Consent for processing data doesn’t last forever. A diner's personal information is retained for the purposes of making a booking and, if diners opt in, marketing. In the case of making a booking, it can only be used for a limited time, so restaurants must ensure they have a retention period in place. 

Below, we have answered your FAQs which are also available on our Data Retention video - click here to view video


What is a retention period?

Under the GDPR, restaurants need to have a retention period for how long they keep customer data. They will need to:

  • Decide how long they will hold on to customer data. 

  • Securely delete, or anonymise, personal information outwith the retention period. 

There is no set time that a business is allowed to retain customer data however organisations must document how long they intend to retain customer data in their privacy policy.

Privacy Policy

A Privacy Policy is a legal statement that specifies what the business owner does with the personal data collected from users, along with how the data is processed and for what purposes. You can find GDPR resources relating to ResDiary here, where you can also find an example restaurant standard Privacy Policy.

How do you set the retention period? 

  • Go to Promote > Customer Contact > Privacy Settings

  • At the bottom, ‘customer data retention settings’ lets you set the length of time customers’ personal data is kept before it is anonymised. Set the number of months (eg. 24 months) in the text field. 

  • Click ‘save’.

  • Once the data retention period is saved the system will work on anonymising profiles that have not interacted with the system within the data retention period. If you look at a past date where there are bookings for customer who's profiles are now anonymised, they will show as 'Customer Deleted'. 

Please note, the data update job runs constantly in the background of the system in a queue based format. 

The diary may take up to 24 hours to anonymise all of the relevant data and for this to be visible in your diary.


How to change your Terms & Conditions/Privacy policy?

Because you have made changes to your privacy settings, this will have to be reflected in your Terms & Conditions.

  • In your diary, click ‘settings’ and from the reservations section click ‘Terms & Conditions/Privacy Policy’.

  • Find the Terms & Conditions you want to make changes to.

  • Click ‘edit’, and you can now make your changes in the ‘text’ field.

  • Remember you will need to update your Terms & Conditions and Privacy Policy wherever they appear; email, your website, or third party sites

Things to consider

The GDPR states that personal data “may only be kept in a form that permits identification of the individual for no longer than is necessary for the purposes for which it was processed”. Therefore, a restaurant can choose to set their own retention period. With this feature, restaurants will need to decide their policy for how long they want to keep personal data. They will need to justify their reasoning, however long their data retention period.

So, if a customer has not interacted with a restaurant group within “x months” (length of time decided by the restaurant) and have no planned future interactions (like a future reservation) then their customer record will be automatically anonymised by the system. Interactions can include:

  • Bookings or visits.

  • Gift vouchers.

  • Function enquiries. 

  • Customer registration.

  • Pre-orders. 


If the customer record is in line with the above, then it will be anonymised. 

The following details will be cleared:

  • Personal details such as email, phone number, address, marketing opt-in preferences, customer codes and comments

  • Credit card details (if applicable).

  • Avios membership number (if applicable).

  • Link to portal user account (if applicable), the customer can delete their own portal account.

  • Customer interests (if applicable).

  • Pre-order guest details and history in case the customer was a guest in a booking that had a pre-order.

  • Contact details in vouchers

Remaining data:

Although the data will be anonymised, you don’t want to lose information that may be useful for future reporting or forecasting. Therefore the following data will be retained:  

  • Booking data

  • Pre-order data

  • Function enquiry data

  • Voucher data

  • Reviews (anonymised)