![logo icon white.png]](https://help.hijiffy.com/hs-fs/hubfs/logo%20icon%20white.png?width=50&height=50&name=logo%20icon%20white.png)
When can you message guests? (transactional vs. marketing)
The lawful basis for transactional and marketing messages, made clear.
A question we hear a lot, often from a client's legal team, is: "What's our basis for messaging guests through HiJiffy?" The clear, defensible answer depends on what kind of message it is. Getting this right protects you and your guests.
You're the controller, so you choose the basis for each message. The guidance below reflects common GDPR practice but isn't legal advice. Confirm the details with your own legal team, as rules vary by country (e.g., national ePrivacy/PECR laws).
Two kinds of message
1. Transactional / booking-related: booking confirmations, online check-in, receipts, "room ready" alerts, pre-arrival logistics. These are usually sent on the basis of performing the contract (GDPR Art. 6(1)(b)): they're needed to deliver the reservation, so they don't normally need separate marketing consent.
2. Promotional / "stay-management": upsells, spa and F&B offers, restaurant promotions, city guides, loyalty offers. These aren't strictly needed to fulfil the booking, so they need their own basis, usually consent (Art. 6(1)(a)) or, where the law allows it, legitimate interest / "soft opt-in" for existing guests being offered similar things. The channel matters: for WhatsApp and SMS marketing, an opt-in is effectively required in practice, ePrivacy/PECR rules sit on top of the GDPR, and Meta's WhatsApp policies require opt-in for promotional templates.
Quick reference
|
Message type |
Example |
Usual basis |
Separate opt-in? |
|---|---|---|---|
|
Transactional |
Booking confirmation, check-in, receipt |
Contract |
No |
|
Operational |
"Room ready", arrival info |
Contract / legitimate interest |
Usually no |
|
Promotional |
Upsells, offers, city guides |
Consent or legitimate interest |
Yes — especially on WhatsApp/SMS |
How we help you stay on the right side of it
- Privacy by design at the point of collection. When the assistant needs personal data (name, email, phone), it can show a form with a privacy checkbox the guest accepts first. Casual, anonymous questions ("what time is breakfast?") are treated like normal website use and don't trigger a checkbox.
- Consent capture. Add a clear marketing opt-in at your booking engine or online check-in, so promotional messages rest on a documented basis.
- Opt-outs honoured. When a guest opts out, you register it in HiJiffy and we stop the relevant messages. Acting on opt-outs promptly is central to staying compliant.
- Approved templates only. All proactive WhatsApp/SMS campaigns use Meta/operator-approved templates submitted through the Console.
In short: transactional messages usually rely on the booking itself; marketing messages need their own basis, and for WhatsApp/SMS that means a clear opt-in. We give you the tools to collect, record and respect those choices. The decision stays with you.