GDPR (General Data Protection Regulation) is a legal framework for the proper collection, storage and processing of personal information of EU residents.
As a tourism provider, you collect and store the personal data of your customers. You welcome customers from all around the globe, including citizens of the EU. Therefore in using Zaui you also collect and store the data of EU citizens.
Feel free to check out this blog post for more info on GDPR.
GDPR Compliance Checklist
- Always state a clear reason why you are collecting the information.
- Request explicit consent before collecting any data.
- Ensure users can request access to and view the data you have collected.
- Provide users with a way to withdraw their consent and delete the data you have collected on them.
This article will cover how you can address points 1 and 2. For information on points 3 and 4 of the above checklist, check out this article.
1. Review your Reservation Policy and Terms
From the navigation bar, select Settings > System Settings and scroll down to the Reservation Policies section.
Tip 1: Your request for consent must be in clear, easily understandable language and must stand alone from other matters and not be buried in other texts. If you currently use your 'Reservation Policies' to describe your reservation and cancellation policy in detail, you can use your 'activity-specific cancellation' policy for this purpose instead.
From the navigation bar, select Products > Manage Activities > Manage All Activities then scroll down to 'Activity Specific Cancellation/Reservation Policy'. You will need to update every live activity you have.
Tip 2: If you use the below options in Zaui, you will also need to explain what this information will be used for. These options are now unchecked by DEFAULT and you will need to turn them on if you wish to use them.
From the navigation bar, select Settings > System Settings > and scroll down to the Bookings / Reservations section.
2. Your Booking Portals Automatically Request your Customer's Consent
It is mandatory for your customers to give their consent to the collection of their data before they finalize a booking on the Online Booking Engine.