HomeKnowledge base › Restaurants and reservations
Hospitality

Restaurants: destroying reservations and allergy data

A restaurant's reservations and allergy notes ready for confidential destruction

A restaurant or caterer processes more personal data than it seems: reservations with name and phone number, notes about allergies and dietary needs, no-show notes, payment data and sometimes guest lists for a catering assignment. The allergy and dietary notes make part of it special-category personal data. This guide shows, by part, what you keep, when it may go and how to destroy it confidentially.

The quick answer: the invoicing you keep for seven years for the tax retention obligation. Reservation data you keep no longer than necessary for the visit and its settlement. Allergy and dietary notes are health data that you treat separately and destroy at a fine level. What may go disappears confidentially and with a certificate.

Why a reservation contains more than it seems

A reservation looks innocent, but contains a name, a phone number, sometimes an email address and the party. As soon as an allergy or dietary need is added, it becomes more sensitive, because that says something about a guest's health. A medical diet or an allergy is health data and therefore special-category personal data under the GDPR, with stricter rules. A no-show note or a note by name also touches on a guest's privacy.

The GDPR requires storage limitation. Do not keep reservations and notes longer than necessary for the visit and a possible complaint, and clear them out afterwards. Only the tax administration has a fixed period of seven years.

Retention periods by part

The period differs per type of data. The overview below gives the main line. Count the tax period from the end of the financial year and the other periods from the visit or the catering assignment.

PartStarting pointPeriod
Invoicing and administrationTax retention obligation7 years
Reservation (name, phone, party)Until visit and settlementas briefly as possible
Allergy and dietary notesSpecial-category datapurpose-bound, destroy finely
No-show and notes by nameSensitive, short periodassess carefully
Guest list for a catering assignmentUntil the assignment is completedpurpose-bound
Loyalty and marketing dataWith consentas long as consent applies

Use this as a guideline, not a final legal ruling. When in doubt about a specific case, consult your data protection officer or adviser. The tax side is in the 7-year tax retention obligation.

Treating allergy and dietary notes separately

The allergy and dietary notes are the most sensitive part of a reservation. Keep them recognisably separate, allow them only to whoever prepares or serves the dish and destroy them at a fine level once the visit has taken place and there is no longer a reason to keep them. That way you avoid an old reservation list with health data lying at the desk for weeks or months. Printed reservation lists from a busy evening should be destroyed confidentially afterwards, not into the paper bin.

No-show notes and guest lists

A note that a guest did not show up you may keep for a while, but a permanent blacklist with names and behaviour requires a careful assessment and a short retention period. Do not keep such notes longer than necessary and not without a concrete purpose. For catering assignments you often work with a guest list, sometimes with dietary needs attached. That list belongs to the assignment and you clear it out once the assignment is completed and settled.

How to handle it in 6 steps

  1. Split the data into administration, reservations, allergy notes and guest lists.
  2. Treat allergy and dietary notes separately and at a fine destruction level.
  3. Limit no-show notes to a short period with a concrete purpose.
  4. Clear out reservation lists and guest lists once the visit or assignment is settled.
  5. Collect what may go in sealed containers, not in the paper bin.
  6. Have it destroyed confidentially with a certificate and record it in your register.

Destroy confidentially with a certificate

Reservation and guest data is destroyed confidentially, because it contains health, contact and payment data. The paper and any data carriers travel sealed and stay that way until destruction, so the chain is closed. An old reservation computer or backup with guest data belongs with it too.

Afterwards you receive a certificate of destruction with the date, quantity and level. That certificate is your proof towards the GDPR that you acted carefully. Record the destruction in your record of processing. We collect within 20 km of Amsterdam with no call-out charge, work nationwide through pooled collection rounds and charge a fixed price per box or roll container. Drop-off on site is not possible; it works by appointment through collection.

Reservation and guest data to be destroyed?

Tell us what you have and you get a fixed price. We collect it sealed, destroy it at the right DIN level and you receive a certificate for your GDPR file. No call-out charge within 20 km of Amsterdam.

Request a quote

Common mistakes

  • Leaving reservation lists lying around. Printed lists with allergies are sensitive data.
  • Treating allergy and dietary notes as ordinary paper. That is special data.
  • Keeping a permanent blacklist. No-show notes need a short period and a purpose.
  • Throwing away unshredded. A guest list on the street is a reportable data breach.
  • Keeping no proof. Without a certificate you cannot demonstrate the destruction.

Frequently asked questions

How long does a restaurant keep reservation data?

The invoicing falls under the seven-year tax retention obligation. Reservation data without a further ground, such as name and phone number, you clear out once the visit has taken place and no complaint or dispute is in play.

Are allergy and dietary notes special-category personal data?

Yes. A note about an allergy, a medical diet or an intolerance says something about a guest's health and is therefore special-category personal data. Treat it separately and destroy it at a fine level as soon as it is no longer needed.

May I keep a no-show or blacklist note?

Only briefly and with a concrete purpose. A note that a guest did not show up you may keep for a while, but a permanent blacklist with personal data requires a careful assessment and a short retention period.

How do I destroy reservation and guest data in line with the GDPR?

Confidentially and with a certificate of destruction. Paper and data carriers travel sealed and the destruction is recorded in the record of processing.

Conclusion

A restaurant or caterer processes contact and health data through reservations and guest lists, right down to allergy and dietary notes. Keep the administration seven years, keep reservations only while the visit and settlement are running and treat allergy and dietary notes separately. No-show notes you keep short and with a purpose. What may go you have destroyed confidentially at a fine level, with a certificate as proof. That way you protect your guests' data.

Read also: hotels: destroying guest registration data, campsites and holiday parks: destroying guest data, event agencies: destroying attendee lists and the GDPR retention periods cheatsheet.


Have reservation and guest data collected? Request a quote via desnipperaar.nl. Within a few minutes you have a fixed price, including a certificate as proof.

Also relevant: Theme parks: destroying visitor data and Catering companies: destroying customer data.