HostGuard 3-Step Test

Three-Step Test – HostGuard

Data Controller: DIGITIVE

Project: HostGuard – private system for reporting problematic guests

Legal basis: Art. 6(1)(f) GDPR – Legitimate interest

1) Legitimate purpose

Do we pursue a concrete, lawful and legitimate interest?

Purpose: prevent economic/operational damage to hospitality operators caused by serious or unfair guest behaviour.
Context: short-term rentals and hospitality sector lacking effective preventive tools for hosts.
Data types: identification/contact data, behaviour during the stay, booking platform reference.
Rationale: protection against abuse, fraud, extortion attempts, and documented damages.
Outcome: Yes. The interest is legitimate, lawful and demonstrable.

2) Necessity test

Is processing strictly necessary to achieve the purpose?

Reports are used exclusively by manually verified operators.
Data is minimized (only strictly necessary information).
No less intrusive alternative achieves adequate prevention (e.g., public blacklists are unlawful; reviews can be faked; private messages are ineffective).
Outcome: Yes. Processing is necessary in the absence of valid, less intrusive tools.

3) Balancing test

Are the data subject’s rights and freedoms disproportionately affected?

Pseudonymization (e.g., hashing) and data minimization applied.
Reports are visible only to authenticated users approved manually.
No public publication or indexing.
Access is logged and governed by the Privacy Notice and Terms of Use.
No automated decisions, profiling, or service exclusion solely based on reports.
Outcome: The balance is respected. Rights are not disproportionately affected.

Conclusion

Based on the above, HostGuard’s processing is lawful under Art. 6(1)(f) GDPR, as it relies on a documented, necessary and proportionate legitimate interest.

This assessment is kept as evidence of compliance and will be reviewed periodically or in case of substantial changes to processing.