Is UpsellGuru GDPR compliant?

Yes, UpsellGuru is GDPR compliant. UpsellGuru is a data processor for hotel companies and hotel companies are the data controllers who control the transfer to UpsellGuru for processing. UpsellGuru processes guests’ personal data as defined by GDPR.

Can UpsellGuru send offer emails directly to guests without consent?

Yes. The hotel has the authority to contact the customer under ‘soft opt-in’ principles, which means that UpsellGuru emails as viewed as transactional and not marketing emails. UpsellGuru is simply acting as an agent of the hotel by sending these transactional emails.

What does “Transactional email” & “Legitimate interest” mean?

The guest email was obtained from a reservation with the hotel company, the email relates to similar products and services, and the guest is an existing customer. An email to a guest to personalize their experience during their stay is considered as part of the hotel stay and falls under “Legitimate interest” which can be sent without consent.

Is there an GDPR Data Processing Addendum?

Yes, if you have not signed our GDPR Data Processing Addendum yet, please contact your account manager to request one.

Is there anything else the hotel company must do?

We would suggest updating your Privacy Policy on your website and make sure it informs your users how you process their personal data and for which purposes.

Suggestion:

We may share your personal data with third parties offering services to us. These third-party companies act as a data processor of your personal data on behalf of us:

UpsellGuru GmbH: We may use their services to email you specific services and upgrades that relate to your stay with us.

We require all third party service providers to respect the security of your personal data, to treat it in accordance with the law and to process your personal data only in accordance with our instructions.