Last Updated: Mar 28th, 2020
IPERA provides enterprises with guest Wi-Fi experience and engagement platform that enhances Guest Wi-Fi access at venues (offices, retail, hotels, theme parks, restaurants, airports, stadiums, etc.)
IPERA Customers can choose to operate our Portal entirely on their own, or we may operate our Portal on their behalf as online services. To understand what our Customers do with the information they receive from us or collect directly, please consult their privacy policies directly. This Policy applies to information and data we collect when we operate the Portal on behalf of our Customers.
When our Customers request us to provide the service for them, we collect information on their behalf, and Customers share some information, including aggregate information, with IPERA. Aggregate information is information collected about a group of category of users, services, or devices that is not personally identifiable or from which individual identifies are removed. We may use aggregate information to measure overall industry trends and we may provide aggregated information to our entire Customer base.
IPERA will provide notice in clear and conspicuous language when you are first asked to provide personal information to us, or as soon as possible thereafter, and in any event before we use or disclose the information for a purpose other than the original purpose for which it was collected. Where IPERA receives personal information from its subsidiaries, we will use and disclose such information in accordance with the notices provided by such entities and the choices made by individuals regarding their personal information.
INFORMATION WE COLLECT
IPERA Portal collects information during your visit to a venue where our Customers are using our Portal.
Wi-Fi Service at our Customers venue
Whenever you use the guest Wi-Fi services provided by our Customers at venues, registration is sometimes required. Registration information is sent to us, but the exact nature of the information categories requested is determined by our Customers when they create the user registration process. The personal information you may provide includes, for example, full name, address, telephone number, email address or demographic information (e.g. date of birth, gender, geographic area and preferences).
When registering with your social media account, Personal information may also include information from your social media account through which you access the guest Wi-Fi services (e.g. Facebook, Twitter, Linkedin, Google+, VKontakte). This information is taken from your social media access page and is subject to your social media privacy settings.
When you use the guest Wi-Fi services provided by our Customers at venues, some information is collected automatically. This information includes, for example, the unique device identifiers known as MAC Address, device type and model, operating system, browser type and language, your browser’s Internet Protocol address, start and stop timestamps of your connections, amount of traffic, hotspot from which you are connected, and the logout reason type.
Since IPERA collects this data on its Customer’s behalf, the purpose(s) for collection vary between Customers. Therefore, you should consult the Customer’s privacy policies directly to understand what your data is being used for.
Location Services Data from Mobile Phone
When you carry your device (with its Wi-Fi and/or Bluetooth function enabled) into a venue where our Customers are using IPERA Portal, our Portal senses the following: the presence of the device, its signal strength, its manufacturer (Apple, Google, Samsung, etc.), the geographic position and a unique identifier known as its Media Access Control (MAC) address. This combination of numbers and letters identifies a specific device to the surrounding Wi-Fi or Bluetooth networks. Because the MAC Address does not disclose the device owner’s real-world identity nor any personal data, that information is never collected. We promptly de-identify and de-personalize any MAC addresses we collect.
We do not collect or use data in adverse manner for the following purposes: employment eligibility, promotion or retention; credit eligibility; health care treatment eligibility; and insurance eligibility pricing or terms.
We collect and aggregate only anonymous data from your device into reports we prepare on behalf of our Customers. These reports are used by our Customers for varied purposes, such as to improve venue layouts, determine the timing for promotions and sales, measure the effects of advertising, and set staffing levels and venue hours.
We also collect the location data of your device to keep track of your visits to the venues of our Customers; this information helps us and our Customers to improve your experience in case you opt-in to receive promotional communications, by allowing sending you a tailored communication also based on your visits and behaviors.
HOW WE USE YOUR INFORMATION AND WHO WE SHARE YOUR INFORMATION WITH
IPERA only transfers your personal information to third parties under an agreement that limits and specifies the purpose(s) for processing your information, consistent with any notice provided to you and your consent. In addition, third parties will be contractually required to provide the same level of protection as this Policy, or they will have to notify us if they can no longer meet these obligations. If the third party is an agent, then IPERA will also take reasonable and appropriate steps to ensure that the agent effectively processes your personal information consistent with the Principles and this Policy. In the event that a third party cannot provide the same level of protection, then IPERA will require that the third party cease processing your information or take reasonable and appropriate steps to remediate. Upon request by the Department of Commerce, IPERA will also provide a summary or a representative copy of the relevant privacy provisions of its agreement with a third party agent.
Generally, we use your information to provide services to you and our Customers, to maintain and operate our business, and to analyze our performance and business. Our Customers, as third party data controllers, have access to most of the information we collect on their behalf. Their use of information is governed by their privacy policies and practices, and our Customers may direct us to share information we collect on their behalf with third parties. To understand what our Customers do with the information they receive from us or collect directly, please consult their privacy policies directly.
We also contract with qualified, respected third-party service providers (also known as “third party agents”), such as virtual hosting infrastructure providers (e.g. Amazon Web Services), to host our servers and databases and to provide other services to us. We request that our service providers to agree not to access or use any information they may have access to while providing services to IPERA other than as specified by us and for the purpose for which it was originally collected.
In cases of onward transfer to third parties of data of EU and/or Swiss individuals received pursuant to the Privacy Shield Frameworks, IPERA is potentially liable.
Notwithstanding anything to the contrary of this Policy, we may preserve or disclose your information if we believe that it is reasonably necessary to comply with a law, regulation, or legal request or to protect the safety, property, or rights of IPERA or others. However, nothing in this Policy is intended to limit any legal defenses or objections that you may have to a third party or government request to disclose your information. We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
If IPERA is involved in a bankruptcy, merger, acquisition, reorganization, or sales of assets, or similar transaction, your information may be sold or transferred as part of that transaction. The promises in this Policy will apply to your information as transferred to the new entity, including your right to request to opt-out of the services.
When our Customers operate our Portal on their own, we do not obtain your information and our Customers decide whom they share your information with. Therefore, please review their privacy policies.
WHERE WE STORE YOUR INFORMATION
As of the date of this Policy, we store information in Frankfurt, Germany. We may add additional storage sites in the EU, Middle East or US without notice.
We may transfer your data from your respective country to other countries in connection with storage and processing of data, fulfilling your requests and operating the services. If we collect your data in the EU, your data will not be transferred to a country or territory outside the EU.
IPERA is committed to adhering to local privacy and data security laws in any jurisdiction where we operate.
When our Customers operate our Portal on their own, they decide where to store your information, thus you are advised to review their privacy policies.
HOW LONG WE RETAIN YOUR INFORMATION
IPERA retains personal information only for as long as it serves a purpose of processing. Generally, we retain your information in our regular business records for as long as you are a user of the services provided by our Customers. We also retain this information for 18 months after you are no longer a user or until it is no longer needed for the purposes for which it was collected.
When our Customers operate our Portal on their own, they decide how long your information will be retained, thus you are advised to review their privacy policies.
SECURITY MEASURES WE USE
We take reasonable precautions to protect the safety and security of the information we collect and store. Once information is received, we generally encrypt it as it passes between our internal services, and also encrypt it at rest. We also take steps, like employing firewalls and authentication, to safeguard your information and prevent unauthorized access to it.
Mobile Location Detection Services information is transferred securely and then “hashed” before it is stored on virtual hosting infrastructures. Once a MAC Address is hashed, we will not attempt to re-identify the original MAC Address from that data. Hashed data cannot be reverse-engineered by a third party to reveal a device’s MAC address.
We do not knowingly collect information from anyone under the age of 16 unless we first obtain permission from that child’s parent or legal guardian. However, if despite our best efforts we learn that we have collected information from a child under the age of 16 on our Portal, we will delete that information as quickly as possible.
If you become aware that your child has provided us with personal information without your consent, please contact us at firstname.lastname@example.org.
DATA INTEGRITY AND PURPOSE LIMITATION
Where IPERA is collecting your personal information on behalf of a Customer, we will only use your personal information in ways that are compatible with the purpose(s) for which it was collected or subsequently authorized to be collected by you. Compatible purposes include those that reasonably serve customer relations, compliance and legal considerations, auditing, security and fraud prevention, preserving or defending IPERA’s legal rights, or other purposes consistent with the expectations of a reasonable person given the context of the collection. We will take reasonable steps to ensure that the personal information we collect is reliable for its intended use, accurate, complete and current.
ACCESS TO YOUR INFORMATION
IPERA acknowledges individuals have the right to access the personal information that we maintain about them.
If you are in the EU you have the following rights:
- The right to receive information about the data processing and a copy of the processed data (right to access, Art. 15 GDPR),
- The right to demand the rectification of inaccurate data or the completion of incomplete data (right to rectification, Art. 16 GDPR),
- The right to demand the erasure of personal data and, in case the personal data have been made public, the information towards other controllers about the request of erasure (right to erasure, Art. 17 GDPR),
- The right to demand the restriction of the data processing (right to restriction of processing, Art. 18 GDPR),
- The right to receive the personal data concerning the data subject in a structured, commonly used and machine-readable format and to request the transmittance of these data to another controller (right to data portability, Art. 20 GDPR),
- The right to object the data processing in order to stop it (right to object, Art. 21 GDPR),
- The right to withdraw a given consent at any time to stop a data processing that is based on your consent. The withdrawal will not affect the lawfulness of the processing based on the consent before the withdrawal (right to withdraw consent, Art. 7 GDPR)
- The right to lodge a complaint with a supervisory authority if you consider the data processing to be an infringement of the GDPR (right to lodge a complaint with a supervisory authority, Art. 77 GDPR).
If you wish to make use of any of the above mentioned rights you may submit a request to privacy@IPERA.com. If you provide us with sufficient information to identify you and verify your identity, we will use reasonable efforts to comply with your request without undue delay and at the latest within 30 days. For repeated or excessive requests, we reserve the right to charge you an administrative fee.
When our Customers operate our Portal on their own, please submit your request to them directly.
CHOICE TO OPT OUT OF MOBILE LOCATION DETECTION SERVICES AND OTHER USES
If you don’t want your device to be detected for Mobile Location Detection Services, you can opt out by sending your Mobile Device MAC address and E-mail and GSM Number that you registered with us (email to email@example.com). We will remove any existing data about that MAC address and will collect no further data about that MAC address in the future. If you use an iOS 8 device, please note that you may have to opt-out repeatedly because the MAC address of iOS 8 devices changes periodically. Therefore, any prior opt out will be reset when the device’s MAC address changes.
You can also opt out of our sharing your data with third parties (aside from our Customers and as required for our operations), or from sending you notices or emails, by emailing us at privacy@IPERA.com.
For sensitive information (i.e., personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual), IPERA will obtain express consent from you if such information will be disclosed to a third party or used for a purpose other than those for which it was originally collected or subsequently authorized by you.
Our Customers may have their own opt-out provisions in their privacy policies, so please review them as well. Sending us your opt-out request will not opt you out of our Customer’s sharing or contact policy, or the Mobile Location Detection Services detection; you need to opt out of each service separately if you wish to do so.
LIABILITY, ENFORCEMENT AND RECOURSE
IPERA is dedicated to ensuring that its privacy practices are in compliance with the Principles and this Policy. Any employee that we determine is in violation of this Policy may be subject to disciplinary action up to, and including, termination of employment.
We encourage you to direct any questions, concerns or complaints regarding the collection and use of your personal information to the IPERA data protection officer (contact information provided below). We will investigate and work expeditiously to resolve any complaints or disputes in accordance with the Principles and this Policy. If we do not provide a timely response to you, or you are not satisfied with the way we have handled your matter, please contact the appropriate independent dispute resolution service identified in the beginning of this Policy.
We promise to do our best to remedy any problems arising out of the failure to comply with the Principles. If the third party agent does not process your personal information consistent with this Policy and the Principles, and IPERA is responsible for the events giving rise to the damage you have incurred, then we remain liable to you under the Principles.
AMENDMENTS TO THIS POLICY
When our Customers operate our Portal on their own, please consult their amendment policies directly.
For any questions or comments about this Policy, kindly contact IPERA using the following contact information:
Subject: Data Protection & Privacy