WiFi Wales Privacy Policy
1 Privacy Policy Statement
This is our privacy policy from the 25th May 2018 in compliance with the General Data Protection Regulations (the GDPR). Again, this sets out how we will treat both you and your personal data, but reflects changes to your rights and our obligations introduced as a result of the GDPR. During the course of our activities, WiFi Wales Communications Limited of 8 Crud Yr Awel, Denbigh, LL16 5YH, will collect, store and process data about users of our website at wifi.wales and our Wi-Fi services (you).
2 About this Policy
2.1 The personal data (personal data or information) that we hold about you, which may be held on paper or on a computer or other media, is subject to certain legal safeguards specified in the GDPR and other regulations.
2.2 This policy sets out the basis on which we will process any personal data we collect from you, or that is provided to us by you or from other sources.
3 What information we may hold about you
3.1 Information you give us. This is information about you that you give us by registering to use our WiFi service, filling in forms, including completing a survey, on our website at www.wifi.wales (our website) or by corresponding with us by phone, e-mail or otherwise. It is the information you provide when you register with us and when you report a problem with our website or services. The information you give us and we hold about you may include your name, address, age, phone number email address, billing details, subscription history as well as device identifiers and usage (applications and browsing history).
3.2 Information we collect about you. With regard to each of your visits to our website we will collect the following information:
3.2.1 technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
3.2.2 information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.
3.3 Information we receive from other sources. This is information we receive about you if you use any of the other services we provide. In this case we will have asked for your consent when we collected that personal data if we intended to share that personal data internally and combine it with data collected on our website. We will also have told you for what purpose we will share and combine your personal data. We work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies). We will notify you when we receive information about you from them and the purposes for which we intend to use that information.
3.4 How do we use your personal data
We are required by law to provide you with information about the purposes for which we use your information and the legal justification for us to use that information. For example, there may be legal justification for us to use your personal data where
3.4.1 We need to use your information to perform a contract with you or to fulfil a request originated by you
3.4.2 You have given your consent for us using your information
3.4.3 Using your information is in our legitimate business interests (provided these interests are balanced against your rights)
3.4.4 We need to process your personal data to comply with legal obligations to which we are subject
4 Why and How we collect customer information
We use information held about you to provide our services in the form of our website and/or our WiFi services. We use your information in the following ways:
4.1 Information you give to us. We will use this information:
4.1.1 to provide our WiFi services to you according to any contract entered into between you and us and to provide you with the information, products and services that you request from us, including by email and mobile push notifications;
4.1.2 to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
4.1.3 to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, and where we permit selected third parties to use your personal data, we (or they) will contact you by electronic means only if you have consented to this. If you do not want us to use your personal data in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box situated on the form on which we collect your personal data (the registration form);
4.1.4 to notify you about changes to our services; and/or
4.1.5 to ensure that content from our website is presented in the most effective manner for you and for your computer.
4.2 Information we collect about you. We will use this information:
4.2.1 to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
4.2.2 to improve our website to ensure that content is presented in the most effective manner for you and for your computer;
4.2.3 to allow you to participate in interactive features of our service, when you choose to do so;
4.2.4 as part of our efforts to keep our website safe and secure;
4.2.5 to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and/or
4.2.6 where you have agreed to this, to make suggestions and recommendations to you and other users of our website about goods or services that may interest you or them.
4.3 Information we receive from other sources. We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
5 Lawfulness of processing
5.1 In the course of our business, we may collect and process personal data and are, for that purpose, a controller of the data. This may include data we receive directly from you (for example, by completing forms or by corresponding with us by mail, phone, email or otherwise) and data we receive from other sources (including, for example, business partners, sub-contractors in technical, payment and delivery services, credit reference agencies and others).
5.2 The GDPR is not intended to prevent the processing of personal data, but to ensure that it is done lawfully and without adversely affecting your rights as the data subject.
5.3 We will only process personal data as specifically permitted by the GDPR. We will usually obtain your consent to process your personal data unless one of the exemptions within the GDPR permits processing without your consent.
5.4 For the purposes of processing your personal data we will usually rely on one of the following conditions:
5.4.1 where you have given your consent to the processing your personal data for one or more specific purposes; and/or
5.4.2 processing is necessary for the performance of a contract to which you are a party or in order to take steps you requested prior to entering into a contract with us (for example, a contract for our WiFi services).
6 Principles relating to the processing of Personal Data
6.1 We will process all personal data fairly and in a transparent manner. In particular personal data will be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. All personal data shall be:
6.1.1 adequate, relevant and limited to what is necessary in relation to the purposes for which the personal data is processed;
6.1.2 accurate and, where necessary, kept up to date; every reasonable step will be taken to ensure that personal data which is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay;
6.1.3 kept in a form which permits the identification of you as a data subject for no longer than is necessary for the purposes for which the personal data is processed; and
6.1.4 processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
7 Consent to process personal data
7.1 We shall usually seek your consent to process personal data using clear and plain language. You will have the right to withdraw your consent at any time.
7.2 We will only process and hold your personal data as long as is necessary to provide our services (for example, for the duration of the contract through which we provide our WiFi services to you).
7.3 Where we are providing our Wifi services to you, withdrawing your consent for us to process you personal data may prevent us from providing our services to you. If you still wish to withdraw your consent, you must provide us with any necessary notice to end our provision of services to you as set out in our agreement with you.
8 Your right of access
The GDPR gives you the right to access copies of the information held about you. Your right of access can be exercised in accordance with the GDPR. The first copy of the personal data held about you will be provided free of charge but any subsequent copy will be subject to a reasonable fee based on the administrative costs of providing this information to you.
9 The right to correct or erase personal data and restriction of processing
9.1 You have the right to ensure that we correct the records of any personal data held about you which is inaccurate. You also have the right to ensure that we complete any incomplete personal data held about you.
9.2 You have the right to ensure that we erase your personal data (the right to be forgotten).
9.3 In certain circumstances, such as where you have contested the accuracy of personal data, you have the right to restrict our processing of your personal data.
9.4 Where any rectification or erasure of personal data or restriction of processing has taken place we shall communicate any rectification to you or erasure or restriction of processing to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. We shall, if you request, inform you about those recipients.
10 Your right to request an electronic copy of your personal data
Where you provide personal data you have the right to be provided with a structured, commonly used and machine-readable copy and have the right, in certain circumstances, to ensure that we transmit that personal data to another controller without hindrance.
11 Automated individual decision-making
We do not envisage that any automated decision-making or profiling will be carried out. Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
12 Right to object to direct marketing
You have the right to object to processing for direct marketing purposes. We will always obtain your prior consent before we carry out any direct marketing.
13 Data storage and Data security
13.1 We will take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data and shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access our services or certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
13.2 We will put in place procedures and policies to maintain the security of all personal data from the point of collection to the point of destruction. Personal data will only be transferred to a third party to process that personal data on our behalf if that third party agrees to comply with those procedures and policies, or if that third party puts in place adequate security measures. By default only personal data which is necessary for each specific purpose of the processing shall be processed.
13.3 All information you provide to us is stored on our secure servers within the European Economic Area.
13.4 Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, as described in this policy, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk.
14 Retention of records
We shall only hold your personal data in our records for as long as is required to provide our services to you. Unless we have notice from you that you wish us to terminate our services to you, we shall erase all of our records of your personal data within twenty four months from the last ascertainable point that you accessed our services.
15 Right to complain to the supervisory authority
You have the right to lodge a complaint about the way your personal data has been processed with the Information Commissioner’s Office at any time.
16 Disclosure and sharing of personal information
16.1 We may share personal data we hold with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
16.2 We may also disclose personal data we hold to third parties in circumstances such as the following:
16.2.1 in the event that we sell or buy any business or assets, in which case we may disclose personal data we hold to the prospective seller or buyer of such business or assets;
16.2.2 if we sell all of our assets or substantially all of our assets are acquired by a third party, in which case personal data we hold will be one of the transferred assets;
16.2.3 to provide to business partners, suppliers and sub-contractors for the performance of any contract we enter into with you. Any of these third parties will be required to provide you with a notice that they are processing your personal data if they do so;
16.2.4 where you have provided consent for us to do so, to analytics and search engine providers that assist us in the improvement and optimisation of our website;
16.2.5 where you have provided consent for us to do so, to credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you; and
16.2.6 if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any contract with you or other agreements; or to protect our rights, property, or safety of our employees, customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
17 Notification of a personal data breach
17.1 We shall, without undue delay, and where feasible, not later than 72 hours after having become aware of a personal data breach, notify the personal data breach to the Information Commissioner’s Office, unless the personal data breach is unlikely to result in a risk to your rights and freedoms.
17.2 Where the personal data breach is likely to result in a high risk to your rights and freedoms we shall communicate the personal data breach to you without delay.
18 Contact
Questions, comments and requests regarding this policy are welcomed and should be addressed to [email protected]
19 Other websites
Our website may have links to other websites. This policy only applies to this website and not those of other websites. You should, therefore, read the privacy policies of the other websites when you are using those websites.
20 Changes to this policy
We reserve the right to change this policy at any time. Where appropriate, we will provide you with notice of those changes by post or email.
1 Privacy Policy Statement
This is our privacy policy from the 25th May 2018 in compliance with the General Data Protection Regulations (the GDPR). Again, this sets out how we will treat both you and your personal data, but reflects changes to your rights and our obligations introduced as a result of the GDPR. During the course of our activities, WiFi Wales Communications Limited of 8 Crud Yr Awel, Denbigh, LL16 5YH, will collect, store and process data about users of our website at wifi.wales and our Wi-Fi services (you).
2 About this Policy
2.1 The personal data (personal data or information) that we hold about you, which may be held on paper or on a computer or other media, is subject to certain legal safeguards specified in the GDPR and other regulations.
2.2 This policy sets out the basis on which we will process any personal data we collect from you, or that is provided to us by you or from other sources.
3 What information we may hold about you
3.1 Information you give us. This is information about you that you give us by registering to use our WiFi service, filling in forms, including completing a survey, on our website at www.wifi.wales (our website) or by corresponding with us by phone, e-mail or otherwise. It is the information you provide when you register with us and when you report a problem with our website or services. The information you give us and we hold about you may include your name, address, age, phone number email address, billing details, subscription history as well as device identifiers and usage (applications and browsing history).
3.2 Information we collect about you. With regard to each of your visits to our website we will collect the following information:
3.2.1 technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
3.2.2 information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.
3.3 Information we receive from other sources. This is information we receive about you if you use any of the other services we provide. In this case we will have asked for your consent when we collected that personal data if we intended to share that personal data internally and combine it with data collected on our website. We will also have told you for what purpose we will share and combine your personal data. We work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies). We will notify you when we receive information about you from them and the purposes for which we intend to use that information.
3.4 How do we use your personal data
We are required by law to provide you with information about the purposes for which we use your information and the legal justification for us to use that information. For example, there may be legal justification for us to use your personal data where
3.4.1 We need to use your information to perform a contract with you or to fulfil a request originated by you
3.4.2 You have given your consent for us using your information
3.4.3 Using your information is in our legitimate business interests (provided these interests are balanced against your rights)
3.4.4 We need to process your personal data to comply with legal obligations to which we are subject
4 Why and How we collect customer information
We use information held about you to provide our services in the form of our website and/or our WiFi services. We use your information in the following ways:
4.1 Information you give to us. We will use this information:
4.1.1 to provide our WiFi services to you according to any contract entered into between you and us and to provide you with the information, products and services that you request from us, including by email and mobile push notifications;
4.1.2 to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
4.1.3 to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, and where we permit selected third parties to use your personal data, we (or they) will contact you by electronic means only if you have consented to this. If you do not want us to use your personal data in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box situated on the form on which we collect your personal data (the registration form);
4.1.4 to notify you about changes to our services; and/or
4.1.5 to ensure that content from our website is presented in the most effective manner for you and for your computer.
4.2 Information we collect about you. We will use this information:
4.2.1 to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
4.2.2 to improve our website to ensure that content is presented in the most effective manner for you and for your computer;
4.2.3 to allow you to participate in interactive features of our service, when you choose to do so;
4.2.4 as part of our efforts to keep our website safe and secure;
4.2.5 to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and/or
4.2.6 where you have agreed to this, to make suggestions and recommendations to you and other users of our website about goods or services that may interest you or them.
4.3 Information we receive from other sources. We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
5 Lawfulness of processing
5.1 In the course of our business, we may collect and process personal data and are, for that purpose, a controller of the data. This may include data we receive directly from you (for example, by completing forms or by corresponding with us by mail, phone, email or otherwise) and data we receive from other sources (including, for example, business partners, sub-contractors in technical, payment and delivery services, credit reference agencies and others).
5.2 The GDPR is not intended to prevent the processing of personal data, but to ensure that it is done lawfully and without adversely affecting your rights as the data subject.
5.3 We will only process personal data as specifically permitted by the GDPR. We will usually obtain your consent to process your personal data unless one of the exemptions within the GDPR permits processing without your consent.
5.4 For the purposes of processing your personal data we will usually rely on one of the following conditions:
5.4.1 where you have given your consent to the processing your personal data for one or more specific purposes; and/or
5.4.2 processing is necessary for the performance of a contract to which you are a party or in order to take steps you requested prior to entering into a contract with us (for example, a contract for our WiFi services).
6 Principles relating to the processing of Personal Data
6.1 We will process all personal data fairly and in a transparent manner. In particular personal data will be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. All personal data shall be:
6.1.1 adequate, relevant and limited to what is necessary in relation to the purposes for which the personal data is processed;
6.1.2 accurate and, where necessary, kept up to date; every reasonable step will be taken to ensure that personal data which is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay;
6.1.3 kept in a form which permits the identification of you as a data subject for no longer than is necessary for the purposes for which the personal data is processed; and
6.1.4 processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
7 Consent to process personal data
7.1 We shall usually seek your consent to process personal data using clear and plain language. You will have the right to withdraw your consent at any time.
7.2 We will only process and hold your personal data as long as is necessary to provide our services (for example, for the duration of the contract through which we provide our WiFi services to you).
7.3 Where we are providing our Wifi services to you, withdrawing your consent for us to process you personal data may prevent us from providing our services to you. If you still wish to withdraw your consent, you must provide us with any necessary notice to end our provision of services to you as set out in our agreement with you.
8 Your right of access
The GDPR gives you the right to access copies of the information held about you. Your right of access can be exercised in accordance with the GDPR. The first copy of the personal data held about you will be provided free of charge but any subsequent copy will be subject to a reasonable fee based on the administrative costs of providing this information to you.
9 The right to correct or erase personal data and restriction of processing
9.1 You have the right to ensure that we correct the records of any personal data held about you which is inaccurate. You also have the right to ensure that we complete any incomplete personal data held about you.
9.2 You have the right to ensure that we erase your personal data (the right to be forgotten).
9.3 In certain circumstances, such as where you have contested the accuracy of personal data, you have the right to restrict our processing of your personal data.
9.4 Where any rectification or erasure of personal data or restriction of processing has taken place we shall communicate any rectification to you or erasure or restriction of processing to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. We shall, if you request, inform you about those recipients.
10 Your right to request an electronic copy of your personal data
Where you provide personal data you have the right to be provided with a structured, commonly used and machine-readable copy and have the right, in certain circumstances, to ensure that we transmit that personal data to another controller without hindrance.
11 Automated individual decision-making
We do not envisage that any automated decision-making or profiling will be carried out. Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
12 Right to object to direct marketing
You have the right to object to processing for direct marketing purposes. We will always obtain your prior consent before we carry out any direct marketing.
13 Data storage and Data security
13.1 We will take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data and shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access our services or certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
13.2 We will put in place procedures and policies to maintain the security of all personal data from the point of collection to the point of destruction. Personal data will only be transferred to a third party to process that personal data on our behalf if that third party agrees to comply with those procedures and policies, or if that third party puts in place adequate security measures. By default only personal data which is necessary for each specific purpose of the processing shall be processed.
13.3 All information you provide to us is stored on our secure servers within the European Economic Area.
13.4 Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, as described in this policy, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk.
14 Retention of records
We shall only hold your personal data in our records for as long as is required to provide our services to you. Unless we have notice from you that you wish us to terminate our services to you, we shall erase all of our records of your personal data within twenty four months from the last ascertainable point that you accessed our services.
15 Right to complain to the supervisory authority
You have the right to lodge a complaint about the way your personal data has been processed with the Information Commissioner’s Office at any time.
16 Disclosure and sharing of personal information
16.1 We may share personal data we hold with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
16.2 We may also disclose personal data we hold to third parties in circumstances such as the following:
16.2.1 in the event that we sell or buy any business or assets, in which case we may disclose personal data we hold to the prospective seller or buyer of such business or assets;
16.2.2 if we sell all of our assets or substantially all of our assets are acquired by a third party, in which case personal data we hold will be one of the transferred assets;
16.2.3 to provide to business partners, suppliers and sub-contractors for the performance of any contract we enter into with you. Any of these third parties will be required to provide you with a notice that they are processing your personal data if they do so;
16.2.4 where you have provided consent for us to do so, to analytics and search engine providers that assist us in the improvement and optimisation of our website;
16.2.5 where you have provided consent for us to do so, to credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you; and
16.2.6 if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any contract with you or other agreements; or to protect our rights, property, or safety of our employees, customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
17 Notification of a personal data breach
17.1 We shall, without undue delay, and where feasible, not later than 72 hours after having become aware of a personal data breach, notify the personal data breach to the Information Commissioner’s Office, unless the personal data breach is unlikely to result in a risk to your rights and freedoms.
17.2 Where the personal data breach is likely to result in a high risk to your rights and freedoms we shall communicate the personal data breach to you without delay.
18 Contact
Questions, comments and requests regarding this policy are welcomed and should be addressed to [email protected]
19 Other websites
Our website may have links to other websites. This policy only applies to this website and not those of other websites. You should, therefore, read the privacy policies of the other websites when you are using those websites.
20 Changes to this policy
We reserve the right to change this policy at any time. Where appropriate, we will provide you with notice of those changes by post or email.