Terms and Conditions of the Service - User side

This Service is for people who are legally at least 16 years of age. By using this Service, you confirm that you are at least 16 year-old.

The company that offers the Service in capacity of data controller:

The company that supply the Service in capacity of data controller:
The company FreeWiFi System SRL, with the registered office at Calea Giulesti 331B, Sector 6, Bucharest, Romania, registered with the Trade Register with number J40/13953/2015, and having the VAT Number 35228231, hereinafter referred to as WIACOM.

Terms and definitions

What is HotSpot?
Hotspot is the area where the Owner of the Location provides you with the Wi-Fi Electronic Communications Service (the “Service“) through its own network, and where there are one or several access points by means of which the Service is accessed. This area may be different depending on the access equipment delivered to the Company, as well as on the location of access points in the zone where the Service is provided.

What are the access points? Access points refer to pieces of equipment used by the Owner of the Location to provide the Wi-Fi Electronic Communications Service at the Hotspot.

User
You will become a User at the time when you connect to Hotspot through a compatible device in order to have access to the internet.

Username
This is a unique code assigned to each User, which serves to identify the User at the Hotspot.

The Wi-Fi Service (the “Service”)
This refers to the electronic communications service provided by the Owner of the Location to the User through the Wi-Fi technology.

What is PIN?

This is the array of characters received by you as a User, for the purpose of validating and protecting the information which you have provided to controllers and for a safe use of the Service provided by the Owner of the Location.

Personal data
Personal data means any information relating to an identified or identifiable natural person (named a “data subject” in the personal data legislation); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

What is a data controller? And a data processor?
“Controller” means the person that, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Data processor” means the person that processes personal data on behalf of the controller.

What is personal data processing?
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. Data processing means any operation on personal data related to the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of such data.

Use of the Service
In order to be able to use the WIACOM Service you need to give us your mobile phone number which will be validated through a PIN sent via SMS. You will also be able to use the Service by logging in with a Facebook, Instagram, Twitter or LinkedIn account.

The username is automatically generated by the computer system through an algorithm which allows the correct identification of a User and the association of the used terminal with a mobile phone number or the email address generated by the data which the User willingly provided to the social network, under the Terms and Conditions the User agreed to. The User’s number allows the Owner of the Location and/or WIACOM to carry out communication campaigns via SMS and email only if you agreed to receive marketing communications. In case that you have not agreed to marketing or you withdrew your assent, you still may use the Service, without receiving any future commercial communication from WIACOM or the Owner of the Location where you access the Service.

The use of the Service does not involve any cost for the User, as the Service may be accessed free of charge.

Your obligations as a User

Please use the wireless internet network provided by the Owner of the Location where you access the Service in an appropriate, correct and legal manner. In case you fail to observe this rule, we bring to your notice that you may be liable for any loss suffered. You must use the Service in compliance with all legal provisions and without prejudicing, restricting or affecting the rights of any third party. By using the Service, you consent to the processing of your personal data, provided by you willingly or unwillingly (traffic domains and types of traffic), under the terms herein, and to the disclosing of your data to third parties only under the law and under the commercial communication agreement in case that you agreed to the processing of your data for marketing purposes. By using the Service, you understand, accept and assume that your access to this Service may be blocked, suspended or forbidden by the Owner of the Location or by WIACOM. It is also important that you understand, accept and assume that the Owner of the Location does not guarantee the security or the protection of your mobile terminal.

What personal data will be processed for using the Service?

After logging in with the mobile phone number or the user account of a social network you are considered to have accepted the Terms of Use for the Wi-Fi Service.

The information we process following your acceptance of the Terms of Use for the Service may be:

1.1. If you choose to use the WIACOM Service by connecting to a social network (Facebook, Instagram, Twitter and Linked In), the data we collect refer to the account information which you willingly provided to the social network, under the Terms and Conditions accepted by you at the time of signing up – your age, birthday, email address, gender and town/city.

1.2. If you choose to use the WiFi Service by logging in with your telephone number, we will process this personal datum, which you willingly provided when you accessed the Service.

1.3. The traffic domains and the types of traffic (web pages accessed by you) in order to determine your user profile. We DO NOT collect financial information or any kind of passwords.

1.4. Information about the terminal you use to log in (mobile phone, tablet, computer): brand, model, the browser version, the MAC address and the date/time when you access the WIACOM network.

By using the Service you expressly and unequivocally agree to the processing of your personal data, including the data serving as means of identification, for purposes strictly connected with the delivery of the Service and in the framework of the relation between the Owner of the Location and/or WIACOM and the competent authorities. In case that you gave your assent for commercial communication according to our Marketing Policy, the Owner of the Location and WIACOM are entitled to use your personal data for the purpose of carrying out marketing activities or to determine the User’s consumption behaviour. You may withdraw your assent for commercial communication at any time. Please read carefully our Marketing Policy, where we detailed all aspects in connection with data processing for marketing purposes.

Obligations of the Owner of the Location and of WIACOM
The Owner of the Location and WIACOM are making all reasonable efforts to ensure the best quality for the provided Service.

The Owner of the Location and WIACOM may not be held liable for any breach by the User of any applicable regulations with regard to how the Service is used, the purpose for which the Service is used or for the content transmitted, stored, displayed or which is, in any form whatsoever, subject to an operation performed with the help of or through the Service.

The quality of the Service may be affected by some particular factors beyond the control of the Owner of the Location and of WIACOM. The Owner of the Location and WIACOM are not liable for any loss or damage of any kind caused to the User by a lack of access to the Service or by the provision of the Service with inappropriate quality parameters caused by factors beyond the control of the Owner of the Location and of WIACOM (for example: acts of third parties, use of technically inappropriate equipment, etc.).

The Owner of the Location and WIACOM are not liable for any kind of prejudice suffered by the User in connection with the Service.

The Owner of the Location informs you that, for delivering the Service, the Owner of the Location cooperates or may cooperate with several types of providers that may have access to personal data based exclusively on data processing agreements, as follows: WIACOM (data controller), SMS notification provider (data processor), email marketing provider (data processor), internet provider (data processor) and electricity provider (data processor).

The Owner of the Location and WIACOM, in accordance with the national and European legislation, including the Regulation (EU) 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/CE (General Data Protection Regulation), respects the right of every User to the protection of their private life. This obligation does not apply to information intentionally disclosed by the User to a third party.

The User’s personal data are processed (including their storing) only in the territory of the EU Member States.

The Owner of the Location and WIACOM acknowledge the importance of complying with all legal provisions concerning the security of personal data and they have taken all necessary measures to that end, using appropriate methods to ensure the highest possible degree of security, and taking on the responsibility for implementing appropriate technical and organizational measures with regard to the protection of the privacy and security of personal data.

In case that the Owner of the Location or WIACOM are confronted with a cyber-attack which results in a leakage of users’ personal data, they have the obligation to inform the National Supervisory Authority for Personal Data Processing within 72 hours. Any breach of fundamental rights and freedoms of a person, susceptible of generating any significant prejudice shall be notified to the National Supervisory Authority for Personal Data Processing and, if appropriate, to the person who is or might be prejudiced through the security breach.

Data processing by the controller (purpose and legal grounds)

WIACOM processes the provided personal data for the following purposes and legal grounds:

Legitimate grounds: We may process personal data on legitimate grounds when, according to our assessment, we consider that the processing is fair, reasonable and proportionate to the purpose of the processing;
Legal obligation: We may process personal data in order to fulfil our legal obligations as a legal entity;
Consent: We may process personal data on the basis of your free and uncorrupted consent when you provide us with the data, for example when you agree to marketing activities and to place cookies used for marketing purposes.

Why do we need personal data?

We process personal data in a transparent way for the following purposes:

in order to provide our Services;
to communicate the Owner of the Location’s offer and to promote their products and events;
to evaluate and improve the website, our services and our relationship with site users.

How long are your personal data retained?

Personal data provided willingly by the User shall be retained for a period of 5 years. For data processed for marketing purposes, the retention period provided for in the Marketing Policy shall apply. WIACOM has implemented, together with the owners of the locations where the Service is available, technical and organizational measures to ensure the privacy and security of data.

Do we communicate personal data to third parties?

We may communicate the collected personal data to third parties in order to improve the quality of our services or to benefit from the help of some specialists in fulfilling some of our obligations under specific legislation in a particular field or according to ongoing agreements.

Your data can be sent to partners who provide our marketing, administration and website maintenance services.

These third parties also have similar obligations to ours regarding the protection of personal data, whether they are personal data controllers or are empowered persons who process the data on our behalf.

We consistently ensure that our partners have sufficient guarantees to implement appropriate technical and organizational measures so that your personal data processing meets all legal requirements.

The above-mentioned personal data may be available or transmitted to third parties and in the following situations: (i) public authorities, auditors or institutions competent to carry out inspections and controls on our activity, requesting us to provide information, in the virtue of legal obligations; (ii) to comply with a legal requirement or to protect our rights and assets.

Do we transfer personal data outside the European Union?

In order to facilitate our global operations and in accordance with the applicable legislation, we could transfer or, as the case may be, allow access to our partners from several states, including the United States, as determined by the Cookies Policy.

Each transfer is subject to specific and appropriate rules to ensure the protection of personal data.

User’s rights

In compliance with the legal provisions in force in the area of personal data protection, WIACOM, together with the partners of the locations and other processors to which the data are disclosed, ensure the observance of the following rights of users as data subjects:

The right of access means the right of a data subject to obtain a confirmation from the Owner of the Location and of WIACOM as to whether or not the personal data of the concerned person are processed, and, if they are, to obtain access to those data and to information regarding how the data are processed.

The right to the portability of data means the right to receive personal data in a structured format, currently used and machine readable, and the right to send these data directly to another controller, but only if this is technically feasible.

The right of opposition concerns the right of a website user or client to object to the processing of their personal data, unless the processing is necessary to carry out a task which serves the public interest or the controller has a legitimate ground for the processing. The right to object to the processing of your personal data is particularly recognized for users who consented to commercial communication.

The right to rectification refers to the correction, without undue delay, of inaccurate personal data.

The right to erasure of the data (“right to be forgotten“) means the right of a data subject to request to have their personal data erased, without undue delay, where one of the following grounds apply: the data are no longer necessary for the purposes for which they were collected or processed; the concerned person decides to withdraw their consent and there is no other legal ground for the processing (ex: a legal obligation for the controller); the person concerned objects to processing and there are no other overriding legitimate grounds; the personal data have been unlawfully processed; the personal data must be erased for compliance with a legal obligation; the personal data have been collected in connection with the offer of information society services.

The right to restriction of processing may be exercised in case that the accuracy of the personal data is contested, for a period allowing the verification of the accuracy of the data; the processing is unlawful, and the person concerned opposes the erasure of the personal data, requesting their restriction instead; in case that the Owner of the Location and/or WIACOM no longer need the personal data for the purpose of processing them, but the person concerned require them for the establishment, exercise or defense of a legal claim; in case that the person objected to processing for the period of the verification whether the legitimate grounds of the Owner of the Location and/or WIACOM override those of the data subject.

The right to file a complaint with the supervisory authority: the National Supervisory Authority for Personal Data Processing, located on Blvd. G-ral. Gheorghe Magheru, no. 28-30, District 1, postal code 010336, Bucharest, Romania or by e-mail at anspdcp@dataprotection.ro

For the exercise of the rights presented above, WIACOM makes available to any interested person the portal https://my.WIACOM.ro. We also recognize the right of every user to address the Service Provider in relation to the exercise of any right with a written request, dated and signed, sent at the email address: gdpr@wiacom.ai

Security of personal data

We have adopted technical security procedures to protect personal data against loss, unauthorized use, destruction or alteration. We ensure that access to personal data is limited and authorized only to those who have the right to use it. These individuals have the obligation to ensure the confidentiality of the data.