Data Privacy

Introduction

IWROBOTX provides centralized visibility and control over your wireless networking hardware: without the cost and complexity of wireless controllers or overlay management systems. Data center of IWROBOTX is based in Munich, customers can confidently deploy scalable, secure networks that comply with privacy regulations across the EU.
European data protection authorities issued guidance on cloud computing, outlining technical, legal, and procedural safeguards required to protect the sensitive and private data of European citizens. IWROBOTX Cloud is designed specifically to address these recommendations and applicable laws.
This guide documents how to configure an Organization in the EU Cloud, and documents the specific configuration elements that are stored outside of the EU.

USER TRAFFIC

User traffic is data related to users' network traffic (web browsing, internal applications, etc.). The IWROBOTX cloud server does not store customer user traffic (network traffic, web browsing, internal applications, etc.) as this traffic is directly routed through the WAN uplink and does not reach the IWROBOTX cloud server. IWROBOTX cloud server can collect only anonymous data coming from Meraki Network or relevant network. Meraki Cloud can not collect private datas coming from network, Meraki Cloud can only provide anonymous data, check the Meraki Cloud Architecture.

MANAGEMENT DATA

Traffic to and from IWROBOTX cloud servers is encrypted in transit. Major types of customer management data include:

  • User records
    • Includes account information such as account email and company name, or other optional information such as user name and address
  • Configuration data
    • Includes organization-level configurations and network-level configurations made in the dashboard
  • Analytics data
    • Includes connected clients (mac address, IP address, SSID associated to, etc.), traffic and location analytics data, visualizations and network insights into traffic, foot-traffic patterns across customer sites, and similar information
  • Customer-uploaded assets
    • Includes any customer-uploaded assets such as custom floor plans and splash logos
DATA RETENTION TIMES

Data retention policy may vary depending on the geographic location where the dashboard is hosted. Dashboard stores the data within the region where it is hosted (for example: dashboards hosted in the EU region are stored in the Iwrobotx data center in Munich).

  • EU: 14 months (12 months + 2 months worth of backups)
  • Rest of the world: 26 months (24 months + 2 months worth of backups)

The Iwrobotx dashboard can store data either based on time duration or number of logged

Privacy and Data Protection

Iwrobotx is committed to data protection, privacy, security, and compliance with applicable regulatory frameworks in the EU and abroad. The cloud-based architecture is designed from the ground up with data protection, privacy, and security in mind.
The Iwrobotx Cloud technical architecture and its internal administrative and procedural safeguards assist customers with the design and deployment of cloud-based networking solutions. The cornerstone of Iwrobotx’s privacy driven architecture is our out-of-band control plane. This means only network management information (not user traffic data) flows from devices to the Iwrobotx cloud, dramatically limiting the amount of personal data that is transferred to the Iwrobotx cloud.
In addition:

  • Iwrobotx Master Data Protection Agreement (IMDPA)—The IMDPA reflects our commitment to privacy, data security, and accountability for our customers, worldwide. If you would like to put in place the IMDPA, please contact your Iwrobotx cloud account representative to get started.
  • GDPR—The European Union General Data Protection Regulation (EUGDPR) brings consistency to the data protection landscape in Europe. GDPR embodies the well-recognized privacy principles of transparency, fairness, and accountability. Iwrobotx is committed to helping our customers and partners by protecting and respecting personal data, no matter where it comes from or where it flows. The MDPA described above incorporates the most current Standard Contractual Clauses adopted by the European Commission (also known as the EU Model Clauses) so that customers may allow transfer and processing of personal data outside the EEA in accordance with applicable European privacy and data protection regulations and local laws, including the GDPR.

Our Data Centers

Iwrobotx offers 2 options to customers for storing data.
1st Local Server onside (Customer’s Server).
2nd Cloud Server (Based in Munich).

I. Local Data Center

If the customer requests, the customer's data is provided on the customer's own server. The data stored on the client server can be displayed on the online Dashboard via the REST API. If the online Dashboard is not required for the customer, there is data on the local dashboard.
In this case, server security and data policies belong to customers' policies.

II. Cloud Data Center

IWROBOTX service is collocated in fully redundant and highly available data center with certifications such as SAS70 type II. These data center feature state of the art physical and cyber security and highly reliable designs.

AVAILABILITY MONITORING
  • 99.99% uptime service level agreement (that’s under one hour per year)
  • 24×7 automated failure detection — all servers are tested every five minutes from multiple locations
  • Rapid escalation procedures across multiple operations teams
  • Independent outage alert system with 3x redundancy
REDUNDANCY
  • Globally distributed data centers
  • Customer network configuration data and statistical data replicated independent data center with no common point of failure
  • Real-time replication of data between data center (within 60 seconds)
  • Nightly archival backups for customer network configuration data and statistical data
DISASTER RECOVERY
  • Rapid failover to hot spare in event of hardware failure or natural disaster
  • Out of band architecture preserves end-user network functionality, even if connectivity to the Iwrobotx cloud services is interrupted
  • Failover procedures drilled weekly
CLOUD SERVICES SECURITY
  • 24×7 automated intrusion detection
  • Protected via IP and port-based firewalls
  • Remote access restricted by IP address and verified by public key (RSA)
  • Systems are not accessible via password access
  • Administrators automatically alerted on configuration changes
OUT-OF-BAND ARCHITECTURE
  • Only network configuration and usage statistics are stored in the cloud
  • End user data does not traverse through the data center
  • All sensitive data (e.g., passwords) stored in encrypted format
PHYSICAL SECURITY
  • A high security card key system and biometric readers are utilized to control facility access
  • All entries, exits, and cabinets are monitored by video surveillance
  • Security guards monitor all traffic into and out of the data centers 24×7, ensuring that entry processes are followed
DISASTER PREPAREDNESS
  • Data centers feature sophisticated sprinkler systems with interlocks to prevent accidental water discharge
  • Diesel generators provide backup power in the event of power loss
  • UPS systems condition power and ensure orderly shutdown in the event of a full power outage
  • Each data center has service from at least two top-tier carriers
  • Seismic bracing is provided for the raised floor, cabinets, and support systems
  • In the event of a catastrophic data center failure, services fail over to another geographically separate data center
ENVIRONMENTAL CONTROLS
  • Over-provisioned HVAC systems provide cooling and humidity control
  • Flooring systems are dedicated for air distribution
REGULAR VULNERABILITY SCANNING
  • Iwrobotx data center undergo daily vulnerability scanning by an independent third party
DATA CENTER CERTIFICATION
  • The Iwrobotx service is collocated in fully redundant and highly available data centers

Network Management Data

The data (e.g. configuration, statistics, monitoring, etc.) that flows from network devices (e.g. wireless access points, switches and security appliances) to the Iwrobotx cloud over a secure internet connection.

USER DATA

Data related to user traffic (e.g. web browsing, internal applications). User data does not flow through the Iwrobotx cloud, instead flowing directly to their destination on the LAN or across the WAN.

ADVANTAGES OF AN OUT OF BAND CONTROL PLANE:
SCALABILITY
  • Unlimited throughput: no centralized controller bottlenecks
  • All devices data can add to a Dashboard at local server or cloud server
RELIABILITY
  • Redundant cloud service provides high availability
  • Network functions even if management traffic is interrupted
SECURITY
  • No user traffic passes through Iwrobotx’s data center
  • Enables HIPAA compliant network

Overview

Iwrobotx’s cloud-based location analytics and user engagement solution provides data about the physical locations of visitors, enabling businesses to better understand the behavior of clients. Location Analytics is available with all Cisco Meraki wireless access points.
Location Analytics data is gathered by capturing and analyzing the beacons that every Wi-Fi/Bluetooth enabled device periodically emits when its Wi-Fi/Bluetooth antenna is turned on in order to detect the presence of nearby wireless networks. The Iwrobotx dashboard also displays anonymized and aggregated statistics on nearby devices, whether they join the network or not.
Location Analytics distinguishes between devices and recognizes repeat visitors by collecting a MAC address, the unique identifier assigned to every device connecting to wired or wireless networks. Only a device’s MAC address is captured, and the aggregated data provided to businesses using Location Analytics can’t be traced back to an individual without the business having prior knowledge of the MAC address of that person’s device.

LOCATION ANALYTICS API

In addition to providing statistics to businesses within the Iwrobotx dashboard, customers can use the Location Analytics API to export MAC addresses of probing clients, consistent with industry standards. Retail and enterprise customers can use the Location Analytics API to integrate Location Analytics data from their network with their own custom-built applications.
The Location Analytics API provides no mechanism for users to connect MAC addresses with any other personal information.
We provide a set of best practices to users of the Location Analytics API, and it is their responsibility to take appropriate measures to safeguard the privacy of personally identifiable information that they may collect.

What is the GDPR?

The General Data Protection Regulation (GDPR) (Regulation [EU] 2016/679) is a regulation by which the European Commission intends to strengthen and unify data protection for individuals within the European Union (EU). It forces stricter responsibilities on organisations to prove that they have adequate processes in place to manage and protect personal data. The major goals of GDPR are protection of an individual´s personal data and the definition of the rules for the free movement of personal data in the EU.

The EU defines “Personal Data” as “any information relating to an individual, whether it relates to his or her private, professional, or public life. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.” The new obligations pertain to any organisation that handles data about EU citizens—whether that organisation is in the EU or not. The regulation does not apply to the processing of personal data for national security activities or law enforcement (“competent authorities for the purposes of prevention, investigation, detection, or prosecution of criminal offences or the execution of criminal penalties”).

IWROBOTX’S PRIVACY AND DATA PROTECTION FOR GDPR

Iwrobotx is committed to data protection, privacy, security, and compliance with applicable regulatory frameworks in the EU and abroad. The cloud-based architecture is designed from the ground up with data protection, privacy, and security in mind.
The Iwrobotx Cloud technical architecture and its internal administrative and procedural safeguards assist customers with the design and deployment of cloud-based networking solutions. The cornerstone of Iwrobotx’s privacy driven architecture is our out-of-band control plane. This means only network management information (not user traffic data) flows from devices to the Iwrobotx cloud, dramatically limiting the amount of personal data that is transferred to the Iwrobotx cloud.
In addition:

  • Iwrobotx Master Data Protection Agreement (IMDPA)—The IMDPA reflects our commitment to privacy, data security, and accountability for our customers, worldwide. If you would like to put in place the IMDPA, please contact your Iwrobotx cloud account representative to get started.
  • GDPR—The European Union General Data Protection Regulation (EUGDPR) brings consistency to the data protection landscape in Europe. GDPR embodies the well-recognized privacy principles of transparency, fairness, and accountability. Iwrobotx is committed to helping our customers and partners by protecting and respecting personal data, no matter where it comes from or where it flows. The MDPA described above incorporates the most current Standard Contractual Clauses adopted by the European Commission (also known as the EU Model Clauses) so that customers may allow transfer and processing of personal data outside the EEA in