Our commitment to protecting your data and privacy:

At Whiting Infrastructure Technologies Ltd (trading as Whiting Wi-Fi), we take data privacy and protection seriously. As a company that designs and manages wireless networks, we understand the importance of safeguarding personal data and complying with the General Data Protection Regulation (GDPR). This policy outlines our commitment to protecting personal data and ensuring compliance with the GDPR in all aspects of our operations.

Data Controller and Data Protection Officer:

Whiting Infrastructure Technologies Ltd acts as the data controller for the personal data we collect and process. We have appointed a Data Protection Officer (DPO) who is responsible for overseeing data protection within the organization. You can contact our DPO at gdpr@whitingit.co.uk.

Data Collection and Processing:

We collect and process personal data for the purpose of designing and managing wireless networks. The types of personal data we may collect include but are not limited to:

• Name and contact information (e.g., address, email, phone number)
• Network usage data
• Device information (e.g., MAC address)
• Location data
• Applications used

This information is collected by our Wi-Fi network cloud management service.

We will only collect and process personal data that is necessary and relevant to fulfill our contractual obligations or legitimate business interests. Personal data will be processed lawfully, fairly, and transparently.

Legal Basis for Processing:

Our legal basis for processing personal data under the GDPR includes:

• Performance of a contract: We may process personal data to fulfill our contractual obligations with our clients or to take steps at the request of the data subject prior to entering into a contract.
• Legitimate interests: We may process personal data for our legitimate interests as long as it does not override the rights and freedoms of the data subject.

Data Security:

We implement appropriate technical and organizational measures to ensure the security of personal data. This includes protecting personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. Our security measures include:

• Regular risk assessments and audits of our systems
• Access controls and user permissions to limit data access
• Encryption of personal data during transmission and storage
• Regular data backups and disaster recovery procedures
• Employee training on data protection and security awareness

Data Retention:

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law. The retention period may vary depending on the nature of the data and the purpose of processing. We regularly review our data retention practices to ensure compliance with applicable laws and regulations.

Data Subject Rights:

Under the GDPR, individuals have certain rights regarding their personal data. As a data controller, we respect these rights and are committed to facilitating the exercise of these rights. These rights include:

• Right to access: Individuals can request access to their personal data and information about how it is processed.
• Right to rectification: Individuals can request the correction or update of inaccurate or incomplete personal data.
• Right to erasure: Individuals can request the deletion of their personal data under certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.
• Right to restriction of processing: Individuals can request the restriction of processing of their personal data under certain circumstances.
• Right to data portability: Individuals can request the transfer of their personal data to another data controller in a structured, commonly used, and machine-readable format.
• Right to object: Individuals can object to the processing of their personal data based on legitimate interests or for direct marketing purposes.

Data Transfers:

We may transfer personal data to third parties, including service providers or subcontractors, for the purposes of network design and management. When transferring personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place to protect the data, such as using standard contractual clauses approved by the European Commission or relying on an adequacy decision.

Data Breach Notification:

In the event of a personal data breach, we have procedures in place to promptly detect, assess, and report such breaches to the relevant supervisory authorities and affected data subjects, where required by law. We will also take appropriate measures to mitigate any potential harm resulting from the breach.

Privacy by Design and Default:

We adhere to the principle of privacy by design and default. This means that we consider data protection and privacy from the outset when designing and managing wireless networks. We implement appropriate technical and organizational measures to ensure that only necessary personal data is collected and processed.

Updates to the GDPR Policy:

We may update this GDPR policy from time to time to reflect changes in our practices or legal requirements. Any updates will be communicated to our employees and made available to data subjects through our website or other appropriate means.

Conclusion:

This GDPR policy outlines our commitment to protecting personal data and complying with the GDPR in all aspects of our operations as a company that designs and manages wireless networks. We strive to maintain the highest standards of data privacy and security to ensure the trust and confidence of our clients and the individuals whose personal data we process.