country, Phone1, Phone2, Email address, User1, User2, Company, Direct Bill, Extrafield 1-6, Housekeeping Note, Staff Notes.

The following additional personal data is removed when the purge is completed for Guest Profiles:

· Spouse, Gender, Birthday, Anniversary, Profession, Guest likes, Guest dislikes.