GDPR

THE GDPR (GENERAL DATA PROTECTION REGULATION)

The ‘General Data Protection Regulation’ (GDPR) is a European data protection legislation designed to replace and strengthen the ‘1995 EU Data Protection Directive’ and unify standards across the European Union.

The regulation aims to give consumers greater control over their personal data. It increases fines for companies that fail to take data security seriously—up to 20 million euros or 4% of turnover—and enhances consumers’ rights to access the data companies hold on them.

The GDPR became law on May 25, 2018, and applies to any company that stores or processes the personal data of an EU citizen.

How This Affects You

When you use our service, we store your personal data on our servers. This allows us to operate our website, issue you documentation for your booking, and ensure a smooth experience. This makes Hotel Room Discount (https://hotelroom-discount.com/) both a ‘data controller’ and a ‘data processor,’ while you, as a customer of Hotel Room Discount, are a ‘data subject.’ If you book on behalf of someone else, you may also act as a ‘data controller’ and need to comply with GDPR requirements.

Your Responsibilities

As a data controller, you should ensure GDPR compliance. We recommend consulting a legal professional to understand how GDPR legislation impacts your organization. The ICO suggests taking these 12 steps:

  1. Awareness: Ensure decision-makers and key personnel in your organization understand the GDPR and its potential impact.
  2. Information You Hold: Document what personal data you hold, where it originated, and who you share it with, potentially through an information audit.
  3. Communicating Privacy Information: Review your privacy notices and plan necessary updates for GDPR compliance.
  4. Individuals’ Rights: Verify your procedures cover all individual rights, including data deletion and electronic data provision in a common format.
  5. Subject Access Requests: Update your processes for handling requests within the new timescales, with any additional required information.
  6. Lawful Basis for Processing Personal Data: Identify and document the lawful basis for processing activities, and update your privacy notice accordingly.
  7. Consent: Review consent collection, record-keeping, and management processes. Refresh existing consents if they do not meet GDPR standards.
  8. Children: Determine if you need to verify ages or obtain parental consent for any data processing activities.
  9. Data Breaches: Ensure procedures are in place to detect, report, and investigate data breaches.
  10. Data Protection by Design and Data Protection Impact Assessments: Familiarize yourself with the ICO’s code of practice and determine implementation requirements.
  11. Data Protection Officers: Designate someone responsible for GDPR compliance within your organization, assessing whether a Data Protection Officer designation is necessary.
  12. International: For cross-border processing in multiple EU states, determine your lead data protection supervisory authority.

What We’re Doing to be GDPR Compliant

Hotel Room Discount takes data security seriously. We implement the following measures to protect your data:

  • Enforcing ‘HTTPS’ connections to our web servers.
  • Conducting regular security scans on our network.
  • Performing scheduled virus scans on all PCs.
  • Keeping an inventory of personal data and ensuring minimal data collection for service provision.
  • Maintaining a ‘Data Flow Map’ listing where we store data, including third-party involvement.
  • Regularly reviewing our Data Protection Policies and providing employee training.
  • Training staff on ‘Data Breach Protocol’ to ensure readiness in case of a breach.

We offer several documents to clarify our data usage:

  • Terms and Conditions
  • Acceptable Use Policy
  • Privacy Policy
  • Cookies Policy

The GDPR expands consumer rights for data access, removal, and deletion. However, legal limitations may prevent full compliance with your request, including requirements to store booking records for one year or to keep financial records for six years.

Hotel Room Discount is committed to full GDPR compliance.

If you have questions, please use our Contact Us page or download a PDF copy of the General Data Protection Regulation.