The EU General Data Protection Regulation (GDPR) comes into effect on 25 May, 2018 and places new obligations on organisations based in the EEA or which hold or process personally identifiable information (PII) about EU residents.
SiteMinder has taken a number of steps to ensure we are fully compliant with our obligations, and have clear policies and processes to respond to customer and partner questions. Further information is available below.
- IT Security Policy
SiteMinder has always been committed to ensuring we maintain our customers’ and their customers’ data as securely as possible. Details of our IT Security Policy consistent with our obligations under the GDPR are available here.
- PCI DSS Responsibility Matrix
SiteMinder’s most valuable assets are its customers and partners; we value and care about their security, and for this reason we undertook the very rigorous process of becoming PCI DSS certified globally. You can find the SiteMinder PCI DSS Responsibility Matrix here.
- Amending Customer Contracts
Existing customers can download a Data Processing Addendum (DPA) here. By completing the DPA in accordance with the instructions on the first page, customers can automatically update their existing SiteMinder contracts to ensure they are GDPR compliant.
From 25 May 2018, all customers on month to month contracts will be subject to our revised web terms and conditions, available here, which have been updated to meet GDPR requirements..
An updated FAQ, incorporating updated questions that have been submitted to SiteMinder in the run-up to GDPR going live are included here.
A current list of the companies SiteMinder partners with to process data is available here.
- Product updates
Our TheBookingButton and Canvas products are being updated to help customers comply with the GDPR obligations relating to obtaining and recording consent. Consent check-boxes will be available on or shortly after the GDPR going live on 25 May 2018. Other technology designed to automate data access requests received from guests will be released in the following weeks.
In the meantime, if you wish to submit a data request under the GDPR, or have any additional queries, please contact your local SiteMinder privacy officer at firstname.lastname@example.org.