HomeKnowledge base › Campsites and guest data
Recreation

Campsites and holiday parks: destroying guest data

A campsite's guest registration and reservations ready for confidential destruction

A campsite or holiday park processes the data of everyone who stays there: name and address, an identity document for guest registration, licence plates at the barrier, payment data, reservations and data of seasonal guests who return year after year. Part falls under a statutory registration duty, part under the tax retention obligation, and part should be kept as briefly as possible. This guide shows, by part, what you keep, when it may go and how to destroy it confidentially.

The quick answer: the guest registration has its own retention period under local rules, the invoicing falls under the tax seven years. Licence plates and preference data you keep as briefly as possible. Seasonal guests' data you keep only for the running agreement. What may go disappears confidentially and with a certificate.

Two frameworks: registration and GDPR

At a campsite two things run together. The registration duty requires you to register guests, with its own retention period that can differ by locality. Alongside this the GDPR applies, which requires not keeping personal data longer than necessary. The registration duty sets the floor for what you must keep, the GDPR the ceiling for what you may not keep too long.

So treat the guest data per type. The guest registration has a different status than a licence plate at the barrier or a reservation via a booking site. If you make that distinction, you keep exactly what you must and clear out the rest on time.

Retention periods by part

The period differs per type of data. The overview below gives the main line. Count the tax period from the end of the financial year and the other periods from the end of the stay or the cancellation.

PartStarting pointPeriod
Invoicing and administrationTax retention obligation7 years
Guest registrationLocal registration dutyown period
Guest identity dataAs limited as possibleonly what is needed
Licence plates at the barrierAccess during the stayas briefly as possible, erase after departure
Seasonal pitch and agreementRunning agreement+ tax period
Preferences and health questionsSensitive, storage limitationas briefly as possible

Use this as a guideline, not a substitute for the local rules. When in doubt, consult your municipality or privacy adviser. The tax side is in the 7-year tax retention obligation.

Licence plates and identity documents: be restrained

At the barrier you often register licence plates to give guests access. That data is handy during the stay, but should be erased after the guest leaves. Do not keep it longer than necessary, because a list of licence plates and stay dates is more sensitive than it seems.

The same goes for identity documents. For guest registration you need certain data, but keeping a full copy of a passport goes too far. A passport copy contains a national ID number, a photo and more than you need. Note only what the registration duty requires and clear out loose copies confidentially.

Seasonal guests and data that lingers

A campsite has many seasonal guests who return year after year. Their data therefore often stays in the system all year round, even at times when there is no active agreement. Keep only what is needed for the running agreement and the administration, and clear out the rest as soon as the seasonal pitch is cancelled. Keeping it to send an offer one day is not a valid ground without consent.

How to handle it in 6 steps

  1. Split the data into administration, guest registration, licence plates and seasonal data.
  2. Limit identity data to what the registration duty requires.
  3. Erase licence plates as soon as the guest has left.
  4. Assess seasonal pitches and clear out after cancellation.
  5. Collect what may go in sealed containers, not in the paper bin.
  6. Have it destroyed confidentially with a certificate and record it in your register.

Destroy confidentially with a certificate

Guest data is destroyed confidentially, because it contains identity, payment and sometimes health data. The paper and any data carriers travel sealed and stay that way until destruction, so the chain is closed. An old reception computer or backup with guest and licence-plate data belongs with it too.

Afterwards you receive a certificate of destruction with the date, quantity and level. That certificate is your proof towards the GDPR that you acted carefully. Record the destruction in your record of processing. We collect within 20 km of Amsterdam with no call-out charge, work nationwide through pooled collection rounds and charge a fixed price per box or roll container. Drop-off on site is not possible; it works by appointment through collection.

Guest data to be destroyed?

Tell us what you have and you get a fixed price. We collect it sealed, destroy it at the right DIN level and you receive a certificate for your GDPR file. No call-out charge within 20 km of Amsterdam.

Request a quote

Common mistakes

  • Keeping licence plates too long. Erase them as soon as the guest has left.
  • Keeping passport copies. Note only what the guest registration requires.
  • Leaving seasonal data in the system for years. After cancellation the purpose lapses.
  • Throwing away unshredded. A guest registration on the street is a reportable data breach.
  • Keeping no proof. Without a certificate you cannot demonstrate the destruction.

Frequently asked questions

How long does a campsite keep guest registration?

The guest registration has its own retention period under local rules, often a few years. The invoicing falls under the seven-year tax retention obligation. Other guest data you keep no longer than necessary for the stay and its settlement.

May I keep guests' licence plates from the barrier?

Keep licence-plate data as briefly as possible. It is needed for access during the stay, but should be erased after the guest leaves, unless there is a concrete reason to keep it longer.

How do I handle seasonal guests' data?

Seasonal guests often stay in the system all year round. Keep only what is needed for the running agreement and the administration, and clear out the rest as soon as the seasonal pitch is cancelled.

How do I destroy guest data in line with the GDPR?

Confidentially and with a certificate of destruction. Paper and data carriers travel sealed and the destruction is recorded in the record of processing.

Conclusion

A campsite or holiday park works with identity, licence-plate and payment data of every guest, between a registration duty and the GDPR. Keep the guest registration for the local period, keep the administration seven years and be restrained with licence plates and identity copies. Seasonal guests' data you clear out after cancellation. What may go you have destroyed confidentially with a certificate as proof. That way you meet both frameworks and protect your guests' data.

Read also: hotels: destroying guest registration data, restaurants: destroying reservations and allergy data, event agencies: destroying attendee lists and the GDPR retention periods cheatsheet.


Have guest data collected? Request a quote via desnipperaar.nl. Within a few minutes you have a fixed price, including a certificate as proof.