Safer and Better Online Business
- Access to machines which hold reservation information should be restricted and passwords should not be shared between staff.
- Cardholder information should not be kept or transmitted in an unsecure manner. Where you are sending or receiving cardholder information by fax or email, you need to ensure that the network used is secure and encrypted to protect the information. Standard email is not secure and shouldn’t be used for credit cards by anyone. The strongest risk in hotels is actually with credit card details on fax paper or printed emails being left lying around.
- Staff should be trained on the importance of protecting cardholder data.
- The product or service you are marketing is of a kind similar to that which you sold to the customer at the time you obtained their contact details;
- At the time you collected the details, you gave the customer the opportunity to object, in an easy manner and without charge, to their use for marketing purposes;
- Each time you send a marketing message, you give the customer the right to object to receipt of further messages; and
- The sale of the product or service occurred not more than twelve months prior to the sending of the electronic marketing communication or, where applicable, the contact details were used for the sending of an electronic marketing communication in that twelve month period.