By using Cloud4Wi you become the Data Controller and you are responsible for the personal data you collect. If you operate in Europe, moreover, you need to comply with GDPR (General Data Protection Regulation).
In order to comply, you need to take a few steps during the setup of the service.
1. Define your Privacy Policy
We provide a solution for our customers to operate their own service. In this scenario, Cloud4Wi operates as a Data Processor, while our customer operates as a Data Controller. It’s essential that our terms and our customer’s terms reflect this. The user of the WiFi hotspots must also be made aware of the role of Cloud4Wi and our customers. It is essential that you review your own privacy policy and make sure it reflects GDPR needs and benefits.
In the Login Profile, you can customize your Privacy Policy text, even in multiple languages.
New accounts come with a default Privacy Policy template, but you are required to review and personalize it. If you don't know where to start from, we can help you by providing some templates, but make sure you review them carefully and to personalize the data related to your organization, such as the name of the company, address, and contacts.
2. Collect consent
The main legal basis for collecting and processing your users’ personal data is the consent. Cloud4Wi products include many features and capabilities that allow us to serve global brands. It is your responsibility to make sure you configure the service in compliance with GDPR and we are here to help you in this process.
The Privacy Policy has to be accepted explicitly. Acceptance checkboxes cannot be pre-checked. Log in to your account and check the settings of the active login profile and:
- make sure you selected the option to get an explicit acceptance of the Terms of Use and Privacy Policies.
- if you are collecting the data for promotional communications, make sure to select the opt-in consent mode
Large Organizations may have established internal practices to comply with. The GDPR and privacy regulation leave space to interpretation and for this reason, we provide you with a set of tools to make the onboarding experience with your practices. This may include creating additional custom opt-ins to be collected from the customer.
3. Identify the users
Visitors should be identifiable as they have the right to reach you out with subject access requests, asking to retrieve the data you hold about them or to delete their personal data. To that extent, it is important to collect enough data about users to permit their identification, for example, their email, social network or phone number.
In the Login Profile, you have full control over what type of data to collect from the users.
If you want to be even more certain that you collect a valid contact point of your users, you can activate the options to validate the email and/or the phone number.
4. Update your company contacts
As controller of your customer data, it is important that your customers know who is controlling their data and how to contact you. To make it even more explicit and at the same time to facilitate your compliance with CAN-SPAM and CASL regulations, we added a Sender section in the Preferences page where you can set the company data that will be appended in the footer of every email to inform your users who is the provider of the service. By default, the footer will be configured using the data from your Account page.
In the same page, you can also add a custom default message that will be appended to all email communication, where you can better explain why your users are receiving that email and eventually how to reach you.
By personalizing the email address from which the emails are sent, your customer can better identify who is sending the emails to them.
When using Cloud4Wi default SMTP service, you can configure your e-mail address as the default sender for your messages in the Sender section into the Preferences page, under Configure your default email settings. If you use your own SMTP, this option is not available since you can customize this parameter directly on your SMTP server configuration.
The procedure requires you to validate the email address you chose in order to avoid spam filters; we are going to explain it step by step. Check here the full user guide.
Read our Data Processing Agreement
To comply with the new laws, added a Data Processing Addendum (DPA) to our Terms of Service and updated our Master Subscription Agreement (MSA) to reflect the new requirements. We encourage you to review them.
If you would like a countersigned copy, please contact our team and privacy@cloud4wi.com