Yes, ibookfishing as a data processor allows you to be GDPR compliant although you need to perform actions on your end as a data controller to make sure you're GDPR compliant. Below is more detailed information regarding GDPR compliance and how the customers' private data is processed by us.
Which organizations have access to the customers' private data?
- Of course each site administrator has full access to the data and controls the ways in which the data is entered into the iBook system (such as design of the reservation form template including form items to ask for additional private information). iBook cannot control how this data is used by the site administrators and it is the site admin's responsibility to make sure the data exported from iBook (also manually, e.g. using a CSV export) is well protected and doesn't violate GDPR policies. For example, a site administrator can decide to use other cloud-based services and use an automated integration between iBook and such system in order to export the personal data from iBook.
- The iBookfishing service acts as a data processor by providing the technology for data input (creating reservations, customer records etc.). We keep strict control mechanisms to make sure the data is available only to the team members which must have access to given data.
- Amazon SES (US-East Region) is the world's leading cloud computing platform and hosts all of iBookfishing’s servers. This platform provides world's most secure data centres and has very strict access policies which are fully compliant with EU and US laws, including GDPR. Amazon is also a data processor and has data protection agreements with the EU commission. Click here to go to Amazon's GDPR centre to find out more about how Amazon works together with the European Commission on GDPR compliance.
- Note: we do not give out private information to other parties, except when requested by the police/legal authorities of given country
How are the end customers' rights ensured?
iBookfishing provides a way for end customers to request information about the data kept and to request removal of their personal data. This can be done at https://www.ibookfishing.com/login/delete-info.php. The customer can enter their email address and will receive by email detailed information about the information we keep on our servers. They can also click on a link in this email in order to automatically have all their personal data deleted from our system BUT ONLY if the customer has no valid reservations which have ended 60 days ago or less and if there are no valid future reservations. The customer is also informed that if they wait at least 60 days after the end of the last valid rental, they can once again request the information email with the deletion link which will work under these circumstances. This also means that the site administrators should do all their necessary processing (report generation etc.) within 60 days of the rental end time. After this time, if given customer requests deletion of their data, iBook will only provide information about the reservation itself (reservation IDs will still exist) but no info about the customer. Please also see Q291 for information about how long the data is stored in case the customer does not request deletion of their personal info.