To use the Internet via the IAC-BOX System, it is necessary to agree to the processing of data, which will be classified either as personal or person-related data, depending on the login method used. As the operator of the IAC-BOX System, we take your rights to data protection, privacy and informational self-determination very seriously. You have a right to information, which is why we would like to ensure that you are fully informed about how your data is handled.
The operator of the IAC-BOX System would like to provide every user with convenient and secure access to the Internet, which conforms to legislation, no matter which login method or which validity period have been applied.

Which data is processed?

The system must be able to detect that your access is authorized. For this purpose, the system issues a ticket, which is given a certain validity and various characteristics. The MAC and/or IP address of the device that you are using will be stored as a unique identification characteristic. By itself, however, you cannot be identified personally in this manner, although person-related data is combined by some login methods.
The login data that you input, such as a room number, your e-mail address, a user name or your password, is stored locally on the IAC-BOX System and is partially compared with and transmitted to external databases. Such data is usually already known in advance, for instance from a hotel booking or an employee database. However, it never concerns sensitive data in the sense of the General Data Protection Regulation (GDPR). It only concerns an identification that is necessary for the service that is being made available to you.

What about cookies?

Via the IAC-BOX login page, so-called cookies will be stored on your device. Cookies are small text files that are generated by a website during your visit. There are two types of cookies: session cookies and persistent cookies. Session cookies are only stored for the current browser session, and they are immediately deleted as soon as you close the browser. These cookies make it possible, for example, for you to return to webpages that you have visited previously. Some login methods do not function at all without them. Persistent cookies are stored for a longer period, and they enable the content of a website to be delivered in the language of your preference when you revisit that site, for example. Persistent Cookies of the IAC-BOX System do not contain any personal data. Furthermore, the operator of the IAC-BOX System may use analysis tools that can analyse the usage behaviour of the visitor by evaluating such cookies. You can open, view and delete cookies that are stored in your browser whenever you like or pre-configure your browser to periodically delete them.

Is the data transmitted to third parties?

In principle, no data is transferred to third parties in the sense of the GDPR. Hotel and employee databases are required for processing bookings or for shaping the employment relationship and consequently do not represent a third party in the strict sense. Should you log in via a social networking site (Facebook, Twitter, etc.) or via Google or Microsoft, you will use this service with the login data that is already known to these media. While social media operators can theoretically draw a conclusion from this about your whereabouts, the IAC-BOX System has, however, no influence on this.

How is the data protected against unauthorized access?

In general, the IAC-BOX is a closed system with a high degree of security. No possibility has been provided for carrying out non-system processes, such as an app on a mobile phone or a program on a laptop, which means that the classic loopholes are not available to potential attackers. The basic settings economize on data and no provision has been made for querying sensitive data. Payment options are exclusively handled via external payment systems, and no financial data is stored. As a result of these measures the attractiveness of the IAC-BOX System is very limited for attackers.
The IAC-BOX System regulates access to stored data through the user administration. The authorization management procedure ensures that the administrators are trained on data protection rights and that they proceed with reasonable care in the sense of the GDPR. Access is protected by password, and data access is always encrypted and logged.

How long is the data stored, and how can I have the data deleted?

To safeguard your right to erasure, a number of default pre-settings have been made. Ticket data is only stored for as long as necessary. After the validity period has passed, the default configuration makes provision for an archiving period that ranges from 14 days to 6 months. However, reasons for longer storage periods may obtain, such as for an annual settlement or similar. For ensuring faultless operation, the current system stores internal logs that contain IP and MAC addresses, as well as other login information. These logs are also only accessible to administrators, and they are usually deleted after a period of 2 weeks, but no later than after 1 month.
Should you have any further questions, please contact the operator of the IAC-BOX System: $CONTACT$