Last Updated: October 15, 2020 Effective Date: October 15, 2020
1. WHAT TYPES OF INFORMATION DO WE COLLECT FROM YOU?
1.1. Personal Information (“PI”)
PI is information that identifies you as an individual. In order for you to use particular Services provided through our Apps or websites, including expediting customs processes we may require you to provide PI.
We may collect PI from you, such as your name, postal address, telephone number, e-mail address, passport information, date and place of birth, credit card number or other payment account number (including the three (3) or four (4) digit validation code for your credit card), when you voluntarily provide it to us.
You will always be provided the ability to delete your PI from the Apps and Services at any time. You are also provided the ability to revoke prior consent given to Airside or our partners at any time (unless regulatory requirements prohibit revocation).
1.2. Protected Health Information (“PHI”)
PHI is select protected health information. Some Airside Services enable you to gain access to your own PHI, to provide you with the ability to knowingly share this information with third parties. Such information is stored and managed exclusively within the Apps on your device. Airside will not process, store, or distribute this information without your explicit consent, with specific purpose(s), named processors, and for a specific time.
You will always be provided the ability to delete your PHI from the Airside Apps and Services at any time. You are also provided the ability to revoke prior consent of access to shared PHI from Airside or third party parties at any time (unless regulatory requirements prohibit revocation).
1.3. Biometric Information
Some Airside Services enable you to share your biometric information including “selfies” and portrait images from documents you enroll into the Service (e.g. passport and driver’s license photographs). Such biometric information remains on your device unless you explicitly agree to share that information with named third parties, for specific purposes and durations. Biometric information is stored and managed exclusively within the Apps on your device. Airside will not process, store, or distribute this information without your explicit consent, with specific purpose(s), named processors, and for a specific time.
You will always be provided the ability to delete your biometric information from the Airside Apps and Services at any time. You are also provided the ability to revoke prior consent of access to shared biometric information from Airside or third parties access to your biometric information at any time (unless regulatory requirements prohibit revocation).
1.4. Non-Personally Identifiable Information (“Non-PI”)
2. HOW DO WE USE INFORMATION COLLECTED FROM YOU?
We do not sell or share your information (PI) with third parties for marketing purposes. Your information remains on your device unless and until you agree to sharing this information with our partners.
Personal Information. We may use PI:
- to fulfill your requests, e.g., to allow you to order and receive items through our partners or to provide you with specific information that you request;
- to send you important information regarding the App, changes to our terms, conditions, and policies and/or other administrative information;
- to fulfill your purchase(s) (e.g. to process credit card payments in connection with your order);
- to customize content on our App;
- to expedite, only at your specific request, customs processes by sharing selected PI with the U.S. government, specifically the U.S. Customs & Border Protection;
- when you provided specific consent to sharing your information with our partners.
Because Non-PI does not identify you as an individual, we may use such information for any purpose. In addition, we reserve the right to share such Non-PI with our affiliates and suppliers to improve our service offerings and to ensure the security and functionality of the App. In some instances, we may combine Non-PI with PI (such as combining your name with your geographic location). If we do combine any Non-PI with PI, the combined information will be treated by us as PI hereunder as long as it is so combined.
IP Addresses and Mobile Device Identifiers
We do not collect or use Mobile Device Identifiers assigned by device manufacturers or wireless service providers. Please note that we treat IP addresses, server log files and related information as Non-PI, except where we are required to do otherwise under applicable law.
3. HOW IS PERSONAL INFORMATION DISCLOSED?
We may disclose PI:
- to our third party service providers, with your consent, who provide services such as payment processing, customs processing, order fulfillment, IT services, customer service, and credit card processing;
- to fulfill your purchase;
- to an affiliate or other third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including without limitation in connection with any bankruptcy or similar proceedings);
- to comply as we believe to be appropriate: (a) under applicable law including laws outside your country of residence; (b) to comply with legal processes; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to permit us to pursue available remedies or limit the damages that we may sustain.
4. OTHER IMPORTANT NOTICES REGARDING OUR PRIVACY PRACTICES
Third Party App
U.S. Customs & Border Protection (U.S. CBP)
To fulfill a request for expedited service for U.S. CBP processes, Airside will facilitate the transmission of relevant PI at your specific direction to U.S. CBP via secure, encrypted processes that meet the U.S. CBP requirements for transmission of PI. Airside is NOT responsible for the use of such information by the U.S. government, including U.S. CBP, and is NOT responsible for any actions the U.S. government, including U.S. CBP, may or may not take based on that information.
Transportation Security Administration (TSA)
To fulfill a request for expedited service for TSA processes, Airside will facilitate the transmission of relevant PI at your specific direction to TSA via secure, encrypted processes that meet the TSA and U.S. state Departments of Motor Vehicles (DMV) requirements for transmission of PI. Airside is NOT responsible for the use of such information by the U.S. government, including TSA, and is NOT responsible for any actions the U.S. government, including TSA, may or may not take based on that information.
We use reasonable organizational, technical and administrative measures to protect PI under our control. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. Please do not send us sensitive information through email or via any of our customer support channels.
During the use of the Service, you are asked to explicitly opt-in to the sharing of your PI, PHI, or biometric information to third parties, such as our partners, U.S. CBP, and TSA. We will not share such information without your specific and informed consent.
Changing or Suppressing PI
If you would like to review, correct, update, suppress or otherwise limit our use of your PI, PHI, or biometric information that has been previously provided to us, you may do so by adjusting your preferences in the ‘Settings’ functions for the Apps or by contacting us at firstname.lastname@example.org (Airside app) or email@example.com (Mobile Passport app). We may retain certain anonymized information for record-keeping and audit and compliance.
Note Regarding the Use of the Apps and Site by Children
The Apps are not directed to individuals under the age of thirteen (13), and we request that such individuals not provide PI, PHI, or biometric information through the Site or App. However, parents and legal guardians may enroll travel documents on behalf of their children on their own mobile devices.
Please note that e-mail communications will not necessarily be secure; accordingly, you should not include credit card information or other sensitive PI in your e-mail correspondence or as an attachment.
5. SPECIFIC COMPLIANCE STATEMENTS
Airside complies with the European Union (EU) General Data Protection Regulation (GDPR) guidelines enacted by the EU to protect data. Originally adopted in April of 2016, the regulations went into effect on May 25, 2018.
All inquiries concerning GDPR should be sent to our DPO (Data Protection Officer) via email at firstname.lastname@example.org. The DPO or a member of their team will respond within 48 hours.
Airside offers several products. Please review the appropriate section below for more detail.
Mobile Passport Application and Automated Passport Control (APC)
Airside only collects PI that you authorize and enter into the Mobile Passport app or APC kiosk. The types of information include information contained within the MRZ (Machine-readable Zone) code of a passport at the bottom (e.g. name, passport number), photographs and fingerprints. In addition, our system will collect Non-PI information (e.g. arrival location, flight details) and other relevant system data (e.g. location, time of day) for processing submission to U.S. CBP.
Formatted information is securely transmitted for processing by U.S. CBP and they determine whether entry is granted. Once the entry status is determined by U.S. CBP, we inform the user of their decision via a digital QR code receipt(s) on the Mobile Passport app or APC kiosk. We are unaware of the algorithms used by U.S. CBP to determine this status and encourage data subjects to contact them directly if they have questions. Airside cannot facilitate these communications.
To log the transmission, we rely on pseudonymization techniques to maintain the security of your information. PI (such as passport number and name) are not retained. As such, we are unable to process requests for erasure or export for a data subject since we cannot attribute the information we have to an individual.
The Airside App only collects PI that you authorize and/or enter into our application and this data is securely stored on your device, unless and until you choose to share that information with one of our partners. PI such as name, address, and billing information (including payment information such as credit card) may be collected for certain Services. This information is retained by our systems in an encrypted form that we can decrypt only at your direction to provide your service.
Any enrolled PI is stored by you on your device, which is encrypted. Should you choose to share your personal information with one of our partners, Airside cannot (by design) decrypt this information unless you request that we verify provided PI. We are unable to respond to requests from anyone, including the customer, for this information to be exported in a decrypted form.
Data subjects may request erasure or data export when closing your account. For data export, billing information will be obfuscated to protect clients and encrypted information will be delivered as a binary object.
The California Consumer Privacy Act (CCPA) requires specific disclosures for California residents.
Information Airside collects
Identifiers such as your name, phone number, and address, as well as unique identifiers tied to the browser, application, or device you’re using.
Demographic information, such as your age and gender.
Commercial information, such as your payment information and a history of purchases you make.
Biometric information if you choose to provide it, such as portraits from official ID documents, and “selfies”.
Geolocation data, such as may be determined by IP address, and data from sensors on or around your device, depending in part on your device and account settings.
Why we use this data
Airside and its partners and customers may request this information for specific purposes, which you are informed of in advance, to provide specific identity information in order to provide you with specific services.
When is this information shared
You will always be asked if you would like to share your personal information with Airside, our customers, or our partners. We will never share your information without your explicit consent. Airside never sells your personal information.
The CCPA also affords you the right to request information about how Airside collects, uses, and discloses your personal information. And, it gives you the right to access your information and request its removal. You have complete control over your information, and can delete this information from our Apps and our Services through the use of our App. Under certain circumstances, our customers and partners are required by law or regulation to retain your information for specific periods of time. You will be informed ahead of time if this is the case. Finally, the CCPA provides the right to not be discriminated against for exercising your privacy rights.
If you have questions about how to exercise your rights under CCPA, you may request additional information by sending an email provided in the contact information below.
Business Purposes for use of your data
Auditing and measurement: Airside uses anonymized information for analytics and measurement to understand how our Services are used, as well as to fulfill obligations to our partners. We will not disclose PI, PHI, biometric, or non-PI information with these partners.
Legal reasons: Airside uses information to satisfy applicable laws or regulations, and discloses information in response to legal process or enforceable government requests, including to law enforcement.
Illinois Biometric Information Privacy Act (BIPA)
Some Airside Services provided through our Apps include the ability to share biometric information (specifically your portrait images or templates derived from these portraits). Your consent is always required prior to the release of biometric information, and you may revoke this consent at any time.
Your biometric information is shared with Airside, our partners and customers for specific purposes, named parties, and for specific and limited time periods, sufficient to provide you with the Services that make use of biometrics. Once this time period has passed, Airside will automatically delete any biometric information from its Service. This information will remain on your device until such time as you choose to delete it.
When sharing your biometric information, a record of your consent remains in our Apps on your device, including a record of your acknowledgement to share this information.
As is the case with all of your data that you manage on your device, Airside will never sell your biometric information.
6. CONTACT INFORMATION
For further information, please contact us at :
Privacy Office: email@example.com
GDPR Representative : firstname.lastname@example.org
Airside Mobile DPO : email@example.com
Information Security : firstname.lastname@example.org
US office phone number : +1 703-345-5832