Press enter to search, esc to close
This is a question all businesses using an app to facilitate bookings or customer orders should be asking. Most apps offer services such as booking tables or seats, ordering and paying for food and drinks, facilitating upselling and even providing instant messaging between customers and the serving staff - all of which require the collection of customer details. Therefore, as attractive as those features may be, it remains important for businesses to consider whether their apps are offering them and their customers adequate legal protection.
Many venues are still using technology developed and deployed during the earlier part of the pandemic (when the obligation fell on hospitality to collect information about its customers) to fulfil orders and provide table service, but in the process are now collecting unnecessary information.
While a customer might expect to provide basic details, such as a name, address, email address and phone number, some apps are also collecting data on the type of device being used, its IP address, location data, marital status, date of birth and gender, along with payment information which is being processed by third-party payment providers. Some apps can even read, modify and delete the contents of a device’s USB storage, as well as take photos and videos.
It is essential that a business:
Businesses should also:
Now, as we all start to settle into these new ways of operating, is a good time to review your apps and booking systems to make sure you are only collecting information that’s truly necessary for your purposes and are providing sufficient data protection information to remain compliant with data protection law.
Up to now it has been highly unlikely that the ICO would consider taking enforcement action - as long as businesses have taken reasonable steps to ensure GDPR compliance – given the initial wait for government guidance and subsequent frequent changes to regulations. However, as time goes on, businesses that don’t make substantial efforts to ensure compliance may face hefty fines and are certainly likely to face customer criticism if they’re seen to be over-collecting or misusing personal data.
21 June 2021