The GDPR, which came into force on May 25, 2018, sets strict guidelines for the collection, storage and processing of personal data in the European Union. At BmyGuest, we have implemented a comprehensive set of measures to ensure that all personal data is handled in accordance with these regulations. 

Data encryption and secure storage

We protect personal data by using encryption during data transfer. Our database servers are also encrypted. When users such as guests and hosts exchange information with our servers, everything is sent in encrypted form so that no unauthorized persons can access it. Similarly, sensitive information stored on our servers is encrypted to add an extra layer of security against possible breaches. 

Access control and authorization

BmyGuest uses access control measures to ensure that only authorized personnel have access to personal data. This includes the use of multi-factor authentication (MFA) for all employees, as well as role-based access controls (RBAC) that restrict access to data based on a person's job responsibilities. By implementing these measures, we minimize the risk of unauthorized access and ensure that personal data is only accessed by those who need it to perform their duties. 

Transparency and user rights

We prioritize transparency in our data processing activities and provide our users with clear information about how their data is collected, used, and stored. BmyGuest users have the right to access their personal data, request corrections, and demand the deletion of their data in accordance with GDPR guidelines. We have established simple procedures for users to exercise these rights, ensuring that they have full control over their personal data. 

Data minimization and purpose limitation

In accordance with GDPR principles, BmyGuest complies with data minimization and purpose limitation practices. This means that we only collect data that is necessary for the specific purposes for which it is processed, reducing the risk of data misuse and improving user privacy. Our privacy policy specifies which data is processed. Data is not stored longer than necessary.

Response to data breaches

In the unlikely event of a data breach, BmyGuest has established a robust action plan to quickly identify, contain, and mitigate the impact of the breach. We are committed to notifying affected users and relevant authorities within the timeframes specified in the GDPR to ensure that any potential damage is minimized and that users are kept informed throughout the process. BmyGuest's IT security policy specifies how we should act in the event of a data breach. 

Regular audits and compliance checks

To maintain our high standards of data protection, BmyGuest conducts regular audits and compliance checks. These audits help us identify and address any vulnerabilities in our systems and processes, ensuring that we remain GDPR compliant and continue to protect our users' data effectively. 

Collaborate with external experts

BmyGuest works closely with external experts, including law firms specializing in GDPR and consulting firms specializing in cyber and data security. They conduct ongoing evaluations of our data collection, data processing, and related documentation, as well as penetration tests and vulnerability assessments. They regularly evaluate our data collection, data processing, and related documentation, and they perform penetration tests and vulnerability assessments to ensure that our systems are secure and resilient to potential threats.

By complying with these comprehensive measures, BmyGuest ensures that the privacy of your employees and guests is protected and that their data is processed legally and ethically. Our commitment to GDPR compliance reflects our dedication to providing secure and reliable IT solutions for guest registration, package handling, and lending.