Protecting your data and securing your system is a top priority for us. Our team is committed to reviewing security strategies and policies to ensure that your data is secure and that our processes comply with regulatory obligations. Please read this document to understand our policies and practices regarding your information and how we treat it. By accessing or using our ResRequest websites, our API and our services, you agree to this Privacy Policy. This Privacy Policy may change from time to time, so please check this document periodically for updates. Your continued use of our products or the ResRequest services after we make changes is deemed to be acceptance of those changes.
Our approach to data protection
Who we are
ResRequest provides a hosted Business Management software application that caters for Central Reservation, Property Management, Customer Relationship, Financial Management and Online Bookings. Our customer’s system is provided as a hosted solution, with the option to install at client-specified offline locations, which are logistically managed by our customer. Our customers capture and maintain their own data into their system. Our customers can opt to integrate their data to third party systems such as Point-Of-Sale or Financial Accounting systems. In addition to our application and connection services, our customers can make use of our training, data capture and consulting services.
To provide these services, we must process your personal data and, from time to time, collect and use your personal data in order to make contact with you related to our support, training and maintenance services. Our data policy practices are laid out in this document. Use of our products and services is based on acceptance of our terms of use and privacy policies.
Our team
Our management team are collectively involved in determining our security, terms of use and privacy policies for our software, services, network security and operational tools. Our team’s responsibilities include maintaining the company’s security systems, developing security review processes, building security infrastructure, and implementing our security policies. Our teams research, attend conference and webinars to shape our product and web services to help our customers meet their compliance needs.
ResRequest’s interview procedure is a rigorous selection process. Our new staffer induction includes training and awareness of our security policies and regular notices are released in our internal communication and via our management team.
Our team are provided safe and secure methods to perform their operational responsibilities, while keeping our customers systems and data safe. Our staff are required to review safety protocols and implement secure processes in accordance with our signed NDA which protects customer data from being distributed. Staff are required to install antivirus software and resinstall terminals after any suspicious activity. We have a technical support team available to our staff to assist them in implementing and maintaining security standards on their workstations.
Who our clients are
Our customers are hotel owners and travel agents. Our users include our customers and additional users who are enquiring about or booking accommodation in our customer’s ResRequest system. Our software gives our customers the ability to collect information about their clients. We do not own or manage our customers bookings, we provide the software platform for our customers to process bookings and manage related business functions.
Our software enables our customers to store personal information at different points during the relationship build and booking transaction, including: when making a booking, when travelling to our customers hotels / establishments / activity areas, when preparing invoices and when meeting at different sales points. We do not have control over our customers policies regarding data collection and we recommend that you review the privacy policy for the establishment you work with. We do offer customers advice and manage data processing as detailed in this privacy policy.
Protection of our customer data
Offline server protection
We assist with the setup of licensed copies of ResRequest on an offline server owned and hosted by our customer. We do not accept responsibility for data breaches at the offline environment as we have no control of the server and server access at these locations. We recommend that customers seek assistance from security specialists to maintain secure infrastructures and processes at these offline locations.
Our subscriber policy
During our implementation we sign up users to our subscription services. We also take directives from the system administrator such as adding their users to our subscriber list.
We want our customers to feel like they’re receiving information that gives their business great value. To do this, each mailer includes an article that will promote better business practises or inform users about learning opportunities and new features. Email addresses and personal data that individuals consent to provide us with, is only used for contacting the individual with business related information. We do not port private information to other data collectors.
Should an individual wish to no longer receive this correspondence, they can unsubscribe at any time.
Our web services
ResRequest has a dedicated SAAS team. We host servers with recognised service providers. Our SAAS and development teams are constantly monitoring online platforms to ensure that our services are running security upgrades and to detect security breaches. This team is tasked with determining the companies defence systems and security, building the security infrastructure and implementing our web server security policies.
Our team also meet regularly with our senior development strategist and external consultant specialist to source ideas, discuss strategies and review any gaps in our security processes.
Incident notifications
We will continue to promptly inform you of incidents involving your customer data. Please follow our Technical Twitter Support feed which is used to publish and provide updates of any incidents.
Incident notifications may also be sent by email, telephone, Skype or WhatsApp to you directly when / if they are directly relevant to you or your data.
Customer responsible usage
We ask our customers to implement secure and transparent data protection policies that meet data protection regulatory obligations. Should customers be in breach of this and be deemed to use personal data unlawfully, we reserve the right to suspend their license with immediate effect.
Data legislation
Does data protection legislation involve you?
Yes, ResRequest is the processor of data and you are a collector of data. As a data collector you are required to be compliant in respect of data protection acts such as the GDPR, which governs data collection on EU citizens and POPIA (pending data protection on RSA citizens) and others.
Implementing data protection strategies ensures that your business partners and customers feel comfortable doing business with you. It is important to understand the requirements of the GDPR and put policies and procedures in place that adhere to these data protection acts. Using search engines like Google and Bing, will point you to information about GDPR and legal teams / compliance companies that will ensure you are able to comply with global data protection standards.
What can you do?
If you work with international guests and partners you’ll need to store their data which means you need to understand and have strategies in place to comply with international data protection regulations. Here are some guidelines that can help you with compliance:
1.Understand the global market you work with and find out the specifics of the respective data protection acts, e.g. working with EU citizens requires referencing to the GDPR. When you review these regulations, consider if / how they differ from your current data protection strategies. A few practical examples of areas to review include:
1.1. Review how you seek, record, manage consent and whether you need to make any changes to that process. There may be many areas in your business to review, making an inventory list of those areas is a good idea.
1.2. Review your consent form, you will need to explain your lawful purpose for collecting the information you are asking guests for at sign in, e.g. regulatory information for medical emergencies.
1.3. Check your procedures to ensure they cover all the rights that individuals have, including how you would delete personal data or provide data electronically and in a commonly used format. The GDPR includes the following rights for individuals:
– the right to be informed
– the right of access
– the right to rectification
– the right to erasure
– the right to restrict processing
– the right to data portability
– the right to object
– the right not to be subject to automated decision-making including profiling.
1.4. Consider how you will manage the right of erasure especially considering the lawful basis of this such as a contact being linked to a valid invoice.
1.5. Consider how you will present profile data to the contact should they request right of access.
2. Consider the areas you curate and store personal data. Review your policies and processes in each of these areas.
3. Check for regular updates to regulatory information and review any gaps in your current processes.
4. Consult a lawyer or a qualified Data Protection Consultant to obtain data protection advice applicable to your business.
Our assistance to customers
Should you require any guidance or clarification from our team, our management and supervisory team are available to explain our best practise. Contact them direct or via our support team.
Should you wish to report an incident to us, you can email our management team on support@resrequest.com. Over weekends and South African public holidays please contact the emergency phone numbers included in your auto reply received after initiating an email to our call centre. Please read our Terms of Use for more information on our service offerings.
Privacy policy last updated: 4 June 2018