GDPR and Data Privacy

The European Union General Data Protection Regulation (GDPR) went into effect on May 25th, 2018. To help you understand what this means as a business owner in the tour and activity industry, we’ve compiled some frequently asked questions below.

What is the GDPR?

The GDPR replaces the Data Protection Directive established in 1995, strengthening the security and protection of EU citizens’ personal data. For example, it includes rights for residents of the European Economic Area and Switzerland to request data erasure or lodge a complaint with relevant supervisory authorities.

What is the relationship between FareHarbor and my business under the GDPR?

In the commercial relationship between FareHarbor and your business (referred to in our Terms of Service and Privacy Policy as a “Provider” or “Controller”), FareHarbor is considered a “Data Processor” and your business is considered a “Data Controller”.

As a “Data Processor”, FareHarbor can help answer questions you may have about GDPR, data privacy, or data security. Please review the documentation found on our legal page at fareharbor.com/legal/overview and if you have any further questions, please reach out to privacy[at]fareharbor.com.

What if a customer asks me for a copy of their data?

If a customer of yours that is a resident of the EU or Switzerland asks for a copy of their data—or for their data to be deleted—as your data processor under GDPR, we will help you comply with that request. Please use our Data Request Form, which can be found on this page.

Where can I learn more?

We have published a brief overview of GDPR, PCI Compliance, and Organizational Security and Infrastructure at fareharbor.com/legal/overview.

In addition, you may review our Privacy Policy and Terms of Service, which were updated to reflect these new laws.