I am a software engineer and I am building a software product referring to hotels. The main goal is to allow hotel customers to checkin prior to their physical presence on the hotel from their mobile device.
From a bussiness point of view this is a three-step process:
1. The user takes a photograph of their personal ID or their passport.
2. The user fills out a form with all the details of the hotel's terms of service.
3. This user digitally signs for all the above.
There is no technical issue on performing these operations. However questions arise concerning GDPR restrictions on how to forward the files to the hotel stuff.
Should I store these files on the server then send them with an email to the hotel stuff and then delete them?
Is there any other recommended way of doing this proceess?