This law came into effect May 2018. The main purpose of the GDPR is to make the digital world a safer place to be for people and to protect the rights and interests of individuals.
This law must be enforced by all EU businesses.
The law can be read in its entirety at: https://gdpr-info.eu
1. Data controller AND data processor
When you order a PMS, APAC, CRM, SRS or other products from GetShop, you are most likely a data controller. The data processor is the one who has control over the data, and with that it follows more responsibility.
We consider ourselves a data processor. A data processor is a software, service, company, etc. that retrieves data on behalf of the controller and processes it. We require you to legally give us access to the data through a legal contract. As a data controller, you are responsible for ensuring that the processors you use are in compliance with the GDPR.
2. Measures taken to ensure compliance with GDPR
GetShop will never provide any data to other processors unless there is a general written authorization under the GDPR Article 28.2.
2.1 Legal approval for data processing
GetShop will require you as a data controller to sign a contract with GetShop that allows us to process your data. The contract will be sent to you on request or before we will be able to give you access to a production environment.
All employees and persons who have access to personal data have signed a confidentiality agreement to ensure that personal data is never shared with third parties or companies without the permission of the controller.
2.3 Cooperation with the supervisory authority of Member States
GetShop will work with and cooperate with supervisory authorities in Member States.
2.4 Safety for treatment
GetShop continuously assesses the risk of varying probability and severity in relation to protecting the rights of natural persons. GetShop stores personal information and takes the following steps to prevent personal data leakage in case of data breaches.
- All passwords stored in the database are encrypted
- Booking forms that collect data are encrypted by HTTPS
- GetShop regularly regulates its personal data and server network structure to ensure that the system complies with GDPR.
- If a GetShop customer is located in a Member State, the data will not be stored in a non-Member State.
2.5 Notification of security breaches
GetShop complies with article 33.1 of the GDPR. Not later than 72 hours after getting acquainted with personal data breaches, GetShop will inform the person (s) via email and supervisory authority, in accordance with the guidelines of the GDPR article 33.3.
GetShop will also inform the treatment manager as soon as possible if we get a knowledge of a security breach.
2.6 Data Protection Impact Assessment (GDPR 35)
GetShop does not store data in accordance with Article 9 and Article 10 of the GDPR. The personal data collected is considered public information, and as such the risk of freedom for natural persons is considered medium, not high. GetShop never stores credit card information to avoid personal data theft.
The probability of a data breach is considered minimal due to software structure and design.
GetShop makes monthly risk assessments of data security regarding personal data. All software development is taught in the principles of GDPR.
2.7 Tools GetShop uses to help the treatment manager secure GDPR compliance
The system has a built-in GDPR system. By activating this feature, the system will pseudonymize personal information. The following effects will take place after these features are enabled.
The cleaning staff will no longer be able to see guest information when they clean the hotel rooms.
During the final part of the ordering process, a pop-up will appear, clearly indicating the intent of the data collected, which personal information is collected, and what they are intended to be used for. The guest must accept this so that the data processor can document that the guest has given his or her consent to use the personal data.
2.8 GDPR manager at GetShop
Contact details: Kai Tønder. Email: firstname.lastname@example.org. Phone: +47 48311484