1. Overview

The following explanation informs you, as a user of an Unwired WLAN, about the purpose and type of data collected, how long it is stored, and how you can control the handling of your personal data at any time. We therefore process your data exclusively on the basis of legal regulations (GDPR, Austrian Telecommunications Act 2003). In this privacy policy, we inform you about the most important aspects of data processing within the context of the Unwired WLAN.

1.1 Responsible person:

Name/Company: Unwired Networks GmbH
Street Address: Gonzagagasse 11/25
Postal Code, City, Country: 1010, Vienna, Austria
Company Registration Number: 365784v
Managing Director: Mag. Alexander Szlezak
Telephone Number: +43 1 996 2051
Email Address: privacy@unwirednetworks.net

1.2 Data Protection Officer:

For questions or suggestions regarding data protection, please contact the company’s data protection officer.
Email address: privacy@unwirednetworks.net

2. Purpose of processing

2.1 Processed data

List of categories with examples

• WLAN connection data (e.g. MAC address of the device, IP address, DNS requests, browser type & browser version, operating system, referrer, …)
• WLAN probe data (e.g. MAC address, signal strength,… )
• Personal data (e.g., for Facebook & email login: first name, last name, email address)

No special categories of data pursuant to Article 9(1) GDPR are processed.

Wi-Fi connection data

To provide internet access via Wi-Fi and to avoid requiring re-registration for repeated Wi-Fi use, we process, among other things, the MAC address of the connected device, its IP address, DNS queries, and, for confirmation of the terms of service, browser type, device manufacturer, and operating system. This data is processed for the technical provision of Wi-Fi access, enforcement of service restrictions, prevention of misuse, verification of consent to the terms of service, and in aggregated form for usage analysis.

Wi-Fi trial data

The purpose is to collect aggregated data on network utilization (number of devices), such as visitor traffic. Within the vicinity of a Wi-Fi access point, search queries from Wi-Fi-enabled devices for available Wi-Fi networks, along with the time and received signal strength, are processed. This processing is solely for the creation of anonymized, aggregated analyses and is never related to individual devices or persons.

Logs

To obtain consent to the Wi-Fi terms of use and to provide information and non-personal advertising, we store web server log data from our Wi-Fi portal, including the private IP addresses we assign. This data is also used for technical monitoring of the service, prevention of misuse, and statistical analysis of operating system, manufacturer, browser version, etc.

Personal data

As part of certain services, we process, on behalf of and depending on the selected service, our clients (as data processors) and with the consent of the Wi-Fi user, their email address, first name, and last name. This data is collected for the Wi-Fi Advertising, Facebook Login, and Email Login products. The data is processed temporarily by Unwired and transmitted to the client. To document the Wi-Fi user’s consent, data about the device and the time of consent are stored.

Cookies

A ‘cookie’ is a small file consisting of a text-only string of information that a website transfers to your computer’s hard drive via your web browser. It is stored there temporarily for the duration of your visit to the site, or sometimes longer, depending on the type of cookie. Cookies perform various functions (e.g., distinguishing you from other users of the same website or remembering certain facts about you, such as specific preferences) and are used by most websites to enhance the user experience. Each cookie is unique to your web browser and contains anonymous information. A cookie typically includes the name of the domain from which it originated, the cookie’s “lifetime,” and a value (usually a randomly generated, unique number).

Cookies that do not require consent

We use cookies only when technically necessary, for example, for the correct display of the website. The following cookies may be used:

• User-input cookies (session ID), e.g., first-party cookies, which store user input, for example when filling out online forms, are limited to the duration of the session. Persistent cookies with a storage duration of only a few hours may be an exception.
• authentication cookies that remember the user’s login status as soon as they are logged in, e.g., as a Family Member; this must be limited to the duration of the session.
• User-centric security cookies are used to increase the security of a service, e.g., to detect multiple failed login attempts for a limited period of time (a few hours).
• Multimedia content player cookies that store technical data for playing video and audio files, e.g. Flash cookies, for the duration of a session, but which must not contain any additional information that is not strictly necessary for playback.
• Load balancing cookies, which are necessary with regard to the technology of a so-called load balancer to ensure forwarding to a specific server in the pool, are limited to the duration of the session.
• User-interface customization cookies, which store the user’s preferences regarding a service across multiple websites and are not linked to other, permanent identifying characteristics (e.g., username), but are explicitly requested (button, checkbox), e.g., cookies for setting the language preference, for the duration of the session;
• Third-party social plug-in content-sharing cookies are used if you are a logged-in member of a social network and these cookies are necessary for the desired functionality (including via third-party websites) for the duration of the browser session or until the member is logged out. However, as a non-member or logged-out member, you must give your consent.

Cookies requiring consent – ​​Cookie banner design

For cookies that require consent, we obtain your consent in accordance with Section 96 Paragraph 3 of the German Telecommunications Act (TKG).

2.2 Affected persons

• WLAN users
• Owners of devices with active Wi-Fi function

2.3 Legal basis

• We process WLAN connection data for the purpose of technically providing internet access via WLAN and fulfilling our contractual obligations and services in accordance with Art. 6 para. 1 lit. b. GDPR, in this case the provision of internet access via WLAN.
• In order to offer our products and services to our clients, Unwired collects technically essential data and data in which Unwired has a legitimate interest, while safeguarding the interests of the data subjects (e.g., WLAN probe data, DNS queries). For the use of personal data (e.g., first name, last name, email address), Unwired obtains the consent of the WLAN user on behalf of and at the instruction of Unwired’s clients.
• The legal basis for obtaining consent is Article 6(1)(a) and Article 7 GDPR, the legal basis for processing to fulfill our services and implement contractual measures as well as to answer inquiries is Article 6(1)(b) GDPR, the legal basis for processing to fulfill our legal obligations is Article 6(1)(c) GDPR, and the legal basis for processing to protect our legitimate interests is Article 6(1)(f) GDPR.

2.4 Third-party providers

• We use upstream service providers to deliver our services: e.g., A1 Telekom Austria AG, Hutchinson Drei Austria GmbH
• We use Google Cloud Services and other services provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, based on our legitimate interests. For this purpose, we have entered into a contract with Google containing standard contractual clauses, in which Google commits to processing user data only in accordance with our instructions and to complying with EU data protection standards. Google is also certified under the Privacy Shield Framework, thereby providing an additional guarantee of compliance with European data protection law:  https://policies.google.com/privacy?hl=de&gl=de
• We use the cloud services of Amazon Web Services, a subsidiary of Amazon Inc. You can find Amazon Web Services’ privacy policy at  https://aws.amazon.com/de/privacy/?nc1=f_pr

3. Relevant legal bases

In accordance with Article 13 of the GDPR, we inform you of the legal bases for our data processing. Unless otherwise stated in the privacy policy, the following applies: The legal basis for obtaining consent is Article 6(1)(a) and Article 7 of the GDPR; the legal basis for processing data to fulfill our services and implement contractual measures, as well as to respond to inquiries, is Article 6(1)(b) of the GDPR; the legal basis for processing data to comply with our legal obligations is Article 6(1)(c) of the GDPR; and the legal basis for processing data to protect our legitimate interests is Article 6(1)(f) of the GDPR. In the event that processing personal data is necessary to protect the vital interests of the data subject or another natural person, Article 6(1)(d) of the GDPR serves as the legal basis.

3.1 Changes and updates to the privacy policy

We ask that you regularly review the content of our privacy policy. We will update the privacy policy as soon as changes to our data processing activities make this necessary. We will inform you if any changes require action on your part (e.g., consent) or any other individual notification.

3.2 Provision of contractual services

We process the data listed under 2.1 for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 para. 1 lit. b. GDPR.

3.3 Rights of data subjects

You have the fundamental rights to information, rectification, erasure, restriction of processing, data portability, withdrawal of consent, and objection. If you believe that the processing of your data violates data protection law or that your data protection rights have otherwise been infringed, you can lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority. You have the right to request confirmation as to whether personal data concerning you is being processed and to access this data, as well as further information and a copy of the data, in accordance with Article 15 of the GDPR. In accordance with Article 16 of the GDPR, you have the right to request the completion of incomplete personal data concerning you or the rectification of inaccurate personal data concerning you. In accordance with Article 17 of the GDPR, you have the right to request that personal data concerning you be erased without undue delay, or alternatively, in accordance with Article 18 of the GDPR, to request the restriction of processing of your personal data. In accordance with Article 20 of the GDPR, you have the right to receive the personal data concerning you that you have provided to us and to request its transmission to another controller. Furthermore, pursuant to Article 77 of the GDPR, you have the right to lodge a complaint with the competent supervisory authority. You have the right to obtain information free of charge at any time about the data stored concerning you, its origin and recipients, as well as the purpose of the data processing. You also have the right to data portability and the right to erasure of your data. Please contact us via the  contact form  or by telephone.

3.3.1 Right of withdrawal

You have the right to withdraw your consent pursuant to Art. 7 para. 3 GDPR with effect for the future.

3.3.2 Right to object

You can object to the future processing of your personal data at any time in accordance with Article 21 of the GDPR. This objection can be made, in particular, against processing for direct marketing purposes.

3.3.3 Deletion of data

The data we process will be erased or its processing restricted in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated otherwise in this privacy policy, the data stored by us will be erased or anonymized as soon as it is no longer required for its intended purpose and there are no legal obligations to retain it. If the data is not erased because it is required for other legally permissible purposes, its processing will be restricted.

3.4 Data security

We strive to protect our users from unauthorized access to, or unauthorized alteration, disclosure, or destruction of, data. In particular:

• We encrypt many of our services using  TLS .
• We review our practices for data collection, storage and processing, including physical security measures, to protect against unauthorized access to systems.
• We restrict access to personal data to employees and contractors who absolutely need to know the data in order to process it for us, and who are subject to strict confidentiality obligations and may be subject to disciplinary action or termination if they fail to comply with these obligations.

3.5 Scope of the Privacy Policy

This privacy policy applies to the services offered by Unwired Networks GmbH as defined above. Our privacy policy does not apply to services offered by other companies or individuals, including products or websites displayed in search results or other websites linked to our services. Our privacy policy also does not cover the handling of information by other companies or organizations that advertise our services and may use cookies, pixel tags, and other technologies to deliver and offer relevant advertisements.

3.6 Compliance with regulations in cooperation with government authorities

We regularly review our compliance with our privacy policy. Upon receiving formal written complaints, we contact the complainant to address the complaint. We cooperate with the relevant regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users.

Competent data protection authority

Austrian Data Protection Authority
Wickenburggasse 8
1080 Vienna
Telephone: +43 1 521 52-25 69
E-mail: dsb@dsb.gv.at