Arctic Reservations

Arctic Reservations

Preparing for GDPR

Going into effect next Friday (May 25th), the European Union’s new data privacy law GDPR is helping to codify consumer privacy and data protection rules. Even if you have not explicitly heard the name “GDPR,” you have probably seen some of the fallout of this rule, as companies email out updated privacy polices.

Although you are not based in the European Union, these new rules likely impact your business. As a result, it is good to have an understanding of the impacts and what you may be required to do as a result of the rules.

GDPR rules apply to any business that collects information about citizens of the European Union. If you have any EU guests reserving online or providing personal information when inquiring, reserving or registering, these rules govern such data collection and use. But even for non-EU guests, the ideas and rules set out in GDPR are designed to codify privacy and security best practices. Such practices are a good roadmap for all customer interactions; adopting and applying these practices will help gain consumer trust and ensure that personal information is carefully managed. And as other regions adopt similar privacy safeguards (California has a ballot initiative that will be voted on this Fall), the GDPR launch provides a good opportunity to review your policies and practices.

Broadly, GDPR requires that companies:

  • understand how and where personal information is collected and stored
  • develop explicit data governance policies about how they manage such data
  • have clear privacy policies that enumerate data collection, retention and related policies
  • ensure that guests provide unambiguous, granular consent for data collection
  • maintain technological best practices for data transmission and storage
  • be prepared to share collected data, discontinue data collection, and/or expunge data on a person at her/his request.

A full list of requirements should come from a more authoritative source, but these are the basics. To learn more about some of the specific details, the UK Information Commissioner’s Office has a good outline of twelve steps to prepare for GDPR.

And there is nuance to the above requirements as well. For example, MailChimp explains that pre-checked boxes do not count as consent. There blog post has other best practices for helping ensure that your email mailing list is compliant with these requirements.

Most of the rules and requirements are about company policy and governance, and so require outfitters to be careful and conscientious in how they collect and use personally identifiable information. But the rules also touch on a number of technological details.

Already, Arctic Reservations is designed to store information in a way that secures personal details, limits unauthorized use and defends against data breaches. For example, the software implements encryption and security best practices, access is controlled and logged, and security tools such as user permissions and two factor authentication are available to manage user roles.

We have begun rolling out updates to further assist with GDPR compliance. These updates will effect two areas in the software:

Customer records. GDPR ensures that individuals can request a copy of all personal information that exists, and can request that such information be deleted. A new option has been added when deleting a customer record to fully expunge data. This will remove all data regarding the customer, including even their name. Note that such an option should be applied with caution (especially with previous guests, as some information retention may be required for liability and insurance purposes); as a result, this option is only available to administrators.

Checkout and inquiry forms. The checkout form has been updated to explicitly reference agreement with the privacy policy, in addition to the payment terms and cancellation policy. Similarly, text has been added to other online forms including inquiries and registration. We recommend that outfitters add their privacy policy URL to Arctic, in the general section of the settings page.

Finally, it is worth reiterating the details of Arctic’s privacy policy. We do collect basic information on outfitters to ensure that we can provide service, issue invoices, etc. In addition, we aggregate anonymized usage information and statistics across all installations. This information helps us understand how features are used and prioritize future feature development. But we ensure that such information contains no personally identifiable information on your guests. Today, we updated our privacy policy to clarify these protections.

Note: This is our interpretation of GDPR and is for informational purposes only. Do not rely on this as legal advice or to determine how GDPR will impact your business. For comprehensive guidance, we recommend consulting with a legally qualified professional.

Arctic Natural Disaster Relief

At Arctic, we care about each of our clients and know that without you, we would not be the company we are today. We value the community you have helped us build and want to do all we can to promote the success of each member of that community. We understand  the challenges faced by small businesses and in particular those of  the outdoor tourism industry. The most frustrating of these challenges can be Mother Nature because she is beyond our control but can effect our businesses substantially. This is why we have decided to institute a plan to assist those of our clients who are taking a beating  from Mother Nature. No matter what the calamity may be, drought, wildfires, mudslides, flooding; we want to help those of you who have been negatively impacted by these disasters.

We offer natural disaster relief for those of our clients who have had the majority of their active season interrupted by a natural disaster. The program will give you options to help you through the aftermath of a rough weather year. If your business has been beat up by Mother Nature, please contact us for more information about our relief options to see what we can do for you.

 

Six Months In

We launched Arctic Reservations version 2 a little over six months ago, and it’s been an amazing six months. We were thrilled to welcome a number of new outfitters into the Arctic community at launch time, and they eagerly took to the new version. With their feedback and support, we refined and polished the software.

Version 2 was our chance to reflect on the first seven years of Arctic and redesign the product from the ground up to be more flexible, more powerful and easier to use. For guests, version 2 introduced a fully redesigned checkout process for online bookings that has greatly increased conversions by further simplify the online shopping experience. In addition, we tried to create a more versatile platform so we could quickly adapt to new needs and implement new features.

Already, outfitters have used version 2 to process almost $5 million in transactions and have provided over 50,000 guests with amazing adventures and experiences. We’ve broadened the horizons in terms of outfitter diversity, adding campgrounds, hotels, aquariums, sea kayaking, zip lines and more. And in the midst of this busy season, we have launched a number of new features for version 2. Since launch, we have introduced the following features:

  • Arctic Retail – a full featured point-of-sale terminal, as well as management options for tracking vendors, purchase orders, and more
  • Gift certificates – with the ability to issue and track gift certificates and customer balance
  • Package management – an extremely versatile package management tool where you simply define what qualifies as a package, and then Arctic looks through your calendar to find all possible packages… no need to define each individually
  • Two new report builders – use a spreadsheet interface to layout and format reports like rosters, trip summaries and more, as well as a pivot table interface to aggregate and analyze data for trends
  • E-Check payments – accept electronic checks and ACH transfers online
  • Powerful new programming interface – to help integrate Arctic with other products, we’ve added an API that allows developers to connect, manipulate and update data in Arctic Reservations (see our open source implementation)

These features just scratch the surface of what is possible in version 2. Currently, we are testing new features and will be rolling out many new ideas over the coming months. And we look forward to helping more of our version 1 customers transition to the new version during their off-season.

Thank you to everyone who has helped make Arctic Reservations version 2 such a success. We can’t wait to share what’s next.