With this document, we would define the guidelines to make HSNM be compliant with the European regulation GDPR (General Data Protection Regulation) in force from 25/05/2018.
HSNM Hotspot Manager allows you to meet all requirements defined by GDPR, provided that it is used according to the rules. In other words, the system allows you to comply with the regulation but thanks to all the current possibilities of parameterization, it can also be used “out of the norm”. It seems like a paradox but since HSNM Hotspot Manager is used globally, outside of the European Union there are no such obligations or rather there aren’t if they don’t process European citizens’ data. It follows that companies or organizations will use the system under applicable laws in their area.
Essentially, it’s important to know the laws you must comply with and the possibilities offered by HSNM Hotspot Manager to configure the system properly.
At various points, we have reported respectively where to intervene (applicability), what to do (description) and notes/references (in italics) to use HSNM Hotspot Manager according to the GDPR.
Applicability of the system
%Device% must be updated to version 5.0.181 or greater.
Applicability: System, General options, or specific to single manager
If the company is not located in the European Union but works with its citizens, it shall comply with the regulation
Applicability: manager’s domain
In the “Users Login Interface”, select “Welcome Portal”.
Warning, you must have the “Welcome Portal” module.
In the “Data to Customize Users Registration” section, scroll down to “Request the Email Address” and select “Yes”.
In the “Data to Customize Users Registration” section, scroll down to “Request Acceptance Conditions” and select “Yes”.
It is good practice to make users accept also the Terms of Service edited at system level in the “General Options” or in the “Manager”.
In the “Data to Customize Users Registration” section, scroll down to “Request Acceptance Processing Personal Data” and select “Yes”.
Consent must be given prior to any processing. It must be unequivocal and therefore boxes with “pre-check” are not allowed.
In the “Options for the Email Address” section, enable the “Send Email Notification” check.
The party concerned has the right to access its data, to erase (“right to be forgotten”) and to have a copy.
Applicability: template (used by the domain or, more specifically, for the gateway).
In the template, in the “Welcome Portal” section, the “Hide Profile App” field must not be active.
In this way, the users can access the User Profile App, check, modify, erase their data and also erase references to compiled surveys, quizzes or tests, thus making them anonymous.
Applicability: System Users (at the system, reseller and manager level)
From the contextual menu of system, reseller and manager, select “System Users” and, for each listed user, select “Edit”. In the “User Permission” section, in the “User’s Password” field, do not give permission to read, so as to restrict or prevent the display and export of passwords.
Possibility to insert, in the body of the emails sent for notifying the registration, the “%ExternalWelcomePortalLoginURL%” variable to automatically insert the URL to access the Welcome Portal, even when not directly connected to a gateway.
In the email sent to users for confirming the registration, you will have the possibility to edit the % DownloadUserProfilePdf% variable containing the URL that lets the users download a PDF file with the registration data.
The system will allow remote access, when not connected to a gateway, in a simpler and clearer way, without displaying the unnecessary URL: http://HSNMUrl/portal/index.php?domain=DomainName&hotspotname=GatewayName&language=en&slogin (Automatically edited by the “%ExternalWelcomePortalLoginURL%” variable).