Effective Date: 11 May 2018
When you access or use our Services, you acknowledge that you have read this Policy and understand its contents. Your use of our Services and any dispute over privacy is subject to this Policy and our Terms of Service (including any applicable limitations on damages and the resolution of disputes).
As iPass evolves, our business may change, and we may update this Policy at any time as we deem appropriate to reflect those changes. Where the changes are material, we will post them here in advance, and if the changes are likely to affect you personally, we will also attempt to contact you directly (such as via email if we have your email address). It is important that you check back from time to time and make sure that you have reviewed the most current version of this Policy.
Why Do We Collect Information and Data?
We rely on certain information to run our business. In some instances, this information may include data that could be used to identify a particular individual, otherwise referred to as Personal Information. In this Policy, we will provide multiple examples of how Personal Information we collect may be used and why it is important. For example, Business Clients of iPass may provide iPass with Personal Information to help iPass provide its Services to customers or employees of the Business Clients. Some of the reasons that we collect Personal Information are to:
- Provide our products and services, including our Apps and our website (“Site”), and improve them over time;
- Personalise and manage our relationship with you, including providing customer support;
- Investigate, respond to and manage enquiries or events; and
- Work with and respond to law enforcement agencies and regulators.
What Kinds of Personal Information Do We Collect?
- Authentication information (including email address and password);
- Device information (including unique identifiers for computers, tablets or phones to confirm their eligibility for use of the Service);
- Session data (including access point information and location information for the purpose of enabling the Service to connect users to the best available connection);
- Optional data (at the direction of iPass Business Clients, iPass may collect user names for billing and eligibility purposes and for Ad-ID).
Session Data, including aggregate usage statistics, is generally not personally identifying. On the other hand, some of this Session Data, either alone or when combined or linked with your Personal Information, may allow your identity to be discovered. In such cases, we treat the combined data as Personal Information. In many cases, Session Data is gathered automatically by systems or technology such as cookies (see the section on Information Collected Automatically below).
How Do We Collect Information?
For personal data subject to the European Union’s General Data Protection Regulation (“GDPR”), we rely on several legal bases to process the data. These include when the processing is necessary to perform a contract; for compliance with a legal obligation to which iPass is subject; and for our legitimate business interests, such as in improving, personalising and developing the Services, and promoting safety and security as described above.
Our Site may contain publicly accessible blogs or community forums. You should be aware that any information provided in these areas may be read, collected and used by others who access them. To request removal of any Personal Information from our blog or community forum, contact us at firstname.lastname@example.org.
Site Information Collected Automatically: When you use or interact with our Site, we receive and store information generated by your activity, like Session Data and other information automatically collected from your browser or mobile device. This information may include your IP address; browser type and version; preferred language; geographic location using the IP address, the location of an access point you access while using the Service, or the GPS or wireless technology on your device; operating system and computer platform; purchase history; the full Uniform Resource Locator (URL) clickstream to, through and from our Site, including date and time; any searches you conducted; and areas of our Site that you visited. We may also log how long your visit lasts and the number of times you visit and purchase or use the Services. We may assign you one or more unique identifiers to help keep track of your future visits.
How Do We Use Personal Information?
Provision of the Service.
iPass will use Personal Information only for purposes related to providing you with the Service on behalf of iPass Business Clients or otherwise to improve the Service. iPass will use and process your Personal Information: (a) in connection with provisioning of the Service; (b) to incorporate your data into databases controlled by iPass for administration, provisioning, billing and reconciliation, verification of your identity, maintenance, support and product development, fraud detection and prevention, customer and customer use analysis and reporting, and customer-directed application of policies as part of our service delivery. iPass may also use Session Data to contact third parties in connection with inappropriate use of the Service or violation of iPass policy.
Business Uses. We may use Personal Information for business purposes, including to:
- Analyse users’ behaviour when using iPass products and services to customise preferences;
- Establish and manage iPass accounts;
- Provide customer support, manage subscriptions, and respond to requests, questions and comments;
- Customise, measure and improve our websites, products, services and advertising;
- Prevent, detect, identify, investigate, respond to and protect against potential or actual claims, liabilities, prohibited behaviour and criminal activity;
- Comply with and enforce applicable legal requirements, agreements and policies; and
- Perform other activities consistent with this Policy.
Processing as Part of the Services. We also process certain information as an integral part of our Services. If you install one of our Apps or use one of our services, software will operate in the background of your computer system or device environment to perform specific tasks including:
- Determining the quality of available network access points;
- Intrusion detection, prevention and protection;
- Network defence; and
- Data encryption.
When Do We Share Personal Information?
We respect the importance of privacy. Other than as provided for in this Policy, we do not sell your Personal Information, nor do we share it with unaffiliated third parties for their own marketing use, unless we have your consent or we are required by law to do so. Generally, we may disclose the information we collect, including Personal Information, in order to facilitate our provision of the Services or communications with customers (e.g. to service providers who perform functions on our behalf), to operate our business, to advertise or promote our Services, and to facilitate changes to or transfers of our business, as required by law, or with your consent.
We may share Personal Information in the following ways:
- With current and future members of the iPass family of companies for the purposes described in this Policy, such as to: (i) provide services (e.g. registration and customer support); (ii) help detect and prevent illegal acts and violations of our policies; and (iii) guide our decisions about our products, services and communications;
- If we believe disclosure is necessary and appropriate to prevent physical, financial or other harm, injury or loss, including to protect against fraud.
- With legal, governmental or judicial authorities, as instructed or required by those authorities or applicable laws, or in relation to a legal activity, such as in response to a subpoena or investigating suspected illicit activity (including identifying those who use our services for illegal activities). We reserve the right to report to law enforcement agencies activities that we in good faith believe to be illegal.
- In connection with, or during negotiations for, an acquisition, merger, asset sale, or other similar business transfer that involves substantially all of our assets or functions where Personal Information is transferred or shared as part of the business assets (provided that iPass will continue to take measures to protect the confidentiality of Personal Information and give affected users notice before transferring any personal information to a new entity).
- With others after obtaining your consent. If we want to share Personal Information other than as permitted or described in this Policy, we will provide you with a choice to opt into such sharing and you may choose to instruct us not to share the information.
iPass does not share your Personal Information with non-affiliated third parties for their own marketing use without your permission.
We may disclose to third parties Session Data or non-Personal Information that is aggregated or de-identified so that it cannot reasonably be used to identify an individual.
What Security Measures Do We Have?
We use administrative, organisational, technical and physical safeguards to protect the Personal Information we collect and process. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity and availability. We regularly test our website, data centres, systems and other assets for security vulnerabilities.
iPass uses commercially reasonable protection technology such as encryption (when you provide us with information such as login credentials), firewalls, and other security procedures to help protect the accuracy and security of your Personal Information and Session Data and to help prevent unauthorised access or improper use.
What Control Do I Have Over My Personal Information?
Because iPass provides the Service to you on behalf of its Business Clients pursuant to contract, users should contact the Business Client directly to request correction of, access to, or deletion of Personal Information associated with your account. If the Business Client then requests iPass to comply with your request, iPass will respond to the request within 30 business days.
We retain your Personal Information while your account is in existence or as needed to provide you with the Service. This includes data you or others provided to us and data generated from your use of the Service. In some cases we choose to retain certain information in a de-identified or aggregated form.
Our International Operations and Data Transfers
We operate internationally and may transfer information collected within the European Economic Area and Switzerland to the United States for the purposes described in this policy.
We are subject to the oversight of the US Federal Trade Commission and remain responsible for personal information that we transfer to others who process it on our behalf.
Links to Other Websites and Services
Our Site or Services may contain links to other websites or services for your convenience and information. These websites or services may be operated by companies not affiliated with iPass. Linked websites or services may have their own privacy policies or notices, which we strongly suggest you review if you visit those websites. We are not responsible for the content, privacy practices or use of any websites that are not affiliated with iPass.
This document has been translated into the local language for informational purposes only. In the event of any discrepancy between the translated version and the English version, the English version shall be controlling.
With regards to any handling of your Personal Information, iPass acts primarily as a processor on behalf of its Business Clients, who act as the controller. Please direct any inquiries to the Business Client that engaged iPass to provide you with the Service.
Attn: Legal Department
3800 Bridge Parkway, Suite 200
Redwood Shores, CA 94065