This is a law that is enforced as of 23 may 2018. The main purposes of the GDPR is simply to make the digital world a safer place to be for persons, and to protect individual persons rights and interests.
This law is enforced upon all EU Business.
The full extension of this law can be found on the webpage: https://gdpr-info.eu
1. Controller VS Processor
When you order a PMS, APAC, CRM, SRS or other products from GetShop you are most likely a data controller. A data controller are those who have control of the data, and with that comes a set of responsibility.
We consider ourselves a processor for information. A processor is a software, service, company etc. that retrieves data on behalf of the controller and process it. We do require that you legally provide us with access to the data trough a legal contract. As a controller you are responsible to ensure that the processors that you use are compliant with GDPR.
2. Actions taken to ensure GDPR compliance.
GetShop will never provide any data to other processors unless there is a "General Written Authorisation" according to GDPR. Art. 28 (2).
2.1 Legal contract of authorisation for processing data.
GetShop will require you as a controller to sign a contract with GetShop that allows us to process your data. The contract will be sent to you upon request or before we will be able to provide you access to a production environment.
2.2 NDA GetShop Employees and persons.
All employees and persons that has access to personal data has signed an NDA to ensure that personal data never is shared to third parties or companies without the permission of the controller.
2.3 Cooperation with the supervisory authority in the member state
GetShop will comply and cooperate with the supervisiory authority in the member state.
2.4 Security of processing
GetShop considers the risk of varying likelihood and severity for the rights and freedoms of natural persons to be medium. GetShop stores personal data and do the following actions to prevent personal data leak in case of a databreach.
All passwords stored in the database are encrypted.
Bookingforms that collects data are encrypted by HTTPS
GetShop regulary reviews its personal data storage along with the server network structure to ensure the system is compliant with GDPR.
Where a customer of GetShop is part of a member state, the data will not be stored in a country that is not a member state.
2.5 Notification of a personal data breach
GetShop complies with the Art 33. (1). No later then 72 hours after having becoming aware of a personal data breach will GetShop inform data-subject by email and the supervisory authority, according to the guidlines in Art 33 (3).
GetShop will aslo inform the controller as soon as we are aware of a personal data breach.
2.6 Data protection impact assessment. (Art. 35)
GetShop does not store data according to Article 9or Article 10 in the GDPR. The personal data that is gathered is considered public information and by that conclusion the risk of freedom is medium, not a high risk. GetShop never store any credit-card information to avoid personal data theft.
The likelihood of such a breach is considered minimum due to the software structure, art and design.
GetShop does monthly risk assessments on the personal data risk. All software developments are teached in the principles of the GDPR.
2.7 Tools GetShop provides to help the controller assure GDPR compliants.
The system has a build in "GDPR" system. By activating this function the system will pseudonymanisation of personal information. The following impacts will be impacted after activation of this features.
The cleaning staff will no longer be able to see the guest information while they are cleaning the hotel rooms.
During the last part of the booking process there will come a popup where it clearly states the intention of the data collected, what personal data has been collected and what it is intented to be used for. The guest has to agree to this so that the controller are able to document that the guest has given its consent to use the personal data.
2.8 GetShop's data protection officer
Contact details: Kai Tønder, email: firstname.lastname@example.org, phone: +47 48311484
GET IN TOUCH
WE ARE HAPPY TO ANSWER ANY QUESTIONS YOU MIGHT HAVE.