ADIPSYS and the General Data Protection Regulation
25TH MAY 2018
What have we done to make you
comply with General Data
Protection Regulation ?
ADIPSYS, a French company, designs solutions to
enhance your Wi-Fi access services for your
- HOTSPOT MANAGER
- DNS PROTECT
These four solutions turn your Wi-Fi into business
opportunities by giving you a better
understanding of your customers, allowing you to
further target your communication. ADIPSYS has
deployed more than 10,000 hotspots in France
and abroad in various places such as shops, cities,
transport, hotels and restaurants, education,
businesses, hospitals and event spaces.
WHY ADIPSYS IS CONCERNED BY
OUR MISSION : TO INFORM AND
HOTSPOT MANAGER 3.12 VERSION
STRENGTHENING THE SECURITY
OF THE DATA WE HOST
is the time for
We hear more and more about Big Data, irrefutable proof of
the omnipresence of data in our society.
The time is up for ever-growing customer knowledge and
the customization of commercial offers. When customer
data are collected, processed and exploited, they can
indeed be a value creation accelerator.
At the same time, the European Union perceived a risk of
overexploitation and non-respect of personal data, and
decided to draft the General Data Protection Regulation
(GDPR), which came into force on May 25, 2018.
The purpose of this regulation is to strengthen the rights of
individuals to use their personal data. This regulation
guarantees to everyone, the access, the modification, the
restitution and the erasure of his personal data.
The GDPR requires companies to take greater
responsibility, including taking all necessary measures to
ensure compliance. To this end, the company will, among
other things, appoint a DPO-Data Protection Officer-
responsible for ensuring the compliance of the GDPR and
making connection with the supervisory authorities.
Any breach of this regulation will be severely punished, the
law provides for a fine up to 4% of the annual turnover.
In this context of data security, we wanted to stand out by
explaining to you concretely, what ADIPSYS has changed in
the development of our solutions, but also in our relations
with our customers.
www.adipsys.com - firstname.lastname@example.org GDPR et ADIPSYS - 3
WHY ADIPSYS IS
The Good Fork
The Wi-Fi is life
ADIPSYS is a solution provider that allows you to use Wi-Fi
in various places: hotel, restaurant, shops, train, etc.
Our direct customers are operators / integrators who
themselves have direct customers businesses and local
communities that offer a Wi-Fi access service to their
visitors. Thus, our solutions are used in many places such as
sports events, town halls, shops, restaurants, etc ...
Among our solutions, Hotspot Manager is a platform that
allows an establishment manager to collect certain
personal data from users connected to a public Wi-Fi
access service. This data can be:
It is possible to collect additional data that must be defined
in line with the respect of the new rules on personal data.
Example: We work directly with a Wi-Fi operator, "The wifi is
life", which will install hotspots wifi and our solution Hotspot
Manager in the restaurant "The good fork". To access Wi-Fi,
customers of "The good fork" will go to the portal of
connection via their phone and, in exchange for a name, a
first name and an email address for example, they will be
able to connect to Wi-Fi. At the same time, the restaurant
"The Good Fork" has recovered the personal data of its
customers and will be able to process them on the platform
Since ADIPSYS is only the provider of this solution, the
company does not own the personal data. It provides a
platform for its customers to collect them securely and in
compliance with regulations.
In this respect, our role in the context of the GDPR is to
support our clients in the face of this dual evolution of
valuation and security of personal data.
www.adipsys.com - email@example.com GDPR et ADIPSYS - 4
A name / first name
A phone number
An email address
IP Address / MAC Address
OUR MISSION :
TO INFORM AND
We bring you
answers to be in
All the actors concerned have many questions about the
impact of the GDPR law. Our recommendations concern in
particular the following points:
Appoint a Data Protection Officer (DPO) and define his
duties. This is mandatory if your company has more than
Register your personal data processing.
Keep a record of data processing: this tool should be
used to drive your data protection strategy and manage
easily user requests -consultation, consent,
modification, deletion of data. Finally, it must be used to
specify the measures to be implemented in the event of
data piracy (including the obligation to alert the CNIL
within 48 hours).
Ensure that this law is taken into account by your
potentially affected service providers and
Identify sensitive data that you manage. You need to
know exactly where your contacts came from and for
which emails and / or campaigns they gave their consent.
Without proof of this consent, you will not be able to use
these data from May 25, 2018 (to send them an emailing
Secure the data against the risks of loss, theft, leakage.
Create a charter of good practices including the
principles of "Privacy by design". In other words, as of
May 25, 2018, all products and services must be
designed to take into account the respect of privacy as
defined in the law GDPR.
www.adipsys.com - firstname.lastname@example.org GDPR et ADIPSYS - 5
In addition to this consulting role, we have been working for
several months on a new version of our Hotspot Manager
solution, allowing companies collecting and processing
personal data to be 100% compliant with the GDPR.
The Hotspot Manager solution already guaranteed a high
degree of security of the data as well as the taking into
account of the consent during the collection of personal
data. The new version 3.12 of Hotspot Manager
strengthens data security and the principle of consent
collection by making several changes.
All authentication portals managed by Hotspot Manager are
now routinely secured in HTTPs, using the SSL protocol.
Thus, the collection and authentication phases on Wi-Fi
Hotspots managed by Hotspot Manager are systematically
encrypted and protected from malicious users.
From May 25, our ADIPSYS solutions become https.�
SECURE AUTHENTICATION PORTALS
www.adipsys.com - email@example.com GDPR et ADIPSYS - 6
The Wi-Fi user will
have to read the
before they can
The GDPR law requires companies that collect personal
data from users to obtain explicit consent by informing
them of the processing that will be done on these data. This
requires the provision of detailed Terms and Conditions of
Use that are fully and knowingly accepted.
Let's go back to our previous example:
When the restaurant "The Good Fork" asked the operator /
integrator "wifi is life" to install Wi-Fi in his establishment,
he then appealed to ADIPSYS to design and install a portal
connection including the general condition of use (provided
by the restaurant owner).
In the old version of Hotspot Manager, the user wishing to
benefit from Wi-Fi, had to accept the Terms. In these, the
restaurant "the good fork" explained that some personal
data of Wi-Fi users would be collected, without specifying
the purpose of this collection. Most of the time, users
ticked the box "I accept" without having read these Terms.
CLEAR AND CONCISE CONSENT
www.adipsys.com - firstname.lastname@example.org GDPR et ADIPSYS - 7
The Wi-Fi user will
have to read the
before they can
Since May 25, 2018, the RGPD requires, in addition to
warning the user of the collection of his data, to explain to
him what uses will be made of this collection.
An explicit consent must therefore be obtained from the
For this reason, the new version 3.12 of Hotspot Manager
least sweep them) before being able to check the box "I
accept". Only after the user can connect to Wi-Fi.
The GDPR also requires registration of user consents. For
this purpose, the new version of Hotspot Manager will
www.adipsys.com - email@example.com GDPR et ADIPSYS - 8
Hotspot Manager will also ensure that any changes to the
The GDPR requires that, even if no modification has been
made, the user must renew its explicit agreement of the
GCU every 12 months.
This means that if the restaurant "the good fork" had
email address of users to send them coupons, and he
continues to send these coupons beyond the 12 months,
he is in the illegality.
The data of the individual
The date of acceptance of the Terms
defined as the
people who really
want to receive
Seth Godin, reference for all e-marketers, said in
Permission Marketing in 1999: "Marketing permission is
defined as the privilege (and not the right) to send
relevant, personal and expected messages to people who
really want to receive them. ".
The GDPR has legislated the opt-in check boxes to collect
the agreement of your users to send them commercial
The GDPR now prohibits the so-called passive opt-in
practices of obtaining the consent of a user in a
roundabout way. The best known case is to pre-check the
statement "I wish to receive your offers by email" instead
of the user.
The consent of the user to receive offers must be
expressed explicitly by ticking a box: this is called the
Moreover, before GDPR, companies collecting data
summarized in a single opt-in, in a very succinct and fuzzy
way the use that was going to be made of all data
collected. Since May 25th, the GDPR forbids to cumulate
in the form of a single check box, all the uses that will be
made of the collected data.
With the GDPR, each use that will be made of each piece
of data collected must be notified to the user and clear
and concise consent must be requested.
The new version 3.12 was designed to introduce 2
editable opt-in to obtain clear and concise user consent.
For example, you can set two opt-in to ask permission to
send a newsletter on the collected email on one side, and
on the other side, to send promotions via SMS thanks to
the collected phone numbers.
THE OBLIGATION OF TRANSPARENCY
WITH REGARD TO DATA PROCESSING
www.adipsys.com - firstname.lastname@example.org GDPR et ADIPSYS - 9
The GDPR gives
the right to the
user to delete his
The GDPR gives the right to the user to delete his
personal data. When the user requests it, you have one
month to report, rectify or erase your data from your
database. You can ask for an extra month if the
processing is complex.
The new version 3.12 allows the user to access his
personal space, from the landing page. From this space,
he can click on a button to modify or delete all his
personal data (except the MAC address required under
the anti-terrorist decree, intended to trace the author of
malicious web searches).
In order to guarantee the security of the information
collected and processed on the Hotspot Manager
platform, we have decided to increase the password
length of the administrators.
We upgraded Hotspot Manager to make European
companies deploying public Wi-Fi access for their visitors,
GDPR-compliant. It is important to note that the
connection portals available in older versions of Hotspot
Manager will continue to be available to customers
resident outside Europe who are not affected by the
However, it will be possible for them to strengthen their
security policy on data management using the new
version 3.12 connection portals.
Acting as an advisor, ADIPSYS suggests that HM
customers review their UGC to ensure that they comply
with the new GDPR.
THE RIGHT TO OBLIVION
AN ENHANCED SECURITY
www.adipsys.com - email@example.com GDPR et ADIPSYS - 10
DATA IS AT THE
HEART OF OUR
We protect your
data we host
To host its SAAS services and solutions for its
European customers, ADIPSYS relies on players
recognized for their reliability in terms of security, who
have incorporated the necessary changes to comply
with the GDPR law.
We have set up security at the network level (firewall)
to prevent intrusions.
We set up a monitoring of all the machines in order to
raise alarms in case of problems, including those
related to security.
All server access data is subject to multi-level
We update our servers regularly with OS security
Adipsys teams are aware of good safety practices.
When you choose the Hotspot Manager solution, you
have the choice to deploy the solution to your preferred
host ("On Premise") or our SAAS ("Solution-As-A-
The advantage of this SAAS solution is to relieve you of
the problem of the management of the hosting and the
problems induced in terms of security.
To ensure optimal protection of your data, we wish to
remind you that:
www.adipsys.com - firstname.lastname@example.org GDPR et ADIPSYS - 11
DO NOT HESITATE TO
Go on our website www.adipsys.com
and follow us on our Linkedin Corporate
TO GET MORE