Privacy Statement
Introduction
Download our Privacy Statement in PDF (in Dutch)
Thank you for choosing to use our ‘publicroam’ service. In this document, which we have called the ‘Privacy Statement’, we explain which personal data we process when you use publicroam, what we do with this data, how we ensure the security of your data and what rights you have in connection with your privacy.
The Privacy Statement is described per article below.
Disclaimer: the English translation of this privacy statement is for information purposes only. In case of any legal dispute, the Dutch version shall prevail.
We are Publicroam B.V., located in Zeist at Driebergseweg 2 and registered with the Chamber of Commerce at number 70318433.
Publicroam is an authentication service for WiFi networks. By using publicroam for the first time you create a ‘publicroam account’ (which can be regarded as a kind of virtual identity) with which you can connect securely and very easily to WiFi networks of organizations that use publicroam (hereinafter we call these organizations ‘host organizations’ and their WiFi networks ‘host WiFi networks’).
It’s important to understand that publicroam is not an internet access service or other (tele)communication service. The publicroam service only verifies your virtual identity (using your publicroam account) so that you as a user can use the host organization’s WiFi host network in an authenticated manner.
Publicroam provides the service access to WiFi host networks, we don’t trade in data. This means that we don’t collect and resell personal data and that we don’t track you. And that will never happen. The collected data is only needed for authentication and to ensure that the service works properly. So no user profiles, no personalized ads and no sneaky hassles.
Our policy is that personal data is carefully processed and secured. This means that:
– it’s clearly stated for which purposes your personal data are processed;
– explicit permission is requested to process your personal data in cases permission is required;
– the collection of personal data is limited to only the data necessary for the purposes for which they are processed;
– personal data won’t be passed on to third parties, unless this is necessary to provide the requested service or if there’s a legal obligation to do so;
– when personal data is shared with third parties, agreements are made to ensure that it’s not used for other purposes;
– appropriate security measures are taken to protect personal data.
Publicroam helps ensure security for you, the other WiFi host network users and the host organization. Security experts generally advise against using public WiFi networks without such security, as it would easily allow unauthorized persons to gain access to your device (e.g. your laptop, smartphone or tablet) and the data you store on it.
For your safety, it’s therefore recommended that you only use public Wi- Fi networks if they use publicroam or similar security. If you want to know more about publicroam security, read more under the heading ‘security’.
This Privacy Statement applies to (1) our processing of your data when using publicroam and also (2) the processing by the host organization that gives you access to a WiFi host network.
Host organizations can provide further information and explanations about the way in which they process data within the framework of this Privacy Statement in their own privacy statement, available at least on their own website. In addition, the host organizations always have the option to make further agreements with you about the way they process your data. For example by making their own privacy statement available to you, before they (further) process your data. Such agreements must always be in line with our policy for processing and securing personal data.
Data for which we are responsible:
Publicroam account
If you connect to a host WiFi network of a host organization using publicroam, we’re responsible for processing the data in your publicroam account for the purpose of authentication.
This concerns the following data:
– Your Publicroam username and password
– Your email adress
– Your mobile number
– Times and location of application and activation of the publicroam account
– Organization(s) where you request and activate the publicroam account
– SMS traffic data for requesting a publicroam account
– Content SMS messages for requesting a publicroam account
– Information about your device
Retention period data publicroam account
Your publicroam username and password, email address, mobile number, and location/time of account request and activation will be retained for as long as your publicroam account is maintained. You can cancel your publicroam account at any time. If you don’t use publicroam for 12 months, your publicroam account will be automatically terminated. Your data will be deleted no later than six months after your cancellation or termination. We store the other data, including the MAC address and data about the WiFi host network to which you are connected or have sought a connection, for a maximum of three months. However, if we’re legally obliged to store longer, we’ll comply with this obligation. Data that have been reported due to misuse or suspected misuse can be kept for as long as necessary, in order to definitively determine whether there was misuse and to take any legal measures against it.
Support
We’re also responsible for the processing of your data if you contact our support. This may include your email address, first and last name, telephone number and other personal data that you provide to us. This data will be deleted within 3 months after we consider your question to be fully resolved.
Service messages
If you have a publicroam account, we process data to send you service messages, such as security updates. This can be your email address and your phone number. This data will be kept by us as long as your publicroam account is maintained. You can cancel your publicroam account at any time. Your data will be deleted no later than six months after your cancellation.
Newsletter
If you choose to receive the publicroam newsletter, we’ll process your email address. This is kept by us as long as you are subscribed to our newsletter. You can cancel your subscription to the newsletter at any time via the link in the newsletter.
Data for which the host organization is responsible
Technical usage data WiFi host network
The host organization is responsible for processing all data that the WiFi access point (the device that transmits and receives the WiFi signals from the host network) must further technically process in order to allow you to use the host WiFi network.
This concerns, for example, the following data:
– Your publicroam username
– The MAC address of the device you are using to connect to the host organization’s host WiFi network
– Time and duration of your connection to the host organization WiFi network
– Information about the WiFi access point you are connected to or have tried to connect to
Retention period technical usage data WiFi host network
This data will be kept for a maximum of three months after the connection to the host WiFi network has been terminated, unless the data must be kept longer to prevent misuse, or if we are legally obliged to keep this data longer. In the event that the data must be kept longer to prevent misuse, the data will be kept for as long as necessary to act against the abuse that has been identified, otherwise for a maximum of three months.
Data for which we and the host organization are responsible together
We and the host organization are jointly responsible for certain data, because both we and the host organization can process it and we jointly determine with the host organization why the data is processed and how.
This may concern the following data:
– Your publicroam username
– The MAC address of the device you’re using to connect to the host organization’s WiFi network
– Time and duration of your connection to the host organization’s WiFi network
– Information about the WiFi access point you are connected to or have tried to connect to
Retention period
We will keep your publicroam username as long as your publicroam account is active. The host organization will keep your username for a maximum of three months after the connection to the host WiFi network has been terminated, unless the data must be kept longer to prevent misuse, or if there is a legal obligation to keep this data for longer. In the event that the data must be kept longer to prevent misuse, the data will be kept for as long as necessary to act against the abuse that has been identified, otherwise for a maximum of three months.
Wij verwerken je gegevens uitsluitend om je in staat te stellen om veilig en zeer We only process your data to enable you to connect securely and very easily to WiFi host networks of our host organizations. The legal basis for processing is primarily to perform an agreement with you (Article 6(1)(b) AVG). By using publicroam you also give permission to process your data in accordance with this Privacy Statement (article 6 paragraph 1 sub a AVG). In addition, we can process data on the basis of our legitimate interest to offer publicroam and to protect our services and the connected WiFi host networks against unauthorized access and misuse (Article 6(1)(f) of the AVG). If we’re required by competent authorities or the law to retain data (Article 6(1)(c) of the AVG), we’ll comply with our obligation.
We don’t use your personal data for purposes other than to allow you to use publicroam and the connected WiFi host networks. We never sell your data to third parties.
All employees of publicroam must adhere to this privacy statement and treat your data confidentially. If we engage third parties who can process your personal data for us or on behalf of us, we conclude an agreement (known as a ‘processor agreement’) to guarantee the confidentiality of your data. Third parties that we engage and who can receive your personal data to process it confidentially for us or on behalf of us, can be, for example, a provider of a messaging service with which you receive text messages from publicroam, or a provider of highly secured hosting or data center services.
We and the host organizations can process completely anonymous data to map the use of publicroam and the host WiFi networks in general (on an aggregated level) and to improve these services. We can use this aggregated data, for example how many users are connected on average in a certain time, and in communication with third parties, such as potential customers and the media. This anonymous data can never be traced back to you or another individual user.
We and the host organizations take appropriate measures to ensure your use of the host WiFi networks is as secure as possible. Access to your data is only provided to persons who have a need for processing in connection with their function and the processing purposes as described above. We take the following security measures, among others:
– Technical, organizational and physical security measures for access to our own systems, including: Restrictive access policies based on need-to-know or need-to-process;
– Logical access control on our systems, using passwords;
– Locks, camera surveillance and other physical security measures for areas in which personal data is processed;
– Technical measures for the security of host WiFi networks, including: WPA2 Enterprise and AES support;
– IEEE 802.1X with the Extensible Authentication Protocol (EAP);
– Routable IP addresses;
– VLAN separation.
If you want to know which of your personal data we’ve stored, please contact us via the options listed under ‘contact’. Please mention your mobile number on which you have an account. We’ll contact you within 2 weeks. If the overview provided by us contains inaccuracies, you can request us in writing to change the data or have it removed.
We’ll handle your requests or complaints on behalf of the host organization, unless there’s an account on which abuse has been reported, or where abuse is expected to be reported shortly. In that case, the host organization itself has the option of handling the request or complaint.
In the unlikely event that you have a complaint, you can always contact us via our contact details listed at the bottom of this document. On the basis of privacy legislation, you also always have the right to submit a complaint to the Dutch Data Protection Authority about our processing of your personal data. You can contact the Dutch Data Protection Authority about this via https://autoriteitpersoonsgegevens.nl.
We can adjust this Privacy Statement if necessary. The latest version will always be available on our website. If you want to stay informed of the changes, please check our website regularly. If we want to make a change that requires your permission, we will of course ask for your permission first.
You can contact us by email and phone:
support@publicroam.nl
+ 31 (0)30 – 307 44 99