Mandy Carpenter No Comments

Data Protection

The blog details the additions and improvements to HeroTill’s System according to with the Generally Accepted Privacy Protection regulations globally.

Read More about privacy regulations in your regions:

GDPR (EU)

PoPI (RSA)  

Added Data protection debug switch

 

If the “Show Data Protection” switch is set to Yes then the Data Protection functionality (detailed below) will be applicable on your HeroTill:

A new permission “Data Protection” has been added:

This Permission should be utilised with absolute caution. Details on where this permission will be required will be explained below.

Wisps will be notified prior to this functionality being made active on their systems.

Added / updated user licence agreement on admin user first login / after update

 

HeroTill’s End User License terms and conditions have been updated. Admin users who have not yet accepted the current version of this License will be requested to accept them again before being allowed to continue making use of HeroTill.

If the terms are updated in the future, the Admin user will be requested to accept the new version. Users who do not agree will not be able to legally utilise HeroTill.

Wisps will be notified prior to this functionality being made active on their systems.

If you have any questions about the terms of use please feel free to email support@herotill.com.

Added Data protection permission to export certain customer list and banking exceptions report

 

Customers with Incomplete Bank Details screen:

A new permission “Data Protection Write” has been added for an admin user to be able to copy and export items from the on Bank Details Exception Report screen.

Customer list screen:

Copying and exporting items from the Customer List screen requires either the “Data Protection Write” permission or Accounting Adjustment permission.

For both cases a pop-up appears warning the User that the information is confidential:

Added  “Data Protection” button to edit customer screen

 

A light blue Button “Data Protection” has been added to the Edit Customer Screen:

(Only users with the Data Protection permission Read or Write will be able to see and use the button.)

The Button allows the admin user to fulfil a customer’s legal right as a Data Subject to request:

  1. Access to their Data
  2. Right to be forgotten (Anonymisation)

Access to their Data (Subject Access Request)

A customer (or Data subject) has the legal right to access the data the Wisp has collected from them. HeroTill has made this a simple process by submitting a Subject Access Request when Customers make the request to access their data.

Admin User will need the Data Protection permission Read or Write to be able to process this request.

The Process of such a request is as follows:

  1. A customer contacts the helpdesk / support person requesting access to their Data
  2. The Admin user will then process the request by selecting the Data Protection Button -> Subject Access Request Tab -> Send Message:

  1. The customer will receive an email stating that they have requested their data. The email includes a link to a page where they will be able to download their information after entering the verification code.

*The link is only active for 24 hours after which a new Access Request will have to be processed.

A Verification Code via SMS. The verification code must be entered after the link has been followed:

4. Once Customers have followed the link and entered the verification code they will be able to download the zip folder of their data which contains the individual items of data:

The types of information contained in the Zip:

Section Type of Data
Attachments All attachments from edit customer screen. Add files to zip file.

Taken from customer edit screen.

Compliance documents Add these files to zip file.

Taken from customer edit screen.

Account details VAT number

Primary contact name

Primary contact tel

Physical address

Postal address

Client portal user name

Taken from customer edit screen.

Customer contact details Name

Email

Cell number

Taken from customer edit screen.

Customer GPS location details GPS position

Address

Taken from customer edit screen.

Linked social media accounts Social account names and thumbnails of account picture if there is any. Taken from customer edit screen.
Billing details Billing details. Taken from customer edit screen.
Customer requested changes Contact details

Billing details

Taken from customer edit screen.

Radius data packages Username

Account alias

Address of radius account

Taken from customer edit screen.

Active data sessions IP Addresses

Usernames

Device names

Taken from customer edit screen.

Previous data sessions IP Addresses

Usernames

Device names

Taken from customer edit screen.

VOIP phone lines Phone numbers

Taken from customer edit screen.

Usage notification settings SMS number

Email address

Taken from customer edit screen.

Right To Be Forgotten (Anonymised)

A customer (or Data subject) has the legal right to request a Wisp to delete (or forget) the information a Wisp has collected from them.

* Please note that according to the laws of your country, it may be that you may not be able to forget of anonymise a customer if they have had active billing in the last 5 years.

Admin User will need the Data Protection permission Write only to be able to process this request.

The Process of such a request is as follows:

  1. A customer contacts the helpdesk / support person requesting to be forgotten (have all their information removed / deleted / anonymised)
  2. The Admin user with the Data Protection Write Permission will then process the request by selecting the Data Protection Button -> Right To Be Forgotten Tab -> Anonymise Customer / Delete Customer button:

Upon selecting one of the options, a warning will pop up:

Selecting OK -> All traces of customer are removed – no VOIP Phone line linked, no radius accounts, no helpdesk tickets, no ratings, no portal user will exist.

Data Retention Period

 

Data Retention periods (the length that certain information will be kept) can be setup can be setup by under Setup -> System Settings -> Data Retention

* Permissions required Data Protection Write and System Write

The  retention periods for the following are editable:

  • Data Retention Notifications
  • Data Retention Netflow
  • Data Retention Mail Scraper
  • Helpdesk tickets
  • Invoices and credit notes
  • Customer requested changes
  • Out of Date radius NAS users
  • Job Cards

 

 

View HeroTill’s Privacy Policy