Last Updated: September 26, 2016
1. EU-US PRIVACY SHIELD FRAMEWORK
Cloud4Wi has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
2. US-SWISS SAFE HARBOR FRAMEWORK
Cloud4Wi complies with the US - Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal data from Switzerland. Cloud4Wi has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the US-Swiss Safe Harbor program, and to view Cloud4Wi's certification, please visit http://www.export.gov/safeharbor.
Cloud4Wi has further committed to refer unresolved privacy complaints under the US-Swiss Safe Harbor to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.
3. MOBILE LOCATION ANALYTICS CODE OF CONDUCT
Cloud4Wi also complies with the Mobile Location Analytics Code of Conduct . This code was established as an industry-wide standard for protecting the privacy of consumers when dealing with their mobile device data obtained during visits to venues where our Customers are using our Platform. It also defines rules of engagement for technology companies like Cloud4Wi to inform consumers about location analysis and provide an easy way to opt-out. For more information about the use of location data collection and analytics and your choices, see https://smart-places.org/.
4. WHAT WE DO
Cloud4Wi provides businesses with an open Wi-Fi engagement platform that enhances Guest Wi-Fi access at venues.
Our Customers can choose to operate our Platform entirely on their own, or we may operate our Platform on their behalf as online services. To understand what our Customers do with the information they receive from us or collect directly, please consult their privacy policies directly. This Policy applies to information and data we collect when we operate the Platform on behalf of our Customers.
When our Customers request us to provide the service for them, we collect information on their behalf, and Customers share some information, including aggregate information, with Cloud4Wi. Aggregate information is information collected about a group of category of users, services, or devices that is not personally identifiable or from which individual identifies are removed. We may use aggregate information to measure overall industry trends and we may provide aggregated information to our entire Customer base.
Cloud4Wi will provide notice in clear and conspicuous language when you are first asked to provide personal information to us, or as soon as possible thereafter, and in any event before we use or disclose the information for a purpose other than the original purpose for which it was collected. Where Cloud4Wi receives personal information from its subsidiaries, affiliates or other entities in the EU, we will use and disclose such information in accordance with the notices provided by such entities and the choices made by individuals regarding their personal information.
6. WHAT WE COLLECT
Our Platform collects different types of information during your visit to a venue where our Customers are using our Platform.
- Mobile Location Detection Services
When you walk with your device (with its Wi-Fi and/or Bluetooth function enabled) into a venue where our Customers are using our Platform, our Platform senses the following: the presence of the device, its signal strength, its manufacturer (Apple, Samsung, etc.), the geographic position and a unique identifier known as its Media Access Control (MAC) address. This combination of numbers and letters identifies a specific device to the surrounding Wi-Fi or Bluetooth networks. Because the MAC Address does not disclose the device owner's real-world identity nor any personal data, that information is never collected. We promptly de-identify and de-personalize any MAC addresses we collect.
We do not collect or use data in adverse manner for the following purposes: employment eligibility, promotion or retention; credit eligibility; health care treatment eligibility; and insurance eligibility pricing or terms.
We collect and aggregate only anonymous data from your device into reports we prepare on behalf of our Customers. These reports are used by our Customers for varied purposes, such as to improve venue layouts, determine timing for promotions and sales, measure the effects of advertising, and set staffing levels and venue hours.
- Guest Wi-Fi Services
When you use the guest Wi-Fi services provided by our Customers at venues, registration is sometimes required. Registration information is sent to us, but the exact nature of the information categories requested is determined by our Customers when they create the user registration process. The personal information you may provide includes, for example, full name, address, telephone number, email address or demographic information (e.g. date of birth, gender, geographic area and preferences).
Personal information may include also the information from your social media account through which you access the services (e.g. Facebook, Twitter, Linkedin, Google+, VKontakte). This information is taken from your social media access page and is subject to your privacy settings.
When you use the guest Wi-Fi services provided by our Customers at venues, some information is collected automatically. This information includes, for example, the unique device identifiers known as MAC Address, device type and model, operating system, browser type and language, your browser's Internet Protocol address, start and stop timestamps of your connections, amount of traffic, hotspot from which you are connected, and the logout reason type.
Since Cloud4Wi collects this data on its Customer's behalf, the purpose(s) for collection vary between Customers. Therefore, you should consult the Customer's privacy policies directly to understand what your data is being used for.
Cookies are data files placed on a device when it is used to access the services ("Cookies"). We use temporary technical Cookies, which expire 24 hours after you access the splash portal (that is the registration page), to ensure that you access the same splash portal during the 24-hour time frame.
8. HOW WE USE YOUR INFORMATION AND WHO WE SHARE YOUR INFORMATION WITH
Cloud4Wi only transfers your personal information to third parties under an agreement that limits and specifies the purpose(s) for processing your information, consistent with any notice provided to you and your consent. In addition, third parties will be contractually required to provide the same level of protection as the Privacy Shield Principles and this Policy, or they will have to notify us if they can no longer meet these obligations. If the third party is an agent, then Cloud4Wi will also take reasonable and appropriate steps to ensure that the agent effectively processes your personal information consistent with the Principles and this Policy. In the event that a third party cannot provide the same level of protection, then Cloud4Wi will require that the third party cease processing your information or take reasonable and appropriate steps to remediate. Upon request by the Department of Commerce, Cloud4Wi will also provide a summary or a representative copy of the relevant privacy provisions of its agreement with a third party agent.
Generally, we use your information to provide services to you and our Customers, to maintain and operate our business, and to analyze our performance and business. Our Customers, as third party data controllers, have access to most of the information we collect on their behalf. Their use of information is governed by their privacy policies and practices, and our Customers may direct us to share information we collect on their behalf with third parties. To understand what our Customers do with the information they receive from us or collect directly, please consult their privacy policies directly.
We also contract with qualified, respected third-party service providers (also known as "third party agents"), such as virtual hosting infrastructure providers (e.g. Amazon Web Services), to host our servers and databases and to provide other services to us. We request that our service providers to agree not to access or use any information they may have access to while providing services to Cloud4Wi other than as specified by us and for the purpose for which it was originally collected.
In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, Cloud4Wi is potentially liable.
Notwithstanding anything to the contrary of this Policy, we may preserve or disclose your information if we believe that it is reasonably necessary to comply with a law, regulation, or legal request or to protect the safety, property, or rights of Cloud4Wi or others. However nothing in this Policy is intended to limit any legal defenses or objections that you may have to a third party or government request to disclose your information. We also may be required to disclose an individual's personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
If Cloud4Wi is involved in a bankruptcy, merger, acquisition, reorganization, or sales of assets, or similar transaction, your information may be sold or transferred as part of that transaction. The promises in this Policy will apply to your information as transferred to the new entity, including your right to request to opt-out of the services.
When our Customers operate our Platform on their own, we do not obtain your information and our Customers decide whom they share your information with. Therefore, please review their privacy policies.
9. WHERE WE STORE YOUR INFORMATION
As of the date of this Policy, we store information in Ireland. We may add additional storage sites in the EU, Switzerland or US without notice.
We may transfer your data from your own country to other countries in connection with storage and processing of data, fulfilling your requests and operating the services. If we collect your data in the EU, your data will not be transferred to a country or territory outside the EU.
Please note that each country has its own privacy and data security laws, some of which may be less stringent as compared to those of your own country.
When our Customers operate our Platform on their own, they decide where to store your information, thus you are advised to review their privacy policies.
10. HOW LONG WE RETAIN YOUR INFORMATION
Cloud4Wi retains personal information only for as long as it serves a purpose of processing. Generally, we retain your information in our regular business records while you are a user of the services provided by our Customers. We also retain this information for 24 months after you are no longer a user or until it is no longer needed for the purposes for which it was collected.
When our Customers operate our Platform on their own, they decide how long your information will be retained, thus you are advised to review their privacy policies.
11. SECURITY MEASURES WE USE
We take reasonable and appropriate precautions to protect the safety and security of the information we collect and store. Once information is received by our online services, we generally encrypt it as it passes between our internal services, and while it is at rest. We also take steps, like employing firewalls and authentication, to safeguard your information and prevent unauthorized access, loss, misuse, disclosure, alteration and destruction. For more details, please visit www.support.cloud4wi.com/security-tools.
Mobile Location Detection Services information is transferred securely and then "hashed" before it is stored on virtual hosting infrastructures. Once a MAC Address is hashed, we will not attempt to re-identify the original MAC Address from that data. Hashed data cannot be reverse-engineered by a third party to reveal a device's MAC address.
When our Customers operate our Platform on their own, they are responsible for maintaining the security of your information.
We do not knowingly collect information from anyone under the age of 13 unless we first obtain permission from that child's parent or legal guardian. If we learn that we have collected information from a child under the age of 13 on our Platform, we will delete that information as quickly as possible.
If you become aware that your child has provided us with personal information without your consent, please contact us at email@example.com.
13. DATA INTEGRITY AND PURPOSE LIMITATION
Where Cloud4Wi is collecting your personal information on behalf of a Customer, we will only use your personal information in ways that are compatible with the purpose(s) for which it was collected or subsequently authorized to be collected by you. Compatible purposes include those that reasonably serve customer relations, compliance and legal considerations, auditing, security and fraud prevention, preserving or defending Cloud4Wi's legal rights, or other purposes consistent with the expectations of a reasonable person given the context of the collection. We will take reasonable steps to ensure that the personal information we collect is reliable for its intended use, accurate, complete and current.
14. ACCESS TO YOUR INFORMATION
Cloud4Wi acknowledges that EU individuals have the right to access the personal information that we maintain about them. If you wish to access, correct, amend or delete any personal information that we may have about you, you may submit a request to firstname.lastname@example.org. If you provide us with sufficient information to identify you and verify your identity, we will use reasonable efforts to comply with your request.
When our Customers operate our Platform on their own, please submit your request to them directly.
15. CHOICE TO OPT OUT OF MOBILE LOCATION DETECTION SERVICES AND OTHER USES
If you don't want your device to be detected for Mobile Location Detection Services, you can opt out by submitting your MAC address here. We will remove any existing data about that MAC address and will collect no further data about that MAC address in the future. If you use an iOS 8 device, please note that you may have to opt-out repeatedly because the MAC address of iOS 8 devices changes periodically. Therefore, any prior opt out will be reset when the device's MAC address changes.
You can also opt out of our sharing your data with third parties (aside from our Customers and as required for our operations), or from sending you notices or emails, by emailing us at email@example.com.
For sensitive information (i.e., personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual), Cloud4Wi will obtain express consent from you if such information will be disclosed to a third party or used for a purpose other than those for which it was originally collected or subsequently authorized by you.
Our Customers may have their own opt-out provisions in their privacy policies, so please review them as well. Sending us your opt-out request will not opt you out of our Customer's sharing or contact policy, or the Mobile Location Detection Services detection; you need to opt out of each service separately if you wish to do so.
16. RECOURSE, ENFORCEMENT AND LIABILITY
Cloud4Wi is dedicated to ensuring that its privacy practices are in compliance with the Principles and this Policy. Any employee that we determine is in violation of this Policy will be subject to disciplinary action up to, and including, termination of employment.
We encourage you to direct any questions, concerns or complaints regarding the collection and use of your personal information to the Cloud4Wi data protection officer (contact information provided below). We will investigate and work expeditiously to resolve any complaints or disputes in accordance with the Principles and this Policy. If we do not provide a timely response to you, or you are not satisfied with the way we have handled your matter, please contact the appropriate independent dispute resolution mechanisms identified in the beginning of this Policy. The services of both the Safe Harbor and Privacy Shield BBB are provided to you at no cost.
We promise to do our best to remedy any problems arising out of the failure to comply with the Principles, including taking responsibility for a third party agent's processing of personal information received under the Privacy Shield. If the third party agent does not process your personal information consistent with this Policy and the Principles, and Cloud4Wi is responsible for the events giving rise to the damage you have incurred, then we remain liable to you under the Principles.
Cloud4Wi is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
17. AMENDMENTS TO THIS POLICY
When our Customers operate our Platform on their own, please consult their amendment policies directly.
18. CONTACT INFORMATION
If you have any questions or comments about this Policy, please contact Cloud4Wi using the following contact information:
ATTN: Data Protection Officer
363 Clementina St.
San Francisco, 94103, California
United States of America