Fydelia Information System Security Policy
Purpose:
This policy establishes guidelines to ensure the security, integrity, and confidentiality of guest WiFi login data processed by Fydelia. As a data processor, Fydelia is committed to protecting the information entrusted to us on behalf of our clients and following all applicable laws and best practices.
Scope:
This policy applies to all employees, contractors, and third parties with access to Fydelia’s information systems, software, and infrastructure used for processing guest WiFi data.
1. Data Collection and Processing
- Role as Data Processor: Fydelia serves solely as a data processor for guest WiFi login information, which may include personally identifiable information (PII) as specified by clients. Fydelia does not act as a data controller and is not responsible for the data beyond the processing tasks specified by each client.
- Data Transmission to Clients: Private guest login data collected via Fydelia’s platform will be passed securely to the client if they choose to set up data integrations. This data will only be transmitted via approved secure methods.
2. Data Retention and Deletion
- Standard Retention Period: Fydelia will retain guest WiFi login data for one (1) year from the date of collection.
- Custom Retention Requests: Clients may request alternative retention periods in writing. Such requests must be documented and approved in accordance with Fydelia’s data management procedures.
- Secure Deletion: At the end of the retention period, Fydelia will securely delete or anonymize the data in accordance with industry best practices to ensure the complete erasure of any residual information.
3. Data Security
- Access Controls: Only authorized personnel with a legitimate business need may access guest login data. Access is granted based on the principle of least privilege and reviewed regularly.
- Encryption: All guest WiFi login data is encrypted during transmission and at rest. Data integrations are also performed using encryption protocols that meet industry standards.
- Network Security: Fydelia employs firewalls, intrusion detection systems, and network monitoring tools to prevent and detect unauthorized access to our systems. Regular vulnerability assessments and penetration tests are conducted to identify and mitigate security risks.
4. Incident Response and Reporting
- Incident Management: Fydelia has established procedures for responding to data security incidents. These include measures to contain the incident, investigate its cause, and mitigate any potential impact.
- Client Notification: In the event of a data breach involving client data, Fydelia will notify the affected client promptly, including details of the breach and the steps taken to address it.
5. Compliance and Audit
- Regulatory Compliance: Fydelia complies with applicable data protection laws and regulations in the jurisdictions in which we operate, including the GDPR for EU-based clients.
- Internal Audits: Regular internal audits are conducted to verify adherence to this policy. Any findings are addressed in a timely manner to ensure ongoing compliance and security improvements.
6. Employee Training and Awareness
- Security Training: All employees with access to guest WiFi login data or Fydelia’s information systems undergo regular training on data security best practices, privacy obligations, and incident response procedures.
- Confidentiality Agreements: Employees and contractors are required to sign confidentiality agreements as part of their employment or engagement with Fydelia.
7. Policy Review and Updates
This policy is reviewed annually and updated as necessary to reflect changes in business practices, legal requirements, and emerging security risks. Clients will be informed of any significant changes to this policy that may affect the processing of their data.
Effective Date: 2020-04-30
Contacting Us
If there are any questions regarding this privacy policy you may contact us using the information below.
Fydelia is run by Sentinel Software Limited, Gemini House, 136-140 Old Shoreham Road, Brighton, BN3 7BD
Registered in the UK: 6463344 VAT Reg 135 2946 10
support@fydelia.com
Last Edited on 2020-04-30
