OPENTABLE FOR RESTAURANTS
How to get ready for GDPR
GDPR is a new European law coming into effect May 25, 2018, protecting the rights and freedoms of EU individuals with respect to their personal data.
DOES IT APPLY TO MY RESTAURANT?
If your restaurant is established in the EU/UK, yes it does. If your restaurant is not established in the EU/UK, then it only applies with respect to diners and prospective diners who are residents of the EU/UK.
WHAT DATA DOES IT COVER?
Personal data of EU individuals. Personal data is data that can be linked to an identified or identifiable person. It includes direct identifiers (e.g., name and email) and indirect identifiers if they can be used to identify a person (e.g., IP address and online identifiers).
WHAT TYPES OF PROCESSING DOES IT COVER?
All types, whether or not automated, such as the access, collection, storage, retrieval, use, disclosure or erasure of personal data.
DOES IT COVER CITIZENS OF THE UNITED KINDGOM?
Yes, the UK will still be a part of the EU when GDPR comes into effect and the UK government has stated that it will comply with the GDPR and that such compliance will not be affected by Brexit.
**DOES GDPR REQUIRE CONSENT TO PROCESS PERSONAL DATA, INDUCING EMAIL? **
No, consent is only one of the legal bases for processing data. For example, data can also be processed: – To fulfill a contract with that person – Sometimes for “legitimate interests,” such as for marketing and commercial objectives (these legitimate interests must, however, outweigh detriment to the privacy of that person) – When there is a legal obligation to do so
Rights and responsibilities for data processing under GDPR depend on whether your business is a data controller or data processor.
AT A HIGH LEVEL
The controller uses the data for its own business purposes. The controller determines the purposes and means of processing personal data. The processor performs data processing services for the controller. Here is how it applies to your restaurant’s use of OpenTable’s products:
YOUR OPENTABLE GUESTBOOK
Your restaurant is the controller of personal data in your OpenTable Guestbook. This data includes both online reservation data and data that you input into your OpenTable guestbook, such as your phone-in reservations, guest notes and tags.
OpenTable is the processor of personal data in your OpenTable Guestbook. As such, OpenTable processes this data in your OpenTable guestbook on behalf of your restaurant by powering the product. Your guestbook may live in any of our restaurant products, such as GuestCenter, OpenTable Connect, Electronic Reservation Book (ERB) or ResPAK.
OPENTABLE’S CONSUMER PRODUCTS
To help your restaurant prepare for GDPR, OpenTable will be updating our EU/UK online restaurant contracts. If you do not have an online contract, we will make this update available to you as an addendum to your current contract.
OpenTable will also be maintaining certain records of our data processing as required by GDPR. As the processor of personal data in your restaurant’s OpenTable guestbook, OpenTable’s records will include your restaurant’s contact information, together with your Data Protection Officer and local representative, if you have one. We will be reaching out to your restaurant for any updates to this information prior to GDPR. You may also submit this information to your OpenTable Account Manager.
EU diners have certain personal rights under GDPR, including the right to erasure. OpenTable is putting in place new processes and procedures to respond to these requests.
If OpenTable receives a request for erasure from a diner who booked a reservation at your restaurant through OpenTable, we will:
If a diner submits a request for erasure directly to your restaurant, OpenTable, as your data processor, is also here to help you upon your request with respect to your OpenTable guestbook.