IPERA AI – Data Protection (Privacy Statement)
1. An overview of data protection
1.1. General Information
We appreciate your interest in our website www.ipera.ai (before 01 Jan 2023 our previous domain name and our company web address was www.iperasolutions.com) as well as in our enterprise, products and services. We here at IPERA AI, realize that the protection of your personal sphere is important to you when using our Website or our services. Compliance with legal provisions in regard to data protection is important to us, as well. In addition, it is important to us that you as our customer know at any time when we collect or save your data and what we do with it.
We only ever collect the information We need, including data that will be useful to help Us improve Our services.
Insofar that we process personal data while you are using our Website or our services, we may include other service providers in order to execute individual functions or make offers or provide services or would like to use your data for marketing purposes. In such case we will keep you informed of every detail, especially which data will be processed. We will also tell you how long we intend to save your data or the fixed criteria for the duration of such data storage and the respective legal basis for the processing.
1.2. IPera AI, GDPR Compliance
IPera AI also provides tools and guidance that allow IPera AI Users to be compliant with GDPR when providing services to third parties, such as hotels, shopping malls, bars, restaurants and other end-user premises.
You can visit the GDPR website for more information, including the most common questions.
2. Name and contact address of responsible for processing / Who We Are?
This data protection information, within the meaning of the General Data Protection Regulation (GDPR), applies to data processing by:
IPERA MEA FZ LLC
Dubai Internet City, Building DIC 12, 2nd Floor
P.O. Box: 502318 Dubai, UAE
IPERA TEKNOLOJI COZUMLERI YAZ. AR-GE SAN. TIC. A.S.
YTU Teknopark, Davutpasa Kampusu, B1 Blok, No 304,
Esenler, Istanbul, Turkey
P.K. No: 34220
3. Contact Data Protection Officer
You can reach our data protection officer under email@example.com or our telephone number directed to “+ 971 4 390 16 46”.
4. Collection and Storage of Personal Data as well as Type, Purpose and Legal Basis for its Use
We may automatically collect and process the following data when you access the guest WiFi services offered by our customers at various locations about you:
- When Using IPERA AI Website
- When Using Our WiFi Services at Our Customers’ Venue
- When Using Location Services Data from Mobile Phones
4.1. Data Processing
IPERA AI Portal collects information during your visit to a venue where our Customers are using our Portal.
4.1.1. When Using IPERA AI Website
www.ipera.ai website uses SSL encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller). You can recognize an encrypted connection by the character string https:// and the lock symbol in your browser line.
In case you only visit our website for information, e.g. if you do not register or transfer any other information to us, we only collect such personal data as your browser submits to our server in so-called server log files. In the scope of the server log files the following data is collected:
- IP address
- Date and hour of your request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of your query (actual page)
- Access status/HTTP status code
- Data quantity that was submitted
- The website that sent the query
- Info about a specific product or service
- Operating system and its interface
- Language and version of browser software
This data is exclusively collected to ensure the smooth running of the site in view of stability and security and to improve our offers and then deleted. The legal basis is Art. 6 para. 1 p.1 lit. f GDPR.
Data collected during the use of guest WiFi services will be stored in log files on our systems, but it will not be linked with other personal information of the user. The collection of this data is necessary for the proper display and operation of the website, and users cannot object to it. Once the data is no longer needed for these purposes, it will be deleted. In the case of using the website, this occurs when the user leaves the page and closes their browser. Additionally, cookies will be placed during the visit to our website and analytical services will be used.
4.1.2. When Using Our WiFi Service at Our Customers’ Venue
IPERA AI provides guest wifi analytics to many businesses, such as shopping malls, theme parks, airports, and stores. These services allow customers to access the Internet while they are at the business’s location. From many countries, customers can choose to simply access the Internet or opt into our enhanced WiFi service. For those who do not opt into enhanced WiFi, we only collect limited technical information that does not personally identify the customer. We retain this information for no longer than thirty days. For those who opt into Enhanced WiFi, we collect the customer’s MAC address, contact information, and location history to provide enhanced marketing features. Customers can opt out of Enhanced WiFi anytime and request that we delete their personal information.
When using guest WiFi services provided by our customers at venues, registration is sometimes required. The information provided during registration is sent to us, but the specific categories of information requested are determined by our customers when they create the registration process. Personal information that may be requested includes, for example, full name, address, telephone number, email address, or demographic information such as date of birth, gender, geographic area, and preferences. Additionally, when registering with a social media account, personal information from that account (such as Facebook, Twitter, and LinkedIn) may also be collected, as determined by your privacy settings on that account.
Link to social media via social media plug-ins
Based on Art. 6 Para. 1 Sent 1 lit. f GDPR we use social network plug-ins to publicize our company. The marketing purpose behind this intention is to be considered a legitimate interest as per the GDPR. The provider must ensure compliance with data protection. We integrate these plug-ins using the so called two-click method to protect visitors to our website as best as possible.
(b) We can neither influence what data are collected and how, nor do we know the full extent of the data collection, the purpose of data processing or retention periods. We also have no information about the deletion of the collected data by the plug-in provider.
(c) The plug-in provider stores the data collected about you in user profiles and uses them for advertising and/or to customize their website experience. The purpose of such analyses (even for users who are not logged in) is to display customized advertisements and inform other social network users about your activities on our website. You have a right of objection against creating these user profiles; you must contact the plug-in provider to exercise this right. The plug-ins enable you to interact with social networks and other users so we can improve our offering and your user experience. The legal basis for the use of plug-ins is Art. 6 Para. 1 Sent. 1 lit. f GDPR.
(d) Data are forwarded regardless of whether you have an account at the plug-in provider and are logged in there. If you are logged in to the plug-in provider your data collected on our website are directly allocated to your account at the plug-in provider. If you click the enabled button and, e.g., link the page, the plug-in provider also stores that information in your user account and publicly shares it with your contacts. We recommend to always log out after using a social network, in particular, however, prior to enabling the button, as this enables you to prevent the data from being allocated to your profile at the plug-in provider.
(e) You can find more information about the purpose and scope of the plug-in provider’s data collection and processing in the following privacy statements of said plug-in providers, where you also get more details about your rights and setting options to protect your privacy.
(f) Addresses of the relevant plug-in providers and their privacy statements:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php ; more information about data collection: http://www.facebook.com/help/186325668085084 , http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo . Facebook has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .
Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .
(a) We use Facebook social media plug-ins on our website to provide you with a more customized user experience. To that end, we use the LIKE or SHARE buttons. This is a Facebook offering.
After clicking the icon, the plug-in informs Facebook—even if you have no Facebook account or are currently not logged in to Facebook—that your browser has opened the relevant page of our Web presence. This information (including your IP address) is submitted by your browser directly to a Facebook server in the US and stored there.
If you are logged in to Facebook, Facebook can directly allocate your visit on our website to your Facebook account. If you interact with the plug-ins, e.g., click the LIKE or SHARE buttons, this information is also directly transmitted to a Facebook server and stored there. In addition, the information is published on Facebook and also displayed to your Facebook friends.
Facebook can use this information for advertising or market research and to customize Facebook pages. To that end, Facebook creates usage, interest and relationship profiles, e.g., to analyze your use of our website with regard to the advertisements shown to you on Facebook, to inform other Facebook-users about your activities on our website and to render further services associated with using Facebook.
(b) If you do not want Facebook to directly allocate the data collected about our Web presence to your Facebook, account you need to log off from Facebook before visiting our website.
(c) For more information about the purpose and scope of the data collection and further processing and use of the data by Facebook and your associated rights and setting options to protect your privacy, please see the privacy statements (https://www.facebook.com/about/privacy/) on Facebook.
(a) Our Internet pages include plug-ins by the short messaging network Twitter Inc. (Twitter). You can recognize the Twitter plug-in (tweet button) by the Twitter logo on our website. Please see here for an overview of tweet buttons (https://about.twitter.com/resources/buttons ).
If you open a page of our Web presence containing such a plug-in, a direct connection is created between your browser and the Twitter server after you click the icon, enabling Twitter to receive the information that you are visiting our website with your IP address. If you click the Twitter “tweet button“ while being logged in to your Twitter account, you can link the content of our pages to your Twitter profile, enabling Twitter to allocate your visit to our website to your user account. We would like to point out that we as the provider of these pages are not informed about the content of the transmitted data or their use by Twitter.
(b) If you do not want Twitter to allocate your visit on our website, log off from your Twitter user account.
(c) For more information, please see Twitter’s privacy statement at (https://twitter.com/privacy)
When using guest WiFi services provided by our customers at venues, some information is collected automatically. This includes, for example, unique device identifiers such as MAC addresses, device type and model, operating system, browser type and language, the browser’s Internet Protocol address, start and stop times of connections, the amount of traffic, the hotspot from which the connection is made, and the reason for logging out.
4.1.3. About Location Services Data from Mobile Phone
When you bring a device (the computer, tablet, cellular telephone, smartphone, or other electronic devices) with its WiFi and/or Bluetooth function enabled into a venue where our customers are using IPERA AI Portal, the portal senses the presence of the device, its signal strength, its manufacturer, its geographic location, and a unique identifier known as its Media Access Control (MAC) address. This combination of numbers and letters identifies a specific device to the surrounding WiFi or Bluetooth networks, however, the MAC address does not reveal the device owner’s real-world identity or personal data, so that information is not collected. Any MAC addresses that are collected are immediately de-identified and de-personalized.
We collect and aggregate anonymous data from your device into reports that we prepare on behalf of our customers. These reports are used for various purposes, such as improving venue layouts, determining the timing of promotions and sales, measuring the effects of advertising, and setting staffing levels and venue hours.
We also collect your device’s location data with WiFi enabled devices present at a location by means of relative signal strength for WiFi access points to keep track of your visits to our customers’ venues. This information helps our customers and us improve your experience if you opt-in to receive promotional communications. This allows us to send tailored communications based on your visits and behaviors.
4.1.4. How We Use the Information We Collect
We also contract with qualified, respected third-party service providers (also known as “third-party agents”), such as virtual hosting infrastructure providers (e.g., Amazon Web Services), to host our servers and databases and to provide other services to us. We request that our service providers agree not to access or use any information they may have access to while providing services to IPERA AI other than as specified by us and for the purpose for which it was initially collected.
a) Ensuring that content from our site is presented in the most effective manner for you and your computer
b) Collating and aggregating anonymized information for consumer analysis and statistical reporting
c) Associating submitted information and/or additional information and/or device information and/or location information and/or log information to enable analysis by us and the owner or sponsor of any venue at which you use the service in regards to how people move around such venues. In such circumstances, the MAC address of your device is masked to prevent linking data to other sources
d) Contacting you regarding your opinions of our products and services, which may be used for research and analysis to help us improve or modify those products and services
e) Identifying you when you contact or visit us.
f) Dealing with your inquiries and requests
g) Improving the quality, security, and safety of our products and service
h) Carrying out analysis and service improvement
j) When you communicate with us for customer service or other purposes (e.g., by emails, faxes, phone calls, tweets, etc.), we retain such information and our responses to you in your account records
When we process your personal data for our legitimate business interests, we always ensure that we consider and balance any potential impact on you and your rights under data protection laws. If you have any concerns about the processing described above, you have the right to object to this processing. Please review the “Your Rights” section below for more information about your rights.
5. Data Deletion
Except for certain customer personal data that is provided or made available in connection with accessing and using services, data will be securely deleted within six (6) months, sooner if requested when contact to us, within thirty (30) days.
IPera AI will securely delete all copies of customer personal data, unless otherwise required by applicable law, in which case IPera AI will immediately inform the customer in writing of such requirement. Upon the customer’s written request, IPera AI will provide a certificate of deletion within thirty (30) days of such request, certifying that IPera AI has deleted all personal data.
This section does not apply to data that may be kept during the ordinary course of business in email or backup systems. Notwithstanding the foregoing, the customer acknowledges and understands that the premature request to delete Customer Personal Data may result in the inability to provide Services, impact the performance of Services, or the receipt of deliverables. IPera AI shall not be held liable for any performance impact, delays, suspensions, or the inability to satisfy quoted performance or deliverables guarantees in the event that customer requests the premature deletion of the customer’s personal data.
6. Your Rights
In terms of the General Data Protection Regulation (GDPR) may permit us to request that we:
6.1. Provide access to and/or download a copy of certain information we hold about you;
6.2. Prevent the processing of your information for direct-marketing purposes; (including any direct marketing processing based on profiling)
6.3. Update the information that is out of date or incorrect;
6.4. Delete certain information that we are holding about you;
6.5. Restrict the way that we process and disclose certain of your information;
6.6. Revoke your consent for the processing of your information;
Please note, however, that certain information may be exempt from such requests in some circumstances, including needing to continue processing your information for our legitimate interests or to comply with a legal obligation. We may request you provide us with the information necessary to confirm your identity before responding to your request.
6.7. Please contact us as described in the “Contact Us” section to exercise these rights. In addition to those rights, you have the right to lodge a complaint with the relevant supervisory authority. However, we encourage you to contact us first, and we will do our very.
7. How Long We Keep Information
The duration of the storage of personal data is based on the respective legal basis, the purpose of processing and – if relevant – on the respective legal retention period (e.g. commercial and tax retention periods).
If personal data is processed on the basis of express consent pursuant to Art. 6 (1) point a GDPR, this data is stored until the data subject revokes his consent.
If there are legal storage periods for data that is processed within the framework of legal or similar obligations on the basis of Art. 6 (1) point b GDPR, this data will be routinely deleted after the expiry of the storage periods if it is no longer necessary for the fulfillment of the contract or the initiation of the contract and/or if we no longer have a justified interest in the further storage.
When processing personal data on the basis of Art. 6 (1) point f GDPR, this data is stored until the data subject exercises his right of objection in accordance with Art. 21 (1) GDPR, unless we can provide compelling grounds for processing worthy of protection which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
If personal data is processed for the purpose of direct marketing on the basis of Art. 6 (1) point f GDPR, this data is stored until the data subject exercises his right of objection pursuant to Art. 21 (2) GDPR.
Unless otherwise stated in the information contained in this declaration on specific processing situations, stored personal data will be deleted if it is no longer necessary for the purposes for which it was collected or otherwise processed.
Cookies are used for storing information arising in connection with the end user device in question. This does not mean that they give us direct information about your identity.
Cookies are used, on the one hand, to improve your user experience while visiting our website. We may use so called session cookies to detect that you have visited individual pages of our website. These cookies are automatically deleted after you leave our website.
We also use temporary cookies to optimise our user-friendliness; these cookies are stored on your end user device for a certain pre-defined period. If you revisit our website to use our services or to look for information, we can detect automatically that you are a returning visitor to our website and that we have stored your inputs and settings so you do not have to enter them again.
The data processed by cookies are required for the specified purposes to maintain our legitimate interests and third-party interests according to Art. 6 Para. 1 Sent. 1 lit. f GDPR.
Most browsers automatically accept cookies. You can, however, configure your browser to store no cookies on your computer or to always notify you prior to creating a new cookie. If you fully disable cookies you may not be able to use the entire functionality of our website.
You can manage cookie settings by using tools available on most Internet browsers. Instructions for popular browsers are here:
Depending upon which web browser you use, you may be able to adjust your settings to reject or delete cookies. However, choosing to reject cookies may result in the loss of some functionality of our website.
Please note that we cannot honor requests with respect to personal information that we process on behalf of our customers as a service provider. For such data, please contact the restaurant, store, or other business for which you would like more information regarding your rights.