Effective Date  May 23, 2018

This GDPR update is for current and future customers of ALICE products and ALICE GoConcierge. This describes ALICE's efforts in anticipation of GDPR.


The General Data Protection Regulation (the “GDPR”) goes into effect on May 25, 2018. The regulation harmonizes the patchwork of privacy regulations currently in effect around Europe. The regulations help people stay in control of their information, and ALICE agrees with this principle. ALICE does not sell customer data or use it for anything other than helping hotels delight their guests. GDPR requires that companies take security and privacy seriously. It also requires transparency about how data is stored, moved, and processed. Companies must allow data subjects to control their data, and EU residents can ask for their data to be corrected, deleted, or exported. Companies need to document how they bulk process their customers’ information. They must enforce policies to protect that data, and for larger data processing operations, they need to have a Data Protection Officer with the power to control how data is processed and protected. Like the laws currently in effect, the GDPR defines when it is okay for companies to move data out of the EU.

For the past year, ALICE has worked with world-class legal, privacy, and cybersecurity consultants to audit its products and processes for GDPR compliance. In accordance with the regulation, we have balanced the need for security and data privacy protection with the legal, contractual, and commercial requirements of hoteliers.


The GDPR requires that data controllers define how data processors use the data they get from controllers. ALICE has updated its Master SaaS Agreement, which provides the necessary information and includes the required components for GDPR, including standard contractual clauses for international data transfers. 


(i) ALICE Suite (ALICE Staff, ALICE Concierge, ALICE Guest) is GDPR ready. In order for ALICE Suite and its related products to be compliant, ALICE's contracts with its clients must be updated, especially for clients located in the EU. ALICE has an updated privacy policy located at that will go into effect on or before May 25, 2018. ALICE has already made required product changes to support compliance with the GDPR.

(ii) GoConcierge is GDPR ready. GoConcierge continues to operate as a secure platform that is PCI-compliant, meaning it is audited for security purposes and allowed to hold credit card data. Please see the updated Privacy Policy located at



We cannot cannot give you legal advice and ultimately you are responsible for your compliance to all laws. This FAQ represents a dedicated effort, working with world-class counsel and consultants, to understand GDPR and its impact on hospitality.