Boingo Privacy Policy EU

Introduction

This Privacy Policy describes the policies and procedures of Boingo Wireless, Inc. (“Boingo”, “we”, “us” and “our”) on the collection, use and disclosure of your information in connection with your use of the services, features, content or applications we offer (collectively, the “Services”), including without limitation through our website at www.boingo.com (the “Site”). We are a corporation incorporated under the laws of the state of Delaware, USA. Our corporate headquarters are at 10960 Wilshire Blvd, 23rd Floor, Los Angeles, California, CA 90024, USA. Where you are a user or customer in the European Union (“E.U.”), the United Kingdom, Liechtenstein, Norway, or Iceland, we provide the Services through our subsidiary, Concourse Communications UK Limited (“Concourse”), a company registered in England and Wales with company number 07118962 and whose registered office is 5 New Street Square, London, EC4A 3TW, United Kingdom. Where throughout this Privacy Policy reference is made to Boingo, this reference shall also be taken to include Concourse as if the same was set out throughout the terms of this Privacy Policy. Any reference to “we, us or our” shall be taken to include Concourse as well as Boingo.

The General Data Protection Regulation (“GDPR”)

If you are a resident of the E.U., the United Kingdom, Lichtenstein, Norway, or Iceland who uses the Services (including when you buy products we offer), the GDPR may apply to our processing of your Personal Data.  If the GDPR applies to you, you may have additional rights with respect to your Personal Data, as outlined below.   If you would like to delete your information and the GDPR applies to you, please contact us at GDPR@Boingo.com.

Transfers of Personal Data

The Services, including the Site, are hosted and operated in the United States (“U.S.”) through us and our service providers. By using the Services, you acknowledge that any Personal Data about you is being provided to Boingo in the U.S. and will be hosted on U.S. servers. This is necessary for us to process your order and provide the Services to you pursuant to our contract with you. Where we transfer your information we will take all reasonable steps to ensure that your privacy rights continue to be protected consistent with our obligations under local law.

Your consent to this Privacy Policy

The privacy and security of your Personal Data (as defined herein) is one of our foremost considerations. We want to make your experience using Boingo Services as enjoyable and rewarding as possible while allowing you to feel secure that your privacy interests are being respected. By using the Services (including without limitation the Site), you consent to the collection and use of information in accordance with this privacy policy.

What Does This Privacy Policy Cover?

This Privacy Policy covers the treatment of personally identifiable information (“Personal Data”) gathered when you are using or accessing the Services. This Privacy Policy also covers our treatment of any Personal Data that our business partners share with us or that we share with our business partners.

This Privacy Policy does not apply to the practices of third parties that we do not own or control, including but not limited to any third party websites, services and applications (each a “Third Party Service”) that you elect to access through the Service or to individuals that we do not manage or employ. While we attempt to facilitate access only to those Third Party Services that share our respect for your privacy, we cannot take responsibility for the content or privacy policies of those Third Party Services. We encourage you to carefully review the privacy policies of any Third Party Services you access.

Collection of Personal Data

We collect Personal Data about you when you provide such information directly to us, when third parties such as our business partners or service providers provide us with Personal Data about you, or when Personal Data about you is automatically collected in connection with your use of our Service.

Information we collect directly from you:  We receive Personal Data directly from you when you provide us with such Personal Data, including without limitation the following:
  • First and last name
  • Email address
  • Billing address
  • Credit card information
  • Your user name
  • Your volunteered information from surveys, promotions, and competitions
  • Communications you send to us
Information we automatically collect when you use our ServicesSome Personal Data is automatically collected when you use our Services, such as the following:
  • IP address
  • Device identifiers
  • Web browser information
  • Usage information
  • Transaction information
  • Cookies and other tracking technologies (e.g. web beacons, pixel tags, SDKs, etc.) — For more information, please review our Cookie Policy (create hyperlink).
  • Log data (e.g. authentication information, access times, hardware and software information)
  • Location information (e.g. IP address, geolocation)

Uses of Your Personal Data

We treat all Personal Data that you provide to us as highly confidential. As described above, we will use the Personal Data you provide to:
  • enable us to process your orders and to provide you with the services and information offered through the Site and which you request;
  • administer your account with us; and verify and carry out financial transactions in relation to payments you make online.
  • Where you have signed up to complimentary access to the Services for use at Gatwick Airport, we may share your Gatwick Member ID with Gatwick.

Non-personally Identifiable Information

When you use the Services, including by visiting the Site, we may automatically collect system-related information about your visit, such as the type of internet browser you use and the website from which you have come to the Site which is automatically recognized by our web server. This system-related information does not, of itself, contain any Personal Data. We use any of the system-related information referred to above to:
  • administer the Site and assist in diagnosing technical problems;
  • estimate our audience size and patterns;
  • audit the accessing of resources and downloading of data from the Site;
  • assist in improving and updating the Site; and
  • assist in improving and developing our products and services.
We will also share with our airport partners information on an aggregated and anonymized basis from which all personal information will be removed about your use of the Service, including:
  • Number of sessions per unique user;
  • Number of unique users;
  • Link between user and session; and
  • Frequency/total number of sessions for the user.

Mobile Application Information

Some versions of the Boingo Wi-Finder Mobile App (“Boingo Wi-Finder) which we may provide to you to enable you to access and use the Boingo service automatically scan for Wi-Fi access points visible to your mobile device, and attempt to automatically connect to those visible Wi-Fi access points in order to determine whether they are publicly accessible. This functionality may operate even when Boingo Wi-Finder is operating in a “background” mode on your mobile device.

Mobile App Data Collection

Following any connection attempt (whether initiated by you or initiated automatically as described above), this software reports the following information to us: (1) your account username (if you are a paid Boingo member), (2) your mobile device’s MAC address and operating system version, (3) the geographic location (i.e. latitude and longitude of your mobile device at the time of the attempted connection (as reported by your mobile device), (4) the SSID, BSSID and signal strength of the applicable Wi-Fi access point, and (5) a log of any actions that you may take on your mobile device user interface in order to complete a connection to the Wi-Fi access point (e.g., accepting an interstitial terms of service or usage policy).

Mobile App Data use

We use this information to improve our services, and to generate a list of publicly accessible Wi-Fi access points which we may make available to our users. When we make this list available, we do not disclose any information which could be used to identify you personally. Any Wi-Fi access point location information that we provide is generated by triangulating and averaging location data from a large number of users. We also use your geographic location in order to determine the correct charges for the location from which you are using the Boingo service, to provide you with information about other Boingo hotspots in that area, and/or to ensure the accuracy of data transmission and improve the overall performance of the Boingo service. When you are using a mobile device which does not provide Boingo Wi-Finder with access to geographic location information, Boingo Wi-Finder will automatically scan for Wi-Fi access points visible to your mobile device, and will report a list of such access points to Boingo. We use this information to triangulate your approximate geographic information, which we then use for the purposes set forth herein. Certain versions of our software may allow you to access our Services without creating a separate Boingo account. When you install and use Boingo Wi-Finder for the first time, a unique and random key is generated. This key is then used, each time you access the Boingo service, to communicate between that instance of the software and our central server. The key itself contains no personally identifying data and Boingo uses it for the above purposes only. Boingo does not pair the key with any Personal Data we hold in relation to you to monitor or track your location, except that we have to pair the key with your billing information, on a per instance basis, solely in order to bill you the correct charges.

Purposes for Processing

We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests” or the legitimate interest of others, as further described below.
  • Contractual Necessity: We process the following categories of Personal Data as a matter of “contractual necessity”, meaning that we need to process the data to provide you with the Services.
    • Signup Data (Name, Email)
    • Contact Data (e.g. name, username, billing address, email and phone number)
    • Credit Card PAN
    • Device Mac ID
    • Authentication Logs
When we process data due to contractual necessity, failure to provide such Personal Data will result in your inability to use some or all portions of the Services that require such data.
  • Legitimate Interest: We process the following categories of Personal Data when we believe it furthers the legitimate interest of us or third parties. Examples of these legitimate interests include:
    • Operation and improvement of our business, products and services
    • Marketing of our products and services
    • Provision of customer support
    • Protection from fraud or security threats
    • Compliance with legal obligations
    • Completion of corporate transactions
  • Consent: In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data.  When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection.
  • Other Processing Grounds: From time to time, we may also need to process Personal data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if is necessary for a task carried out in the public interest.

Information Sharing

Disclosure of Personal Data

We share Personal Data with vendors, third party service providers and agents who work on our behalf and provide us with services related to the purposes described in this Privacy Policy or our Terms of Service. These parties include:
  • Payment processors
    • Payments made on the Site and through the Services are made through our third party payment solutions providers (collectively, “Payment Solution Providers”). You will be providing credit or debit card information directly to Payment Solution Providers, which operate a secure server to process payment details, encrypting your credit/debit card information and authorizing payment. Information which you supply to Payment Solution Providers is not within our control and is subject to the applicable Payment Solution Providers’ own privacy policy and terms and conditions.
  • Fraud prevention service providers
  • Ad networks
  • Analytics service providers
  • Staff augmentation and contract personnel
  • Hosting service providers
  • Co-location service providers
  • Telecommunications service providers
  • Airport Operator Partners
    • We will share the following information with our airport operator partners together with a Unique Identifier relating to you (which will typically allow our airport operator partners to identify you):
      • Number, length and duration of sessions accessed;
      • Type of device, browser, operating system used to access the Services;
      • Language used by you for use of the Services;
      • Number of times we deny you access for attempting to exceed complimentary use of the Services; and
      • Length of time on the operator’s website.
Except as set out in this Privacy Policy, we will not divulge any of your Personal Data to any third party unless:
  • you give us explicit, and specific, prior permission;
  • the disclosure is required by law or by legal process;
  • we suspect fraud or cybercrime by a customer in which case we may investigate and report any evidence, including Personal Data, to law enforcement officials and to the courts in the course of seeking legal remedies;
  • we believe it is necessary to protect the Site or the rights, property or personal safety of any person or for national security reasons; and/or
  • our Services are offered in conjunction with the facilities of a business partner with whom you have agreed we may share your information.
As mentioned above, in the event that we undergo re-organisation or are sold to a third party, you agree that any Personal Data we hold about you may be transferred to that re-organised entity or third party. Your Personal Data will never be sold to any third party. We oppose the emailing of any junk mail, and do not sell customer information to email lists or telemarketers. If any of our partner sites engage in such practices, for any reason, we will immediately investigate, and if appropriate, discontinue services with such parties. If you receive junk email that mentions us or our services, please send details to us adinfo@boingo.com and we will investigate promptly.

Disclosure of Non-personally Identifiable Data

We may also use your information, on an aggregated, non-personally identifiable basis, to disclose summary information to strategic and business partners. This is obtained by combining data from many individuals with the name and other identifiers removed so that it can no longer be re-identified by us. We may also create aggregate reports on user demographics and traffic patterns. This information may be used to negotiate with service providers who complement the Boingo service or assist us in our efforts to expand our customer base.

Our Data Retention Policy

We retain Personal Data about you for as long as you have an open account with us and for 18 months after you close your account. We also retain signup data, MAC ID, and authentication logs for up to 2 years after you close your account. In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. Afterwards, we retain some information in a depersonalized or aggregated form but not in a way that would identify you personally.

Child Safety

Protecting the safety of children when they use the Internet is very important to us. We recommend that children receive permission from a parent before gaining access to the Boingo service or sending Personal Data to us or anyone else online. We do not knowingly collect or solicit Personal Data from anyone under the age of 16.  If you are under 16, please do not attempt to register for the Services or send any Personal Data about yourself to us.  If we learn that we have collected Personal Data from a child under age 16, we will delete that information as quickly as possible. If you believe that a child under 16 may have provided us Personal Data, please contact us at GDPR@Boingo.com.

External Links

The Site may, from time to time, contain links to external sites. We are not responsible for the privacy policies or the content of such sites.

Security of Third Party Networks

Because of the global nature of our services, there are some places where you cannot access the Boingo Wi-Fi Network. In these places, you may (1) manually search for available third party networks and, if required to do so, assent to Terms of Service or other click-through agreements; or (2) connect to other people’s Wi-Fi networks automatically by using the Boingo Wi-Finder tool if you opt-in to use this tool. Third parties are under no obligation to comply with this privacy policy with respect to information that you provide directly to those third parties or that those third parties collect for themselves. We do not control the third-party sites that may be accessible through this Site or Boingo’s services. Thus, this privacy policy does not apply to information provided to third-party sites or gathered by the third parties that operate them. Before visiting a third-party site, whether by means of Boingo Wi-Finder, manually searching for an available third party network or otherwise, and before providing any information to any third party, you should inform yourself of the privacy policies and practices (if any) of the third party, and should take those steps necessary to your discretion, to protect your privacy.

Security Measures

Your account information is kept confidential and secure via a unique user identification number and password that is issued to you. Your user ID and password should be kept confidential because it is the key to accessing the information held by us about you. If your computer or other device is accessible to or by others, please log out of the Site and close your browser when you have finished your user session. The Site supports encryption using the secure sockets layer (SSL) security protocol, the actual level of encryption (40, 56 or a 128-bit) provided being dependent upon what your web browser will support. When you visit the Site, your personal account information is encrypted when transmitted across the Internet, using the highest degree of security that your browser will support. Boingo has instituted internal safeguards to reduce the likelihood of accidental disclosures and unintended access of customer information. We have security measures in place to attempt to protect against the loss, misuse and alteration of Personal Data under our control. For example, our security and privacy policies are periodically reviewed and enhanced as necessary. Also, all employees, contractors and other companies engaged by Boingo are contractually required, through signed, internal non-disclosure agreements, to keep customer information confidential and not to use it in any way other than what is necessary to perform their work for Boingo. Violations of these policies can result in termination in the case of employees, the severing of contractual obligations in the case of contractors and other companies, and in civil and criminal penalties if warranted and applicable by law. Whilst we cannot ensure or guarantee that loss, misuse or alteration of information will never occur, we use all reasonable efforts to prevent it. You should bear in mind that submission of information over the internet is never entirely secure. We cannot guarantee the security of information you submit via the Site whilst it is in transit over the internet and any such submission is at your own risk.

Accessing, Correcting and Updating your Information

As a Boingo customer, you are always fully in control of the information that we hold in relation to you. You have certain rights with respect to your Personal Data, including:
  • Access: The right to access any Personal Data that is currently being used and/or disclosed by us, for the sole purposes of verifying its accuracy and confirming that it is being lawfully used and disclosed by us, provided that such access (i) does not adversely affect the rights and freedoms of others, (ii) is not prohibited under any E.U. or E.U. Member State law, and (ii) we are able to verify your identity through reasonable measures. Such access may be obtained by emailing GDPR@Boingo.com, and you may also request a written copy free of charge (or for a minimal price equal to our administrative costs in providing this copy). Note that in order to obtain this information, you may need to provide us with Personal Data necessary to verify your identity. We may, where such data is voluminous, request that you specify the information, use(s), and/or disclosure(s) for which you are making your request.
  • Portability: The right to request transmission of Personal Data that is either provided to us by you directly or that is directly generated or collected by virtue of your use of the Services, to another controller, provided that (i) such transmission is technically feasible, (ii) does not adversely affect the rights and freedoms of others, (iii) is not prohibited under any E.U. or E.U. Member State law, and (iv) we are able to verify your identity through reasonable measures.
  • Rectification: The right to correct or supplement any inaccurate or incomplete Personal Data concerning you without undue delay. Please send any such requests to GDPR@Boingo.com, or via our self-care application which can be accessed at: https://my.boingo.com.
  • Erasure: The right, subject to limited exceptions, to request that we erase some or all of your Personal Data from our systems, if one of the following grounds applies to such Personal Data: (i) it is no longer necessary for the purposes for which it was originally collected, (ii) you have properly withdrawn your prior consent for us to use or disclose it in accordance with this Privacy Policy (see below), or (iii) you have properly requested us to restrict its use and disclosure (see below), provided that we may refrain from erasing this information if  we believe it is necessary for compliance with legal obligations or exercise or defense of legal claims, protection of the rights of others, reasons of important public interest, reasons of national security or other reasons permitted by applicable law, rule or regulation.
  • Withdrawal of Consent, In Certain Circumstances: If we are processing your Personal Data based on your consent (as noted above), the right to withdraw your consent to some or all of subsequent uses of your information, by email to GDPR@Boingo.com. (Please note, however, that if you exercise this right, you will have to then provide express consent on a case-by-case basis to its use or disclosure, if such use or disclosure is necessary to enable you to utilize some or all of our Services.)
  • Objection to Processing for Marketing Purposes: The right to object to further use or disclosure of your Personal Data for the purpose of marketing our other services and products to you.
  • Right to File Complaint: The right to lodge a complaint about Boingo’s practices with respect to your Personal Data with the supervisory authority of your country or E.U. Member State.

What Happens When There Are Changes to this Privacy Policy?

We may amend this Privacy Policy from time to time. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is collected. If we make material changes in the way we collect or use information, we will notify you by sending you an email. A user is bound by any changes to the Privacy Policy when he or she uses the Services after such changes have been first posted.

Contacting Us

If you have any questions, concerns or comments regarding this policy statement or any requests concerning your personal data, please contact us at the locations below:
Name: Boingo Wireless, Inc. Concourse Communications UK Limited
Physical address: 10960 Wilshire Boulevard, 23rd Floor Los Angeles, CA  90024 USA 5 New Street Square, London, EC4A 3TW, United Kingdom
Email address for contact: GDPR@Boingo.com
Phone Number (lines are open 24/7): From North America: + 1 800 880 4117 From the UK: Local 0-203-450-6554 Free Phone (Charges by mobile provider will vary) 0-800-032-6793 US based carriers  +1-800-880-4117 From Japan: Softbank Telecom 0061-010-800-8804-1170 KDD 001-010-800-8804-1170 NTT 0033-010-800-8804-1170 US based carriers +1-800-8804-1170 From India: +1-1310-405-8806 From outside of North America, UK, Japan and India: 00-800-2646-4646 or you can Click here.
 

Effective Date: May 17, 2018