Writing a WiFi Privacy Policy for Your Venue: What Must Be in It

Why Your WiFi Portal Needs Its Own Privacy Policy

A general website privacy policy is not sufficient for WiFi data collection. GDPR Article 13 requires a specific privacy notice to be provided at the time of data collection, covering the specific purposes and data types being collected in that interaction. Your WiFi portal is collecting data for specific purposes (marketing communications, session analytics) that may not be covered in your general website privacy policy.

The privacy notice linked from your WiFi portal should be specific to the WiFi data collection context — even if it is a section within a broader privacy policy document.

Required Elements Under GDPR Article 13

1. Identity of the data controller

Who is collecting the data? This must be your legal entity name and contact details — not just your venue trading name.

Example: "The data controller is [Trading Name] Ltd, registered in [Country] with company number [Number]. Contact: [email address]."

2. Purposes and legal basis for processing

State clearly what you are collecting the data for and which GDPR lawful basis you are relying on.

Example: "We collect your first name and email address for the purpose of sending you marketing communications about our venue, including offers, events, and news. The legal basis for this processing is your consent (GDPR Article 6(1)(a)). We collect WiFi session data (connection times, device identifier) for the purpose of network management and analytics. The legal basis for this processing is our legitimate interest (GDPR Article 6(1)(f)) in operating and improving our WiFi service."

3. Recipients of personal data

Who are you sharing the data with? This includes your email marketing platform, WiFi marketing platform, and any other processors.

Example: "Your data may be shared with: (a) VoqadoWiFi (WiFi management platform, data processor); (b) Mailchimp/Intuit Inc. (email marketing platform, data processor); (c) no other third parties without your explicit consent."

4. Retention periods

How long will you keep the data?

Example: "Marketing contact data (name, email) will be retained for 12 months following your last visit to our venue, or until you unsubscribe, whichever comes first. WiFi session records will be retained for 12 months from the session date and then anonymised."

5. Data subject rights

State the rights individuals have and how to exercise them:

• Right of access (request a copy of their data)
• Right to rectification (request correction of inaccurate data)
• Right to erasure (request deletion)
• Right to restriction (request limited processing)
• Right to data portability (receive their data in a portable format)
• Right to object (object to processing based on legitimate interest)
• Right to withdraw consent (withdraw marketing consent at any time)

6. How to withdraw consent

"You can unsubscribe from marketing communications at any time by clicking the unsubscribe link in any email we send you, or by emailing [contact address]."

7. Right to lodge a complaint

"You have the right to lodge a complaint with the supervisory authority in your country. In the UK, this is the Information Commissioner's Office (ico.org.uk). In Ireland, this is the Data Protection Commission (dataprotection.ie)."

Where to Link the Policy

• From the WiFi portal page (linked text "Privacy Policy" near the opt-in checkbox)
• From every marketing email footer
• From your website (standard practice)

When to Update and How to Re-Consent

Review your WiFi privacy policy annually or whenever a material change occurs — such as a new data processor, a new purpose for using the data, or a change in retention periods.

For material changes that affect the processing you have consent for, you must re-obtain consent. Send a "privacy policy update" email to your list explaining what changed and confirming their consent is still required. Contacts who do not re-consent within a reasonable period (30–60 days) should be unsubscribed.

Template language: "We have updated our privacy policy. The key change is [description]. Your marketing preferences remain unchanged — but if you would like to review the updated policy before continuing to receive emails from us, you can do so here: [link]. To unsubscribe at any time: [unsubscribe link]."