The General Data Protection Regulation (“GDPR”)
If you are a resident of the E.U., the United Kingdom, Lichtenstein, Norway, or Iceland who uses the Services (including when you buy products we offer), the GDPR may apply to our processing of your Personal Data. If the GDPR applies to you, you may have additional rights with respect to your Personal Data, as outlined below. If you would like to delete your information and the GDPR applies to you, please contact us at GDPR@Boingo.com
Transfers of Personal Data
The Services, including the Site, are hosted and operated in the United States (“U.S.”) through us and our service providers. By using the Services, you acknowledge that any Personal Data about you is being provided to Boingo in the U.S. and will be hosted on U.S. servers. This is necessary for us to process your order and provide the Services to you pursuant to our contract with you. Where we transfer your information we will take all reasonable steps to ensure that your privacy rights continue to be protected consistent with our obligations under local law.
Collection of Personal Data
We collect Personal Data about you when you provide such information directly to us, when third parties such as our business partners or service providers provide us with Personal Data about you, or when Personal Data about you is automatically collected in connection with your use of our Service.
Information we collect directly from you:
We receive Personal Data directly from you when you provide us with such Personal Data, including without limitation the following:
Information we automatically collect when you use our Services:
- First and last name
- Email address
- Billing address
- Credit card information
- Your user name
- Your volunteered information from surveys, promotions, and competitions
- Communications you send to us
Some Personal Data is automatically collected when you use our Services, such as the following:
- IP address
- Device identifiers
- Web browser information
- Usage information
- Transaction information
- Log data (e.g. authentication information, access times, hardware and software information)
- Location information (e.g. IP address, geolocation)
Uses of Your Personal Data
We treat all Personal Data that you provide to us as highly confidential. As described above, we will use the Personal Data you provide to:
- enable us to process your orders and to provide you with the services and information offered through the Site and which you request;
- administer your account with us; and verify and carry out financial transactions in relation to payments you make online.
- Where you have signed up to complimentary access to the Services for use at Gatwick Airport, we may share your Gatwick Member ID with Gatwick.
Non-personally Identifiable Information
When you use the Services, including by visiting the Site, we may automatically collect system-related information about your visit, such as the type of internet browser you use and the website from which you have come to the Site which is automatically recognized by our web server. This system-related information does not, of itself, contain any Personal Data.
We use any of the system-related information referred to above to:
- administer the Site and assist in diagnosing technical problems;
- estimate our audience size and patterns;
- audit the accessing of resources and downloading of data from the Site;
- assist in improving and updating the Site; and
- assist in improving and developing our products and services.
We will also share with our airport partners information on an aggregated and anonymized basis from which all personal information will be removed about your use of the Service, including:
- Number of sessions per unique user;
- Number of unique users;
- Link between user and session; and
- Frequency/total number of sessions for the user.
Mobile Application Information
Some versions of the Boingo Wi-Finder Mobile App (“Boingo Wi-Finder) which we may provide to you to enable you to access and use the Boingo service automatically scan for Wi-Fi access points visible to your mobile device, and attempt to automatically connect to those visible Wi-Fi access points in order to determine whether they are publicly accessible. This functionality may operate even when Boingo Wi-Finder is operating in a “background” mode on your mobile device.
Mobile App Data Collection
Following any connection attempt (whether initiated by you or initiated automatically as described above), this software reports the following information to us: (1) your account username (if you are a paid Boingo member), (2) your mobile device’s MAC address and operating system version, (3) the geographic location (i.e. latitude and longitude of your mobile device at the time of the attempted connection (as reported by your mobile device), (4) the SSID, BSSID and signal strength of the applicable Wi-Fi access point, and (5) a log of any actions that you may take on your mobile device user interface in order to complete a connection to the Wi-Fi access point (e.g., accepting an interstitial terms of service or usage policy).
Mobile App Data use
We use this information to improve our services, and to generate a list of publicly accessible Wi-Fi access points which we may make available to our users. When we make this list available, we do not disclose any information which could be used to identify you personally. Any Wi-Fi access point location information that we provide is generated by triangulating and averaging location data from a large number of users. We also use your geographic location in order to determine the correct charges for the location from which you are using the Boingo service, to provide you with information about other Boingo hotspots in that area, and/or to ensure the accuracy of data transmission and improve the overall performance of the Boingo service.
When you are using a mobile device which does not provide Boingo Wi-Finder with access to geographic location information, Boingo Wi-Finder will automatically scan for Wi-Fi access points visible to your mobile device, and will report a list of such access points to Boingo. We use this information to triangulate your approximate geographic information, which we then use for the purposes set forth herein. Certain versions of our software may allow you to access our Services without creating a separate Boingo account. When you install and use Boingo Wi-Finder for the first time, a unique and random key is generated. This key is then used, each time you access the Boingo service, to communicate between that instance of the software and our central server.
The key itself contains no personally identifying data and Boingo uses it for the above purposes only. Boingo does not pair the key with any Personal Data we hold in relation to you to monitor or track your location, except that we have to pair the key with your billing information, on a per instance basis, solely in order to bill you the correct charges.
Purposes for Processing
We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests” or the legitimate interest of others, as further described below.
- Contractual Necessity: We process the following categories of Personal Data as a matter of “contractual necessity”, meaning that we need to process the data to provide you with the Services.
- Signup Data (Name, Email)
- Contact Data (e.g. name, username, billing address, email and phone number)
- Credit Card PAN
- Device Mac ID
- Authentication Logs
When we process data due to contractual necessity, failure to provide such Personal Data will result in your inability to use some or all portions of the Services that require such data.
- Legitimate Interest: We process the following categories of Personal Data when we believe it furthers the legitimate interest of us or third parties. Examples of these legitimate interests include:
- Operation and improvement of our business, products and services
- Marketing of our products and services
- Provision of customer support
- Protection from fraud or security threats
- Compliance with legal obligations
- Completion of corporate transactions
- Consent: In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection.
- Other Processing Grounds: From time to time, we may also need to process Personal data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if is necessary for a task carried out in the public interest.
Disclosure of Personal Data
- Payment processors
- Fraud prevention service providers
- Ad networks
- Analytics service providers
- Staff augmentation and contract personnel
- Hosting service providers
- Co-location service providers
- Telecommunications service providers
- Airport Operator Partners
- We will share the following information with our airport operator partners together with a Unique Identifier relating to you (which will typically allow our airport operator partners to identify you):
- Number, length and duration of sessions accessed;
- Type of device, browser, operating system used to access the Services;
- Language used by you for use of the Services;
- Number of times we deny you access for attempting to exceed complimentary use of the Services; and
- Length of time on the operator’s website.
- you give us explicit, and specific, prior permission;
- the disclosure is required by law or by legal process;
- we suspect fraud or cybercrime by a customer in which case we may investigate and report any evidence, including Personal Data, to law enforcement officials and to the courts in the course of seeking legal remedies;
- we believe it is necessary to protect the Site or the rights, property or personal safety of any person or for national security reasons; and/or
- our Services are offered in conjunction with the facilities of a business partner with whom you have agreed we may share your information.
As mentioned above, in the event that we undergo re-organisation or are sold to a third party, you agree that any Personal Data we hold about you may be transferred to that re-organised entity or third party. Your Personal Data will never be sold to any third party. We oppose the emailing of any junk mail, and do not sell customer information to email lists or telemarketers. If any of our partner sites engage in such practices, for any reason, we will immediately investigate, and if appropriate, discontinue services with such parties. If you receive junk email that mentions us or our services, please send details to us email@example.com and we will investigate promptly.
Disclosure of Non-personally Identifiable Data
We may also use your information, on an aggregated, non-personally identifiable basis, to disclose summary information to strategic and business partners. This is obtained by combining data from many individuals with the name and other identifiers removed so that it can no longer be re-identified by us. We may also create aggregate reports on user demographics and traffic patterns. This information may be used to negotiate with service providers who complement the Boingo service or assist us in our efforts to expand our customer base.
Our Data Retention Policy
We retain Personal Data about you for as long as you have an open account with us and for 18 months after you close your account. We also retain signup data, MAC ID, and authentication logs for up to 2 years after you close your account. In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. Afterwards, we retain some information in a depersonalized or aggregated form but not in a way that would identify you personally.
Protecting the safety of children when they use the Internet is very important to us. We recommend that children receive permission from a parent before gaining access to the Boingo service or sending Personal Data to us or anyone else online. We do not knowingly collect or solicit Personal Data from anyone under the age of 16. If you are under 16, please do not attempt to register for the Services or send any Personal Data about yourself to us. If we learn that we have collected Personal Data from a child under age 16, we will delete that information as quickly as possible. If you believe that a child under 16 may have provided us Personal Data, please contact us at GDPR@Boingo.com
The Site may, from time to time, contain links to external sites. We are not responsible for the privacy policies or the content of such sites.
Security of Third Party Networks
Your account information is kept confidential and secure via a unique user identification number and password that is issued to you. Your user ID and password should be kept confidential because it is the key to accessing the information held by us about you. If your computer or other device is accessible to or by others, please log out of the Site and close your browser when you have finished your user session. The Site supports encryption using the secure sockets layer (SSL) security protocol, the actual level of encryption (40, 56 or a 128-bit) provided being dependent upon what your web browser will support.
When you visit the Site, your personal account information is encrypted when transmitted across the Internet, using the highest degree of security that your browser will support.
Boingo has instituted internal safeguards to reduce the likelihood of accidental disclosures and unintended access of customer information. We have security measures in place to attempt to protect against the loss, misuse and alteration of Personal Data under our control. For example, our security and privacy policies are periodically reviewed and enhanced as necessary. Also, all employees, contractors and other companies engaged by Boingo are contractually required, through signed, internal non-disclosure agreements, to keep customer information confidential and not to use it in any way other than what is necessary to perform their work for Boingo.
Violations of these policies can result in termination in the case of employees, the severing of contractual obligations in the case of contractors and other companies, and in civil and criminal penalties if warranted and applicable by law.
Whilst we cannot ensure or guarantee that loss, misuse or alteration of information will never occur, we use all reasonable efforts to prevent it. You should bear in mind that submission of information over the internet is never entirely secure. We cannot guarantee the security of information you submit via the Site whilst it is in transit over the internet and any such submission is at your own risk.
Accessing, Correcting and Updating your Information
As a Boingo customer, you are always fully in control of the information that we hold in relation to you. You have certain rights with respect to your Personal Data, including:
- Access: The right to access any Personal Data that is currently being used and/or disclosed by us, for the sole purposes of verifying its accuracy and confirming that it is being lawfully used and disclosed by us, provided that such access (i) does not adversely affect the rights and freedoms of others, (ii) is not prohibited under any E.U. or E.U. Member State law, and (ii) we are able to verify your identity through reasonable measures. Such access may be obtained by emailing GDPR@Boingo.com, and you may also request a written copy free of charge (or for a minimal price equal to our administrative costs in providing this copy). Note that in order to obtain this information, you may need to provide us with Personal Data necessary to verify your identity. We may, where such data is voluminous, request that you specify the information, use(s), and/or disclosure(s) for which you are making your request.
- Portability: The right to request transmission of Personal Data that is either provided to us by you directly or that is directly generated or collected by virtue of your use of the Services, to another controller, provided that (i) such transmission is technically feasible, (ii) does not adversely affect the rights and freedoms of others, (iii) is not prohibited under any E.U. or E.U. Member State law, and (iv) we are able to verify your identity through reasonable measures.
- Rectification: The right to correct or supplement any inaccurate or incomplete Personal Data concerning you without undue delay. Please send any such requests to GDPR@Boingo.com, or via our self-care application which can be accessed at: https://my.boingo.com.
- Withdrawal of Consent, In Certain Circumstances: If we are processing your Personal Data based on your consent (as noted above), the right to withdraw your consent to some or all of subsequent uses of your information, by email to GDPR@Boingo.com. (Please note, however, that if you exercise this right, you will have to then provide express consent on a case-by-case basis to its use or disclosure, if such use or disclosure is necessary to enable you to utilize some or all of our Services.)
- Objection to Processing for Marketing Purposes: The right to object to further use or disclosure of your Personal Data for the purpose of marketing our other services and products to you.
- Right to File Complaint: The right to lodge a complaint about Boingo’s practices with respect to your Personal Data with the supervisory authority of your country or E.U. Member State.
If you have any questions, concerns or comments regarding this policy statement or any requests concerning your personal data, please contact us at the locations below:
|Name: Boingo Wireless, Inc.
||Concourse Communications UK Limited
|Physical address: 10960 Wilshire Boulevard, 23rd Floor Los Angeles, CA 90024 USA
||5 New Street Square, London, EC4A 3TW, United Kingdom
|Email address for contact: GDPR@Boingo.com
|Phone Number (lines are open 24/7): From North America: + 1 800 880 4117 From the UK: Local 0-203-450-6554 Free Phone (Charges by mobile provider will vary) 0-800-032-6793 US based carriers +1-800-880-4117 From Japan: Softbank Telecom 0061-010-800-8804-1170 KDD 001-010-800-8804-1170 NTT 0033-010-800-8804-1170 US based carriers +1-800-8804-1170 From India: +1-1310-405-8806 From outside of North America, UK, Japan and India: 00-800-2646-4646 or you can Click here.
Effective Date: May 17, 2018