Is Cloudi-Fi compliant with GDPR?

What is Cloudi-Fi relevant Supervisory Authority
CNIL (France)

Is there any personal data hosted in EU and being transferred outside the UE under this process?
Cloudi-Fi does not transfer personal data outside the EU

Who is accountable for Data Privacy and responsible for compliance for our company data?
Cloudi-Fi Customer Success and Security teams are in charge of data privacy support and oversight provided by Data Protection Officer

How do you provide adequate responses to users’ privacy requests? (data access, portability, modification, erasure, amendment..)?
Cloudi-Fi provides a portal which can be used by the user to visualize and eventually take action about data stored

What is the process to modify users’ data?
Individuals can view their details through the user portal and make changes directly

What processes and SLAs will you use, to ensure timely reporting of any suspected breaches or incidents?
There will be an initial notification to all registered Cloudi-Fi administrators within 24 hours after breach has been confirmed and a full report will be sent within 72 hours

Which users’ data is collected? Which method is being used?
Data is collected with WiFi login and use (either via user input web form or from social network connect after user permission is granted), which is typically: name, social ID, date of birth, email, MAC/IP address. Information requested are totally configurable by the customer. Additional to this, Cloudi-Fi can also capture location data, network/device data (IP addresses, connection times, data usage) and operational data (session state, etc). No financial data is collected

What is the data retention policy?
Pseudonymised transaction logs are stored for one year. PII data for EU individuals is automatically removed after 13 months of inactivity, or on request. PII data for other countries may vary depending on local laws.

Are any third-parties used to process customers data ?
Zscaler security solutions when enabled by the customer

Is there an audit trail that can identify who and what personal data has been accessed?
A full audit trail is available with data access and portal usage by administrator login, IP and datetime

Are all personnel required to sign NDA or Confidentiality Agreements as a condition of employment to protect customer information?
Part of standard employment terms

Is there any sensitive data being collected?
Sensitive data is not collected

What is the physical location of data storage for users in EU?
In various cities in EU. Exact locations can be communicated with NDA

Is customer data available on request in an industry-standard format?
All customer data can be downloaded in CSV format. Data have been normalized with Cloudi-Fi taxonomy

Is customer data encrypted and segmented among customers?
All data stored by Cloudi-Fi is encrypted at the file system level

Are there regular vulnerability scans as prescribed by industry best practices?
Performed by external agency

Did this answer your question?