I understand you provide the system, and you don't provide how the system is managed. So I'm sure your answer is going to be identical for the next one. You don't know how long the data will be kept and when the data will be destroyed. For example, is it only for identity verification, and as soon as identity has been verified the data will be expunged, or once the tourist leaves?
On June 19th, 2012. See this statement in context.