We modelled the Stay Data API and our data practices around the seven key principles of GDPR:
• Lawfulness, fairness, and transparency
• Purpose limitation
• Data minimisation
• Storage limitation
• Integrity and confidentiality (security)
As for purpose limitation and data minimisation, we require a definition of the precise data points your use case requires and will only process and store these data points. This ensures that if you build software that doesn't depend on personal information, you'll never be exposed to it. This ensures that we keep the data footprint of everyone involved (software companies, hotels, and Impala) as small as possible.
For more information, download the attached PDF regarding security and data protection at Impala.