Data Classification, Definitions & Retention
PCI - Data that pertains to an individual's payment card. Purple do not collect any PCI data.
Personal - Data that pertains to a single identifiable person. Removed after 13 months of inactivity (i.e. the end-user hasn't used the service for 13 months).
Client confidential - Data that if lost, would cause significant or ongoing financial or brand damage to a client. Removed at the end of a customer relationship or upon request.
Data Collected
Pre-Authentication
Purple collects data about the client's device as soon as the client loads a splash page. This data is passed in the form of URL parameters by the network controller to the splash page, or is taken from HTTP headers passed by the browser.
Data type | Example | Categorization | Collected from |
Client WiFi MAC address | 00-00-00-00-00-00 | Client Confidential |
URL |
Access point MAC address | 00-00-00-00-00-00 | Internal | URL |
Venue/Company | Store 52, Acme Shops | Internal | Customer database |
SSID | Free WiFi | Internal | URL |
User-agent string | Mozilla/5.0 (Linux; Android 4.0.4; Galaxy Nexus Build/IMM76B) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.133 Mobile Safari/535.19 |
Personal | Request headers |
The language of the page being accessed, by default from the browser's request headers but the user may override this by choosing another language |
en_GB | Personal | Request headers/user input |
Session/browsing data
Purple collects data about the individual web pages a user loads as part of the onboarding process, as well as some basic diagnostic information about those page loads to perform health checks and diagnose problems.
Purple does not track individual client transactions once they have completed the onboarding process (i.e. once they have logged in to use the Internet at the establishment).
This data is linked to the user via the client MAC passed by the controller (see Pre-authentication, above), and by the user's own web authentication (see Web authentication, below).
Data type | Example | Categorization | Collected from |
URL loaded |
/access/ | Client Confidential |
Browser request |
Web authentication
At the splash page, the end user is invited to enter data to authenticate to the WiFi. The exact data collected differs according to the configuration defined by the customer, and at a minimum the data collected may be no more than an acceptance of the terms and conditions of joining the WiFi. The customer may present the end user with multiple ways to authenticate, which are separated into three categories:
1. Registration form: This presents the user with a form that has to be populated by the user to proceed. The customer can choose which fields are optional and which are mandatory, but as a minimum at least one of email address or mobile number must be mandatory (which are used as a unique identifier of the user).
2. Social authentication: Customers may choose to allow end users to authenticate via 3rd party authentication providers such as Facebook or X. In this case, the user is forwarded to the social provider to log in, and are invited to share data with the customer. After logging in at the provider, the data the user has agreed to share is passed back to the Purple platform. This data varies from provider to provider. If an end user chooses to authenticate via social authentication, they will still also have to enter any configured mandatory fields from the registration form (above) that haven't already been collected from the social authentication provider.
3. Custom authentication: Some customers may also have custom authentication methods, on a case by case basis agreed with Purple. These authentication methods are typically proprietary CRM systems. They typically behave in a way similar to social authentication providers (above), and the data collected from these systems is treated as Personal data.
Registration form
These are the default fields available for registration forms, but customers can also add custom fields
that could be any data type. These custom fields are always treated as personal.
Data type | Example | Categorization | Collected from |
First name | Dan | Personal | User input |
Last name | Smith | Personal | User input |
Dan.Smith@Gmail.com | Personal | User input | |
Mobile | +447700123123 | Personal | User input |
Password | MyPassword123 | Personal | User input |
Gender | Male | Personal | User input |
Title | Mr | Personal | User input |
Date of birth | 1990-01-01 | Personal | User input |
Postcode/ZIP | OL9 8EH | Personal | User input |
More data is collected from Facebook than from other social providers. This data may or may not be collected from end users, depending on the user's own privacy settings and which data the user chooses to share at the point of authentication on Facebook (end users have granular control over data sharing and can choose not to share some of the data requested).
Data type | Example | Categorization | Collected from |
First name | Dan | Personal | |
Last name | Smith | Personal | |
Dan.Smith@Gmail.com | Personal | ||
Gender | Male | Personal | |
Date of birth | 1990-01-01 | Personal | |
Home town | Edinburgh, UK | Personal | |
User likes - a list of pages the user has liked | Apple, Coca Cola, Facebook | Personal |
Additional Authentication Data
The customer may require other data during the registration process, including but not limited to surveys or NPS scores. Any user-input responses are always categorised as personal.
Post-authentication / network
Once the user has authenticated, the network controller starts passing basic network usage data to Purple's RADIUS servers via RADIUS accounting.
Data type | Example | Categorization | Collected from |
Internal network IP address | 10.0.0.101 | Personal | Network controller (via RADIUS) |
External network IP address |
87.1.1.1 | Internal | Network controller (via RADIUS) |
Client WiFi MAC address | 00-00-00-00-00-00 | Personal | Network controller (via RADIUS) |
Access point MAC address | 00-00-00-00-00-00 | Internal | Network controller (via RADIUS) |
Bytes uploaded | 12345678 | Internal | Network controller (via RADIUS) |
Bytes downloaded |
12345678 | Internal | Network controller (via RADIUS) |
Session start time | 2023-01-01 00:00:00 | Internal | Network controller (via RADIUS) |
Session stop time | 2023-01-01 00:00:00 | Internal | Network controller (via RADIUS) |
Session termination clause | Idle-Timeout | Internal | Network controller (via RADIUS) |
Location data
Location data is data collected passively about WiFi-enabled devices in range of network access points. When a WiFi-enabled device makes probe requests looking for known WiFi network names, each access point in range can capture the WiFi MAC address of the device along with an RSSI (received signal strength indicator), which can be used to estimate how far from the access point the device is. When a device is associated with a WiFi network, the client MAC address and RSSI values are taken from network traffic and don't depend on probe requests.
When a customer has multiple access points collecting this data, the customer's network controller may also triangulate the data received by MAC address and return an X,Y coordinate which is an estimate of the position of the device relative to an uploaded map. Data for a single device MAC address and location is grouped into 'visits'. The collection of this data is optional and will depend on whether it is supported by the customer's network hardware. The exact data returned is also dependent on the customer's network hardware, but the data collected is aggregated by Purple into the data types below:
Data type | Example | Categorization | Collected from |
Client WiFi MAC address (may be randomised, i.e. not the client's real WiFi MAC address) |
00-00-00-00-00-00 | Personal | Network controller or vendor location engine |
Access point MAC address | 00-00-00-00-00-00 | Internal | Network controller or vendor location engine |
Venue/company | Store 52, Acme shops | Internal | Customer database |
Time of request |
Internal | Network controller or vendor location engine |
|
RSSI (received signal strength indicator) | 50 | Internal | Network controller or vendor location engine |
X,Y coorindate | 200,34 | Client confidential | Network controller or vendor location engine |
Visit start | 2023-01-01 09:00:00 | Internal | Aggregation |
Visit end | 2023-01-01 17:00:00 | Internal | Aggregation |
Feature specific
NLP
For those customers who have purchased and implemented our NLP sentiment analysis module, we collect the following via authentication with the company’s email account.
Data type | Example | Categorization | Collected from |
Email address | Dan.Smith@Gmail.com | Personal | Company's authenticated email account |
Sentiment | Positive/negative/can’t determine |
Internal | Email body parse by sentiment analysis |
Email body | "Hi, my experience at your venue was great thanks!” |
Personal | Company’s authenticated email account |
Wayfinding
For those customers who have purchased and implemented our Wayfinding module.
Data type | Example | Categorization | Collected from | Used for |
Email address | Dan.Smith@Gmail.com | Personal | Company's authenticated email account | Sending emails containing the personalised link from the kiosk (optional) |
Access point MAC address | 00-00-00-00-00-00 | Internal | Network controller or vendor location engine |
positioning |
Client WiFi MAC address (may be randomised, i.e. not the client's real WiFi MAC address) |
00-00-00-00-00-00 | Personal | Network controller or vendor location engine |
positioning |
Venue/company | Store 52, Acme shops | Internal | Customer database | positioning |
Time of request |
Internal | Network controller or vendor location engine |
monitoring | |
RSSI (received signal strength indicator) | 50 | Internal | Network controller or vendor location engine |
positioning |
X,Y coordinate | 200,34 | Client confidential | Network controller or vendor location engine |
positioning |
Visit start | 2023-01-01 09:00:00 | Internal | Aggregation | monitoring |
Visit end | 2023-01-01 17:00:00 | Internal | Aggregation | monitoring |
Sensors
For those customers who have purchased and implemented our Sensors module.
Data type | Example | Categorization | Collected from |
Image/Video (Obfuscated) | Image of person blurred and identifying features removed and replaced with a coloured circle |
Personal | Xovis Sensor |
Gender | Male/Female/Unidenti fied |
Client Confidential |
Xovis Sensor |