Book a demo

GDPR

Last updated: October 30,2024

Hi lovely customers,

The GDPR (General Data Protection Regulation) entered into force on May 25th 2016 and officially applies as of May 25th 2018, and changed the data protection framework within Europe. To help you understand better what we both have to do as a result of the GDPR when you become our customer, we have created this page.

Now is the time to grab yourself a yummy cup of coffee or tea. Find out what we're doing, and what you need to do under the GDPR when you become a customer of Oaky (and when you use any other data processor).

You can always reach out to us at privacy@oaky.com if you have any questions at all.

What do Oaky customers need to do?

  1. Update your Privacy Policy
    The legal requirement to inform the guests of the processing activities (e.g. through a privacy policy), is an obligation for the Customer Accommodation Provider as the data controller. Please make sure your Privacy Policy is properly communicated to your users about how you are using Oaky (and any other similar services) to process personal data and for which purposes the processing takes place (for example, by means of providing upgrades, bike rental, restaurant reservations, etc.). This requirement is also part of Oaky’s Terms of Service, but the GDPR can heavily penalize you if this is not done clearly

    Example: “We may share your personal data with third parties offering services to us. An example of such a third party offering services to us is Oaky B.V. We may use the Oaky services to communicate with you and to offer you specific services and upgrades that relate to your stay with us. Oaky acts as a data processor of your personal data on behalf of us, with the purpose of offering Oaky services to us. We require all third party service providers to respect the security of your personal data, to treat it in accordance with the law and to process your personal data only in accordance with our instructions.”
    *    Please note that this text is merely a suggestion and that the hotels remain responsible for providing adequate information to the data subjects.
  2. Sign the Data Processing Agreement (DPA)Sign the Data Processing Agreement (DPA)
    The data controller is obliged to sign a DPA with all of its processors. We have prepared this DPA together with our legal counsel to be in compliance with GDPR.
    Click here to view our Data Processing Agreement: www.oaky.com/dpa
  3. Check whether opt-in consent is required for sending emails through Oaky
    As said above, applicable local law may require the hotel to obtain opt-in consent of guests for sending marketing emails with Oaky. If the messages have an informational character only, most likely, this does not qualify as a marketing message. We recommend carefully checking whether opt-in consent of guests is required when using Oaky.
What are the answers to 5 GDPR questions Oaky customers need to know?

As a data controller, you need to be able to answer five questions relating to your data processors towards your guests. These five questions are:

  1. Which personal data does Oaky process on behalf of the Customer Accommodation Providers?
  2. What is the purpose of the processing activities of Oaky?
  3. How long does Oaky store the data for?
  4. Which third parties have access to personal data (internal and external)?
  5. How is the data protected?

To help you answer these questions, check out our privacy policy.

Oaky (as data processor) is not legally required to have a privacy policy for the guests of the hotels, as it only processes the personal data on behalf of the Customer Accommodation Providers. The legal requirement to inform the guests of the processing activities (e.g. through a privacy policy), is an obligation for the Customer Accommodation providers as the data controller.

Questions and Answers

How do you connect Oaky?

We connect with several PMS systems and Channel Managers. This makes it possible for Oaky to receive information from all reservations coming to your hotel and upsell directly to your soon-to-be guests. Check out our integration page to see our current integrations and those in the pipeline.

What is the difference between Data Controller and Data Processor?

Under the GDPR, the difference between a data controller and a data processor is that the data controller determines the purposes and means of processing, whereas the data processor processes personal data only on behalf of the data controller. In the context of our services, the Customer Accommodation Provider is the data controller of the personal data of the guests, and Oaky is the data processor of the personal data of the guests.

According to the GDPR, the data controller and the data processor must sign a Data Processing Agreement (DPA) that stipulates their relationship in regard to the processing of Client Personal Data. The Customer Accommodation Provider and Oaky must sign a DPA accordingly, which Oaky will send to you when you become our customer.

Click here to sign our Data Processing Agreement (please download it before filling it in).

Can I decide which offers are sent to my guests?

Yes. Using your web-dashboard you can create new guest-facing deals in just one minute. It’s really simple.

Do you offer dynamic pricing for my room upgrades?
Currently we offer static rates to upgrade from one room type to another. Dynamic upgrade pricing is in the pipeline though. Until it is released, we recommend you revise the prices weekly. If you find the upgrade rate unacceptable (due to a change in demand for example), you have the option to reject upgrade requests from guests via Oaky’s dashboard.
What if we don't want to stress the guest with pre-arrival e-mails?

We did a lot of tests to make sure we send the right number of e-mails to avoid stressing or annoying the guest. And think about it this way: just because 2% of guests might feel slightly pushed, it would be a shame to deprive the other 98% of the improved experience they will have thanks to your e-mails.

E-mails sent are informative (as per GDPR) and are not direct marketing. Also, when the guest opens them, it is clear that they are coming from the hotel.

We regularly ask our existing clients how their guests perceive our e-mails and so far we have not been told that recipients feel spammed or pushed.

Does the reception get informed about new requests? If so, how?

Every time there is a request, Oaky sends an email to one or more people in the hotel. You can set up who receives these emails in the dashboard. Oaky also sends reminder e-mails if a guest is checking in within 2 days and their request has not been handled.

Do my guests need to give opt-in consent to use Oaky?

No. The Customer Accommodation Provider can send emails with an informational character with Oaky. However, The Customer Accommodation Provider may require opt-in consent for sending unsolicited marketing emails. Oaky will offer templates of emails with an informational character to all of its customers.

© 2025 Oaky B.V.