Legal questions and GDPR standard concerns using Cloudi-Fi captive portal solution are answered there.
Is Cloudi-Fi's cloud-based captive portal compliant with GDPR?
Yes
What is Cloudi-Fi relevant Supervisory Authority?
CNIL (France)
Is there any personal data hosted in the EU and being transferred outside the UE under this process?
Personal data hosted in the EU by default, however, Cloudi-Fi may transfer the personal data outside of EU when required in compliance with applicable laws.
Who is responsible for Data Privacy and compliance for our company data?
Cloudi-Fi Customer Success and Security teams are in charge of data privacy support and oversight provided by the Data Protection Officer.
How do you provide adequate responses to users’ privacy requests? (data access, portability, modification, erasure, amendment..)?
Cloudi-Fi provides a portal which the user can use to visualize and eventually take action about data stored.
What is the process for modifying users’ data?
Individuals can view their details through the user portal and make changes directly.
What processes and SLAs will you use to ensure timely reporting of suspected breaches or incidents?
There will be an initial notification to all registered Cloudi-Fi administrators within 24 hours after a breach has been confirmed, and a full report will be sent within 72 hours.
Which users’ data is collected? Which method is being used?
Data is collected with WiFi login and use (either via user input web form or from social network connect after user permission is granted), typical: name, social ID, date of birth, email, MAC/IP address. The information requested is configurable by the customer. Cloudi-Fi can also capture location data, network/device data (IP addresses, connection times, data usage) and operational data (session state, etc). No financial data is collected.
What is the data retention policy?
Pseudonymised transaction logs are stored for one year. PII data for EU individuals is automatically removed after 13 months of inactivity or on request. PII data for other countries may vary depending on local laws.
Are any third parties used to process customers' data?
Zscaler security solutions, when enabled by the customer.
Is there an audit trail that can identify who and what personal data has been accessed?
An entire audit trail is available with data access and portal usage by administrator login, IP and Datetime
Are all personnel required to sign NDA or Confidentiality Agreements as a condition of employment to protect customer information?
Part of standard employment terms
Is there any sensitive data being collected?
Sensitive data is not collected.
What is the physical location of data storage for users in the EU?
In various cities in the EU. Exact locations can be communicated with NDA.
Is customer data available on request in an industry-standard format?
All customer data can be downloaded in CSV format. Data have been normalized with Cloudi-Fi taxonomy.
Is customer data encrypted and segmented among customers?
All data stored by Cloudi-Fi is encrypted at the file system level.
Are there regular vulnerability scans as prescribed by industry best practices?
Performed by an external agency
You can also read this article on our blog for more contextual information on GDPR.