Compliance - Guidelines

Generic guidelines and definitions for users of Cloudi-Fi's services

Disclaimer: This article does not constitute legal advice, nor is this information intended to create or rise to the level of an attorney-client relationship. Professional legal advice should be used where appropriate.

Regarding customer data processing, Cloudi-Fi First Principle requires that all personal data are processed lawfully, fairly and in a transparent manner. Our strong privacy-by-design practices provide a solid foundation to immediately address all data privacy requirements. While our customers are responsible for providing comprehensive information to their users, our services involve a shared responsibility across our services.

Cloudi-Fi Terms Of Use are available at the following URL: http://www.cloudi-fi.com/terms-of-use/

Personal data is anything that contains:
Directly identifying information such as a person’s name, surname, phone numbers, etc.
Pseudonymous data or non-directly identifying information, which does not allow the direct identification of users but allows the singling out of individual behaviors (for instance to serve the right ad to the right user at the right moment).

Personal data can be categorised as “sensitive data” and "non sensitive data".

Sensitive data is any data that reveals:

Racial or ethnic origin
Political opinions
Religious or philosophical beliefs
Trade union membership
Genetic data
Biometric data for the purpose of uniquely identifying a natural person
Data concerning health or a natural person’s sex life and/or sexual orientation

By nature, the data that Cloudi-Fi collects and processes for its customers does not qualify as sensitive data as defined by the GDPR.

What type of personal, non-sensitive data does Cloudi-Fi collect?
Cookie IDs
Email addresses, phone numbers, or any customer ID that they explicitely agree to give when login to Wi-Fi
Any other technical identifiers that allow Cloudi-Fi to single out individual behavior without directly identifying the individuals
Legitimate Interest and Unambiguous Consent

Of the six bases for data collection and data processing in Europe, we believe for businesses in the marketing or digital marketing industry or for those who collect data for the purposes of marketing, the two applicable bases are:  (1) unambiguous consent of the individual and (2) legitimate interest of the data controller.

First, the legitimate interest of the data controller may include direct marketing purposes. And second, unambiguous user consent, including a user explicitly accepting the Terms Of Use before login, can be a basis for the collection and processing of non-sensitive personal data.

Legal requirements are different depending on the country where the service is executed. Cloudi-Fi customers, being the Internet Service Provider of the guest Wi-Fi services also take responsibility to their users in delivering the service and as such should also adopt this First Principle and eventual local regulations. 

Generic guidelines:
The customer decides of the captive portal format and of which data are collected from the end user.
The user always give his consent before to share some non sensitive data.
All data collected are parsed and treated to match Cloudi-Fi taxonomy
When using third party for login (social network connect for instance), only the public data with the consent of the user are collected.
Logs are stored for a duration and in a location in compliance with local regulations. Please see additional articles to have specifics about your country. Feel free to reach out to us should you have any specific concerns about your country privacy@cloudi-fi.com.