Preparing for GDPR
As you know, we have been working on some changes to the system to meet all the requirements arising from the GDPR. We have combined these tasks with in-depth redesign of user profiles and registration cards, and in particular, their merging into a new feature - "Person Data". With this update, we are starting to introduce system adjustments related to the above tasks. Still these changes have no impact on the user interface – no screen or report has been changed yet. The final amendments are planned to be released at stages in the course of a few updates. Here is what will come with the next updates.
- The introduction of higher standards of personal data encryption. To provide first class data protection, we are changing the current encryption with such one that meets the highest requirements for encryption and encrypting keys. The new class of encryption complies with the strict and practice-oriented requirements of PCI DSS.
- Richer array of access rights.We have added more access rights to let you precisely determine which employees to be able to view the personal data of each guest and which ones – the lists of personal data and mass exports. In addition, we have redesigned the system, so that the reception desk staff having the lowest level of clearance to be unable to directly work with guests' personal details, but only with the anonymised (masked) ones. This way these employees will still be able to work with bookings. Here are the new rights:
- Basic access to personal data. It provides partial access to guests' personal details (anonymised ones – for more info, see below). Without it, users will only see '********' instead of the personal data. Having such a right, your employees will partially see guest details to be able to find their bookings. But it will be impossible for them to identify the guest within the meaning of the GDPR.
- Operational access to personal data. This right gives access to the personal data of each guest on the booking, profile and other screens.
- Mass access to personal data. This is the highest level of access to the screens and reports where the personal data of multiple guests or profiles can be seen, exported or copied. The GDPR pays special attention to these operations.
- Anonymisation.Partially masking or restricting the visible information of each guest on the screens and in the reports to the minimum. The guests' personal details are hidden and only accessible when having additional access rights.
- A first name initial and surname ( J Smith ).
- The first 4 letters of the email address ( jsmi******** )
- The last 4 digits of the telephone number ( ********4578 )
- Consent to marketing emails or giving information to third parties. In the creation of a booking, a new field and related text will be present in the WRS and the guest profiles to ask for the guest's permission to send them marketing emails and/or provide their data to third parties. In the Guest Mailer, we have also added an option to filter the guests who haven't consented to the receipt of marketing emails.
- Personal data retention period. Depending on your legal requirements for guest personal data retention, you can set how long after the booking checkout the personal data to be kept. In addition, for certain profiles (e.g. participants in your client loyalty programmes), you can choose to forbid the automatic data deletion.
- Personal data forgetting. Use this feature to search for and erase the personal data of a guest from bookings and profiles. This operation doesn't delete the bookings, but simply erases the personal data in them.
Improvements and changes
- Company credit cards. Now you can save credit cards or Adyen tokenized credit cards on the Company page. The added credit cards or tokens can be used for one-click payments of the company's folios similar to booking folio payments. A PCI DSS note: In contrast to the credit cards related to bookings which are automatically deleted with the bookings checkout, the company ones are kept until the cards' expiry date (if this date is 08/2018, the card is deleted on 01.09.2018).
- Export of all reports to Excel. As the existing copy/paste feature is no longer supported by most browsers, we have created a functionality to export reports to Excel. Use the 'Excel' button on the bar at the top of each report. The new feature will generate a ready-to-use Excel file and prompt you to choose a location for its saving. We hope you find the new option to be more convenient.
- Check of the room for a checked-in booking or pending room cleaning at check-in. We have added this booking check-in option to make sure that the room is clean, there is no housekeeping warning or checked-in booking in it. A pop-up message of the issue appears. In addition, if you still decide to check in a new booking before the previous one is checked out, you will need to have the Room Sharing right.
- To the Guest Ledger and Accounts Receivable, we have added a new payer type filter. This way besides seeing the data of all folios, now you will also be able to only view company folios or booking and event ones.
- A new Credit limit field on the Company screen. The field is shown in the Accounts Receivable Report when the Summary view mode used.
- To the Booking screen and the pre-authorization list, we have added a date of the pre-authorization creation and its age in days to let you easily notice when it has already expired.
- A new Groups Report. Through it, you can easily find group bookings (Event bookings), filter them by arrival, departure or stay period. Apart from bookings linked to an event, you can use other report views, too - grouped by reference number. In this case, all bookings with a reference number are visible, even if they are not linked to an event.
- Virtual Credit Cards and Channel Manager bookings. We have created a new option for the better processing of virtual credit cards. If from a certain channel (e.g. Expedia), the virtual credit cards cannot be used (tokenized, charged or pre-authorized) before the check-in date, now you can efficiently deal with such a situation. We have changed the 'Deposit auto payment' option. With the new update, it will apply to each channel separately and can differ with the various channels. This way you can enable it for certain channels, and leave it disabled for others (e.g. Expedia). In the latter case, cards will only be saved to be used after the check-in date. You can check this option on the Channel Manager settings screen. Please contact our Support Team if you need to have it changed for a given channel.
- A new Charge Transfer right. The transfer of charges among folios is no longer controlled by the 'Charges: Edit and Void' right, but by 'Charges: Transfer'. The new right has automatically been granted to all users having the 'Charges: Edit and Void' one.
- Improved performance of the analytical 'Charges Segmentation Report' and 'Booking Segmentation Report'. Now you can run analyses for longer periods.
- OOS creation and edit log. Use the detailed log to track the created and edited OOS room statuses. Access the general log through 'Settings' - 'Room' – 'Log' button. And for each individual room, use the 'Log' button on its screen.
- Passport images in Registration Cards: Now you can view them in a larger size for greater convenience.
- To each ParityRate product, we have added the option for their disabling/enabling without being necessary to delete the already existing mapping.
- A new payment type - Barter.
- We have changed the implementation of the System API access. Now the API users are created by our Support Team, as you will need to provide: username, contact email, organisation or if it is an individual developer – contact person details. All of the rest operations like generating Access Key, granting or revoking access rights can still be performed by the system users.
- New 'Booking Enquiry' endpoint (booking_offers)
- To each room endpoint, we have added info of the OOS statuses.
- The payments on the Folio screen are now sorted by date.
- The City Tax, included in the price per night was sometimes subtracted from the value of the package element instead of the price per night.
- Kiosk – despite being set to payment via an Adyen Terminal, tokenized cards were also available for payment.
- POS – The kitchen monitor beeped without being necessary
- API – The booking update (cancellation) required users to have the To-Do edit right without being actually necessary.
- The API user screen – it was impossible to copy the api key when the Mozilla Firefox browser used.
- The quick booking search did not work if the Channel Manager's inbox was opened at the same time.