Personalised or Creepy?


Let's Make It Personal

There is no shortage of articles in hotel industry websites and blog telling you that "personalisation" is the way towards recovery or success.

Yes, they're probably right.  Personalisation IS important when you're trying to sell to people.  We all like being treated as individuals.  We all like it when it appears as though we really matter to someone else.  In the absence of eye contact, you can use a name and you can use what you know about behaviour.

(Before you post a comment that you can use eye contact online if you use Zoom/Teams/etc - yes you can but you need to be really, really careful - I promise you I'll address this in another blog post, let's just restrict ourselves to personalisation by name and behaviour today)

I like getting emails from people who use my first name and spell it correctly.  It's an important first step for me.  When an organisation has taken the time to associate my name with their message and has bothered to spell it properly, they deserve nothing less than me at least reading far enough into their email to decide if I'm interested.

In that respect alone, personalisation works.  There is nothing quite so relevant as the use of the first name.

The message can become even more relevant when you combine the name with some behavioural information, gleaned from data gathered during a previous purchase, visit or enquiry.

Getting The Next Sale

"Last time you were with us Mr Smith you bought three thingummies and a widget, would you like to order these in advance for your next visit?"

With a carefully crafted sales message which is relevant to the hilt, you can encourage a repeat purchase by displaying how much you know about this customer.  Making it easy for him to buy from you again.

Or will it?

What if Mr Smith was attending a conference last time he visited?  What if the three thingummies were bottles of champagne, the widget was an adult video and this email message was sent to an email address shared with Mrs Smith who wasn't the person sharing his room on that particular visit?

Did your personalised email risk harm to Mr & Mrs Smith?

With deep personalisation comes deep responsibility.

Make sure you're relevant in the right way...

Relevant or Creepy?

You see, even when you don't make the sort of mistake above, which any of us could, there is a fine line between relevance and creepiness.  Between using personal data responsibly and abusing it.  Sometimes it's a judgement call.  Every time it's a regulation compliance call. The Data Protection Act/GDPR has a set of principles you need to adhere to, with some other added requirements thrown in to promote the safe use of personal data.

It is usually acceptable, indeed it is often necessary, to use personal data to help a customer make a buying decision.  However you need to remember that you don't own that personal data.  It belongs to your customers and they are the ones who decide how you can use it.  At least, they should be.

This decision is usually framed in terms of "consent" but there are other ways you can use personal data lawfully.  As a hotel marketer trying to make a sale, the consent (or other lawful reason) is one thing, the next question you should be asking yourself is,

"Just because I can do this, does it really mean I should?"

  • How many people need to point at you before you feel uncomfortable?
  • How much detail should a message contain before it becomes unnerving?
  • What would happen if all this information fell into the wrong hands?

Personalisation Is Risky

Using people's personal data poses risks to your business.

The risk of not using personal data

Not using personal data at all means you run the risk of not making sales.  No sales, poor sales performance or low margin sales means your business isn't going to be sustainable.  So if you want to make sales at the prices you want, to the people you need to attract, you probably have to use personal data.  Their personal data.  Which includes what you already know about them in terms of their behaviour or what you can find out about them.

You can promote your products without using personal data but the process will usually be more productive if you can personalise in some way.  When you make a sale, you have to use personal data in order to fulfil it.  So why not just accept that it's there, you're going to use it and you might as well use it properly.  Not creepily...

The risks of using personal data

In the past I wrote about personal data being "borrowed".  As a business, you don't own it.  Any of it.  Instead you borrow it from the people who are your customers or whom you want to become your customers.

When you have finished borrowing it, you hand it back.  Intact and unadulterated, safe from harm and not vulnerable to attack.

So far in my experience, most commercial organisations aren't very good at this.  They are either aggressive or careless when collecting personal data, blase about their relationship with their customers, inattentive in the way they store personal data and obtuse when it comes to retaining or disposing of it.

They talk a good game.  How many times have you read the line,

"We take personal data very seriously"

before something questionable happens to your contact details?

What businesses say and what they do with personal data are not necessarily the same thing.  This isn't helped by people in general not being careful enough about how they share their personal data.

Which is why I now follow the maxim that personal data should be treated as toxic.  Toxic to your business.  This approach raises eyebrows and it gets attention.

It can also help to illustrate occasions when using personal data can cause harm or get creepy.  If something can hurt you when you mishandle it, you pay more attention to what you're doing with it.

Let's Make It Creepy

Creepy is when you surprise your customer, not in a good way.  When you cause them to say to themselves, "how did they know that?" or, "why did they think this was appropriate?"

Creepy is when you make your customer think you have some sort of surveillance watching their every move.  To find out what this feels like on a small scale, try searching for something obscure on Google, something you have never been interested in before.  Then take a look at your Facebook newsfeed a few minutes later and see what the adverts are trying to sell you.

Creepy is when you make your customer feel uncomfortable.  For example, digging up detailed information about a previous visit or purchase from a long time ago.

Get this wrong and at the very best you force a customer to go somewhere else.  You also run the risk of getting complaints, damaging your reputation and spending lots of time and money repairing the upset you caused.  That's before we get anywhere near talking about court or regulator action.

Manage Their Privacy

Your challenge is to create the conditions where personalisation can thrive.  Where you can use personal data safely and effectively.

When technology companies encourage you to use "personalisation", they are promoting their own products.  They know how their products work, the rest of us don't.

If you are making the decision to use those technology products, you need to make sure they are working for you, under your control.  You also need to make sure you know what they're doing on your behalf.

Data protection regulations usually make you responsible for whatever these technology companies are doing.  Here is the other side of creepy - not knowing who has access to personal data for which you are responsible.  Not knowing what they might be doing with it, where they are sending it or who they might be targeting with it.

Which means there are a few things you need to have in place before they start working on your behalf.

If you are genuinely serious about privacy and protecting personal data, prove it by holding everyone involved to account.

Here are some issues you should be thinking about - BEFORE you appoint a technology provider:

  1. Data Controller or Data Processor?  If you contract a technology supplier they will usually be a data processor to you as the data controller.  In which case there needs to be a contract between you and this contract should contain specific data protection clauses. 
  2. Agreement - who does what?  The contract noted above should contain details about who is responsible for specific issues and activities.  If you are asked to sign a contract supplied by a technology vendor, seek appropriate advice.
  3. Where are they? Is the technology vendor in the EU?  UK?  USA?  Somewhere else?  You need to know.  Jurisdiction is critical.  Cross-border transfers of personal data are fraught with difficulty for the unwary.
  4. Who handles subject access requests? The data controller is responsible for handling and satisfying subject access requests.  Your technology company should help you with this.  Make sure the agreement says so.
  5. What personal data is processed?  When your technology captures personal data, what exactly does it collect?  I bet it collects more than you thought it did.
  6. Who has access to it? Are there sub-processors involved?  Who else can see the personal data you use?
  7. How is it kept safe?  When it comes to security data protection regulations contain clauses which cover "technical and organisational measures".  How you and your contracted vendors deploy these is up to you and to them.  Make sure you ask them and they respond.
  8. How long is it kept for?  Retention period is an important consideration.  It is one of the contributory factors to the toxicity of personal data.  The longer you keep it, the more vulnerable it is to attack or compromise, the more tixic it is to your business.
  9. How is it disposed of?  Paper shredded?  Secure waste disposal?  Utter and irrectrievable destruction of hard drives?  It all costs money.  Make sure your vendors aren't cutting corners at your expense.
  10. How do you know it has been disposed of?  Make them prove it.

It's About Managing Vulnerability

If people have given you their personal data then "privacy" is rather out of the window.  The fact you have their information and have probably used other businesses to process it means whatever was shared is no longer private.  It is now vulnerable.  And as we noted above, vulnerable data is toxic to anything it touches.

We control that toxicity by managing vulnerability.  When you use technology to personalise your marketing offers to customers, your campaigns will be all the more successful when they seek to reduce vulnerability.

When it works, it creates the right conditions for trust and sales.  When it doesn't work that unmanaged vulnerability erodes trust and kills sales.  So make sure you give yourself a chance by preparing properly.

As for creepiness?  That's a judgement call for you to make.



50% Complete

Two Step

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.