With this document, we would define the guidelines to make Wi5stars be compliant with the European regulation GDPR (General Data Protection Regulation) in force from 25/05/2018.
Wi5stars allows you to meet all requirements defined by GDPR, provided that it is used according to the rules. In other words, the system allows you to comply with the regulation but thanks to all the current possibilities of parameterization, it can also be used “out of the norm”. It seems like a paradox but since Wi5stars is used globally, outside of the European Union there are no such obligations or rather there aren’t if they don’t process European citizens’ data. It follows that companies or organizations will use the system under applicable laws in their area.
Essentially, it’s important to know the laws you must comply with and the possibilities offered by Wi5stars to configure the system properly.
At various points, we have reported respectively where to intervene (applicability), what to do (description) and notes/references (in italics) to use Wi5stars according to the GDPR.
Applicability of the system
%Device% must be updated to version 5.0.181 or greater.
Applicability: System, General options, or specific to single manager
Edit a proper Privacy Policy for each manager also defining how data is processed, to whom it is forwarded, how long it should be kept, etc.
If the company is not located in the European Union but works with its citizens, it shall comply with the regulation
Applicability: manager’s domain
In the “Users Login Interface”, select “Welcome Portal”.
Warning, you must have the “Welcome Portal” module.
In the “Data to Customize Users Registration” section, scroll down to “Request the Email Address” and select “Yes”.
It is necessary to request the email address in order to send the registration data with username, password, URL to access to the Terms of Service, the Privacy Policy and the user profile.
In the “Data to Customize Users Registration” section, scroll down to “Request Acceptance Conditions” and select “Yes”.
It is good practice to make users accept also the Terms of Service edited at system level in the “General Options” or in the “Manager“.
In the “User Agreements” section, scroll down to “Request Acceptance Processing Personal Data” and select “Yes”.
Consent must be given prior to any processing. It must be unequivocal and therefore boxes with “pre-check” are not allowed.
In the “Options for the Email Address” section, enable the “Send Email Notification” check.
In the “Email Registration Notification” field, edit the email text to be sent, with the variables (%UserName%) for the username and (%Password%) for the password, the URL to consult the Privacy Policy (http://Wi5starsUrl/terms.php?id=ManegerID), the URL to consult the Terms of Service (http://Wi5starsUrl/privacy.php?id=ManagerID) and the URL to access the system, even remotely, when not directly connected to a gateway http://Wi5starsUrl/portal/index.php?domain=DomainName&hotspotname=GatewayName). In so doing, the users will be able to access their User Profile App. Users have the ability to download a Pdf file reporting their registration data.
The party concerned has the right to access its data, to erase (“right to be forgotten”) and to have a copy.
Applicability: template (used by the domain or, more specifically, for the gateway).
In the template, in the “Welcome Portal” section, the “Hide Profile App” field must not be active.
In this way, the users can access the User Profile App, check, modify, erase their data and also erase references to compiled surveys, quizzes or tests, thus making them anonymous.
Applicability: System Users (at the system, reseller and manager level)
From the contextual menu of system, reseller and manager, select “System Users” and, for each listed user, select “Edit”. In the “User Permission” section, in the “User’s Password” field, do not give permission to read, so as to restrict or prevent the display and export of passwords.
Possibility to insert, in the body of the emails sent for notifying the registration, the “%ExternalWelcomePortalLoginURL%” variable to automatically insert the URL to access the Welcome Portal, even when not directly connected to a gateway.
In the email sent to users for confirming the registration, you will have the possibility to edit the %DownloadUserProfilePdf% variable containing the URL that lets the users download a PDF file with the registration data.
In the Privacy Policy and in the Terms of Service defined at the system and manager level, it will be possible to define the version and revision date. If the version changes, at the login, the user will be prompted to accept the privacy and/or terms one more time.
In the user data, the version and revision date of the Privacy Policy and of the Terms of Service accepted by the user will be displayed.
The system will allow remote access, when not connected to a gateway, in a simpler and clearer way, without displaying the unnecessary URL: http://Wi5starsUrl/portal/index.php?domain=DomainName&hotspotname=GatewayName&language=en&slogin (Automatically edited by the “%ExternalWelcomePortalLoginURL%” variable).