GDPR and Visit Group
Updated: July 2021
Updated: July 2021
GDPR is the data protection act which applies since May 25th 2018 throughout the EU and EES. Complying with GDPR is important. Please read this brief information and ascertain that you, if you are a Visit Group customer, have received and signed our data processor agreement. If you know that your organization hasn’t already signed this agreement, we urge you to contact [email protected] as soon as possible.
Most companies experience some uncertainties when interpreting GDPR. While many of you have questions, Visit Group can/should not take the role of a legal advisor. We are using a law firm called Zacco (www.zacco.com) to aid us in our legal inquires. Zacco are responsible for forming the data processor agreement and they are experts. If you should have legal questions, we urge you to contact a firm such as Zacco to ensure compliance for you as an organization and get the best answers suited for your needs.
You are the controller of the personal data and Visit solely acts on behalf of you as data processor
Through the data processor agreement, Visit ensures that we process your collected data in a secure and professional manner:
You may contact us on behalf of your customers to reveal and/or anonymize the personal identifiable data as follows. Visit Group will not deal with requests directly from consumers since you, the licensees, are the owners of your data.
Infracom Managed Services AB – Hosting and Server Provider which, amongst other, stores data and backups for BookVisit and Citybreak.
Twilio / Sendgrid – The mail service Sendgrid and the text message service Twilio are used to send out booking confirmations.
Microsoft – Azure, cloud storage service for customers with Citybreak and iTicket.
Freshdesk – Support system that can receive issues containing personal data on a booking described in a support case: In this case, the information is sent to Visit from PUA.
Mailchimp – E-Mail Marketing system, which is used to send e-mail campaigns and Newsletters.
Anonymization of Data
An important part of GDPR is the customer’s right to be forgotten; at the customer’s request or after the time period you have determined to store your customer information (which must be documented and motivated).
The anonymization function can be run on an individual customer or on all customers who, for example, have not been in contact with you within a certain period of time.
The anonymization feature obscures personal identifiables, such as name, e-mail etc, but retains some anonymous demographic data, for any anonymous long-term statistics.
Additional confirmation box when booking, ordering a brochure or other contact
An additional privacy policy textbox that the customer may read through to confirm consent under the GDPR is added to your online environment upon request. You may start to create such a policy already, as it will be a vital part of what you store, why and how long. In this policy you may also add the measures the end-customer must take in order to be forgotten and to exercise other rights under the GDPR.
SSL, encryption of all information sent over the website
For a long time, most of our customers have chosen to use SSL (https) for their entire website and booking. GDPR is entitled to personal data security and, for example, mentions encryption as an appropriate measure, even if it is not a specific requirement.
There are many other benefits of SSL for the entire website. For example, more and more browsers show a warning for sites that are not through SSL, Google praises SSL in search results and the customer feels more secure when they visit the site and make reservations. If you do not have SSL today, we recommend that you contact us and order this as soon as possible.
Portability of personal data
The ability to extract a person’s data in Readable standardized formats is introduced, to fulfill the requirement of ease-of transfer of data to those requesting it.
Infracom Managed Services AB (formery PIN Sweden AB, same company)
Gamlestadsvägen 1
415 02 Göteborg
Sweden
Twilio Inc. (Sendgrid)
375 Beale Street, Suite 300
San Fransisco, CA 94105
USA
US-based data centers are located in Herndon, Las Vegas and Chicago.
Microsoft AB
Regeringsgatan 25
111 53 Stockholm
Sweden
Freshworks, Inc.
2950 S.Delaware Street
Suite 201
San Mateo
CA 94403
USA
The Rocket Science Group, LLC (Mailchimp)
675 Ponce de Leon Ave NE
Suite 5000
Atlanta
GA 30308
USA
If you require help with your agreement, we recommend you to find an expert. If you haven't signed your GDPR agreement with us yet, contact us!
Do you want to know more about us? No problem, there are several ways to get in touch with us.
Contact us