Book a Demo

GDPR Compliance

DreamDesk GDPR compliance and data protection measures

GDPR Compliance

1. Who We Are

Automated Reception Ltd

Company number: 16145146

Address: 41 Iffley Rd, London, W6 0PB

Email: [email protected]

Data Protection Officer: Chyna Blain, [email protected]

2. Our What We Collect

When guests interact with our AI systems, we may collect the following data:

  • Full name
  • Phone number
  • Email address
  • Booking details (dates, number of guests, preferences)
  • Transcripts of calls, chats, and emails
  • Dietary or accessibility information (only when disclosed by the guest)
  • Payment information (processed via secure link, never stored)

3. How Data is Collected

We only collect personal data through direct guest interaction with our AI systems, including:

  • Phone calls
  • Website chatbot
  • WhatsApp messaging
  • Emails

4. Data Protection by Design and Default

We implement appropriate technical and organizational measures to ensure data protection principles are integrated into our processing activities from the outset. Our measures include:

  • Data minimization
  • Pseudonymization
  • Transparency
  • Security
  • Continual improvement of security features

We do not pull guest personal data from hotel systems.

We do pull room availability and pricing data from hotel PMS systems to help guests make bookings.

5. Who We Serve

  • Our clients: Hotels, resorts, and vacation rentals
  • Our users: Hotel guests who contact the hotel through our AI services

6. How We Use Guest Data

We use the data provided to:


  • Answer questions and complete bookings
  • Provide hotel-specific support (e.g. room service, housekeeping, wake-up calls)
  • Share booking details with the hotel’s PMS
  • Process payment via secure third-party payment links (we do not store card data)
  • Log conversation transcripts to ensure service quality and accountability
  • Notify hotels of any health/safety-related preferences when appropriate

7. Access to Conversations

We retain conversation transcripts for 6 months.

However, these transcripts are not accessible to hotels by default.


They may only be accessed under the following conditions:

  • dispute, health/safety issue, or legal concern arises
  • Explicit consent is provided by both the guest and the hotel
  • Or, access is required by law enforcement

8. Data Sharing

We only share data with:

    • The hotel the guest is communicating with
    • The hotel’s PMS system (to complete reservations and service requests)

We do not sell or share guest data for marketing or third-party use.

9. Data Storage & Retention

  • All data is stored securely within the UK
  • Personal data is anonymised and retained for 6 months, then deleted
  • Guests may request early deletion at any time

10. Data Security

We implement strong security measures to protect guest data, including:

  • End-to-end encryption
  • Strict access controls
  • Data minimisation protocols
  • Routine audits and monitoring

11. Guest Rights Under GDPR

As a data subject, hotel guests may request at any time to:

  • Access their personal data
  • Correct inaccuracies
  • Delete their data
  • Request data portability
  • Withdraw consent to data processing

To make a request, email: [email protected]