protel hotelsoftware GmbH | www.protel.net

protel hotel software

Copyright © 2021 protel hotelsoftware GmbH | Imprint

GDPR and protel

GDPR and protel

Dear Customer,

As you may have heard, the PCI Security Standards Council has dictated a deadline for the migration of the use of TLS 1.0/TLS 1.1 to TLS 1.2. 

This deadline is on 25 May 2018. 

We are taking a proactive stance and providing guidance for you to ensure that you and your hotel are "TLS 1.2-ready" well in advance of this deadline.

Below is the procedure required for your machines to be ready to support this change, in regards to your protel products.

What exactly is "Personal Identifiable Information"?

Personal Identifiable Information (PII) includes all sensitive information that is associated with and can be used to uniquely identify, contact, or locate an individual person.

PII includes, but is not limited to:

  • Full name
  • Contact details including email addresses, phone numbers, Skype ID, login names, social media profiles, etc.
  • Home address
  • National ID number
  • Passport number
  • Visa number
  • Driver's license number
  • Vehicle registration plate number
  • Bank and credit/debit card numbers

In combination with the above, the following is also considered PII:

  • Disability/Health status
  • Ethnicity
  • Gender
  • Date and location of birth
  • Country of citizenship
  • Citizenship status
  • Marital status
  • Military status
  • Handwriting / signature
  • The location of an individual at a particular time
  • Any other information reflecting preferences and behaviors of an individual

Remember, a hotel should know the following about their guests' PII data at all time:

  • Which data is stored
  • Where is it stored
  • Why is it stored (purpose)
  • Who is it shared with
  • How long is it kept

To be able to accurately provide required information to the “data subject”, protel recommends hotels to review their entire technology landscape and understand how PII data travels between connected systems, or where manual action is taken to enter any form of PII data into non-connected systems.

This exercise is important for hotels to complete in regards to all connected vendor systems, not only the property management system. This can include, but is not limited to, police interfaces, building management systems, customer relation systems, central reservation systems, etc.

When is storing data allowed?

The “data controller” must have lawful reason for storing data of a “data subject”. The following qualifies as lawful reasons:

  • Contract: A hotel reservation or event falls under this lawful reason, as in order to be able to accept a reservation and provide associated services the hotel requires some of the PII data from the “data subject”. This lawful reason requires PII data to be deleted as soon as the contract has been fulfilled; meaning once the guest has checked-out and all associated invoices have been settled.

  • Obligation: A hotel is required to store some or all PII data according to what is stipulated in the laws of the country in which the hotel resides

  • Vital interest: This lawful reason is applied when e.g. a criminal act has taken place and data is exceptionally kept for proof of evidence.

  • Special data: This lawful reason refers to data such as health/religion/biometric data which is deemed to be extra sensitive. Such data is generally not stored by hotels, and if a hotel exceptionally has been tracking such information, they may only keep it if they find lawful reason to do so. If not, it must be deleted. 

What about consent?

When the “data controller” is storing data for any of the lawful reasons mentioned in section 4, the “data controller” is not required to seek additional consent of the “data subject”. The “data controller” must, however, always make sure that the “data subject” has clear visibility of which data is stored, where it is stored, and with whom it is shared and for how long.

However, hotels frequently wish to store data about their guests after they have checked-out and longer than is legally permitted, with the purpose to be able to provide better guest services, include guests in marketing campaigns and so forth. To be allowed to store PII data longer, explicit consent from the “data subject” is required. To obtain such consent, two rules apply:

  1. The consent agreement needs to be an active action by the “data subject”.
    This means the consent “tick box” must be empty by default and the “data subject” must actively tick/opt-in.

  2. Agreement needs to be easily withdrawn.
    This means that the “data subject” must be able to contact the hotel and easily retract his consent.

Data Processing Agreement (DPA)

If a service provider is commissioned to process data according to the instructions of a client and the responsibility for the data remains with the client, this constitutes commissioned processing according to Art. 28 GDPR. As a result, a Data Processing Agreement (DPA) must be concluded between the service provider/processor (here: protel hotelsoftware or protel Sales Partner) and the client/controller (here: your company). The aspects the DPA covers include the scope and purpose of data processing, what data is processed and how it should be protected, and more.

protel and their authorized Sales Partners provide a DPA to all customers. Independent of this contract, it is protel’s ambition to always provide required GDPR as they evolve with time.

Remember, a hotel must have a valid DPA in place with each vendor that is processing any form of PII data, not only with the property management vendor.

  • If you are a client of protel hotelsoftware, the agreement is made directly with protel headquarters.

  • If your company is supported by one of our Sales Partners, please contact them directly for further directions.

Download: Data Processor Contract in accordance with Article 28 GDPR (PDF)

Privacy settings for protel PMS

After evaluating the GDPR regulations, protel has developed software features that enable hotels (as controllers) to more easily determine and comply with the data protection rights of their guests (the data subjects). With the help of these software functions, hotels can implement GDPR requirements, which are introduced below.

When reading the following sections, you will notice that some software features have not been specifically designed for GDPR requirements. protel has developed them to enable hotels to implement GDPR requirements in their business operations with as little effort as possible and to automate the data protection management as much as possible.

We have compiled separate documents dealing with the actual implementation in and with protel Air and protel SPE/MPE, Smart, where we explain in detail about what the data controllers in the hotel need to implement.

What is GDPR?

GDPR stands for General Data Protection Regulation. Its main focus is to protect Personal Identifiable Information (PII) for EU citizens, and to standardize all the existing data protection laws. It is an update of the Data Protection Act of 1998 and applies if at least one of the following is in the territory of the EU - data controller, data processor - or the data subject is a EU citizen. 

The “data controller” must be „seeking permission” from the guests of why, for how long and what data they are handling of the guests. The penalty of not complying with GDPR regulations is 20 million EUR or 4% of annual global turnover – whichever is higher.

Which are the GDPR roles?

GDPR defines three roles. These are:

  1. data subject
  2. data controller
  3. data processor
  • The “data subject” is the hotel guest, or the person whose data the hotel is storing.

  • The “data controller” is the organization which is controlling the data, in our case the protel customer; the hotel. The hotel obtains and utilizes the data of the “data subject”, and it is the “data controller” who is responsible for adhering to the GDPR regulations.

  • The “data processor” is the organization providing the tools to store the data, in our case protel hotelsoftware. The “data processor” is responsible for providing tools that enable the “data controller” to adhere to the GDPR regulations.

Note: protel would like to remind you that there may be other “data controllers” in your environment, who must be engaged, such as channel managers etc. The hotel must actively engage with these vendors to ensure that the entire GDPR cycle is secured.

Disclaimer

protel hotelsoftware GmbH  (“us/we/our”) is not a law firm and is not providing legal advice.

The provided information, instructions, documents, policies, forms, agreements or any sample data (together referred to as “the Information”) is for informational purposes only and does not constitute legal advice. The Information should be used as guidance and modified to meet your requirements and the use of and reliance on The Information is at your sole risk. The Information is intended to be used as a starting point and you must apply adequate quality checks and take legal and other professional advice before using the resource.

The Information is provided without any warranty, express or implied, including as to its legal effect and completeness. We make no claims, promises, or guarantees about the accuracy, completeness, or adequacy of the Information and assume no duty of care to any person in respect of the Information and its contents. We expressly exclude and disclaim liability for any cost, expense, loss or damage suffered or incurred in reliance on the Information or it meeting your needs, including (without limitation) as a result of misstatements, errors and omissions in their contents.

The information or parts of the information may be subject to change or update without prior notice.

If you have any questions, please contact our Support Team at support@protel.net.

What are the rights of your guests?

GDPR give the European guest several rights, including:

  • The right of access to their data
  • The right to rectification
  • The right to erase
  • The right to restrict processing
  • The right to transfer their data to another party
  • The right to object
  • The right not to be included in automated marketing initiatives or profiling

Extensive logging of application level activity related to any PII data.

protel’s solution

protel will extend the user activity logs to record every profile-data related activity, including viewing/ accessing, creating, editing and removing guest data. These application logs will record the time, application user info, actual activity, and the profile ID of each action.

GDPR Requirement: log activities related to personal data

GDPR Requirement: control the access to personal data

User permissions are needed to control the access to Personal Identifiable Data (PII)

protel’s solution

protel will extend the current user permissions to provide the following permissions:

  • Access to GDPR system settings: separate view and modify permissions
  • Access to individual personal data: separate view and modify permissions
  • Start and execute anonymization process

GDPR Requirement: remove personal data

The guest as the “data subject” request a full removal of PII data must be accommodated if the removal does not conflict with any retention periods according to the law.

protel’s solution

With the auto-anonymization rules and end of day procedure, eligible profiles will be automatically anonymized at the earliest possible date. Anonymization will be postponed if:

  • Any current or future reservations exist for the profile
  • Any open folios exist for the profile
  • Any open City Ledger invoice exists
  • Any legal requirements enforcing to keep the data in the system (as defined in the "minimum retention days" setting)

The software must support a minimal data retention period. The guest must be informed about how and how long their data will be kept and for what purpose it will be used, plus, they need to actively agree to this.

  • The minimum data retention period is defined by the law of the country the hotel resides in.
  • The maximum data retention period can be defined by the hotel, but the guest must be informed about the length of this period and actively consent or agree to it.

The GDPR requirement of "lawful reasons" states that the profile data should only be kept for as long as contractually required (minimum retention period). However, if the hotel ("data controller") has a legitimate interest to keep the data for longer (maximum retention period), this can be justified by obtaining a separate consent from the guest (“data subject”).

protel’s solution

There are two aspects to this requirement: first how the property management system handles the actual anonymization, and secondly how each guest can indicate his consent level.

  • How the anonymization process is handled 
    protel property management systems will offer configurable auto-anonymization rules for profiles, which a hotel can use to independently define their minimum and maximum data retention period. The hotel can set up these rules to control when the protel PMS will automatically anonymize the profiles.
    On the given date, the anonymization of profiles will take place as part of the end of day procedure. The anonymization procedure will then remove all the PII data from the profiles. As a result, the guest profile can no longer be linked to an individual guest. This will be an irreversible operation.

  • How the guest consent level is indicated and handled
    protel will introduce a new field on all profile types: Guest Anonymization Type.There are three hardcoded options which represent the guest consent level. The anonymization process will look at the selected value in this field to determine how to handle the particular profile.

Guest Anonymization Types 

  1. Minimum: Profiles marked as "Minimum" will be anonymized when the minimum date defined in the auto-anonymization rule is reached.
    This option refers to the rule that considers the legal requirement for storing profiles in the country the hotel resides in. This legal requirement supersedes GDPR and a profile can never be removed or anonymized before the number of days legally required have expired. A profile with this value assigned will be anonymized at the earliest possible date based on last activity plus minimum retention days.
  2. Maximum: Profiles marked as "Maximum" will be anonymized when the maximum date defined in the auto-anonymization rule is reached.
    This option refers to the rule that requires additional consent, where the hotel requests to store PII data of the “data subject” for a longer period of time than is legally required and the guest actively consented.
  3. Keep: Profiles marked as “Keep” are excluded from the anonymization process.
    This option is made available for hotels that reside outside GDPR regulated areas, but may want to make use of parts of the GDPR designed functionality, or for hotels that do not wish to set a defined end date to storing profile data.

Note that these fields will be available in the message exchange with protel Web Booking Engine and protel Voyager.

GDPR Requirement: inform about retention and use

The guest as the “data subject” has the right to restrict the use their personal data. 

The guest will always have to actively agree (“opt-in”) to your terms before the hotel is allowed to use their data for direct marketing or automated processing.

protel’s solution

The hotel can use the following flags for individual profile records to indicate the guest's privacy decision:

  • Marketing Allowed
  • Data Processing Allowed

Note that these fields will also be available for the message exchange with protel Web Booking Engine and protel Voyager.

GDPR Requirement: restrict the use of personal data

The guest as the “data subject” requests a copy of the personal data to be provided in an electronic format.

protel’s solution

protel will provide the option to extract all data held for the selected profile in an xml, csv or pdf format. This file can be printed or sent to the guest via e-mail, or another option made available in the guest profile.

GDPR Requirement: provide a copy of the personal data

This document is a protel interpretation of GDPR in relation to “subject data” processing and anonymization for hospitality.

It is important that you read through and comply with the regulations which apply to your hotel or company, but perhaps are outside the scope of this document.

 You can find the full regulations here: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679

General Compliancy

What to do?

The data privacy protection regulations require every company to take action!

Being a provider of a platform managing our client's data, protel assumes this responsibility head-on. That is why we have evaluated and optimized our software's functions with regards to data privacy protection. We are glad to provide you with the respective tools to help you attain GDPR compliance with regards to your data privacy protection.

In the following sections, we have compiled an introduction to how protel sees the GDPR requirements. Please take the necessary time to read the information before starting with the direct implementation within your protel PMS. 

Find out more about:

  • what GDPR means for you and your company. 
  • what solutions protel has developed to help simplify your GDPR compliancy.

 For more detailed information about the actual implementation and use in and with protel Air and protel SPE/MPE and Smart please select:

 For more detailed information about the actual implementation and use in and with protel Air and protel SPE/MPE an Smart please select:

The GDPR requires measures in every company that manages customer data. When it comes to the topic of data protection, interfaces which the hotel uses to send and receive data on a daily basis are of particular importance. With regards to the connection of third-party systems to the protel hotel management systems, certain questions therefore arise. We have compiled and answered the most frequently asked questions. The statements are equally valid for protel SPE/MPE and protel Air. 

  • Download the FAQ here.

Data exchange with third-party systems