We take data protection and privacy very seriously. Sirvoy will handle your business information and guest data securely and confidentially, and according to the GDPR (General Data Protection Regulation). All third party services used by Sirvoy for data processing are also GDPR compliant. See our terms and conditions for more details regarding how we apply different aspects of GDPR.

What is GDPR and how does it affect your business?

GDPR is about collecting and processing any personal data in a fair, legal, and transparent way.  It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

These are the key principles:

  • Processing of personal data must have a lawful basis, such as the fulfillment of a contract or that the person has given explicit consent.
  • Processing of personal data must be limited to the specific purpose.
  • Data must be accurate, relevant and limited to what is necessary in relation to the purposes.
  • Data must be kept for no longer than is necessary, unless kept purely for historical research purposes or statistical purposes.
  • Data must be processed in a secure and confidential manner.
  • The person has the right to know what data is registered and to have the data deleted (“right to be forgotten”).

If you accommodate guests who reside in the European Union, you must comply with the GDPR. Any third party services used to process personal data must also be GDPR compliant.

While our general terms and conditions touch on this topic, you might want to have a supplemental Data Processing Agreement (DPA) in order to prove your GDPR compliance. Please contact Sirvoy Support to obtain the DPA, then sign and return a copy.