protel hotelsoftware GmbH |

protel hotel software

Copyright © 2018 protel hotelsoftware GmbH | Imprint

GDPR and protel

Deadline: 25 May 2018

Now is the time to prepare!

GDPR and protel

Now is the time to prepare!


Dear Customer,

As you may have heard, the PCI Security Standards Council has dictated a deadline for the migration of the use of TLS 1.0/TLS 1.1 to TLS 1.2. 

This deadline is on 25 May 2018. 

We are taking a proactive stance and providing guidance for you to ensure that you and your hotel are "TLS 1.2-ready" well in advance of this deadline.

Below is the procedure required for your machines to be ready to support this change, in regards to your protel products.

What exactly is "Personal Identifiable Information"?

Personal Identifiable Information (PII) includes all sensitive information that is associated with and can be used to uniquely identify, contact, or locate an individual person.

PII includes, but is not limited to:

  • Full name
  • Contact details including email addresses, phone numbers, Skype ID, login names, social media profiles, etc.
  • Home address
  • National ID number
  • Passport number
  • Visa number
  • Driver's license number
  • Vehicle registration plate number
  • Bank and credit/debit card numbers

In combination with the above, the following is also considered PII:

  • Disability/Health status
  • Ethnicity
  • Gender
  • Date and location of birth
  • Country of citizenship
  • Citizenship status
  • Marital status
  • Military status
  • Handwriting / signature
  • The location of an individual at a particular time
  • Any other information reflecting preferences and behaviors of an individual

Remember, a hotel should know the following about their guests' PII data at all time:

  • Which data is stored
  • Where is it stored
  • Why is it stored (purpose)
  • Who is it shared with
  • How long is it kept

To be able to accurately provide required information to the “data subject”, protel recommends hotels to review their entire technology landscape and understand how PII data travels between connected systems, or where manual action is taken to enter any form of PII data into non-connected systems.

This exercise is important for hotels to complete in regards to all connected vendor systems, not only the property management system. This can include, but is not limited to, police interfaces, building management systems, customer relation systems, central reservation systems, etc.

When is it allowed to store data?

The “data controller” must have lawful reason for storing data of a “data subject”. The following qualifies as lawful reasons:

  • Contract: A hotel reservation or event falls under this lawful reason, as in order to be able to accept a reservation and provide associated services the hotel requires some of the PII data from the “data subject”. This lawful reason requires PII data to be deleted as soon as the contract has been fulfilled; meaning once the guest has checked-out and all associated invoices have been settled.

  • Obligation: A hotel is required to store some or all PII data according to what is stipulated in the laws of the country in which the hotel resides

  • Vital interest: This lawful reason is applied when e.g. a criminal act has taken place and data is exceptionally kept for proof of evidence.

  • Special data: This lawful reason refers to data such as health/religion/biometric data which is deemed to be extra sensitive. Such data is generally not stored by hotels, and if a hotel exceptionally has been tracking such information, they may only keep it if they find lawful reason to do so. If not, it must be deleted. 

What about consent?

When the “data controller” is storing data for any of the lawful reasons mentioned in section 4, the “data controller” is not required to seek additional consent of the “data subject”. The “data controller” must however always make sure that the “data subject” has clear visibility of which data is stored, where it is stored, and with whom it is shared and for how long.

However, hotels frequently wish to store data about their guests after they have checked-out and longer than is legally required, with the purpose to be able to provide better guest services, include guests in marketing campaigns and so forth. To be allowed to store PII data longer, explicit consent from the “data subject” is required. To obtain such consent, two rules apply:

  1. The consent agreement needs to be an active action by the “data subject”.
    This means the consent “tick box” must be empty by default and the “data subject” must actively tick/opt-in.

  2. Agreement needs to be easily withdrawn.
    This means that the “data subject” must be able to contact the hotel and easily retract his consent.

Data Processor Contract

As opposed to other security guidelines like PCI or PA-DSS, GDPR does not have its own certification for vendors. Instead, any vendor handling PII data must ensure that they can provide the “data controller” with the necessary tools to abide the GDPR regulations. 

The vendor must prove this to the “data controller” by providing a Data Processor Contract.

GDPR regulates the compulsory items that must be included in such a contract. These items may change over time and it is the responsibility of the “data controller” to instruct the “data processor” of any changes that are required. 

protel and their authorized dealers provide a Data Processor Contract to all customers. Independent of this contract, it is protel’s ambition to always provide required GDPR as they evolve with time.

Remember, a hotel must have a valid service agreement in place with each vendor that is processing any form of PII data, not only with the property management vendor.

Privacy settings for protel PMS

When protel (the "data processor") evaluated the GDPR regulations, functionality was designed and developed to make it easier for you, our client, (the “data controller”) to define and control your guest’s (the “data subject’s”) privacy rights. The functionalities of this Privacy Module will provide you with the tools to abide by the GDPR regulations in a more controlled, defined, and procedure-oriented manner.

This section provides a high level explanation of the functionality of the Privacy Module, which will be available in protel SPE/MPE/Smart and protel Air property management systems prior to the GDPR enforcement date.

Before reading this section, it is important that previous sections have been reviewed, so that you clearly can understand how the GDPR requirements are met.

You will also notice several functions which are not specifically mentioned in the GDPR requirements. We have chosen to develop these functions in order to make the implementation of GDPR management in your hotel operations as painless as possible. protel will continue to further enhance these functions throughout 2018, with the aim of automating GDPR and privacy management as much as possible.

Note: There are separate documents for protel Air and protel SPE/MPE, detailing the actual implementation steps that are mandatory for “data controllers” to be GDPR compliant (see links above and below).

What is GDPR?

GDPR stands for General Data Protection Regulation. Its main focus is to protect Personal Identifiable Information (PII) for EU citizens, and to standardize all the existing data protection laws. It is an update of the Data Protection Act of 1998 and applies if at least one of the following is in the territory of the EU - data controller, data processor - or the data subject is a EU citizen. 

The “data controller” must be „seeking permission” from the guests of why, for how long and what data they are handling of the guests. The penalty of not complying with GDPR regulations is 20 million EUR or 4% of annual global turnover – whichever is higher.

The GDPR regulations come into effect and will be enforced as of Friday, 25 May 2018. 

This means that you must have taken the necessary steps within your protel system to comply with GDPR regulations prior to this date.

Which are the GDPR roles?

GDPR defines three roles. These are:

  1. data subject
  2. data controller
  3. data processor
  • The “data subject” is the guest of the hotel, or the person whose data the hotel is storing.

  • The “data controller” is the organization which is controlling the data, in our case the protel customer; the hotel. The hotel obtains and utilizes the data of the “data subject”, and it is the “data controller” who is responsible for adhering to the GDPR regulations.

  • The “data processor” is the organization providing the tools to store the data, in our case protel hotelsoftware. The “data processor” is responsible for providing tools that enable the “data controller” to adhere to the GDPR regulations.

Note: protel would like to remind you that there may be other “data controllers” in your environment, who must be engaged, such as channel managers etc. The hotel must actively engage with these vendors to ensure that the entire GDPR cycle is secured.


protel hotelsoftware GmbH  (“us/we/our”) is not a law firm and is not providing legal advice.

The provided information, instructions, documents, policies, forms, agreements or any sample data (together referred to as “the Information”) is for informational purposes only and does not constitute legal advice. The Information should be used as guidance and modified to meet your requirements and the use of and reliance on The Information is at your sole risk. The Information is intended to be used as a starting point and you must apply adequate quality checks and take legal and other professional advice before using the resource.

The Information is provided without any warranty, express or implied, including as to its legal effect and completeness. We make no claims, promises, or guarantees about the accuracy, completeness, or adequacy of the Information and assume no duty of care to any person in respect of the Information and its contents. We expressly exclude and disclaim liability for any cost, expense, loss or damage suffered or incurred in reliance on the Information or it meeting your needs, including (without limitation) as a result of misstatements, errors and omissions in their contents.

The information or parts of the information may be subject to change or update without prior notice.

If you have any questions, please contact our Support Team at

Which are the rights of the guests?

GDPR gives the European guest several rights, including:

  • The right of access to their data
  • The right to rectification
  • The right to erase
  • The right to restrict processing
  • The right to transfer their data to another party
  • The right to object
  • The right not to be included in automated marketing initiatives or profiling

Extensive logging of application level activity related to any PII data.

protel’s solution

protel will extend the user activity logs to record every profile-data related activity, including viewing/ accessing, creating, editing and removing guest data. These application logs will record the time, application user info, actual activity, and the profile ID of each action.

GDPR Requirement: log activities related to personal data

GDPR Requirement: control the access to personal data

User permissions are needed to control the access to Personal Identifiable Data (PII)

protel’s solution

protel will extend the current user permissions to provide the following permissions:

  • Access to GDPR system settings -> separate view and modify permissions
  • Access to individual personal data -> separate view and modify permissions
  • Start and execute anonymization process

GDPR Requirement: remove personal data

“Data subject” request a full removal of PII data must be accommodated.

protel’s solution

With the auto-anonymization rules and end of day procedure, eligible profiles will be automatically anonymized at the earliest possible date. Anonymization will be postponed if:

  • Any current or future reservations exist for the profile
  • Any open folios exist for the profile
  • Any open City Ledger invoice exists
  • Any legal requirements enforcing to keep the data in the system (as defined in the "minimum retention days" setting)

The software must support a minimal data retention period. The guest must be informed about how and how long their data will be kept and for what purpose it will be used, plus, they need to actively agree to this.

  • The minimum data retention period is defined by the law of the country the hotel resides in.
  • The maximum data retention period can be defined by the hotel, but the guest must be informed about the length of this period and actively consent or agree to it.

The GDPR requirement of "lawful reasons" states that the profile data should only be kept for as long as contractually required (minimum retention period). However, if the hotel ("data controller") has a legitimate interest to keep the data for longer (maximum retention period), this can be justified by obtaining a separate consent from the guest (“data subject”).

protel’s solution

There are two aspects to this requirement: first how the property management system handles the actual anonymization, and secondly how each guest can indicate his consent level.

  • How the anonymization process is handled 
    protel property management systems will offer configurable auto-anonymization rules for profiles, which a hotel can use to independently define their minimum and maximum data retention period. The hotel can set up these rules to control when the protel PMS will automatically anonymize the profiles.
    On the given date, the anonymization of profiles will take place as part of the end of day procedure. The anonymization procedure will then remove all the PII data from the profiles. As a result, the guest profile can no longer be linked to an individual guest. This will be an irreversible operation.

  • How the guest consent level is indicated and handled
    protel will introduce a new field on all profile types: Guest Anonymization Type. There are three hardcoded options which represent the guest consent level. The anonymization process will look at the selected value in this field to determine how to handle the particular profile.

Guest Anonymization Types 

  1. Minimum: Profiles marked as "Minimum" will be anonymized when the minimum date defined in the auto-anonymization rule is reached.
    This option refers to the rule that considers the legal requirement for storing profiles in the country the hotel resides in. This legal requirement supersedes GDPR and a profile can never be removed or anonymized before the number of days legally required have expired. A profile with this value assigned will be anonymized at the earliest possible date based on last activity plus minimum retention days.
  2. Maximum: Profiles marked as "Maximum" will be anonymized when the maximum date defined in the auto-anonymization rule is reached.
    This option refers to the rule that requires additional consent, where the hotel requests to store PII data of the “data subject” for a longer period of time than is legally required and the guest actively consented.
  3. Keep: Profiles marked as “Keep” are excluded from the anonymization process.
    This option is made available for hotels that reside outside GDPR regulated areas, but may want to make use of parts of the GDPR designed functionality, or for hotels that do not wish to set a defined end date to storing profile data.

Note that these fields will be available in the message exchange with protel Web Booking Engine and protel Voyager.

GDPR Requirement: inform about retention and use

The guest as the “data subject” has the right to restrict the use their personal data. 

The guest will always have to actively agree (“opt-in”) to your terms before the hotel is allowed to use their data for direct marketing or automated processing.

protel’s solution

The hotel can use the following flags for individual profile records to indicate the guest's privacy decision:

  • Marketing Allowed
  • Data Processing Allowed

Note that these fields will also be available for the message exchange with protel Web Booking Engine and protel Voyager.

GDPR Requirement: restrict the use of personal data

“Data subject” requests a copy of the personal data to be provided in an electronic format.

protel’s solution

protel will provide the option to extract all data held for the selected profile in an xml, csv or pdf format. This file can be printed or sent to the guest via e-mail, or another option made available on the guest profile screen.

GDPR Requirement: provide a copy of the personal data

This document is a protel interpretation of GDPR in relation to “subject data” processing and anonymization for hospitality.

It is important that you read through and comply with the regulations which apply to your hotel or company, but perhaps are outside the scope of this document.

 You can find the full regulations here:

General Compliancy

What to do?

The new data privacy protection regulations requires every company to take immediate action!

Being a provider of a platform managing our client's data, protel assumes this responsibility head-on. That is why we have evaluated and optimized our software's functions with regards to data privacy protection. We are glad to provide you with the respective tools to help you attain GDPR compliance with regards to your data privacy protection.

In the following sections, we have compiled an introduction to how protel sees the GDPR requirements. Please take the necessary time to read the information before starting with the direct implementation within your protel PMS. 

Find out more about:

  • what GDPR means for you and your company. 
  • what solutions protel has developed to help simplify your GDPR compliancy.
  • what measures you should take before 25 May 2018, to make your hotel's PMS ready for GDPR.

 For more detailed information about the actual implementation and use in and with protel Air and protel SPE/MPE an Smart please select:

 For more detailed information about the actual implementation and use in and with protel Air and protel SPE/MPE an Smart please select:

The GDPR requires measures in every company that manages customer data. When it comes to the topic of data protection, interfaces which the hotel uses to send and receive data on a daily basis are of particular importance. With regards to the connection of third-party systems to the protel hotel management systems, certain questions therefore arise again and again. We have compiled and answered the most frequently asked questions. The statements are equally valid for protel SPE/MPE and protel Air. 

  • Download the FAQ here.

Data exchange with third-party systems