Anonymize guest data and handle guests' Personally Identifiable Information (PII)

Cloudbeds PMS allows to anonymize (remove) or extract your Guest Data in the system, according  to GDPR compliance.

This article explains shows the step-by-step process to anonymize or extract guest data and also to view and handle your guests' Personally Identifiable Information (PII).

Anonymize (remove) or extract guest data

Before getting started:

Make sure to enable the GDPR Compliance Functionality in your Cloudbeds PMS by accessing the General System Settings, clicking to Enable the GDPR Compliance Functionality in the Miscellaneous Preferences and saving your changes.

Anonymize (remove) guest data

Anonymizing guest data will remove all personally identifiable information for this guest from the system.  Learn more about the Guest Profile and the Guest Data to be anonymized or extracted here.  

  • This action can not be undone.
  • The Anonymize Guest Data button will be active only if:
    • Guest has no In-House, Confirmation Pending, or Confirmed reservations
    • Balance Due is 0
    • Guest has not been previously anonymized
  • Invoices won't be modified or removed
  1. Go to the Main menu and click on Guests
  2. Click on the corresponding guest's name. You can also use the search bar to look for the guest which data will be extracted
  3. In the guest profile, click on the Privacy Actions drop-down menu and select Anonymize Guest Data.
  1. Confirm the action to anonymize the guest data
  2. The guest data (name, last name, email address, etc) will appear as Anonymized in the Guest Profile
Extract guest data

The Guest Data Extraction button creates and downloads an XML file (similar to Reservation Export) that includes the guest details. Learn more about the Guest Profile and the Guest Data to be extracted or anonymized here.  

At the moment only XML format is available to extract and save the Guest Data.

  1. Access the Guests tab, and click on the corresponding guest's name. You can also use the search bar to look for the guest which data will be extracted
  2. In the guest profile, click on the Privacy Actions drop-down menu and select Guest Data Extraction. The guest data will be automatically downloaded to your computer in xml format.

Guests' Sensitive Personally Identifiable Information (PII)

Overview

Personally identifiable information (PII), or sensitive personal information, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. 

Personally Identifiable guest data (PII)
Integrations Data
Document number
Tax ID
Company tax ID
Custom fields with PII (if GDPR is enabled)
API Client ID on the API Credentials page
Access tokens on the API Credentials page
Client secret on the API Credentials page
Tax identification number for Czech Gov Integration
FACT API key field for Portuguese Government integration
Add PII data

All Cloudbeds PMS users can add PII to the new reservation on the Guest Details page:

Learn more about the Guest Tab.

View and edit PII data

By default, all users have permission to view and edit PII data, but this it can be limited on Roles page by Property Owner (see section How to limit permission to edit or view PII data below).

To view PII the user needs to click the eye icon next to the field. Each time the user clicks eye icon it will be noted in the Activity Log:

Default view:

PII Available when clicking on the eye icon:

To access the PII permissions/privileges, go to the Roles tab, and click to Add or Edit role. Learn more in this article.

Limit permission to edit or view PII Data

The corresponding section within the Roles page that indicates what kind of access a user has to view and handle sensitive data. This data and actions that will receive permissions include:

  • Document Number
  • Tax ID
  • Company Name
  • Company Tax ID
  • Permission to print registration card
  • Custom Fields with PII (This is a feature that appears when GDPR is enabled)
  • Extract guest data (This is a feature that appears when GDPR is enabled)
  • If a user is not permitted to view sensitive data, they will not be able to modify this data in a reservation or a guest’s profile (Guest Page), regardless of whether user has permission to edit guest data generally.
  • By default, all users have permission to see this data. Users responsible for managing permissions should review all users to confirm which can view sensitive data.
Was this article helpful?
1 out of 4 found this helpful

Comments

0 comments

Please sign in to leave a comment.