Introduction
![]() |
As a full-suite guest experience & engagement platform, IPERA takes cybersecurity seriously. We are committed to building a secure and trusted platform. IPERA adheres to the ISO 27001:2022 standard and undergoes annual assessments against all 5 trust service criteria: Security, Confidentiality, Availability, Integrity, and Privacy.
IPERA complies with GDPR along with other regulations including California Consumer Privacy Act (CCPA), South Africa's The Protection of Personal Information Act (POPIA), United Arab Emirates Personal Data Protection Law (PDPL) and various laws governing Kingdom of Saudi Arabia's privacy regulations, including the Personal data protection law (Royal Decree No. (M/19) dated 1443/2/9 AH), the Main Principles of Personal Information Protection and the Main Principles and General Rules for Sharing Data issued by the Saudi Data and Artificial Intelligence Authority (SDAIA) and National Data Management Office (NDMO) and State of Qatar Law Personal Data Protection Law 13 of 2016
The Personal data protection law and its executive regulations set the legal basis for the protection of rights of visitors and staff regarding the processing of personal data
IPERA's Personal Data Privacy Principles
The fundamental principles of our data protection policy include:
- Transparency through Privacy Notice indicating the purposes for which personal data is collected
- Choice and Consent obtained through implicit or explicit approval regarding the collection, use and disclosure of personal data before collection
- Limiting Data Collection to minimum data that enables fulfilment of purposes
- Use, Retention and Destruction strictly for the purpose, retained as long as necessary to achieve intended purposes or as required by laws and regulations and destroyed safely, preventing leakage, loss, theft, misuse or unauthorized access
- Access to data by which any Data Subject can review, update and correct their personal data, as well as delete their personal data to become anonymous
- Data Disclosure Limitation approved by Data Subject restricts third parties to the purposes provided in Privacy Notice
- Data security by protecting personal data from leakage, damage, loss, theft, misuse, modification, or unauthorized access; according to the controls issued by the National Cybersecurity Authority and other relevant authorities
- Data quality after verification of its accuracy, completeness and timeliness
- Monitoring and Compliance with Data Controller's privacy policies and procedures, and any privacy-related inquiries, complaints, and disputes
- Accountability by the head of the entity (or his designee) for the Data Controller's privacy
- policies and procedures
Data Handling and Encryption
IPERA takes the handling of confidential data very seriously, implementing a series of robust measures to ensure its protection and maintain the trust of our clients and stakeholders. These measures include:
- Confidential data is encrypted both at rest and in transit, using advanced encryption algorithms and protocols including AES-256 in storage and TLS in transit
We classify data based on its sensitivity, with confidential data receiving the highest level of protection - We employ stringent access control policies to ensure that only authorized personnel have access to confidential data based on their roles and responsibilities
- Our staff receives training and reminders on handling confidential data to help foster a security-conscious culture within the organization
Steps Followed by Data Controllers (IPERA Customers)
Here are a few steps that IPERA partners and customers need to do when enabling the IPERA Guest Experience & Engagement platform.
1. Collect Communication Consent
The main legal basis for collecting and processing your users’ personal data is consent. IPERA products include many features and capabilities that allow us to serve our customers' needs to comply with Personal Data Privacy Privacy Regulations. It is our customer's responsibility to make sure they configure the IPERA Starling platform in compliance with Personal Data Privacy Privacy Regulations and IPERA consultants will be happy to help in case needed.
The Privacy Policy has to be accepted explicitly. Acceptance check-boxes cannot be pre-checked. Log in to your account and check the settings of the tenant or location.
- Make sure you selected the option to get an explicit acceptance of the Terms of Use and Privacy Policies. An Terms of Privacy example is here
- If you are collecting the data for promotional communications, make sure to enable marketing consent on the splash page.
2. Update your Privacy Policy
We provide a solution for our customers to operate their own service. In this scenario, IPERA operates as a Data Processor, while our customer operates as a Data Controller. It is essential that our terms and our customer’s terms reflect this. The guest/end-user of the Wi-Fi hotspots must also be made aware of the role of IPERA and our customers. It is essential that you review your own privacy policy and make sure it reflects GDPR needs and benefits.
In the Login Profile, you can customize your Terms & Conditions with Privacy Policy text, in multiple languages. This can be set at the "Tenant settings level" or "Location settings level".
3. Allow Your Visitors & Guests Accessing and Modifying Their Information
For each tenant, we have a link that can be shared with Guests upon their request.
The link can be accessed via Settings > System Settings > Advanced.
Profile Access URL link should be shared with guests upon request.
Visitors, Guests or Staff (end-users) have the option to log in using their email address or mobile number.
They have the option to either; update their information or delete it from the system.
Personal Data Lifecycle
IPERA platform has the following cycle of personal data handling when connecting guests / visitors to Guest WiFi network or using Mobile App login

Comments
0 comments
Article is closed for comments.