Dear customer, we are delighted to bring you an important update about our Portal. As you may know, the general data protection regulation (GDPR) becomes enforceable on May 25th, 2018. We have embraced the new rules, as we believe security and privacy should come first, and during the past several months we’ve implemented new features to help you stay compliant with the new rules.

As part of this process, we’ve made some changes in the way we handle customer’s accounts.

Even when you grant us access to your account, our support team won’t be able to view and operate on any personal data. In Volare Splash and Volare Compass, all user personal data is obfuscated. Operations such as export, delete and edit of users have been disabled and API keys have been obfuscated.

If the service is managed by a third-party partner (MSP) that you contracted with directly, that party will also have the same restricted access to personal data.

With this release, we’ve also introduced some important new features to Volare Compass that empower your capability to engage your customers in real time.

Engagement based on real-time presence detection

The Triggered Campaign tool now allows you to trigger a campaign when a customer is detected in a nearby location or when the user enters a specific virtual zone of a location. This new feature allows you to supercharge your real-time engagement campaigns, for example, to incentivize known visitors who are nearby to visit the location, or to promote a product and engage the customer when they enter a specific area of the store. New Volare Sense inventory management We updated some of the capabilities to effectively manage Volare Sense, including inventory and monitoring of the Sense configuration and connection status.

Improvement of Visit classification system We made some improvement to the location analytics classification algorithm to be even more accurate in estimating when a device makes a Visit in a Location. You may notice some changes to the average value of some metrics compared to the past. Some metrics have a slightly different definition now, so it is normal to see some differences: in particular, Missed Visits are now considering only the events of individuals who didn’t do any Visit in the same day. The same applies to Missed Visitors, who are those individuals who didn’t do any Visit in the same day.

The algorithm has been improved to bring more stability to device traces that we collect, by smoothing out variations caused by movement and obstacles in the locations. For more accurate results, we suggest you review the tuning of parameters in the settings page. We are working to bring you even more sophisticated AI-powered systems to help you fine-tune these values in the future. GDPR and Privacy by Design As data controllers, our customer has the right to decide what data to collect. We built an option to let you opt out of processing the data of devices not belonging to visitors that provided explicit consent.

Additional custom clauses You can create additional, optional custom opt-in policies to be even more specific in gathering consent from the customer for specific purposes. Custom clauses can be used for gathering consent for additional purposes you added to your privacy policies or simply to ask customers to subscribe to a newsletter. Age restriction We added an option to obtain explicit confirmation that the user is older than the minimum age configured in the system. This feature is an additional measure that can be enabled to comply with the requirements of GDPR and other regulations to prevent the processing of personal data of children without consent from their parents.

Handling Subject Access Requests We implemented new features to make sure you can properly handle requests from your users. Once you identify the individual in the Admin Panel of the User List, you will now find an Export button that allows you to export in CSV all the data that the platform stores about that user. In the same profile page, the Delete button has been altered to delete any trace of personal data related to the user, to make sure you respect the right of individuals to be forgotten. This button will delete the user’s profile data, logs of connections, visits, interactions with the apps, logs of communications, associated devices and many other pieces of data technically required to operate the service that have been properly mapped by our team.

Keep your customer informed As controller of your customer data, it is important that your customers can identify your brand as the controller of the service. To make it even more explicit and at the same time to facilitate your compliance with CAN-SPAM and CASL regulations, we added a Sender section in the Preferences page where you can set the company data that will be appended in the footer of every email to inform your users who is the provider of the service. By default, the footer will be configured using the data from your Account page.

In the same page, you can also add a custom default message that will be appended to all email communication, where you can better explain why your users are receiving that email and eventually how to reach you.