GDPR Statement
Introduction
The General Data Protection Regulation (GDPR) comes into force on May 25, 2018. The GDPR applies to both individuals and businesses and along with existing data privacy legislation, it regulates the way in which personal data of EU citizens should be handled and harmonizes data privacy legislation across the EU.
reservie's role under GDPR
A ‘data controller’ is an entity that controls how and why personal data is processed and a ‘data processor’ uses, handles or works with the data under the instruction of the controller. Therefore, by providing a booking system and related solutions to customers reservie is a data processor for the purpose of existing data privacy legislation and GDPR. reservie is also sometimes a data controller in that we store and manage data about our customers, suppliers and staff.
How GDPR impacts reservie
Prior to GDPR reservie had a client facing checkboxes pre-ticked for the acceptance of terms and conditions. In all other respects reservie was and remains compliant with previous and existing data privacy legislation and requirements. We have undertaken a full review of our internal security controls and data protection mechanisms to ensure that they meet or exceed GDPR requirements. We have also reviewed our sub-processors and where outside the EU, their compliance to EU Privacy Shield. We have further updated our terms and conditions and privacy policy notice to our new obligations.
The key elements include
A review of where data resides, how it is secured and who can access or change this data
Updates to our internal security processes to meet GDPR requirements including processes associated with incident response, secure development and third party compliance
Updates to internal policies to address changes in legislation;
A review of the contractual terms that govern the relationship between reservie and its customers and suppliers
How will GDPR impact how reservie does business?
To comply with GDPR reservie is amending our existing Terms and Conditions, the document which sets out each party’s obligations in relation to data protection. In incorporating these updates in the Terms and Conditions, the document sets out in more detail, each party’s responsibilities in relation to how and for what reason either party is collecting, using or handling personal data. We have also re-written our privacy statement to take in consideration the the new regulation.
1 - How can reservie make this change?
GDPR contains a legal requirement obliging organisations to update existing contracts which deal with data protection to a more detailed standard. Due to a change in terms and conditions, we require you to reconfirm that you understand both your and our obligations as as part of these regulations when using reservie.
2 - Why is reservie making this change?
GDPR contains a legal requirement obliging organisations to update existing contracts that deal with data protection to a more detailed standard including statements on (i) how the parties will deal with data breaches, (ii) the assistance they will give to each other, (iii) the responsibility they have to each other.
3 - When will the changes come into effect?
Any changes in our contract will come into effect on or before 28th May 2018.
4 - What should you do next?
Review our terms and conditions and privacy notice. Confirm that you accept the terms next time that you log in. We will record the date, time and IP address of the acceptance.
Check your own terms and conditions, privacy notice and processes to ensure that you are compliant.
Ensure that you have linked have updated reservie to link to your terms and conditions.
Questions?
Should you have any questions, please contact us.