Data Act

We provide detailed API mechanisms and export tools that allow you to download complete information about reservations, properties, or clients at any time — in formats compliant with industry standards. The entire process is carried out in accordance with strict rules for the protection of personal and non-personal data, fully compliant with GDPR and the EU Data Act.

Below you will find a detailed description of our solutions for data storage, export, and security.

Downloading data for the purpose of switching providers is possible at any time during system operation. Data is stored as entities in a MySQL database, which is not directly accessible to system users. To export data, you can use the API or the data export mechanism.
API access can be configured independently from the system’s admin panel. The API documentation is described in the WSDL format, one of the leading industry standards. The following data categories are available within the data structure:

  • Allotments – data on accommodation availability
  • Amenities – facilities assigned to accommodation units and add-ons
  • Availability Locks – data on availability locks
  • Clients – client data
  • Locks – data on electronic lock codes
  • Objects – accommodation data
  • Offer – offer configuration data
  • Payments – reservation payment data
  • Prices – data on set prices and pricing rules
  • Public – publicly available data for building booking services
  • Reservations – data on placed reservations
  • Reservation Documents – documents issued for reservations
  • Restrictions – stay restriction settings
  • Users – system user data

A detailed description of the data exchange format for each gateway is available in the documentation.

Each gateway has its own data limits that define how many records it can return. A maximum of 100 records can be retrieved in a single request, unless a specific gateway defines a different value. For synchronous, single-threaded data retrieval, there are no limits on the number of API requests. For asynchronous operations, rate limits are applied as part of anti-DoS protection.

An additional way to retrieve data is through the export function in the system panel. Data can be exported in iCal format and includes:

  • reservation data
  • client data assigned to reservations
  • information on availability locks

The ICT infrastructure used by the organization falls under the jurisdiction of the European Union, particularly Polish law. Data is primarily processed in IT systems located in Poland (Poznań, Warsaw). When using cloud services or third-party tools, we only select providers that guarantee GDPR compliance and data storage within the European Economic Area (EEA). Any potential transfers to third countries are carried out strictly in accordance with legal requirements and remain limited in scope.

Measures implemented to prevent unauthorized international access to data stored in the EU include, among others:

  • encryption in transit, firewalls and network segmentation, MFA and RBAC, VPN for remote work, regular updates and security testing, EU-based backups and recovery, continuous monitoring and DLP;
  • clean desk and clear screen policy, physical access control to offices, least-privilege access model, employee training, processing activity records, and incident response procedures;
  • data processing agreements in line with Article 28 of the GDPR, standard contractual clauses for third-country transfers, audit rights, and mandatory reporting of authority requests.

Personal and non-personal data stored in the EU cannot be disclosed to authorities outside the EU if such disclosure would violate EU or Polish law. Any such requests are verified and, in the event of a legal conflict, are rejected or challenged and redirected through proper international legal

Menu
Connect. Automate. Scale.
Book a demo or test for 30 days – risk-free
Book a demo