Back
Legal requirements
General Data Protection Regulation
All functions that enable you to meet the requirements of the GDPR when working with protel Air are integrated into protel Air as standard.
protel Air is hosted in an Amazon data center, one of the most secure hosting providers worldwide. Which data center is used for your hotel depends on your geographical location. If you do not know your hosting location, your protel partner will be happy to help you.
This guide describes the functions that have been developed to enable you as a customer to work in compliance with the GDPR requirements in protel Air. The decision on the use and implementation of these functions is the responsibility of each individual hotel. This guide contains recommendations for meeting the requirements in protel Air. In addition, your protel support or your local protel partner is available to answer any questions you may have.
We strongly recommend reviewing the entire IT environment in your business when it comes to introducing or reviewing GDPR-related processes. Please note that it is not only your hotel software that manages personal data!
The implementation of the GDPR in protel Air essentially involves the following tasks:
- Configuration of the respective data storage periods and their individual assignment for each guest file
- Regular anonymization of data according to the set consent level (takes place at the end of the day)
- Provide information: You must be able to give your guests an overview of the guest data you store at any time
What are data retention periods?
The GDPR requires a storage period for personal data. In your role as the controller within the meaning of the GDPR, you must always be able to inform your guest about which data you store and for how long. If this data is stored for longer than legally required, you must obtain the guest's consent.
Three data retention periods are used in protel Air so that each hotel can decide individually how many days the data should be stored for. After the defined retention periods have expired, the relevant guest files are anonymized.
- Minimum: This setting refers to the number of days the hotel is legally obliged to store guest data. This is determined on a country-specific basis.
- Maximum: This setting refers to the case when the hotel wants to store the data beyond the legal period. If you generally do not want to store your guest data for longer than legally required, the values for minimum and maximum will be identical.
- Keep guest profile: This setting ensures that personal guest data is not anonymized. This option is made available to hotels whose headquarters are outside the scope of the GDPR regulations, but who still want to use parts of the GDPR functionalities (for example, when guests from EU countries stay in the accommodation). Hotels that do not want to set a defined end date for storing guest data can also use this setting.
Task (if you are activating the privacy settings in protel Air for the first time)
- Find out how long you are legally obliged to store data from guest files (= minimum storage time).
- If you want to store data for a longer period, for how long? (= maximum storage time).
The standard data retention period
As soon as anonymization is activated in the system, each guest profile is assigned a standard data retention period. Because all guest profiles must be handled in accordance with GDPR - even if you have not had the opportunity to obtain corresponding data retention periods - protel recommends setting Minimum as the default. You can find out how to set the standard data retention period in the section " Activate data protection settings | Step 1: Initialize profile anonymization type ". This setting is set once at the beginning of the setup and can later be individually changed at the guest profile level.
In protel Air, guest data whose retention period has expired is not completely deleted but anonymized. This ensures that data can be evaluated in reports and statistics in compliance with data protection principles.
During anonymization, personal data is no longer linked to a person. As a result, an anonymized guest profile can no longer be linked to an individual guest. During anonymization, protel Air removes all fields from the guest data that are considered personally identifiable data. The last name is replaced with an "x" except for the last two characters. For example, Thomas Müller becomes "xxxxer". The rest of the fields are deleted.
Exception rules
Profile anonymization will not take place on the earliest anonymization date if the processing of the data is still necessary for the performance of a contract, i.e. specifically if one of the following circumstances applies:
- Current or future reservations for the guest file
- Open invoices for the guest file
- Open debtors for the guest file
- Current or future MICE events (only when using protel Air MICE)
The implementation of the GDPR requirements in protel Air is activated in the data protection settings (menu MASTER DATA ⇾ Guest profile ⇾ Data protection ). Activation takes place in two steps:
- Step 1 is called Initialize Anonymization . The hotel (or the responsible user) defines a default data retention period for all existing guest records. This can only be done once . Once the default value has been set, it can only be changed if you proceed to step 2.
- Step 2 is called activating anonymization. The user defines the minimum duration ( minimum ) and the maximum duration ( maximum ) for the data retention periods ( anonymization types ). The user also defines which data retention period should be used for newly created profiles (this value can differ from the default value defined at the beginning). The anonymization process then takes place with each daily closing - this is also activated in this step. The data retention periods can be changed at any time. Each time a change is made, the user must give their consent. All changes are saved in the action log and require certain permissions.
Step 1: Initialize anonymization
- In protel Air, open the Apps menu
and click on MASTER DATA.
- Then open the menu Guest profile ⇾ Data protection .
If you have NOT yet set a default anonymization type for your guest profiles, the window looks like this:
- In the Anonymization type field for all profiles , select the standard setting that your hotel wants to use:
Maximum=maximum duration, Minimum=minimum duration, keep guest profile=do not anonymize – see article GDPR | Data retention periods .
NOTE: The times for maximum and minimum duration are only set in the next step!
- Please read the consent form carefully and check the box.
- Click the Save button (the button only appears after you have clicked the consent checkbox). This will assign the standard anonymization type to all existing and all newly created guest profiles.
Once you have completed this step, all guest profiles will receive the selected anonymization type and thus the selected data retention period. From this point on, the default anonymization type will also be assigned to all new guest profiles that are created.
You will then see the view in the Privacy Settings tab change – see the following image.
Step 2: Activate anonymization
Setting data retention periods
As soon as you are ready to enter the data retention periods that apply to you, go back to the menu Master data – Guest file – Data protection.
First enter the minimum and maximum duration for the data retention periods.
As a reminder:
Minimum duration refers to the number of days the hotel is legally obliged to store data from guest files. The smallest adjustable value is 30 days.
Maximum duration refers to the number of days the hotel would like to store the information from the guest files. This setting requires additional consent, i.e. the hotel must ask the guest for their consent to keep their personal data for longer than required by law. The smallest adjustable value is 30 days.
The minimum adjustable time for both values is 30 days. The maximum duration should be longer than the minimum duration. Enter the values here that apply to your business and the legal requirements (see GDPR | Data retention periods >>> ).
Default anonymization type for new profiles : Decide which default data retention period you want to use in the future. If you change the type, this will only affect newly created guest profiles. Any changes will only take effect if anonymization is enabled.
Please read the consent form carefully and check the box.
Finally, click Save .
Activating profile anonymization
To fully apply the privacy settings, you must activate the anonymization process.
- Check the Enable checkbox above .
- Check the values specified for storage duration again.
- Read the consent form at the bottom of the window and check the box.
- Click Save .
Subsequently, all guest files that are eligible for anonymization will be anonymized during the next daily closing.
After initializing the data protection settings (see GDPR | Activate data protection settings ), new GDPR-specific fields are available in the protel Air guest profiles.
You can find this in the guest file if you click on the data protection icon – see the following figure. 
The date fields display the last activity for the profile and the calculated anonymization date.
Fig.: Guest file ⇾ Data protection
The Last Activity field is determined by protel Air and cannot be changed. The date is taken from the action log of the guest profile.
If a profile was imported from a third-party PMS, the Last Activity field is set to the import date.
What counts as activity?
- Create a reservation
- Changing a reservation
- Checking out a reservation
- Cancelling a reservation
- Creating an invoice (ordinary invoice and/or debtor)
- Paying an invoice (ordinary invoice and/or debtor)
- Cancellation of a payment in an invoice (ordinary invoice and/or debtor)
- Any action on a trace or event that contains this guest (MICE)
The earliest anonymization date is calculated automatically and cannot be edited either. It is calculated as follows: date of the last activity plus the number of days specified by the setting in the Data retention field.
An example: A guest profile has the Minimum (365 days) setting in the data retention field. The last activity was when the guest checked out and paid their bill (October 4, 2021). The earliest anonymization date is therefore October 4, 2021 + 365 days = October 4, 2022.
If you have activated the GDPR data protection settings in your system (see GDPR | Activate data protection settings ), all guest files that are due to be anonymized will be displayed during the end of day process.
Click on the magnifying glass icon to display a list of the guests in question.
After initializing the data protection settings (see GDPR | Activate data protection settings ), new GDPR-specific fields are available in the protel Air guest profiles.
You can find this in the guest file if you click on the data protection icon – see the following figure.
Setting data retention periods
The Data Retention field shows the set data retention period. The value can be changed if the guest requests it and you have the guest's consent, if necessary.
Example : A guest gives their consent to keep their data for longer than legally required. In this case, you can set the selection in the Data retention field to the Maximum setting . If the guest withdraws their original consent, you must change the selection in the Data retention field back to the Minimum setting .
The option to keep guest profile is made available to hotels that are based outside the scope of the GDPR but want to use parts of the GDPR functionalities (for example, when guests from EU countries stay at the accommodation). It can also be used by hotels that do not want to set a defined end date for storing profile data.
Notice
If you cannot edit the data retention selection , your user does not have permission to do so.
Display of data retention periods
You will also see the date of the last activity and the earliest date the guest's data will be anonymized. As soon as the anonymization process has been activated, a date will be displayed here (unless the "Keep guest profile" entry is selected). This data is useful if a guest, for example, requests information about their consent level or wants to exercise their right to delete their data.
You can find out how the date of the last activity is determined and the anonymization date is calculated here: GDPR | How is the anonymization date calculated ?
Guest profile report
protel Air allows you to export all personal data stored about a guest in a user-friendly format. This allows you to quickly and easily comply with a guest's request for a copy of their data - for example, to see what data is stored about them in the hotel software. To output the report, select the file format in which the report should be generated and click on EXPORT GUEST DATA.
Marketing consent
In addition to the fields that you can access via the data protection icon in the guest profile, there are additional fields in the Marketing area .
Using the two fields, you can query or enter the required consents according to GDPR for the following points:
Marketing allowed refers to permission to use the guest's data for marketing purposes. In most cases, hotels in the EU have already obtained such consent. However, remember that GDPR requires this option to be unchecked by default - you must actively obtain consent.
Data sharing allowed refers to the permission to share the guest's data with third parties that are part of the hotel's IT landscape. Please note that you must disclose to the guest which other systems his data is shared with.
The names for these two fields come from protel. However, we leave it up to the hotel to define how the required consents are communicated to the guest. Usually, the third-party providers to whom the guest's data is passed on and the purpose of the data processing are named here.
Tip
Include the permission request in all relevant guest touchpoints, such as the registration form. All employees must be trained to update the data retention, marketing permitted and data sharing permitted fields according to the guests' information. The registration form is an ideal source of information here.
These functions are also available in the protel Web Booking Engine (WBE) and in protel Voyager. There, the fields are already offered to the guest when booking (WBE) or checking in (Voyager), and the information then automatically appears in the guest profile of the reservation.
If you would like to know which guest records are next in line for anonymization under the GDPR, you can access the GDPR Anonymization Check report .
call
In protel Air, open the menu Reports & Lists ⇾ Reports .
You can find the report in the Front Office category - see the following figure:
You can get it even faster by entering the report name in the search field above:
Create report
Enter a date in the Evaluation period field . By default, the date is preset to the TA date.
| Evaluation period (selection) | Data |
|---|---|
| TA date ('today') | The report shows all guest files, which are anonymized when the next daily closing is carried out. |
| Another date in the future | The report lists all guest records that are anonymized up to the selected date. |
Click PRINT in the top right corner to generate the report for the selected date.
Auf Deutsch wechseln
Stay in English