![logo icon white.png]](https://help.hijiffy.com/hs-fs/hubfs/logo%20icon%20white.png?width=50&height=50&name=logo%20icon%20white.png)
Guest data requests: access and deletion
What to do when a guest asks to see or delete their data, step by step.
Your guests have rights over their personal data under the GDPR, including the right to:
- get a copy of their data (access)
- correct it (rectification)
- have it deleted (erasure, the "right to be forgotten")
- limit how it is used (restriction)
- receive it in a portable format (portability)
- object to certain processing
How a request works when you use HiJiffy
Because your property is the controller, a guest's formal request should come to you first. We then act on your confirmed instruction.
- The guest contacts your property, ideally at one published privacy address.
- You check and validate the request (identity and scope).
- You send the action to us at support@hijiffy.com.
- We carry it out and confirm within 48 hours.
Make it self-service in the assistant
Add a standing line to your central Knowledge Document so the assistant handles privacy questions the same way every time.
Example to adapt: "If a guest asks to review, access or delete their personal data, tell them to email privacy@yourproperty.com and let them know we will handle the request."
This routes requests straight to you, around the clock, without ever exposing guest data in the chat.
Template: replying to a guest's request
Example to adapt: "Thank you for your request about your personal data. We are responsible for handling it, and we have logged it today. We will respond within the time the GDPR requires. Our guest messaging is run on our behalf by HiJiffy, our technology provider, who will action any access or deletion on our instruction. If you have any questions, contact us at privacy@yourproperty.com."
Important: This is general guidance, not legal advice. As the controller, you are responsible for meeting the GDPR response deadline (usually one month) and for verifying who is asking.