ResDiary has made improvements to the software to provide tools for restaurants to manage their obligations under GDPR, the questions below relate specifically to the storage limitation principle which states that you must:
- Not keep personal data longer than is necessary
- Be able to justify how long data is kept for
- Periodically review data and delete or anonymise data that is no longer required
What is a ‘Retention Policy’?
A customer retention policy is the time period set for how long customer data is held. At the end of the time period set, customer data which is no longer required is anonymised. A more detailed explanation of the legislation on retention can be found in the article here on storage limitation.
Where do I set the retention policy for my venue or group venues?
You can configure your retention period via Promote > Privacy Settings.
Please note, the data update job runs constantly in the background of the system in a queue based format.
The diary may take up to 24 hours to anonymise all of the relevant data and for this to be visible in your diary.
NOTE: As soon as you have added the length of time you want to keep customers’ personal data before it is anonymised, it starts working straight away and we can NOT revert it.
If you have multiple diaries in a group, the same retention period will be applied to ALL venues within the group. The retention period is a group setting.
How long should I set my retention policy
Effectively, it is up to you to choose an appropriate time period for your policy but can seek further information via articles such as the one below from The Information Commissioner's Office;
If I do not set a retention period, will the diary implement a default?
Where no retention period is set, the diary does not automatically delete any customer’s personal data within a venue or venue group at all.
I have a group of venues, do I need to configure my retention policy for each venue individually?
For venue groups, a single setting for retention policy can be configured and will apply across all venues. The retention period can NOT be different for each diary. See further information on this here
How do I delete a customer manually?
By going to 'Reports' > 'Customer List' and searching for a customer and continuing to select the 'Edit' button you can choose to delete a customer. You can also bulk action customers from the customer list and choose to ‘Delete’ from the drop down.
What happens to customers deleted who have future bookings?
There are rules are in place to determine if a customer record can be deleted which require that there are no:
- Future bookings
- Future event enquiries
- Active vouchers
If any of the above are present then the bookings/enquiries/vouchers will need to be cancelled before the customer record can be deleted.
How long do I have to respond to a customer request for deletion?
If a customer requests to be deleted from a restaurants customer database, then under the GDPR regulations a venue has one month to respond to the request (right to erasure).
Do we have a record of when customers were deleted?
When the process of deletion is initiated, the customer will remain in the customer list for a fixed period of 7 days. The date of deletion will be recorded against the booking and within the ‘View Customer' the following information will display;
- Deleted on: {DATE OF DELETION}
- Deleted by: {USER or SYSTEM}
What if I delete someone accidentally?
You can search the customer list for any customers deleted and if the deletion was initiated within the past 7 days the option to ‘Restore’ the customer will be available.
What happens once the 7 day 'cooling off' period is over?
For customers scheduled to be deleted, after 7 days, their profile will be removed from your database entirely and their personal information anonymized. This includes;
- All personal details such as email, phone number, address, marketing opt-in preferences, customer codes and comments
- Credit card details
- Customer interests
- Reviews submitted
- pre-order guest details and history in case the customer was a guest in a booking that had a pre-order
- contact details in vouchers
Please be aware that although the profile is removed from the system i.e. anonymised, all diary data associated with the customer will remain, this includes;
- Booking data
- Pre-order data
- Event enquiry data
- Voucher data
If I choose to carry a database merge, will it affect any anonymised data?
As a deleted customer profile will no longer exist it is therefore is not going to be factored into the merge function.
Does the person get an email?
No email is delivered to the customer at any stage of deletion.
Are data deletion and marketing opt-ins separate?
The marketing function relies on customer profile data to compile marketing lists, where this data has been deleted, it will not function, regardless if a deleted customer was once opted into a venue.
What does deleted data look like on the diary?
The deleted data will show the booking on the diary as normal with 'Customer deleted'
Are changes to the data retention policy recorded in the audit report?
Any changes to the retention policy are recorded in the *'Setup Changes Audit'* and detail the date, user and the settings previous and new value in months.
What happens when I change the retention policy time period?
Retention policy period changes will take effect immediately and the new value set in months will apply upon updating.
Does every single time I make a booking count as a new countdown?
If the customer has not interacted with the diary (see definition below) within the retention policy time period, the retention policy will anonymie the profile. Any new interaction with the diary will begin the retention policy again.
ⓘ Interaction
If a customer has not interacted with a restaurant group within a configurable time period then their customer record will be automatically anonymised by the system.
The following rules are in place to determine if a customer record should be anonymised based on no interaction in any of the following means:
- Has not visited any restaurant in the group within the retention period and does not have any future bookings.
- Has no vouchers for any restaurant in the group which have expired within the retention period and does not have any vouchers due to expire in the future.
- Has not had a function enquiry at any restaurant in the group within the retention period and does not have any future function enquiries.
- Has not had any interaction with the restaurant group since they were registered and their registration date is not within the retention period.