Data Processing Statement
elina PMS by Vestibule Marketing Ltd - is a data management system that allows hospitality and accommodation providers to store and manage information about their guests and the financial and operational details that surround them as they relate to the providers.
The following is a statement about how the elina reservations and property management suite, as a Data Processor, is positioned to maintain the safety, security, integrity and ease of management by the Data Controllers of all data stored within the Elina Platform about their customers / guests.
1. Controller Information
The elina reservations and property management suite stores full contact details for each user within the system. It also tracks information about when each user has logged into the system and from where (based on IP address). This way, it is easy for the Data Protection Officer to see who are the data controllers within their organisation, change their access permissions and report on their usage.
2. Purposes of Processing
The elina reservations and property management suite manages personal data in order to generally allow its users to manage
- Accommodation reservations,
- Stay information and contact details of those staying,
- Financial information surrounding all interaction with any guest or company,
- Details of operational information required to provide the accommodations,
- All details connected with sales of anxillary services connected to the accommodation reservations,
- Communication with future present and past guests or business relations, where those either have a current reservation or wish to maintain a relationship through having concented to this actively.
3. Categories of data subjects and categories of personal data
Categories of data subjects include address, contact, personal, reservations related services history, and preferences related to stay and accommodation information.
4. Recipients to whom the personal data has been (or will be) disclosed
Data Protection Officer, Data controllers, Users of Elina (Data Controller permissions dependent), Third party applications selected by the data controller for specific access.
5. Transfers of personal data to a third country or an international organisation
The elina reservations and property management suite does not do this as any part of its data processing.
6. Envisaged time limits for erasure of the different categories of data
Currently, the elina reservations and property management suite leaves all updates and erasure of data to the Data Controllers. It is expected that we might introduce future functional aids to prompt erasure under specific circumstances, but that would be based on specific, future regulatory directives. Point 6 will be updates if and when this changes.
7. Technical and organisational security measures
For some overview of data storage, read further here.
Further to this, it is worth mentioning that the elina reservations and property management suite is PCI compliant and we work to the high standards of organisational security.
Only select staff members have access to our data processing environment, and no staff have permission to access Elina Platform client data without the request of a client to do so for reasons of providing support.
Restrictions of our access to the data stored and processed within the elina reservations and property management suite are outlined in the Elina Services Agreement, signed by all customers before being provided access to their system.
Our data centre is a Tier 3 data centre located in the UK. This means that there are redundant systems for power, network, cooling, as well as strict physical access control.
All digital access to our servers and processing facilities is controlled by personalised user accounts and VPN firewalls, so general staff in our offices have no direct access.
Our backups are both local and off-site, safeguarding from catastrophic events at our main secure hosting facility.