Skip to content
English
HiJiffy.com
  • There are no suggestions because the search field is empty.

Reassuring your guests about GDPR

Honest talking points and ready-to-use templates you can send today.

Sometimes a guest asks whether your communications are GDPR-compliant, or your team needs something clear to share. This article gives you accurate points and ready-to-use text, written to be honest and defensible, which is exactly what holds up if a guest, or a regulator, ever asks.

What you can confidently tell guests

  • Your hotel decides what's sent and why. HiJiffy is a GDPR-compliant provider that acts only on your instructions and never uses guest data for its own purposes.
  • Core data is hosted in the EU, encrypted in transit (TLS 1.2+) and at rest (AES-256), with strict access controls and annual independent penetration testing.
  • Guests are told when they're chatting with an AI, and no sensitive data is needed to use it.
  • Guests can opt out at any time, and opt-outs are honoured.
  • Guests can access or delete their data by contacting your hotel.

A word on "do we even need marketing consent?"

It's tempting to tell a guest "this is an approved campaign, no opt-in needed." Be careful, that's only true for transactional messages tied to the booking. For promotional messages, and especially over WhatsApp or SMS, an opt-in is generally required (see "When can you message guests?"). The best way to reassure a guest is to point to your privacy practices and easy opt-out, not to claim marketing never needs consent. That's both more honest and far safer if a complaint ever reaches a regulator.

Template A — short reassurance to a guest

"Thanks for reaching out. We take your privacy seriously. Our guest messaging is powered by HiJiffy, a GDPR-compliant provider that stores data securely within the EU and uses it only on our instructions. You're always told when you're speaking with our AI assistant, and you can opt out of communications, or ask to access or delete your data, at any time by contacting us at [privacy contact]. There's more in our privacy policy: [link]."

Template B — longer note (e.g., if a guest mentions raising a concern)

"We understand your concern and want to be completely transparent about how we handle your data.

We are responsible for your personal data. We use HiJiffy, a specialist hospitality provider, to run our guest messaging. HiJiffy acts strictly as our processor under a GDPR Data Processing Agreement, it doesn't use your data for its own purposes and doesn't sell it.

Your data is hosted in the European Union, encrypted in transit and at rest, and protected by access controls and regular independent security testing. Transactional messages (such as booking confirmations and check-in details) are sent to fulfil your reservation. Any promotional messages are sent only where we have a proper basis to do so, and you can withdraw consent or opt out at any time.

To access, correct or delete your data, contact us at [privacy contact] and we'll handle it in line with the GDPR. If you'd like, we can confirm in writing that your opt-out has been registered."

These templates are starting points, not legal advice. Adapt them to your country and have your legal team review before wider use.