BDK Advokati held a seminar on 25 April 2024 on the processing of personal data in the hotel industry. We hosted twenty representatives from Serbia’s leading hotels from Belgrade and major tourist destinations in the interior of the country.
The presentations by Senior Partner Bogdan Ivanišević and Associate Anja Gligorević focused on the specifics of personal data processing in the hotel industry. Specific topics included:
- copying and scanning of guests’ personal documents,
- the scope of data that a hotel processes about guests, for the purpose of sharing information with third parties,
- use of video surveillance in a hotel,
- processing of visitors’ personal data for the purpose of direct marketing,
- use of sensitive data (photos, CVC numbers from credit cards) of guests,
- notice on the processing of personal data – what hotels often leave out,
- cookie banners on the websites of hotels in Serbia.
In addition, our team discussed the most important general prerequisites for the lawful processing of guest personal data, related to the legal bases of processing, principles of processing (especially data minimization), documentation that is necessary for the hotel to demonstrate compliance with legal requirements, and contractual arrangement of relations with data processors and joint controllers.
In the presentations, Bogdan and Anja invoked numerous decisions by the supervisory bodies in Spain, Italy, France, Portugal, and Croatia, concerning the processing of personal data by hotels. Such decisions, issued by the regulatory bodies in the EU member states, are instructive because Serbia’s Data Protection Act for the most part copies the provisions from the EU General Regulation on Personal Data Protection (GDPR).
For more information on data protection-related matters, please contact Bogdan.Ivanisevic@bdkadvokati.com.