CaptiFi Docs

Appearance

GDPR Best Practices for Guest WiFi

Stay compliant while maximising data collection. A practical guide for venues using CaptiFi.

The Basics

Under GDPR, you are the data controller for guest data collected via WiFi. CaptiFi is the data processor acting on your behalf. You must:

  1. Have a legal basis for collecting data (legitimate interest + consent for marketing)
  2. Be transparent about what you collect and why
  3. Allow guests to opt out and request deletion
  4. Keep data secure

CaptiFi's Built-In Compliance

CaptiFi handles much of the compliance for you:

  • Consent collection — marketing opt-in checkbox on splash page
  • Privacy policy link — displayed on every splash page
  • Unsubscribe links — in every marketing email
  • Data encryption — at rest and in transit
  • EU data storage — servers in the EU
  • Audit trail — full record of who consented and when
  • Data deletion — one-click guest data removal

What You Need to Do

1. Have a Privacy Policy

Your privacy policy must cover:

  • What data you collect via WiFi
  • Why you collect it
  • How long you keep it
  • Who you share it with
  • How guests can request deletion

CaptiFi provides a template you can customise.

2. Don't Pre-Tick Consent

Marketing consent must be an active, unchecked checkbox that guests manually tick. Pre-ticked boxes are not valid under GDPR.

3. Be Clear About Marketing

Tell guests what they'll receive:

  • ✅ "Receive exclusive offers and news from [Venue Name] (max 2 per month)"
  • ❌ "Subscribe to our newsletter" (too vague)

4. Honour Opt-Outs Promptly

CaptiFi handles unsubscribes automatically. If someone contacts you directly, delete their data within 30 days.

5. Keep Data Only As Long As Needed

Review and purge guest data periodically. A reasonable retention period is 12-24 months for marketing data.

Common GDPR Questions

Q: Do I need consent for WiFi login data? A: Not for the login itself (legitimate interest), but yes for marketing communications.

Q: Can I use WiFi data for targeted advertising? A: Only with explicit consent. Set up proper consent flows on your splash page.

Q: What if a guest asks for their data? A: You must provide it within 30 days. CaptiFi's export feature makes this easy.

Q: Do I need a Data Protection Officer? A: Most small businesses don't, but you should have someone responsible for data compliance.

For more GDPR details, see our GDPR FAQ.

CaptiFi — Guest WiFi Marketing Platform

© 2026 CaptiFi. All rights reserved.