To help prepare our customers, we've prepared a Q & A below to educate our clients on the new legislature, how hotels need to prepare and what we're doing to support. Please review thoroughly below and let us know if you have any further questions, which should be directed to Denise Barker, our Privacy and Security Officer at firstname.lastname@example.org.
This new legislation has a wide impact as well as a broad focus. It defines personal information broadly and gives consumers certain rights over their data.
With CCPA, consumers can demand to see the personal information that hotels have collected about them, including:
The CCPA covers "businesses" defined as for-profit entities that collect consumer personal information, determine the purposes and means of processing, do business in the state of California and either:
CCPA goes into effect on January 1, 2020 and the enforcement date is July 1, 2020.
According to CCPA guidelines, personal information is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
(A) Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, social security number, driver's license number, passport number, or other similar identifiers.
(B) Any categories of personal information described in subdivision (e) of Section 1798.80.
(C) Characteristics of protected classifications under California or federal law.
(D) Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
(E) Biometric information.
(F) Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement.
(G) Geolocation data.
(H) Audio, electronic, visual, thermal, olfactory, or similar information.
(I) Professional or employment-related information.
(J) Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99)
(K) Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer's preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
What can consumers request regarding their data and how should they make requests?
a) Data requests from consumers who have had data collected directly by Cendyn via corporate marketing and Cendyn.com webforms can email email@example.com with the request starting January 1, 2020. This is the same process for consumers requesting data reports per GDPR, which can be requested now.
b) Data requests from consumers of our hotel clients should be managed directly through the client's channels and processes.
What responsibility does Cendyn have in regard to our clients and how they use data?
Cendyn's responsibility is processing our clients' data in a responsible, secure and private way as instructed by the client. Cendyn is also committed to help educate hoteliers on how to plan for CCPA with guides, blogs and other resources on Cendyn.com.
Will CCPA change how Cendyn manages data and communicates to our own marketing database?
On the personal data request side, the majority of regulations mandated by CCPA were already completed by Cendyn with GDPR preparations in 2018. However, we will be using this opportunity to implement a global opt-in policy for our email database moving forward. We feel this is best practice and ensures only those people who truly want to hear from Cendyn receive our messages. Please note this is for Cendyn's own corporate marketing efforts, not our hotel clients.
Cendyn sees the CCPA as a global trend of consumer awareness around data privacy and the need for hotels to ensure they establish a tight, secure and clear process around data collection and transparency. Data collection is a powerful tool to serve guests in a personalized way - it's the core of our business - but it's imperative that our clients use that power wisely with the proper channels for guests to opt in, request data collected and establish clear steps to opt out of collection should they wish to.
Cendyn has been working with data/privacy specialists and attorneys to ensure our processes and platforms are built to comply with CCPA and to provide recommendations to our clients on how to prepare in advance.
Cendyn clients who sell their data will need to comply with CCPA in a few areas on their Web site:
No. We do not.
Please note this is not to be treated as legal advice, the information included here is to be treated as best practices only.
Click here to view the original version of this release.
Cendyn is the leading innovative cloud software and services provider for the hospitality industry. With a focus on integrated hotel CRM, hotel sales, and revenue strategy technology platforms, Cendyn drives sales, marketing and revenue performance for tens of thousands of hotels across the globe. The Cendyn Hospitality Cloud offers a complete set of software services for the industry, aligning marketing, sales and revenue teams to optimize their strategies and drive performance and loyalty across their business units. With offices in Boca Raton, Atlanta, Boston, San Diego, London, Munich, Singapore, Sydney, Bangkok and Tokyo, Cendyn proudly serves clients in 143 countries, delivering over 1.5 billion data-driven, personalized communications on behalf of their customers every year. For more information on Cendyn, visit www.cendyn.com.