The General Data Protection Regulation (GDPR) is an EU regulation on personal data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It affects properties around the world—if you collect personal data from someone in the EU (such as a European customer booking their stay from home), your property is subject to the requirements of the GDPR.
How we're compliant
When a customer's profile is created in Commander—either when the customer makes a reservation or an employee manually creates their profile—the customer receives a Profile Creation email leading them to the Navigator app.
Navigator gives guests full control over their data—they can view all personal information that has been shared with properties and request that it be either sent to them or deleted entirely. Please note that these options are only available to customers after they have physically stayed at your property because their data is required for processing the reservation.
Mews doesn’t delete a guest’s personal data—that’s up to you. When a guest requests that their data be either sent to them or deleted, we’ll send you an email letting you know. Then you can clear their information from their customer profile in Commander.
Our recommendations to you
Mews recommends that you appoint a data protection officer (DPO) per location or chain to monitor your property’s compliance. Although you are not legally required to submit any information to Data Protection Authorities (DPAs), we highly recommend that you become acquainted with your national DPA in case you need to report a data breach—which must be done within 72 hours of becoming aware of the breach.
It may also be beneficial to conduct an internal audit of all software used at your property, so you are fully aware of who is collecting and storing guests' data.
Mews appointed an external DPO to oversee our compliance with the GDPR. In the case of a data breach, the DPO would be responsible for informing our users. For all privacy-related claims, contact firstname.lastname@example.org.