Customer Contact - Privacy Settings
Consent for processing data doesn’t last forever. A diner's personal information is retained for the purposes of making a booking and if diners opt-in to marketing. In the case of making a booking, it can only be used for a limited time, so restaurants must ensure they have a retention period in place.
Below, we have answered your FAQs which are also available on our data retention video - click here to view video
What is a retention period?
Under the GDPR, restaurants need to have a retention period for how long they keep customer data. They will need to:
Decide how long they will hold on to customer data.
Securely delete or anonymise personal information when the retention period ends.
There is no set time that a business is allowed to retain customer data. Businesses should only retain personal data for as long as is necessary and must document how long they intend to retain data in their Privay Notice/Policy.
Privacy Notice/Policy
A Privacy Notice/Policy is a legal statement that specifies how a business processes the personal data it collects. You can find a sample Privacy Notice/Policy here.
Customer Contact - Privacy Settings
Go to promote - Customer Contact - Privacy Settings:
At the bottom, ‘customer data retention settings’ lets you set the length of time customers’ personal data is kept before it is anonymised. Set the number of months (eg. 24 months) in the text field then press save.
Please Note: As soon as you have added the length of time you want to keep customers’ personal data before it is anonymised, it starts working straight away and we can NOT revert it.
If you have multiple diaries in a group, the same retention period will be applied to ALL venues within the group. The retention period is a group setting.
Once the data retention period is saved the system will work on anonymising profiles that have not interacted with the system within the data retention period. If you look at a past date where there are bookings for customers whose profiles are now anonymised, they will show as 'Customer Deleted'.
Please note, the data update job runs constantly in the background of the system in a queue-based format.
The diary may take up to 24 hours to anonymise all of the relevant data and for this to be visible in your diary.
How to change your Terms & Conditions/Privacy Notice/Policy?
Because you have made changes to your privacy settings, this will have to be reflected in your Terms & Conditions.
To update your T&Cs go to settings - Reservations - Terms & Conditions/Privacy Notice/Policy
There are 4 drop down options when you click create new:
Widget and Dish Cult (Booking) - T&Cs added here will be seen by your customers when making a reservation online and they will need to agree to these in order to make a reservation.
Vouchers - T&Cs added here will be seen during the online voucher purchase flow. These too will need to be agreed to by the customer when purchasing a voucher.
Our terms and conditions - These will sync to your customer-facing booking confirmation emails that get sent to customers once they make a booking.
Custom - these are not visible anywhere, and are just a place for you to have policies on file internally.
- Click ‘create new’ - choose the drop down of your choosing - add in your text - save.
- Move to the second tab called ''privacy policy'' to enter your privacy policy - add text - save.
Please view a video walk through below:
Things to consider
The GDPR states that personal data “may only be kept in a form that permits identification of the individual for no longer than is necessary for the purposes for which it was processed”. Therefore, a restaurant can choose to set its own retention period. With this feature, restaurants will need to decide their policy for how long they want to keep personal data. They will need to justify their reasoning, however long their data retention period. So, if a customer has not interacted with a restaurant group within “x months” (length of time decided by the restaurant) and has no planned future interactions (like a future reservation) then their customer record will be automatically anonymised by the system. Interactions can include:
- Bookings or visits.
- Gift vouchers.
- Function enquiries.
- Customer registration.
- Pre-orders.
If the customer record is in line with the above, then it will be anonymised.
The following details will be cleared:
- Personal details such as email, phone number, address, marketing opt-in preferences, customer codes and comments
- Credit card details (if applicable).
- Avios membership number (if applicable).
- Link to the portal user account (if applicable), the customer can delete their own portal account.
- Customer interests (if applicable).
- Pre-order guest details and history in case the customer was a guest in a booking that had a pre-order.
- Contact details in vouchers
Remaining data:
Although the data will be anonymised, you don’t want to lose information that may be useful for future reporting or forecasting. Therefore the following data will be retained:
- Booking data
- Pre-order data
- Function enquiry data
- Voucher data
- Reviews (anonymised)
Groups:
If you have more than one diary that is part of the same group central reservations then whatever you set your retention period to be on one diary it will change and be the same for ALL diaries. The retention period can NOT be different for each diary. See video below: