GoBD contra DSGVO: how long can / may / must I store data in 3RPMS®?

Last Updated 6 years ago
The GDPR are the statutory storage obligations under German law. For example, there is an exception to the fundamental obligation to delete if personal data processing is required to fulfill an obligation under German law or EU law (Art. 17 No. 3 GDPR).

The storage according to Art. 17 Nr. 3 DSGVO represents a necessary exemption from the obligation to extinguish.

For general orientation regarding the retention periods, the following applies:

    Documents that serve the booking basis -> usually for ten years

    Other documents (eg business letters, which also include booking confirmations sent by email) -> six years

During this period, deleting the data is inadmissible and may even lead to legal consequences, eg. B. lead in the case of a tax audit.

Note: the period always begins with the expiry of the calendar year in which the last entries, changes or actions were made in the respective documents or commercial letters were received or sent. Under certain conditions, the retention period may also be extended. This is the case if the documents are relevant to taxes for which the period for fixing has not yet expired.

In order to comply with both the DSGVO, the legal retention periods and the GoBD, the following concept has been implemented in 3RPMS®:

    Offers can be deleted at any time, insofar as they have not yet been converted into a reservation.

    Customers linked to an offer or reservation can not be deleted until the associated reservation (s) have been deleted. However, individual customers can be manually anonymized at any time.

    For all other dates, the following deadlines apply:


The specified periods begin with the expiry of the calendar year in which the respective entry was created.

As soon as data is ready for deletion, you will be asked to delete the data in the dashboard. You can then delete or anonymize the data with one click.

Furthermore, it is possible to anonymise individual customer data manually in the guest management. In the case of anonymization, all personal data is deleted, the field Name is replaced by a randomly generated number. Please note that once anonymized data can not be restored!

If you cancel your 3RPMS® contract, you have of course the right to have all data deleted from us. On request, however, we also offer to "freeze" your access, d. H. You can still access your data, but you can not add or edit new data. We offer this service for a flat rate of 120, - € plus VAT per year.

Please Wait!

Please wait... it will take a second!