Our general terms and conditions cover all fundamental aspects of GDPR, in relation between you and Sirvoy, for example Sirvoy acting as Processor of the data, on behalf of you as the owner of the Sirvoy account, the Controller. However you still might prefer to sign a supplemental Data Processing Agreement (DPA) in order to prove your GDPR compliance.
Please contact Sirvoy Support to obtain the DPA, then sign and return a scanned copy to firstname.lastname@example.org.
Note: Please notice that while the above T & C and DPA covers GDPR in relation between Sirvoy and you, you probably need more “Consent Agreements”, “DPA:s” and “Confidentiality Agreements”, in your turn, between you as hotel and employees, travel agents or third party services that may handle data on your behalf, or having access to a user account on your Sirvoy account. Some kind of GDPR agreement may be neccesary in cases like that.
You as hotel are also responsible to determine to what extent you want to collect consent from your guests to handle their personal data, this do not fall within Sirvoys responsibility, (see article about “Obtaining Consent for Processing Personal Data (GDPR)”). This as you are acting as the processor of data on the behalf of the guests and need their consent as the controllers of data.