User Guide Data Privacy – How to be GDPR compliant with Customer Alliance

Data protection is an extremely important concern for us. To protect personal data, such as that of you and your guests, we implement strict data protection guidelines and precautions in our company. The basis for this is the General Data Protection Regulation (GPDR), which has been mandatory since 25 May 2018. You can be assured that data protection has top priority when working with us. In the following, we will now give you an overview of how we deal with data protection.

It is possible to automatically delete customer data after a set timeframe within your account here. This will result in personal data such as name and email to be automatically removed after the specified timeframe, but the contents of the reviews remaining.

You can use your questionnaires to collect GDPR compliant newsletter double-opt ins. A so called “double-opt-in” procedure offers an extra confirmation step to verify each email address added to the database. To subscribe to your newsletter, your guests will receive a follow-up email with a link to confirm their email subscription.  The e-mail address will not be added to the newsletter distribution list as long as there is no active confirmation.

You are allowed to send out emails and messages to guests from the day of booking until the time of their departure. However, you are not allowed to include any information in there that is about businesses that are not part of your hotel. This would be considered an advertisement.

According to the data protection regulation, a pre-stay email belongs to the service or to the area of contract fulfilment. Therefore, you may send pre-stay e-mails with additional information about your hotel to your guests without explicit consent. This is not considered advertising.

Yes, upselling is allowed as long as it contains only advertisement with regards to your hotel facilities like your restaurant, spa, green options or a bottle of champagne upon arrival, etc. However, it is not legal to include offers from third-parties like offering to book a bike in the shop across the street. This would be considered as advertisement.

In this case, there are different opinions on whether or not it is okay to ask your guests to leave a review after their stay, or whether this is considered advertisement. However, it is legal to send out any information regarding the hotel stay from the time of booking until the time of departure. Therefore, we recommend sending out the post-stay review invitation on the day of departure in the morning.

You can setup detailed user rights for your co-workers. This ensures that a user has only access to the parts of the system that he should have access to. He can also only see the personal data that he needs to see. If there is no need for him to see personal data, he will not see it.

If desired, you can give your guest / customer the option to anonymize his review. If the guest chooses to do so, all his data will be automatically deleted from Customer Alliance. An anonymized review without a link to any personal data remains in the system

When integrating the review widget on your website and using Customer Alliance we recommend to adapt your data privacy policy. Here is a sample text for your data privacy policies.

Customer Alliance (Feedback requests & Widget)
(1) We use the services of CA Customer Alliance GmbH, Ullsteinstr.130, 12109 Berlin (“Customer Alliance”) to query your consumer satisfaction, if you have used our services. To do so, we provide Customer Alliance with your contact information and contractual information (e.g. length of stay) with the task to query your satisfaction with our services (e.g. a review). Afterwards the result is provided to us by Customer Alliance and can be made publicly available.

(2) We use the so-called Widget of Customer Alliance within our websites to display the website visitors our customer reviews in a summarized presentation. Customer Alliance uses your IP-address to display the Widget in your browser and gives you the opportunity to see summarized reviews of other customers.

(3) The legal basis for processing is Art. 6 Para. 1 sentence 1 lit. f DSGVO and our legitimate interest in improving our services through your feedback and to display customer reviews for marketing proposes.

(4) Further details on the processing of your data can be found in the data protection regulations of Customer Alliance.