Terms & Conditions
1.1. This subscription agreement (“Terms”) sets out terms and conditions on which WandaFi Cloud Service (wireless internet access on WandaFi Platform) (“the Service”) is provided by WandaFi (“the Company”) to its Customers, End users (hereinafter jointly referred to as “WandaFi user”) and Resellers.
2.1. “WandaFiCloud Service”means provision of WandaFi Platform to the End-users through Reseller and/or Customer.
2.2. “The Company”is the limited liability company, WandaFi Ltd, having a principal office at 1 Chesterfield Grove, Castleknock, Dublin 15 Ireland, operating as a data processor in respect of personal data protection under the GDPR. All intellectual property rights pertaining to the WandaFi Platform including without limitation copyright shall remain the sole property of the Company.
2.3. “The Customer”is the natural or legal person, public authority, agency or other body, for whose benefit The Company authorizing the use of Service for the purposes of proximity marketing (in connection with its business of tracking consumer responses), operating as a personal data controller in respect of personal data protection under the GDPR. The Customer may use the Service by accepting and signing with the Company WandaFi License Agreement.
2.4. “The Reseller”is the natural or legal person, public authority, agency or other body, for whose benefit The Company authorizing the use of Service for the purposes of resale or distribution, operating as a personal data sub-processor inrespect of personal data protection under the GDPR. The Reseller may use the Service by accepting and signing with the Company WandaFi Reseller Agreement.
2.5. “End User”means a user of a Service who accesses such product through the access data for normal personal use and not for resale or distribution.
2.6. “Personal data”means any information relating to an identified or identifiable natural person ('Data Subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
2.7. “Data controller”– The controller controls personal data and determines how it's used. The responsibilities of the controller include but are not limited to collecting, maintaining, directing actions, protecting, modifying and deleting personal data. The controller either adds users to the system, grants access to the system, and collects data from data subjects, or has employees who complete these tasks on the Company's behalf. The burden of understanding the process for GDPR requests and carrying out a GDPR request rests with the controller.
2.8. “Data processor”– The processor provides services to, and processes data on behalf of, the data controller. The processor performs actions on behalf of the controller. The processor makes it possible for the controller to be GDPR compliant, but has no ownership of the data and does not respond directly to DSR (Data Subject Rights) requests.
2.9. “Data sub-processor”– The processor provides service to, and processes data on behalf of, the data controller jointly with the Data processor. Under Article 28(4) of the GDPR, where a processor engages another processor for carrying out specific processing activities on behalf of the controller, processor have an obligation to impose upon sub-processors "the same" obligations as those imposed upon the processor in the controller-processor contract, in particular providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of GDPR. Where that other processor fails to fulfill its data protection obligations, the initial processor shall remain fully liable to the controller for the performance of that other processor’s obligations.
2.10. “Processing”means any operation or set of operations which is performed on the direct marketing list, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3.1. The Agreement shall ensure that the Company comply with the applicable data protection and privacy legislation (the ”Applicable Law”), including in particular:
The European Parliament and the Council’s Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data that entered into force on 24 May 2016 and will be applicable on 25 May 2018 (“GDPR”).
4.1. The Service is accessible to the WandaFi user at specific URLs designated by the Company in its sole discretion.
4.2. Access to the Service may be blocked, suspended, or terminated at any time for any reason including, but not limited to, violation of this Agreement, actions that may lead to liability for the Company, disruption of access to other users or networks, and violation of applicable laws or regulations.
4.3. The Company reserves the right to monitor and collect information while WandaFi users are connected to the Service and that the collected information can be used at discretion of the Company in strict accordance with GDPR requirements, including sharing the information with any law enforcement agencies and the Company partners operating as Data Controllers in this case.
4.4. The Company may revise this Agreement at any time. WandaFi user must accept this Agreement each time the Service is used and it is responsibility of the WandaFi user to review it for any changes each time.
4.5. The Company reserves the right at all times to withdraw the Service change the specifications or manner of use of the Service, to change access codes, usernames, passwords or other security information necessary to access the service.
IF YOU DO NOT AGREE WITH THESE TERMS, INCLUDING CHANGES THERETO,
DO NOT ACCESS OR USE THE SERVICE.
WandaFi user acknowledges and accepts:
5.1. that the Service may not be uninterrupted or error-free;
5.2. that the device using by WandaFi user for access to Service may be exposed to viruses or other harmful applications through the Service;
5.3. that it is the sole responsibility of the WandaFi user to investigate and assess the Service in order to ensure that it can operate and function in conjunction with the WandaFi user's needs and requirements, including the WandaFi user's Internet access, hardware and software;
5.4. that the Company does not guarantee the security of the Service and that unauthorized third parties may access WandaFi user’s computer or files or otherwise monitor its connection;
5.5. that the Company may in its sole discretion decide to make available upgrades, patches, fixes or the like in connection with the Service to the WandaFi user, and the End user accepts such upgrades, patches, fixes or the like to continue operability;
5.6. that the Company undertakes no obligations or liability with respect to the provision of telecommunication lines, Internet subscriptions or connections or any other technical means necessary for the WandaFi user to access and use the Service or its data and any and all costs and risks in this respect remains solely with the WandaFi user;
5.7. that the Company’s ability to provide the Service to the End user without charge is based on the limited warranty, disclaimer and limitation of liability specified in this Section and it would require a substantial charge if any of these provisions were unenforceable;
Note: The Service and any products or services provided on or in connection with the Service are provided on an "as is", "as available" basis without warranties of any kind. All warranties, conditions, representations, indemnities and guarantees with respect to the content or Service and the operation, capacity, speed, functionality, qualifications, or capabilities of the services, goods or personnel resources provided hereunder, whether express or implied, arising by law, custom, prior oral or written statements by the Company, or otherwise (including, but not limited to any warranty of satisfactory quality, merchantability, fitness for particular purpose, title and non-infringement) are hereby overridden, excluded and disclaimed.
Acceptable use of the Service
6.1. The WandaFi user must not use the Service to access Internet Services, or send or receive e-mails, which:6.1.1. are defamatory, threatening, intimidating or which could be classed as harassment;
6.1.2. contain obscene, profane or abusive language or material;
6.1.3. contain pornographic material (that is text, pictures, films, video clips of a sexually explicit or arousing nature);
6.1.4. contain offensive or derogatory images regarding sex, race, religion, colour, origin, age, physical or mental disability, medical condition or sexual orientation;
6.1.5. contain material which infringe third party’s rights (including intellectual property rights);
6.1.6. in our reasonable opinion may adversely affect the manner in which we carry out our work;
6.1.7. are bulk and/or commercial messages;
6.1.8. contain forged or misrepresented message headers, whether in whole or in part, to mask the originator of the message;
6.1.9. are activities that invade another’s privacy; or
6.1.10. are otherwise unlawful or inappropriate.
6.2. Music, video, pictures, text and other content on the internet are copyright works and WandaFi user should not download, alter, e-mail or otherwise use such content unless certain that the owner of such works has authorized its use by Wanda user.
6.3. WandaFi user must not use the Service to access illegally or without authorization computers, accounts, equipment or networks belonging to another party, or attempting to penetrate security measures of another system. This includes any activity that may be used as a precursor to an attempted system penetration, including, but not limited to, port scans, stealth scans, or other information gathering activity.
6.4. WandaFi user must not use the Service to distribute Internet Viruses, Trojan Horses, or other destructive software.
6.5. The Service is intended for the WandaFi user only. Access to this Service must not be used by WandaFi user for commercial activity.
6.6. Company may terminate or temporarily suspend the Service if we reasonably believe that you are in breach of any provisions of this agreement including but not limited to clauses 5.1 to 5.5 above.
6.7. Company recommends that WandaFi user do not use the Service to transmit or receive any confidential information or data and should WandaFi user’s choose to do so WandaFi user do so at WandaFi user’s own risk.
7.1. WandaFi user must not use the Service to engage in any activity which constitutes or is capable of constituting a criminal offence, either in the Company’s country or in any country throughout the world.7.2. WandaFi user agrees and acknowledges that Company may be required to provide assistance and information to law enforcement, governmental agencies and other authorities.
7.3. WandaFi user agrees and acknowledges that Company will monitor WandaFi user’s activity while it use this Service and keep a log of the Internet Protocol (“IP”) addresses of any devices which access the Service, the times when they have accessed the Service and the activity associated with that IP address.
7.4. WandaFi user further agrees Company is entitled to co-operate with law enforcement authorities and rights-holders in the investigation of any suspected or alleged illegal activity by WandaFi user which may include, but is not limited to, disclosure of such information as we have (whether pursuant to clause 6.3 or otherwise), and is entitled to provide by law, to law enforcement authorities or rights-holders.
8.1. Personal data.
Personal data is anything that contains:
Directly identifying information such as a person’s name, surname, phone numbers, etc.
Pseudonymous data or non-directly identifying information, which does not allow the direct identification of users but allows the singling out of individual behaviors (for instance to serve the right at to the right user at the right moment).
Personal data is classified into two categories: sensitive and non-sensitive (pseudonymous) data.
Sensitive data is any data that reveals: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or a natural person’s sex life and/or sexual orientation.
Pseudonymous data includes: cookie IDs, hashed e-mail addresses, mobile advertising IDs, any other technical identifiers that allow Company to single out individual behavior without directly identifying the individuals.
By nature, the majority of data that Company collects and processes for Data collectors partners does not qualify as sensitive data and this in turn reduce the risks to the data subjects concerned and help controllers and processors to meet their data-protection obligations.
The Company collects and processes the personal data for businesses in the marketing or digital marketing industry or for those who collect data for the purposes of marketing, on the six bases: (1) the vital interest of the individual, (2) the public interest, (3) contractual necessity, (4) compliance with legal obligations, (5) unambiguous consent of the individual and (6) legitimate interest of the data controller.
The Company’s request for consent is given in an easy to understand plain language and it is in an easily accessible form, with the purpose for data processing attach to that consent. Consent is distinguishable from other matters such as using the service and is freely given and easy to withdraw, as easy as it was for a customer to give it. Consent is prominent and separate from this Terms.
Specific information: “To be valid, consent must be specific and based on appropriate information provided to the individual (the explanation on what is required and what will the data be used for is provided). In other words, blanket consent without specifying the exact purpose of the data processing is not acceptable.”
Timing: “As a general rule, consent has to be given before the data processing starts.”
Active choice: “Consent must be unambiguous. Therefore the procedure to seek and give consent must leave no doubt as to the data subject’s intention. There are in principle no limits to the form consent can take. However, for consent to be valid it should be an active indication of the user’s wishes. The opt-in is managed on unticked box bases. The minimum expression of an indication could be any kind of signal, sufficiently clear to be capable of indicating a data subject’s wishes, and to be understandable by the data controller.”
Freely given: “Consent can only be valid if the data subject is able to exercise a real choice, and there is no risk of deception, intimidation, coercion or significant negative consequences if he/she does not consent.”
Age: “Where there is a potential for Service being accessible by children (if they are under 16, some countries, like UK, may be lowered to a minimum of 13), Company must have a parental consent and age verification in place.”
Withdrawal:“End user can withdraw its consent at any time”.
Recording:“To be valid, consent must be demonstrated (keeping a record of date & time, location) and reviewed from time to time whether the data, that Company has collected is correct whether the consent is still valid”.
To access the Service the End user has to enter certain personal data (email, phone number, etc.). The End user acknowledges and agrees that its consent to provided information entitle the Company to collect and process these data for marketing purposes and receiving offers.
8.3. Data Subject Rights
The GDPR provides data subjects (customers, employees etc.) with rights which are enforceable against data controllers and data processors that process their personal data. These rights limit the ability of data controllers and data processors to lawfully process data subjects’ personal data.
However, when data subjects want to exercise one of those data subject rights – and have the right to – then the controller (and processors)need to be able to deliver upon it within the rule of the law (in this case the GDPR).
Right to be informed.This right covers some of the key transparency requirements of the GDPR. It is about providing data subject with clear and concise information about what Company do with their personal data.
Articles 13 and 14 of the GDPR specify what individuals have the right to be informed about (“privacy information”).
This right is addressed via using clear consent upon login-in to Service, no further action is required by Data Controller.
Right to access. The person, whose data Company is collecting, has the right to obtain confirmation of whether personal data concerning them is being processed, where it is being processed and for what purposes. This must be provided free of charge unless the request is repetitive, excessive or unfounded.
The data subject has the right to request information that is held against him/her. The Data Controller needs to provide the subject with copy if customer profile.
Right to rectification.Under Article 16 of the GDPR individuals have the right to have inaccurate personal data rectified. A data subject may also be able to have incomplete personal data completed – although this will depend on the purposes for the processing. This may involve providing a supplementary statement to the incomplete data.
This right has close links to the accuracy principle of the GDPR (Article 5(1)(d)). However, although the Company may have already taken steps to ensure that the personal data was accurate when Company obtained it, this right imposes a specific obligation to reconsider the accuracy upon request.
Any profile can be updated with correct information. The process for information rectification needs to be followed upon The Data Protection Officer (DPO) notification.
Right to erasure (Right to be forgotten).Under Article 17 of the GDPR individuals have the right to have personal data erased. The right is not absolute and only applies in certain circumstances.
This can be done two ways: by individual contacting data controller or data processor. Data controller will be provided with guidelines on process.
The data subject can insist that the controller erase all personal data about them and stop the processing of it by third parties. The controller can object based on if there is public interest in the availability of the data.
Right to restrict processing.Article 18 of the GDPR gives individuals the right to restrict the processing of their personal data in certain circumstances. This means that an individual can limit the way that an organisation uses their data. This is an alternative to requesting the erasure of their data. Individuals have the right to restrict the processing of their personal data where they have a particular reason for wanting the restriction. This may be because they have issues with the content of the information Company hold or how Company has processed their data. In most cases Company will not be required to restrict an individual’s personal data indefinitely, but will need to have the restriction in place for a certain period of time.
Right to data portability.This right gives individuals the right to receive personal data they have provided to a controller in a structured, commonly used and machine readable format. It also gives them the right to request that a controller transmits this data directly to another controller.
Right to object.Article 21 of the GDPR gives individuals the right to object to the processing of their personal data. This effectively allows individuals to ask you to stop processing their personal data. The right to object only applies in certain circumstances. Whether it applies depends on your purposes for processing and your lawful basis for processing.
Right not to be subject to automated decision-making including profiling.Automated individual decision-making is a decision made by automated means without any human involvement. Examples of this include: an online decision to award a loan; and a recruitment aptitude test which uses pre-programmed algorithms and criteria.
Automated individual decision-making does not have to involve profiling, although it often will do.
The GDPR says that profiling is: “Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.” [Article 4(4)]
8.4. Responding to requests to view, correct, erase, object, or export personal data.
If the End user decides that he or she wants to understand what personal data of theirs is maintained by Company, that End user approaches that Company and asks to exercise his or her DSR (Data Subject Rights). When data subjects exercise their DSRs, controllers must address each of the following items specifically:
Properly identify the person and role (is the person an employee, a customer, a vendor?) by using information that the data subject gave you as part of his or her request. This information might be a name, an employee ID or customer number, or another identifier.
Confirm that the data subject is a resident or citizen of an EU.
Record the data and time of the request (30 days for completing the request).
Affirm that the DSR request is proper and valid.
Verify that the information that is related to the request is currently available.
8.5. Breach Notification. This notification must be sent to the Information Commissioners Office (ICO) and must be done within 72 hours of becoming aware of the breach. The data subject must also be notified without undue delay if it is likely to result in risk to their rights and freedoms.
Personal data breaches include: access by an unauthorized third party; deliberate or accidental action (or inaction) by a controller or processor; sending personal data to an incorrect recipient; computing devices containing personal data being lost or stolen; alteration of personal data without permission; and loss of availability of personal data.
A personal data breach can be broadly defined as a security incident that has affected the confidentiality, integrity or availability of personal data. In short, there will be a personal data breach whenever any personal data is lost, destroyed, corrupted or disclosed; if someone accesses the data or passes it on without proper authorisation; or if the data is made unavailable, for example, when it has been encrypted by ransomware, or accidentally lost or destroyed.
Recital 87 of the GDPR makes clear that when a security incident takes place, Company should quickly establish whether a personal data breach has occurred and, if so, promptly take steps to address it, including telling the ICO if required.
8.6. Data Controller and Data processor (Data sub-processor).
What are the data controller’s responsibilities? According to Article 5 from the EU GDPR, the controller shall be responsible for, and be able to demonstrate compliance with, the principles relating to processing of personal data. These are: lawfulness, fairness and transparency, data minimization, accuracy, storage limitation and integrity, and confidentiality of personal data.
According to Article 24 from the EU GDPR, “Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the controller shall implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation. Those measures shall be reviewed and updated where necessary.” Examples of such measures may be to allocate responsibilities for data protection, a data protection impact assessment and a risk mitigation plan, implementation of pseudonymization (the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information), and data minimization in order to meet the requirements of GDPR and protect the rights of data subjects.
What are the processors’ responsibilities? According to Article 28 from the EU GDPR, “Where processing is to be carried out on behalf of a controller, the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject.”
9.1. Under no circumstances will the Company, their suppliers or licensors, or their respective officers, directors, employees, agents, and affiliates be liable for consequential, indirect, special, punitive or incidental damages, whether foreseeable or unforeseeable, based on claims of the WandaFi user and Reseller or their appointees (including, but not limited to, unauthorized access, damage, or theft of system or data, claims for loss of goodwill, claims for loss of data, use of or reliance on the service, stoppage of other work or impairment of other assets, or damage caused to equipment or programs from any virus or other harmful application), arising out of breach or failure of express or implied warranty, breach of contract, misrepresentation, negligence, strict liability in tort or otherwise.9.2. WandaFi user shall protect, release and indemnify the Company and its suppliers, licensors, officers, directors, employees, agents and affiliates from any claim, liability, loss, damage, cost, or expense (including without limitation reasonable attorney's fees) arising out of or related to WandaFi user’s use of the Service, any materials downloaded or uploaded through the Service, any actions taken by WandaFi user in connection with use of the Service, any violation of any third party's rights or an violation of law or regulation, or any breach of this agreement. This Section will not be construed to limit or exclude any other claims or remedies that the Company may assert under this Agreement or by law.
9.3. If any provision of this Agreement is held to be unenforceable, in whole or in part, such holding will not affect the validity of the other provisions of this Agreement.
9.4. The Company’s performance of this Agreement is subject to existing laws and legal process, and nothing contained in this Agreement shall waive or impede Company’s right to comply with law enforcement requests or requirements relating to use of this Service or information provided to or gathered by the Company with respect to such use. This Agreement constitutes the complete and entire statement of all terms, conditions and representations of the agreement between WandaFi user and Company with respect to its subject matter.
By agreeing to the Terms of Service, I confirm that I accept these terms and conditions as the basis of my use of the wireless internet access on WandaFi Platform.