The tightrope between privacy and personalisation for hotels

Whether it be the comfort of familiarity or a yearning to be treated as a VIP, now more than ever consumers expect a personalised experience from hospitality brands.




From their booking details to post stay reviews, guests leave us little pieces of information about themselves throughout their journey, and it is these data points that make personalisation possible.

By soliciting guests’ personal data and feedback, hoteliers have discovered the impact of creating a personalised hotel experience in the eyes of their patrons – among other things, a guest’s personal data empowers hotel staff to provide superior customised service and fundamentally ensures a more fluid guest experience.


Image credit: Demand Metric
Marketers are finding that personalised content is far more effective than unpersonalised content. 


In fact, in a recent analysis in the 2017 Digital Trends Report by Econsultancy, survey respondents ranked targeting and personalisation very highly among “digital-related” priorities for 2017, while 51% of company respondents said “they will increase their spending on personalisation this year”.

Personal data is a powerful marketing and guest experience tool and key to a hotel’s relationship with their guests, however, hotels must be cautious as to how they handle personal information. Not only could it drive potential guests away if an excessively invasive approach is taken, it could also violate their guests’ right to privacy.

Privacy laws may differ from country to country and care must be taken to adhere to the relevant regulations. In South Africa, for instance, The Protection of Personal Information Act (PoPI Act) holds the collector of personal information accountable should they abuse or compromise the information in any way. In the EU, new legislation is set to take effect in May of 2018. The new General Data Protection Regulation (GDPR) will have a cross-border effect – if your guest is from the EU, and you hold any personal data that could identify them, you will be affected by the new laws.

According to a study by the SAS Institute, while consumers expect personalisation from brands and are willing to divulge some personal information to collectors (like their name and email address) they may be apprehensive when asked to share more sensitive information (such as cell or home phone numbers, financial information etc.) for risk of annoyance, data abuse or the unnerving thought of being monitored.


Image credit: SAS Institute
Consumers are much more comfortable sharing some types of personal information than others.


Marketers know that while personalisation does work, they are constantly performing a balancing act between offering clients a customised experience while adhering to stringent privacy laws. With increasing consumer concerns about privacy, and ever-expanding laws to match, how do hoteliers go about earning guests trust with their personal information so that they can improve their service?

Winning your guests' trust with their personal information – what can hoteliers do?

  • Have a clear and concise privacy policy in place that is easily accessible to visitors. Any changes and updates to the policy should be made known to guests.
  • Ensure you have a high level of transparency. Wilson Raj, global director of consumer intelligence for SAS, says, “just the act of being so transparent will increase the level of brand trust”. Make sure your privacy policy stipulates what is deemed as personal information, how it is collected, for what reason and where it is stored. Your staff should also be trained to inform guests verbally why they are asking for certain information and what it will be used for.

“Service is not about what you want to give, it is about what the other person wants to receive”. – Dr. Bryan K. Williams, CSM magazine

  • Ask permission. Make sure that if you are using your guests' data for marketing purposes (for example, to notify them of specials in the future) or to communicate with them after their stay, they have been given the chance to explicitly opt-in to allow you do this. This permission-based marketing isn't just best practice, but is actually required by most data protection laws.
  • Refrain from bombarding guests with too many personal questions upfront, it may result in the guest disengaging. Rather focus on building the customer experience by collecting data progressively (a little when prospective guests visit your website, a little more when they book, and even more each time they stay with you) and using analytics to enhance that experience.
  • Make use of information already available. It is possible to collect large amounts of data about guests from their publically available online information, and guests may even expect you to do so. According to the SAS Institute, “the larger a consumer’s digital footprint, the more consumers expect businesses to know them.” This digital footprint doesn't only include information guests have shared directly with your hotel, but all information they share online, such as on social media.
  • Well trained staff. Neil Flavin, senior vice president at HVS Asset Management, says that, like anything else with hotel operations, keeping guest data secure requires consistency in one thing: “Training, training, training is key… The more information the hotel and the front desk have regarding the security of data relating to the guest is better.” Marketers can benefit by understanding what information customers are willing to share and what they expect in return.
  • Have insurance coverage for data incidents. From anonymous system hacks to the installation of point-of-sale "skimmers" that capture credit card data, and unauthorized, "on-property" access of guest information, security breaches come in many different forms. Make sure your hotel has an emergency plan in place in case anything like this is ever to happen.

When balancing privacy and personalisation, it is clear that hoteliers must be sensitive towards the guests’ overall experience. It is no good striving to create an impeccably personal experience if guests are left feeling uncomfortable from invasive questioning. Additionally, the more personal data you ask for, the more certain you must be of its security and your compliance with relevant laws.

Consider the relevancy and context of the application of collected data to your guest experience as well as concerns over how personal data will be collected and used in order to earn your guests' trust with personal information.