“0. You may not book through peppersbridgebnb.com if you are in the European Union.”
“1. We will not send out newsletters to you should an European Union citizen volunteer your email address through our booking system or over the phone.”
If you’re a customer booking from the EU: Please book through our listing on AirBnb.
Why? GDPR is impossible for us to comply with as a small business. We are a two person operation: my mother runs the business and I, Dustin Palmer, handle the website.
Here is the part that directly relates to us:
“Sales aren’t the only thing you need to worry about. Let’s say a tourist from Italy comes to your bed and breakfast, stays for a week, and volunteers his or her email address during the checkout process. That doesn’t require compliance.
If, however, you were to send out an email newsletter for marketing purposes after the tourist returned home, you could be stepping into a GDPR mess. Email-tracking software — such as the Microsoft Connections app we install and configure for clients — allows you to see when an email is opened, if it was forwarded or deleted, and so on. And in the eyes of EU regulators, this is a form of data monitoring requiring compliance.”
The parts that don’t directly relate, but we are covering our bases:
Here are some great things I think every web service should be doing that GDPR enforces (from the GDPR Compliance Checklist):
- keep track of where user data goes so it doesn’t accidentally get funneled to bad guys
- keep user data secure and report breaches
- users should be able to update their data and request that it be deleted
Your privacy is super important and we take it super seriously.
Good news: we don’t store payment or account information on this website. In fact, you can’t create an account on our website as there is no place to. The information we do store is the information you provide to us through our booking calendar. That database resides on our hosting server at godaddy.com, which we both protect. We don’t share this information with anyone nor do we use it for marketing purposes without your consent.
Here’s some things GDPR requires that we can’t do:
- Appoint a representative within the EU – “If you have a business outside of the EU and you collect data on EU citizens, you should assign a representative in one of the member states for your business. This person should handle all issues related to processing. In particular, a local authority should be able to contact this person.”.
- Be able to prove who has ever seen any of the data we collect.
- Not transfer data outside of the EU to countries that offer “an appropriate level of protection”
- Ask for consent every time I start processing a person’s information. This makes it illegal for us to do something like send an email to users who have never received a file offering some help to get their account setup without a) asking for their permission to send them that email, and b) being able to prove that they consented to their data being used for decisions like that.
As we see it, our only option is to require that if you are a customer booking inside the EU, that you use our listing through AirBnb.
Thank you for choosing to stay with us at Peppers Bridge Bed & Breakfast. We look forward to your stay!