Tanaza collects and processes data of Tanaza Users in compliance with General Data Protection Regulation (GDPR).
To know more about your rights as a Tanaza User, we recommend reading our Privacy Policy.
Tanaza also provides tools and guidance that allow Tanaza Users to be compliant with GDPR when providing services to third parties, such as hotels, shopping malls, bars, restaurants and other end user premises.
The following section includes the most common questions about GDPR:
Q1: Is Tanaza compliant with GDPR?
Yes.
Q2: I am a Tanaza User (end user or reseller or white label reseller). How can I provide Wi-Fi services being compliant with GDPR?
For you to be compliant with GDPR in relation to services that you provide to your end users/customers, you will need to implement a compliant set of documents and procedures. The most important ones are:
-
In every splash page include a proper T&C / Privacy Policy compliant with GDPR. You may contact our Success Team to get a courtesy T&C / Privacy Policy template, that you will have to modify according to your context of use, your needs and your assessments and choices in terms of purposes of data processing. To configure T&C / Privacy Policy acceptance on the Splash Page, please check this article: How to configure Terms and Conditions.
-
In the T&C / Privacy Policy, you’ll need to provide a point of contact for your organization (e.g., privacy@yourcompany.com) to allow your users to exercise their rights provided for in GDPR. When your users will write to you requesting to know their data, delete their data or update their data or any other right guaranteed to them by the GDPR, you will need to respond to their requests according to time-frame defined by the GDPR (e.g., 30 days to delete data).
The previous items are mandatory to be compliant with GDPR and have a direct impact on how you use Tanaza software. To learn more about other things you may need to do (such as Data Protection Officer appointment, mandatory for organizations of more than 250 employees and in other specific cases provided for in GDPR), we recommend reading the E-Book that you can find at Q2.
Q3: I am a Tanaza User (end user or reseller or white label reseller). While providing Wi-Fi services, I am collecting data in order to a) provide the services; b) provide information about my services c) provide information about 3rd party companies. How can I be compliant with GDPR?
If you are collecting information for multiple purposes, you will need to request consent per each one of them separately. The Tanaza Splash Page allows you to introduce multiple T&C items with optional or mandatory acceptance, as requested by GDPR. To see how T&C / Privacy Policy acceptance works on the Splash Page, please check this article:
How to configure Terms and Conditions.
Q4: I am a Tanaza user (reseller or white label reseller providing wi-fi services to third parties, e.g., a hotel). Where do we fit in regarding GDPR? How can I provide Wi-Fi services either as a self-branded or under Tanaza brand being compliant with GDPR?
If you are providing Wi-Fi services to and End Customer (e.g. the hotel), according to GDPR you may be a Data Processor (i.e., the entity processing data on behalf of the Controller) or you may be Data Controller (i.e., who decides the purposes of data processing) with respect to personal data of Wi-Fi Users (i.e. the hotel guests), depending on how you establish the relationship with your Customer (the hotel).
You can define the relationship between you and your End Customer in two ways:
- You are Data Controller. Your company will process data of the users of the Wi-Fi services (the hotel guests) that you are providing at the End Customer site (the hotel), according to purposes specified by your company.
- The Data Controller is the hotel, and your company is only Data Processor. In this case, your company will process data on behalf of the hotel, according to the purposes specified by the hotel.
- The Data Co-Controllers are your company and the hotel. In this case, Your company and the hotel jointly define the modalities and purposes of the data processing, even if processing activity is provided by your company.
According to the GDPR perspective, any of the above scenarios are feasible.
According to the specific scenario you decide to implement, you will need to have consistent splash page T&C / Privacy Policy, which will indicate WHO the Controller and Processor are. See Q3.
NOTE
The service contract between your company as the service provider and your customer (e.g., the hotel) should be consistent with the scenario implemented, clearly stating in writing who is the Controller and who is the Processor of the data collected.
Q5: I am a Tanaza User (reseller or white label reseller providing wi-fi services to third parties, e.g., a hotel). What should we advise our end customers (the hotel) regarding being GDPR compliant whilst using the Tanaza system?
You (Tanaza User) should confirm to your customer (the hotel) that:
- you are providing Wi-Fi services based on Tanaza software, which is a GDPR compliant tool that allows you to provide services and process data in compliance with GDPR.
- in order to provide Wi-Fi services in compliance with GDPR, you’ll need to have Wi-Fi users accept a T&C / Privacy Policy that clearly states who is going to process the data, the purposes of the processing and how Wi-Fi Users can exercise their rights (e.g. writing to privacy@yourcompany.com). This means that you and your Customer will need to decide who is going to be the Data Controller and Data Processor and whom between you and your customer Wi-Fi Users must contact to exercise their rights (see Q5).
Q6: Is Tanaza the Data Controller for data provided by people accessing Wi-Fi services via Splash Page?
No, Tanaza is just Data Processor (or Subprocessor, in case the Reseller is Processor). As explained in Q5 Data Controller may be the Tanaza User (Reseller) or the End Customer (e.g. the hotel), depending on the agreements between them. The only exception in which Tanaza is Controller on (part of) Wi-Fi Users’ personal data is when Wi-Fi Users use Tanaza Facebook App to authenticate to Your Wi-Fi services, as explained in Q10.
Q7: Will Tanaza delete data collected via Splash Pages?
No, unless otherwise agreed, Tanaza does not have the right to delete data collected via Splash Page, as it’s not the Data Controller (see Q7).
In case Splash Page / Wi-Fi users request their data to be removed, you can pass on such cancellation request to Tanaza by writing to privacy@tanaza.com. Tanaza will delete data on all systems and provide confirmation within the time-frame requested by GDPR (30 days).
In case you have submitted data to third-party systems, e.g., MailChimp via MailChimp Integration, and you received a data’s deletion request, you will need to autonomously cancel data from your MailChimp account and destroy all copies to be fully compliant with GDPR.
If you have further questions about GDPR, please write to privacy@tanaza.com.
Q8: I am a Tanaza User. Data that I collect via Splash Page about Wi-Fi users is processed byTanaza according to Tanaza Privacy Policy (www.tanaza.com/legal)? Do you communicate such data to third parties?
No. Tanaza is Controller for data related to Tanaza Users only and processes such data according to the Tanaza Privacy Notice (www.tanaza.com/legal). Instead, users connecting through the Splash Page do not qualify as Tanaza Users, and for such reason, Tanaza is not Controller of such data (and does not disclose them to third parties).
For clarification, the data related to Splash Page users is Controlled/Processed by the Tanaza User and their customers (see Q5 for more details).
Q9: How does Tanaza Facebook App work? Who is Controller for data collected through such app?
Wi-Fi Users may use Tanaza’s Facebook App to log in with their Facebook account to Wi-Fi services provided by Tanaza Customers. Even in such case Wi-Fi Users do not enter into any Service Agreement with Tanaza (Tanaza provides Services only to its Customers, and Wi-Fi access points are provided to Wi-Fi Users by Customers, not by Tanaza; Tanaza Services are intended only to allow Customers to better manage their Wi-Fi access points); however, for technical reasons, Tanaza needs to be Controller of Wi-Fi Users’ personal data (but only of those data provided through the Facebook App) in order to be able to provide Facebook authentication functionalities for Customers’ Wi-Fi access points.
This entails that personal data collected by Tanaza’s Facebook App may be canceled without your request as Tanaza will enforce GDPR compliance, deleting data if requested by the Wi-Fi User. If you’d like to have full control over the Facebook App data, you as Tanaza User should consider a White Label Splash Page with a Facebook App owned by your company. If you need details about this option, reach your dedicated consultant.
Q10: I am a Tanaza User (end user or reseller or white label reseller). Which data do I need to collect from my Wi-Fi users (data subjects) through Tanaza Services?
Only IP and mac address, Wi-Fi network name, channel, amount of transmitted data, client name/hostname, name and user identifier of social media (when using Facebook authentication or other social media authentication methods), are technically required in order to make the Services work and thus they need to be collected by Tanaza Services. As a Tanaza User / Controller, through Tanaza user interface you may specify any other custom data fields you may want to collect from your Wi-Fi users / data subjects, e.g. , "phone number", "email address", "favourite meal" or "colour of the eyes". The choice and the assessment about purposes and legal basis, as well as any information to be provided to, and consent to be collected from your Wi-Fi users are your sole responsibility, since Tanaza acts just as a Processor under your instructions. This holds also for data retention: as Controller, you can provide instructions on data retention policy and/or request the removal of specific data in any moment communicating it to Tanaza at privacy@tanaza.com.
