GDPR and ROOMDEX
The General Data Protection Regulation (GDPR, since May 2018 in the EU). To help our Hotel Customers understand what this means when ROOMDEX interacts with their guests, we have outlined the main points in the below section. Here hotels can find out what it is, how it works and how ROOMDEX and the hotel will be compliant. Please note: for EU customers GDPR will also be reviewed as part of the ROOMDEX onboarding process.
What is ROOMDEX?
ROOMDEX is a tool used by our customer hotels to communicate with their guests, and to offer specific services and upgrades that relate to the upcoming stay of their guests.
Data controller and Data Processor
The difference between a data controller and a data processor is that the controller determines the purposes and the means of processing, where the processor processes personal data only on behalf of the controller. In the context of our services, the Customer Accommodation Provider (Hotel) is the data controller, and ROOMDEX is the data processor.
Hotel = Data Controller
ROOMDEX = Data Processor
Data Processing agreement
According to the regulation, the data controller and data processor must sign a Data Processing Agreement (DPA) that stipulates their relationship in regards to Client Personal Data. The DPA is specific per customer (Hotel) and will be sent to you by ROOMDEX as part of the onboarding process for signage and process understanding.
Do Hotel guests need to give opt-in consent to use ROOMDEX?
No. The Hotel can send emails with an informational character via ROOMDEX. These informational emails do not require expressed opt-in consent, as they fall under the legitimate interest under GDPR. Within legitimate interest, these informational emails are considered as part of the hotel stay and something that the hotel guest expects to receive when making a reservation with a hotel.
ROOMDEX will offer templates of emails with informational character to all of its customers.