We’re currently living in the age of information. Internet users and website owners have access to endless amounts of information, be it vacation rental preferences, number of family members, birthdays, favorite colors, you name it. Much of this data can be helpful in understanding your guests, but, with that said, users should be well-informed and fully aware that you’re collecting data. Keeping guests in the dark could have serious consequences, like not booking your property or, worse yet, a lawsuit.
The grounds for “invasion of privacy” are wide and the consequences can be quite severe. Even if your intentions are good, any data you collect or information or jot down needs to be communicated to visitors, or you could have serious problems.
The obvious is guest experience. Satisfying the guest starts long before a reservation is even made. From sparking their wanderlust with captivating photos, securing their trust with reviews, to providing a smooth booking process you’re aiming to please the guest before they even become a “guest.” If you’re collecting any data for guest satisfaction or otherwise, you’ll need to disclose this.
GDPR and CCPA compliant
As for CCPA compliance, the reach is a little more narrow but equally important. This set of regulations is specific to California, but not limited to it. This state statute holds a lot of authority and is also accompanied by pricey fines if you find yourself out of compliance.
From the beginning of the document, you’ll need to introduce your company, what set of regulations you’re complying with, and any introductory information you deem relevant. For our purposes, we’ve listed the code for GDPR, but privacy regulations are not limited to this set of laws. Some other sets of regulations to consider might include:
- U.S. Data Protection Rules
- State statutes
Researching the privacy requirements specific to your location will be vital in keeping your business in line with the law.
Name and address of the Controller
This is simply where you’ll put the responsible parties. Typically, it will be you, your company, or any alias or previous trademark of your company. If you have multiple properties listed under your vacation rental business, it will be useful to list them all here and make it clear that they’re subsidiaries of your vacation rental business.
Data collected through your website
This is arguably the most critical section in your vacation rental privacy agreement. Website visitors and guests want to know what exactly you’re tracking. Even if you’re not currently collecting specific data, any data on file, or data intended to be mined should be included here. Imagine being a guest and thinking that the website owner is only collecting your contact information while, in reality, you’re tracking every page visited, third-parties associated with the user, and other details …you’d be quite angry! Let guests know what exactly you’re collecting in this section.
Purposes of the processing
Even if website visitors are willing to consent to data collection, they might want to know why. Are you collecting data to improve guest satisfaction, or are you selling it to third parties? The reason for data collection is important to disclose to avoid lawsuits and/or angry customers.
Legal basis for the processing
This basically means that you’ll only use the data if you have permission to do so. That permission needs to be granted from both the data regulations or laws and the user. For example, you might be collecting a user’s address with their full consent, but you cannot use price personalization just because that user resides in a more expensive neighborhood. The legal basis must be followed by all parties.
This section states where the data will be disclosed. If you distribute user data to third parties, like OTAs, Paypal or other integrations on your website, you need to let your website visitors know. All third parties must be listed in the data disclosure section.
Rights of the Data Subject
- Right of confirmation
- Right of access
- Right of rectification
- Right to erasure
- Right of restriction of processing
- Right of data portability
- Right to object
- Right to withdrawal data protection consent
Website users should know about all of the different rights they have when it comes to their data protection on your page.
More than just using visitors’ data, they want to be sure that their data is safe. The sound of “data breach” can be scary to anyone, but especially guests who are entering their personal information and credit card number to book a stay with you. Ensure guests’ digital safety by detailing your data security measures in this section. If you use any third-party software to guard data, it should be listed here.
Validity and modifications
- New third party partnership
- Change in data regulation laws
- Adding a subsidiary or changing the company name
Whatever your need for amending may be, it’s not as difficult as it sounds. If you’re using the template we provide, simply modify the section you need changed and reupload the accurate copy to your vacation rental website.