Dear Patronscan.
I am fascinated by your novel solution to patron identification. But I have some concerns in implementing it.
If I am faced with a GDPR Subject Access Request (SAR) for the blacklisting data affecting said individual requestor, how do I comply with such a request? If unable, will you offer legal indemnity for failure to respond to such a request within 40 calendar days?
EDIT: (continuing)
In the event that the implemented technology is determined in violation of these rules, will it be my bar establishment, or will it be Patronscan that will carry the responsibility for paying said fines (the greater of 20M euro or 4% of business gross revenue, whichever is greater.)
EDIT: Minor word changes, noted with strike-thru above.
