The GDPR Platform Compliance Process

The following is a process overview of how the MyWiFi platform enforces GDPR compliance for Channel Partners:

  1. All EU Locations have GDPR Toggle ON and ReadOnly [cannot be User disabled].
  2. Campaigns have an optional, customizable Opt-In Form and GDPR ON/OFF Toggle.
  3. Upon Guest Login - guest data is treated in GDPR compliant fashion IF Location:GDPR is ON AND/OR Campaign:GDPR is ON.
  4. We are performing tokenization of all Guest data as the Guest performs the Login Process.
  5. If the Guest does not complete the Login Process, the tokenized guest data is discarded within 48 hours, after which time it is not accessible by any other systems.
  6. First Step of Splash Page / Login Experience is to swipe "Agree" button. You cannot proceed to Login without Agreeing to the Terms and Conditions. 
  7. When the Guest successfully completes the Login Process they are presented the Opt-In Form which allows them to confirm their consent (Opt-In / Opt-Out).
  8. Guests are Opted-Out by Default, unless they specify explicitly that they choose to Opt-In.
  9. If the Guest confirms consent (they selected Opt-In), the processes to run Automations [Webhooks, Data Push/Broadcast Integrations] on their data are activated and performed.
  10. If the Guest does NOT grant consent (they selected Opt-Out),  NO Automations [Webhooks, Data Push/Broadcast Integrations] will be performed on their data, ever.
  11. If the Guest does NOT grant consent (they selected Opt-Out) then we save a pseudonymized representation of their sensitive Guest data points [E-Mail and/or Phone Number] This is a one way hash and the real e-mail address and/or phone number cannot be retrieved to their original values.
  12. The pseudonymized Guest data we store allows us to continue to perform functionality such as "One Click Welcome Back" and generate appropriate reports and data aggregations, but without being able to retrieve the actual sensitive Guest data, it cannot be used for any personally identifiable means or for any direct communication.
  13. Guests can enter their E-Mail Address or Phone Number to get link that gives them access to their Guest Data Dashboard, which contains all data points we have collected that's associated to that Email Address / Phone Number.
  14. Guests can change their Opt-In state to an Opt-Out from the Guest Data Dashboard [this will upon execution, pseudonymize their sensitive data and prevent anybody or any system from accessing it in the future and preventing any Automations from running from that point forward].
  15. Guests can delete their data profiles from the Guest Data Dashboard [this will delete all data associated to their Data Profile].
  16. We do NOT store cookies on Guests' browsers.
  17. Social User Profiles in Platform indicate Guest consent choice [Opt-In / Opt-Out].
  18. Social User Profiles in Platform indicate GDPR compliance and blur the pseudonymized sensitive data [Email Address / GDPR] for Guests that have Opted-Out.
  19. Social User Contact List in Platform indicate [Guest consent choice] Opt-In / Opt-Out.
  20. Social User Contact List Exports in Platform indicate Opt-In / Opt-Out consent choice and contain pseudonymize data if Guest Opted-Out.

Did this answer your question?

The GDPR Obligations for EU Channel Partners

The GDPR Overview