Consent for processing data doesn’t last forever. A diner's personal information is retained for the purposes of making a booking and, if diners opt in, marketing. In the case of making a booking, it can only be used for a limited time, so restaurants must ensure they have a retention period in place.
Below, we have answered your FAQs which are also available on our Data Retention video - click here to view video
What is a retention period?
Under the GDPR, restaurants need to have a retention period for how long they keep customer data. They will need to:
Decide how long they will hold on to customer data.
Securely delete, or anonymise, personal information outwith the retention period.
How do you set the retention period?
Go to Promote > Customer Contact > Privacy Settings
At the bottom, ‘customer data retention settings’ lets you set the length of time customers’ personal data is kept before it is anonymised. Set the number of months (eg. 24 months) in the text field.
Once the data retention period is saved the system will work on anonymising profiles that have not interacted with the system within the data retention period. If you look at a past date where there are bookings for customer who's profiles are now anonymised, they will show as 'Customer Deleted'.
Please note, the data update job runs constantly in the background of the system in a queue based format.
The diary may take up to 24 hours to anonymise all of the relevant data and for this to be visible in your diary.
Because you have made changes to your privacy settings, this will have to be reflected in your Terms & Conditions.
Find the Terms & Conditions you want to make changes to.
Click ‘edit’, and you can now make your changes in the ‘text’ field.
Things to consider
The GDPR states that personal data “may only be kept in a form that permits identification of the individual for no longer than is necessary for the purposes for which it was processed”. Therefore, a restaurant can choose to set their own retention period. With this feature, restaurants will need to decide their policy for how long they want to keep personal data. They will need to justify their reasoning, however long their data retention period.
So, if a customer has not interacted with a restaurant group within “x months” (length of time decided by the restaurant) and have no planned future interactions (like a future reservation) then their customer record will be automatically anonymised by the system. Interactions can include:
Bookings or visits.
If the customer record is in line with the above, then it will be anonymised.
The following details will be cleared:
Personal details such as email, phone number, address, marketing opt-in preferences, customer codes and comments
Credit card details (if applicable).
Avios membership number (if applicable).
Link to portal user account (if applicable), the customer can delete their own portal account.
Customer interests (if applicable).
Pre-order guest details and history in case the customer was a guest in a booking that had a pre-order.
Contact details in vouchers
Although the data will be anonymised, you don’t want to lose information that may be useful for future reporting or forecasting. Therefore the following data will be retained:
Function enquiry data