Data Protection Notice for WiFi4EU mobile application

What is the purpose(s) of this processing activity?

The aim of the WiFi4EU app (developed in the context of the WiFi4EU initiative) is to provide access to users to locate free WiFi4EU hotspots at locations throughout Europe, of municipalities that have obtained a voucher to install WiFi networks in public spaces such as: cultural and touristic sites, health centres/hospitals, stations and transport stops, schools, universities and libraries, parks and squares, shopping malls, town & sport halls. The app is designed to make it easier for users to find these hotspots and is free of charge to download and use. 

The purpose is to improve user experience and accuracy of the data, as follows: 

• users have the option to get in contact with the WiFi4EU team to provide feedback or suggestion for improvement for the application or to report any issue related to the location, malfunctioning, or any other type of feedback on access points. This is done via EU Survey; accessing the EU Survey will take the user outside of the app interface. Users can voluntarily choose the option to be contacted back by the WiFi4EU team at an email address provided by them to get feedback on their query.
• upon consent, the app may use the user’s geolocation to identify hotspots around their current location, without collecting this information. Specifically, users will be asked if they wish to be geolocated, which will help improve their experience. If they agree to be geolocated, their device's location is processed directly on their device. Location data is neither collected, stored or shared by HaDEA (European Health and Digital Executive Agency) or third parties. Refusing geolocation does not prevent the user from using the application. When the location setting is off for your device, the apps can't get your device's location. The location access options can be changed at any time via the device settings.

Who is the data controller?

The data controller of the processing operation is the Head of Unit of Unit B.1 of the European Health and Digital Executive Agency (HaDEA).

Which personal data is collected?

No mandatory data is collected for the purpose(s) outline above. 

Non-mandatory personal data are collected when reporting an issue or providing feedback via EU Survey, in accordance with the privacy statement of this tool, which can be consulted at: EUSurvey - Privacy Statement (Record reference: DPR-EC-01488). The user may also voluntarily provide personal data to report an issue – this data is processed to the extent necessary to reply and regular reporting on the activities within the WiFi4EU project. Additional personal data which might be shared by the data subject will be disregarded. 

Who has access to the personal data of data subjects and to whom can they be disclosed?

The recipients of your personal data will be: HaDEA staff (Project Officer/Project Adviser/Project Assistant/IT staff, etc.) in charge of processing activities for the WiFi4EU initiative, or technical support for troubleshooting, technical issues reported by users. 

On a need to know basis and in compliance with the relevant current legislation, bodies charged with monitoring or inspection tasks in application of EU law (e.g. EC internal audit, Court of Auditors, European Anti-fraud Office (OLAF), the European Ombudsman, the European Data Protection Supervisor, the European Public Prosecutor). 

Your personal data will not be transferred to third countries or international organisations. 

The processing of your data will not include automated decision-making (such as profiling).

Which is the legal basis for processing your personal data?

The legal basis for the processing activities is Article 5(1)(d) of Regulation EU 2018/1725 based on your explicit consent for your non- mandatory personal data indicated below.

How to withdraw your consent and the consequences of doing this

If you want us to delete the following personal data [enquiry subject, device used, operating system, suggestions for improvement, WiFi4EU hotspot ID, the issue with the WiFi4EU hotspot, email address] please contact us at and we will do it at the latest within one month after your request. 

Please note that withdrawing your consent does not affect the lawfulness of any processing based on your consent before this consent is withdrawn. Attention is drawn to the consequences of a delete request, which means that all your contact details will be lost.

How long do we keep your personal data?

Your personal data will be kept for a maximum period of 6 months from the time of reporting of the issue through the feedback platform. Data will be deleted at the end of this period.

What are your rights regarding your personal data?

You have the right to access your personal data and to request your personal data to be rectified, if the data is inaccurate or incomplete; where applicable, you have the right to request restriction or to object to processing, to request a copy or erasure of your personal data held by the data controller. If processing is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on your consent before its withdrawal. 

Your request to exercise one of the above rights will be dealt with without undue delay and within one month. 

If you have any queries concerning the processing of your personal data or wish to exercise any of the rights described above, you contact the Head of Unit of the Unit B.1 (entity acting as data controller) via: HADEA-CEF-WIFI4EUec [dot] europa [dot] eu (HADEA-CEF-WIFI4EU[at]ec[dot]europa[dot]eu) and HaDEA DPO HADEA-DPOec [dot] europa [dot] eu (HADEA-DPO[at]ec[dot]europa[dot]eu) 

You shall have right of recourse at any time to the European Data Protection Supervisor at EDPSedps [dot] europa [dot] eu (EDPS[at]edps[dot]europa[dot]eu).