Data Export and Privacy Requests

Most privacy laws (GDPR, CCPA, NZ Privacy Act, AU Privacy Act) give customers the right to ask for a copy of their data, ask for it to be deleted, and ask to be removed from marketing. Booking Phoenix has built-in tools for handling these requests. This guide covers what to do when one comes in.

Types of requests

• Data access (subject access request) — "send me a copy of all the data you hold about me".
• Data deletion (right to erasure) — "delete my personal information".
• Marketing opt-out — "stop sending me promotional emails / SMS".
• Correction — "this detail is wrong, fix it" (less formal, just an edit).

Verifying the requester

Before acting on any privacy request, verify it's actually from the customer. Easy ways:

• The request comes from the email address on file for the customer.
• You ask them to confirm a recent booking reference.
• They provide enough identifying detail (name, phone, recent booking) to match a unique record.

Don't action a request that comes from a different email or with no verification — it could be someone trying to access or delete someone else's data.

Data export

1. Open the customer record.
2. Click Export Data in the actions menu.
3. Download the resulting file. The export bundles:
   • Personal details (name, email, phone, address, marketing consent).
   • Every booking ever made, with date, room, players, payment, status.
   • Every payment and refund record.
   • Every voucher issued to or redeemed by them.
   • Notes and alerts on their record (yes — staff notes count as their data).
   • Survey responses they've submitted.
   • Communication history (which emails and SMS were sent).
4. Send the export file to the customer via the email address on file.

The export action is logged in the audit log so you can prove it was completed.

Data deletion

Pure deletion is rarely possible — deleting a customer's bookings would break your reports, payment reconciliation, and tax records. Most jurisdictions allow you to retain data when you have a legitimate basis (financial records, legal obligation, fraud prevention).

What Booking Phoenix's "delete" action does:

1. Personal identifiers (name, email, phone, address) are anonymised — replaced with hashed values.
2. Notes and free-text fields are scrubbed.
3. Marketing consent is set to off and the customer is added to the suppression list (so they can't accidentally be re-added by future bookings).
4. Booking, payment, and voucher records are kept — but no longer attributable to a specific person.
5. The action is logged in the audit log.

To trigger:

1. Open the customer record.
2. Click Delete (anonymise) in the actions menu.
3. Confirm. This is one-way — you can't un-anonymise.

Marketing opt-out

Easier and more common than deletion. Most opt-out requests are just "stop emailing me promotional stuff". You can:

• Tell the customer to click the unsubscribe link at the bottom of any marketing email — that's the fastest path and it's automatic.
• Or open their record and toggle Marketing consent to off, then save.

Either way, marketing consent goes to off, and they're automatically excluded from any future marketing send. Transactional emails (booking confirmations, reminders) keep going since those relate to their actual bookings.

Response time targets

Most privacy laws require a response within a fixed window:

• GDPR (EU) — 30 days, extendable by another 60 days for complex cases.
• CCPA (California) — 45 days.
• Australia — 30 days for access requests.
• New Zealand — 20 working days.

Always under-promise and over-deliver. Aim to respond within a week if you can.

Documenting the request

Keep a record of every privacy request and how you handled it. The audit log handles part of this automatically (the export and delete actions are logged), but you should also save:

• The original email or message from the customer.
• How you verified their identity.
• What action you took (export sent, deletion processed, opt-out applied).
• The date you completed it.

If a regulator ever audits you, this paper trail is what they want to see.

Edge cases

Customer asks to delete data, but has an upcoming booking

Anonymising a customer with an unfulfilled booking creates a logistical problem — how do you contact them about their booking? Two options:

1. Refund and cancel the booking first, then anonymise. Cleanest.
2. Tell the customer that anonymisation will happen after their booking, and confirm they're OK waiting.

Customer disputes data accuracy

Open their record, edit the disputed fields, save. The audit log records the change. Reply to the customer confirming the correction.

Customer asks for data that's not in our system

Be transparent about it. The export covers what Booking Phoenix holds. If their data is also in your CRM, your accounting software, or your email marketing tool, those are separate systems with separate export processes.

Customer asks for deletion across multiple branches

If your tenant has multiple branches, the customer record can span them. Anonymising from any branch's customer view applies tenant-wide.

Common pitfalls

• Deleting too aggressively. Don't actually delete booking or payment records — you'll break reports and tax records. Use the anonymise action instead.
• Skipping verification. Always confirm the requester is the actual customer before acting.
• Forgetting other systems. Booking Phoenix is one place their data lives. Don't forget your CRM, mail platform, paper records.
• Marketing emails after opt-out. Once they're opted out, they should never receive another marketing email. If they do, treat it as a serious bug and investigate.

When in doubt

Privacy law varies by country and edge cases are real. If a request is unusual, large, or potentially adversarial (e.g. a public figure, a litigation subpoena), get legal advice before responding rather than guessing.