OpenRoaming End-User Privacy Policy

OpenRoaming (“OpenRoaming”) is a federation that enables federation members (“OpenRoaming Participants”) to deliver a Service (the “Service”) that allows users (“End User” or “you”) to seamlessly log into participating providers’ Wi-Fi networks via a Passpoint profile that is installed on your compatible device.

The OpenRoaming Baseline End-User Privacy Policy (“Privacy Policy”) governs the collection and processing of personally identifiable information (“PII”) by OpenRoaming Participants.

In using the Service, you confirm that you have reached the age of majority in your jurisdiction and that you have legal capacity to accept this Privacy Policy, or you are the parent or legal guardian of the person using the Service and have accepted this Privacy Policy on his/her behalf.

OpenRoaming Participants consist of (i) Access Network Providers (“ANPs”, each an “ANP”),who each own one or more OpenRoaming enabled Wi-Fi networks, (ii) Identity Providers (“IDPs”, each an “IDP”), who authenticate each End-User using the Extensible Authentication Protocol (EAP) within Passpoint using the Wi-Fi Network of the relevant ANPs, and (iii) Ecosystem Brokers (“Brokers”, each a “Broker”) who work directly with ANPs and IDPs for the necessary provision of the Service, as authorized directly or indirectly by the Wireless Broadband Alliance (“WBA”). For clarity, the Service does not include those services ANPs and/or IDPs may provide to you outside the context of OpenRoaming and includes only the authentication facilitation process owned and governed by WBA.

THE FOLLOWING OPENROAMING END-USER PRIVACY POLICY APPLIES TO ALL OPENROAMING PARTICIPANTS AND END USERS. DEPENDING ON YOUR NATIONALITY OR LOCATION, YOU MAY BE SUBJECT TO ALTERNATIVE PRIVACY POLICY TERMS. IN THE EVENT THAT YOU CONSENT TO ANY ALTERNATIVE PRIVACY POLICY OF AN OPENROAMING PARTICIPANT, SUCH A PRIVACY POLICY SHALL APPLY BETWEEN YOU AND THE APPLICABLE OPENROAMING PARTICIPANT ONLY.

  1. Collection of PII
    1. In order to provide the service, each OR Participant may collect End-User personally identifiable information (PII) (including End-User MAC addresses, End-User IP Addresses, and End-User EAP identities).
    2. Each OR Participant may additionally collect other permanent identifiers if End-User explicitly accepts to the collection of such permanent identifiers.
    3. An OR Participant operating as an IDP may collect other permanent identifiers (e.g., e-mail) associated with End User registering for the Service, when accomplished directly through the IDP.
  1. Purpose of Use
    1. OpenRoaming Participants process personal information for certain legitimate business purposes, enabling you to seamlessly log onto participating provider’s Wi-Fi networks.
    2. Any PII collected by an OpenRoaming Participant operating as an ANP will solely be processed for the purposes of:
      1. The provision of the Service to you, including log-in authentication and troubleshooting;
      2. utilizing aggregate data for internal analytics by the OpenRoaming Participant;
      3. making analysis of and improvements to the Service;
      4. compliance with applicable law (whether in your jurisdiction or the jurisdiction in which you are accessing the Service) (“Applicable Law“) or law enforcement requests;
    1. An OR Participant operating as an IDP that does not separately get agreement from you to its own separate privacy policy, will solely process collected PII for the purposes of:
      1. The provision of the Service to you, including log-in authentication and troubleshooting;
      2. utilizing aggregate data for internal analytics by the OpenRoaming Participant;
      3. making analysis of and improvements to the Service;
      4. compliance with applicable law (whether in your jurisdiction or the jurisdiction in which you are accessing the Service) (“Applicable Law“) or law enforcement requests;
  1. DISCLOSURE OF PII
    1. Except when performing any troubleshooting or to comply with law enforcement requests pursuant to clause 2 above, each OR Participant operating as an ANP is prohibited from selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating any PII received as part of its participation in OpenRoaming with any third party.
    2. If OR Participant operating as an ANP desires to process or use PII from End User in ways not outlined in clause 2 above, OR Participant shall be required to separately obtain consent from the End-User, including stating its requested purpose of use for the PII, and otherwise agrees to treat such PII in accordance with the OR Participant’s privacy policy or statement in compliance with all applicable laws. Unless such additional purposes are required for compliance with Applicable Law, OR Participant shall not deny access to the Service to the End-User in the event of the End User’s refusal to provide consent.
    3. If OR Participant operating as an IDP desires to process or use PII from End User in ways not outlined in clause 2-c above, OR Participant shall be required to separately obtain consent from the End User, including stating its requested purpose of use for the PII, and otherwise agrees to treat such PII in accordance with the OR Participant’s privacy policy or statement.
    4. Not withstanding the restrictions on disclosure of PII, OR Participant may share aggregated anonymised data regarding the operation of the Service with WBA.
  1. COLLECTION OF LOCATION DATA
    1. In order to provide the Service, each OR Participant operating as an IDP may collect location data associated with the ANP’s wireless network when they authenticate an End-User.
    2. Location data includes the country in which the ANP’s wireless network is located and may include the civic address of the wireless access network and/or the geospatial co-ordinates of the ANP’s wireless access network.
  1. USE OF LOCATION DATA
    1. OpenRoaming IDPs process location data for certain legitimate business purposes, enabling you to seamlessly log onto participating provider’s wireless networks.
    2. An OR Participant operating as an IDP that does not separately get agreement from you to its own separate privacy policy, will solely process collected location data for the purposes of:
      1. Making service authorization decisions based on the location of the ANP’s wireless network;
      2. Compliance with applicable law (whether in your jurisdiction or the jurisdiction in which you are accessing the Service) (“Applicable Law“) or law enforcement requests.
  1. DISCLOSURE OF LOCATION DATA
    1. Except when complying with law enforcement requests pursuant to clause 5 above, each OR Participant operating as an IDP is prohibited from selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating any location data received as part of its participation in OpenRoaming with any third party.
    2. If OR Participant operating as an IDP desires to process or use End User location data in ways not outlined in clause 5-b above, OR Participant shall be required to separately obtain consent from the End User, including stating its requested purpose of use for the location data, and otherwise agrees to treat such location data in accordance with the OR Participant’s privacy policy or statement.
    3. Notwithstanding the restrictions on disclosure of location data, OR Participant may share aggregated anonymized location data regarding the operation of the Service with WBA.
  1. YOUR RIGHTS
    1. To the extent required under Applicable Law, you shall have the right to request access to and correction of his identifiers (clauses 1-b and 1-c) that are held by an OpenRoaming Participant.
    2. To the extent required under Applicable law, you shall have the right to request the permanent deletion of data you provided to the OpenRoaming Participant who provides the Service. You acknowledge that requesting the deletion of such data will trigger the termination of your rights to use the Service.
  1. STORAGE AND TRANSFER OF PII
    1. All collected information will be stored and managed by the OpenRoaming Participant.
    2. OpenRoaming Participants shall implement security measures appropriate to the degree of sensitivity of the PII to protect against unauthorised use, disclosure, loss, alteration or destruction.
    3. OpenRoaming Participants shall not transfer any PII to any third party unless expressly permitted to do so by you, or where such transfer is necessary for the purpose of providing the Service to you, and complies with Applicable Law. To the extent that any transfer is made pursuant to this provision, OpenRoaming Participants shall be required to ensure that the third party recipient is obliged to provide at least the same standards of protection to your PII as the OpenRoaming Participant under Applicable Law.
  1. RETENTION OF PII
    1. OpenRoaming Participants may retain PII solely to the extent permitted by Applicable Law.
    2. Any PII and other data that ceases to be retained by the OpenRoaming Participant shall be deleted or otherwise anonymised in accordance with this Privacy Policy.
  1. GENERAL
    1. This Privacy Policy (or any applicable privacy policy) may be updated from time to time at WBA’s sole discretion without notice to you. The latest version of this Privacy Policy will be provided on the www.openroaming.org website. Your continued use of the Service following the implementation of the updated Privacy Policy constitutes your acceptance of the updated Privacy Policy.
    2. To the extent permitted under Applicable Law, an OpenRoaming Participant may assign any of its rights or delegate any of its obligations under this Privacy Policy at its sole discretion. OpenRoaming Participants may also subcontract the provision of the Service or any of their obligations hereunder to third parties. Any such subcontract will not relieve the OpenRoaming Participant of any of its obligations under this Privacy Policy. You may not assign this Privacy Policy, your use of the Service, or your rights and obligations under this Privacy Policy.
    3. If any provision of this Privacy Policy is held to be unenforceable by a court of competent jurisdiction, that provision will either be deemed modified to the minimum extent necessary to render it enforceable, or else disregarded. In either case, the remaining provisions shall continue in full force and effect
    4. WBA shall have no liability or obligation to any End User or OpenRoaming Participant arising out of or in connection with any OpenRoaming Participant’s use of and/or reliance on these End User Terms in the course of providing the Service to an End User.

JOIN

CLICK HERE >

HOW IT WORKS

CLICK HERE >

CONTACT US

CLICK HERE >