In this article we show what German, Austrian and Swiss hotels and restaurants have to consider when storing and using guest data according to EU and Swiss Data Protection Laws (new Swiss Law from September 2023 on ).
The new Swiss Federal Act of Data Protection Act (FADP) / EU General Data Protection Law (GDPR): An Overview
- Only the data of natural persons is protected. The FADP in Switzerland and the GDPR and EU countries thus does not apply to data about legal entities such as associations, companies, societies.
- "Privacy by Design" (data protection by technology): Privacy by design requires that companies design their applications to anonymize or delete data by default. In addition, companies may only use and process the data within the scope of the terms of use or the actual purpose of use. Any further use or processing must be authorized.
- "Privacy by Default" (data protection through data protection-friendly default settings): An example of this is the so-called opt-in: If you want to send a newsletter to your guests, they should first actively "order" the newsletter, e.g. by clicking on a box or entering the e-mail address. This corresponds to the default setting in aleno when the newsletter sign-up is activated in the widget.
- Transparency: You are obliged to inform upfront about the recording, storage and use of data, e.g. in a privacy policy declaration. You can find text modules for such a declaration here (in German for Switzerland).
- Duty to provide information: You are obliged to inform your guests, free of charge and upon request, which of their data has been stored, what it is used for and how long it is stored.
- Duty to hand over or transfer data: You are obligated to provide the data upon request in a common electronic format or to transfer it to a third party free of charge.
- Duty to delete data: You are obliged to delete the data of your guests upon request. Personal data must also be deleted when the legal time limit for storing the data is reached or when the purpose for using the data is no longer given, e.g. personal data of newsletter recipients must be deleted when the newsletter is stopped.
Implementation of the EU / Swiss Data Protection Laws in aleno
Exporting and sharing data
You can export the data of your guests completely or only for individual guests. The data will be saved in the common format .csv and can then be passed on to the guest or to third parties, if requested by the guest.
To export guest data do the following:
(1) Go to your relatIn.
2) To export the data of all guests click now "Export customers".
(3) To export the data of a single guest, select the guest. To find the guest, use the search field or scroll down the list to the guest.
(4) Now click on "Export customers".
(5) Now confirm the export of the guest data by clicking on "Download".
The csv file with the guest data or the data of the individual guest will now be saved on the computer and can be edited or shared.
Deletion of guest data
You can delete the data of a guest as follows:
(1) Go to your relatIn in aleno.
(2) Search the contact using the search field or scroll down to the desired contact.
(3) Select "Delete" from the menu in the Actions column of the contact.
(4) Confirm the deletion in the pop-up window.
(5) Now all information personal data of the guest are deleted. The reservations of the guest are anonymized. The reservation can therefore no longer be assigned or linked to the guest: However, the deletion of the guest data does not affect reporting, controlling or utilization rate.
Note: The data of a guest can be deleted only if there are no future reservations of the guest.
Automatic deletion of walk-in data
Walk-Ins can be registered in aleno in two ways: First, manually in the backend, whereby it is not necessary to enter personal data such as name, phone number or email address.
Second, via an online self-check-in, e.g. via QR code at the entrance or at the table. In this case, personal data is usually also collected. This personal data can be deleted after a freely definable number of days.
This is how you can initiate the automatic deletion of walk-in guest data.
(1) - (2) Go to "Guest data" in the settings.
(3) Activate the "Automatic deletion of WalkIn guest data" by clicking in the box.
(4) Specify after how many days after recording the guest data should be deleted automatically.
Automatic deletion of guest data after given time
In due time, we will roll-out a state-of-the-art feature to automatically delete guest data in line with the new Swiss data protection law.