GuestU GDPR compliance
GuestU develops and integrates software and hardware solutions for the hospitality market and the type of products offered process and store data of many types. GuestU’s products are data processors and GuestU’s customers are controllers of that data. Controllers can decide to which parties give access to data, but that decision belong entirely to our customer (typically, an hotel or apartment manager).
That said, GuestU’s commitment to protecting user’s personal data and to the GDPR is:
1. GuestU never shared and will not share personal identifiable information processed by GuestU’s products. Only our customers, entities that use GuestU’s products on their own premises or use GuestU’s cloud services, may share personal data captured by GuestU’s products. Nevertheless, GuestU is actively assisting its customers achieving GDPR compliance by providing them tools to implement services that are GDPR compliant. GuestU’s customers can decide what to do with the data and with the tools provided in order to be compliant.
2. GuestU uses some data to improve product and service efficiency and to offer a best experience to its customers and end users. GuestU will carry on using such data in the legitimate interest of its clients and end users. GuestU’s team has access and will keep on having access to personal data, such as the end user’s name, for the sole purpose of assisting in troubleshooting problems and improving the support process efficiency.
3. GuestU limits the collection and transfer of personal data to the minimum required to perform the support tasks and improve the system’s efficiency. More specifically, the user personal data processed and stored by various GuestU products is used to simplify and improve end user’s experience during his stay. The data that is usually stored is: name, e-mail, check-in date, check-out date, service requests, etc. GuestU limits the data that is processed to the data that is essential and relevant to the business process.
4. GuestU is constantly developing new products and new features to existing products. GuestU will dedicate resources in order to apply the same rules to all products and commits to be transparent with its customers in case any of our products and services require further developments in order to become compliant with the safe use of personal data.
5. GuestU will adhere to GDPR requirements and will communicate data breaches to affected customers and end users in a timely manner. This will apply to both products that used on premises and products that are exposed to the Internet (the majority of GuestU products). GuestU tests all cloud servers and on premises appliances periodically for security vulnerabilities in order to prevent security failures.
6. GuestU keeps EU residents’ data stored within the EEA (European Economic Area). GuestU provides products to be used on premises and on the cloud. GuestU cloud-based products were built with data protection in mind and its architecture limits the amount of personal data that is transferred from any customer device to the GuestU Cloud to the minimum. GuestU cloud-based products are configured to operate in the servers based in the EU.
7. GuestU ensures that even the network management information and backups are stored only within the EEA. GuestU servers are organized in regional clusters, and storage is backed up for maximum reliability and GuestU guarantees that even in the case of backup for disaster recovery the data is still kept within the EEA.
8. GuestU, which sells to customers everywhere in the world, will endeavor to use GDPR as the foundation for data protection for all people across the world and not only for european residents.
GuestU aims to be fully GDPR compliant. This includes not only compliance of our products but also compliance of the company as a whole. GuestU had already implemented a consistent level of data protection and security in its products and now will improve products and processes in line with the GDPR requirements.
Any GDPR related questions can be addressed to GuestU DPO (Data Protection Officer) at firstname.lastname@example.org.