OpenRoaming Privacy Policy (Cisco and Access Provider)

The Cisco Online Privacy Statement (“Cisco Privacy Statement”) will apply to the collection and processing of personally identifiable information (“PII”) for OpenRoaming.  The link to the Cisco Privacy Statement is:   https://www.cisco.com/c/en/us/about/legal/privacy-full.html.  In addition, the following supplemental terms will apply to Cisco and Access Provider (“AP” or “Access Provider”) processing of PII for OpenRoaming:

  1. In order to provide OpenRoaming, Cisco will collect the End User’s MAC address (associated with the Wi-Fi interface of an End User device), and may collect other permanent identifiers (e.g., e-mail) associated with End User sign-on to OpenRoaming when accomplished directly through Cisco. Cisco may use such PII for purposes of (i) participating in OpenRoaming, including any troubleshooting, (ii) utilizing aggregate data for internal analytics, or (iii) to comply with law enforcement requests.
  2. In addition, Access Provider participating in OpenRoaming will collect the MAC address, and may use the Mac address for OpenRoaming for purposes of (i) participating in OpenRoaming, including any troubleshooting, (ii) utilizing aggregate data for internal analytics, or (iii) to comply with law enforcement requests.
  3. AP may additionally collect other permanent identifiers based on the End User explicitly opting in to share such information as well as acknowledging the applicable Access Provider policy. AP may use these permanent identifiers for purposes of (i) participating in OpenRoaming, including any troubleshooting, (ii) utilizing aggregate data for internal analytics, or (iii) to comply with law enforcement requests.
  4. Except to comply with law enforcement requests pursuant to Section 2 and 3 above, AP is is prohibited from selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating any PII received as part of its participation in OpenRoaming with any third party.
  5. If AP desires to process information from End User in ways not outlined in (c) and (d) above, AP shall separately obtain consent from the End User. In the event the End User does not agree to such additional information collection or processing requests, AP shall not deny service to the End User.
  6. AP shall retain the following types of data for at least six (6) months: a) End User MAC address; b) End User IP address(es) c) Outer-EAP identity (RADIUS User-Name-Attribute #1) and chargeable-user-ID (RADIUS Chargeable-User-Identity #89) used during authentications; and d) Time log when the authentication request was exchanged. Any deletion of the data covered in this Section 6 shall be deleted in accordance with AP’s privacy policy.
  7. Where not otherwise noted above, AP agrees to treat PII in accordance with the OpenRoaming agreement between itself and Cisco, and when the End User has acknowledged it, the AP’s privacy policy. Where the two conflict and the End User has acknowledged the AP’s privacy policy, the AP’s privacy policy shall control.

HOW IT WORKS

CONTACT US