Consent for processing data doesn’t last forever. A diner's personal information is retained for the purposes of making a booking and, if diners opt in, marketing. In the case of making a booking, it can only be used for a limited time, so restaurants must ensure they have a retention period in place.
Below, we have answered your FAQs which are also available on our Data Retention video - click here to view video
What is a retention period?
Under the GDPR, restaurants need to have a retention period for how long they keep customer data. They will need to:
Decide how long they will hold on to customer data.
Securely delete, or anonymise, personal information outwith the retention period.
ResDiary is providing restaurants with the functionality to set their own customer retention period and delivering the functionality to automatically anonymise customer data after the period expires.
How do you set the retention period?
Click ‘promote’ and from the ‘customer contact’ section, click ‘privacy settings’. Here, there are several options related to protecting your customers' data.
At the bottom, ‘customer data retention settings’ lets you set the length of time customers’ personal data is kept before it is anonymised. Set the number of months (eg. 18 months) in the text field.
Because you have made changes to your privacy settings, this will have to be reflected in your Terms & Conditions.
Find the Terms & Conditions you want to make changes to.
Click ‘edit’, and you can now make your changes in the ‘text’ field.
Things to consider
The GDPR states that personal data “may only be kept in a form that permits identification of the individual for no longer than is necessary for the purposes for which it was processed”. Therefore, a restaurant can choose to set their own retention period. With this feature, restaurants will need to decide their policy for how long they want to keep personal data. They will need to justify their reasoning, however long their data retention period.
So, if a customer has not interacted with a restaurant group within “x months” (length of time decided by the restaurant) and have no planned future interactions (like a future reservation) then their customer record will be automatically anonymised by the system. Interactions can include:
Bookings or visits.
If the customer record is in line with the above, then it will be anonymised.
The following details will be cleared:
Personal details such as email, phone number, address, marketing opt-in preferences, customer codes and comments
Credit card details (if applicable).
Avios membership number (if applicable).
Link to portal user account (if applicable), the customer can delete their own portal account.
Customer interests (if applicable).
Pre-order guest details and history in case the customer was a guest in a booking that had a pre-order.
Contact details in vouchers
Although the data will be anonymised, you don’t want to lose information that may be useful for future reporting or forecasting. Therefore the following data will be retained:
Function enquiry data