The frequently asked questions (FAQ) on the Data Processor Agreement (DPA) for GDPR are outlined below. If you have any additional questions, please contact our Support Team. Read more about this new regulation in the main article on the GDPR.
Why do I need to sign a Data Processor Agreement?
Part of the General Data Protection Regulation (GDPR) is the Data Processor Agreement (DPA). The Data Protection Authority describes it as follows:
"If you involve other parties to process personal data for you, you must enter into a Data Processor Agreement with these organisations. This agreement rules out that the other party may process personal data for their own purposes."
What are the most important topics?
The most important topics of the Data Processor Agreement are:
- Personal data will not be not processed for any other purposes by us or by sub-processors.
- Personal data can be managed by your guests.
- Personal data will be sufficiently secured and kept secret.
- Procedures are described for a possible data breach and the possibility of an audit.
When should it be signed?
The General Data Protection Regulation (GDPR) will be enforced from 25 May 2018. However, we ask you to digitally sign the Data Processor Agreement as soon as possible, so that we can process it for you in time.
I have not received it
If you have not yet received the Data Processor Agreement, it may be that it has ended up in the 'junk email' or 'unimportant email' folder or that we have sent it to another e-mail address within your organisation. We will be happy to send it to you again, please contact Support.
My hotel is part of a hotel chain
If your hotel is part of a hotel chain:
- For a chain in where individual contracts have been signed for each hotel for the products or services of Hoteliers.com, each hotel must sign its own Data Processor Agreement with Hoteliers.com.
- For a chain where one contract for the entire chain is signed for the products or services of Hoteliers.com, only one Data Processor Agreement needs to be signed for the entire chain with Hoteliers.com.
I do not want to sign it
If you do not sign a Data Processor Agreement with Hoteliers.com, you do not comply with the GDPR legislation and fines may follow.
Other booking sites do not have this
The hotel must have signed a written Data Processor Agreement with all partners in accordance with the GDPR law. The Data Protection Authority describes it as follows:
"If you use the services of a processing, once the General Data Protection Regulation (GDPR) applies, then you and the processor are obliged to record a number of topics in a written agreement (see article 28, paragraph 3 of the GDPR)."
Can I use this agreement for other partners?
This agreement was specifically created for your partnership with Hoteliers.com. Therefore, you cannot copy this agreement one-on-one. However, you can use this agreement as inspiration for your agreement with other partners.
It is important that Hoteliers.com has no responsibility on your agreement with other parties and we recommend that you perform a check with your legal advisor or with the other partner whether the agreement is legally correct.
Do I have to set up an agreement with partners of Hoteliers.com?
Partners of Hoteliers.com that process personal data are referred to as sub-processors in the GDPR. Hoteliers.com has created a separate Data Processor Agreement with all sub-processors, in which the sub-processors state that they comply to the same standards as Hoteliers.com.
It is therefore not necessary for hotels to sign a Data Processor Agreement with partners of Hoteliers.com, unless the hotel has a direct cooperation with that party without the intervention of Hoteliers.com.
Can I create a self-made agreement?
In order to help you to comply with the GDPR, we have created up a Data Processor Agreement for you which meets all requirements set by the Data Protection Authority. This agreement ensures that you require us to process personal data safely.
The Data Processor Agreement is a standardised agreement for all hotel partners. Therefore, we cannot sign a separate agreement per hotel.
Do I comply to the GDPR if I have signed it?
Once you have signed the Data Processor Agreement with Hoteliers.com, you comply with the GDPR for your partnership with Hoteliers.com. In addition, the products and services of Hoteliers.com will become GDPR-proof before May 25, 2018.
You must ensure that your own organisation complies with the GDPR and that you conclude a Data Processor Agreement with other partners. More information can be found in main article on the GDPR, for full information we recommend consulting the website of your local Data Protection Authority.
Do Hoteliers.com products comply with the law?
All products will comply with the GDPR on 25 May 2018. Changes will be made in the coming weeks so that guests can, for example, delete their personal data from the Booking Modules. You can find the status of this in the main article on the GDPR.
My hotel is outside the EU
The GDPR applies to all companies that process personal data of EU citizens, even if the company is located outside the EU. Hotels in for example Curaçao or the United Kingdom must also comply with the GDPR and therefore sign the Data Processor Agreement.