According to regulations in the European Union, you must obtain consent to process a person’s personal data.
(The following information is not intended as legal advice.)
This is the definition of consent according to the GDPR (General Data Protection Regulation):
“Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”.
Bookings can be received in different ways – through your website, email, phone, etc. Based on the above definition, it could be argued that when a guest contacts your property to make a booking, and states his or her personal data to be registered in that booking, that is a “clear affirmative action”. There is no need to explicitly ask for permission to process the personal data for the purpose of that booking.
For bookings made online through the Sirvoy booking engine, you might still want to clearly obtain the guest’s consent. You can do that by activating the “terms & conditions” checkbox feature. Or you can create a “custom field” in the booking engine, a checkbox with your own customized text, for example “I hereby give my consent to the processing of my personal data for the purpose of this booking”.
However, it’s important to remember that the GDPR limits the processing of personal data to the original purpose. For example, if you plan on sending marketing emails to your guests, you will have to obtain their consent to process personal data for that specific purpose.