Skip to content
English
  • There are no suggestions because the search field is empty.

Reassuring your guests about GDPR

Honest talking points and ready-to-use templates you can send today.

Sometimes a guest asks whether your communications are GDPR-compliant, or your team needs something clear to share. This article gives you accurate points and ready-to-use text, written to be honest and defensible, which is exactly what holds up if a guest, or a regulator, ever asks.

What you can confidently tell guests

  • You decide what is sent and why. HiJiffy is a GDPR-compliant provider that acts only on your instructions and never uses guest data for its own purposes.
  • Core data is hosted in the EU, encrypted in transit (TLS 1.2+) and at rest (AES-256), with strict access controls and annual independent penetration testing.
  • Guests are told when they are chatting with an AI, and no sensitive data is needed to use it.
  • Guests can opt out at any time, and opt-outs are honoured promptly.
  • Guests can access or delete their data by contacting you.

Important: It can be tempting to tell a guest "this is an approved campaign, no opt-in needed." That is only true for transactional messages tied to the booking. Promotional messages, especially over WhatsApp or SMS, generally need an opt-in (see "When can you message guests?"). Reassure guests by pointing to your strong privacy practices and easy opt-out, not by claiming marketing never needs consent. That is both more honest and far safer if a complaint ever reaches a regulator.

Template A: short reassurance to a guest

Example to adapt: "Thanks for reaching out. We take your privacy seriously. Our guest messaging is powered by HiJiffy, a GDPR-compliant provider that stores data securely within the EU and uses it only on our instructions. You are always told when you are speaking with our AI assistant, and you can opt out, or ask to access or delete your data, at any time by contacting us at privacy@yourproperty.com. There is more in our privacy policy."

Template B: longer note (for example, if a guest mentions raising a concern)

Example to adapt: "We understand your concern and want to be completely transparent about how we handle your data.

We are responsible for your personal data. We use HiJiffy, a specialist hospitality provider, to run our guest messaging. HiJiffy acts strictly as our processor under a GDPR Data Processing Agreement. It does not use your data for its own purposes and does not sell it.

Your data is hosted in the European Union, encrypted in transit and at rest, and protected by access controls and regular independent security testing. Transactional messages, such as booking confirmations and check-in details, are sent to fulfil your reservation. Any promotional messages are sent only where we have a proper basis to do so, and you can withdraw consent or opt out at any time.

To access, correct or delete your data, contact us at privacy@yourproperty.com and we will handle it in line with the GDPR. If you would like, we can confirm in writing that your opt-out has been registered."

Note: These templates are starting points, not legal advice. Adapt them to your country and have your legal team review before wider use.