PURPOSE No. 4. To provide you with promotion information and news.
You may separately opt-in during use of the services to a one-time email communication from us in order to receive promotional information and/or news about a product or service you are interest in.
Further, you may be given the opportunity to provide your email address to third-parties who will provide you with promotional offers and in which case additional terms and conditions will be provided to you at the time of your opt-in to such communications. If you chose to provide your email address to any third party companies then you should contact such third parties with any questions about their privacy policies and security practices.
You may also provide your email address on our website in order to be contacted in order to learn more about our Services.
Where we are required to have a legal basis for this processing of your personal data, we rely upon consent. if you have any questions about promotional information and emails please email us at [email protected] 2. WHO HAS ACCESS TO YOUR INFORMATION?
To provide the Service, we share part of your information with the following parties as described above:
· the airline
· the payment service provider
Our IT infrastructure is constructed in such a way that we use the Google Cloud
). Please make sure that these data storage practices correspond with your interests.
As a US-based company, we must comply with US legislation and cannot exclude the possibility that we receive and comply with information access requests from US or foreign governments, courts, law enforcement officials and national security authorities
, with respect to our users. In such cases, we may disclose your information to the requestor. 3. WHAT ARE YOUR CHOICES AND RIGHTS WITH RESPECT TO YOUR PERSONAL INFORMATION?
Some information specified in p. 1 above is available in your profile. You can access
your personal information on your own there. You can also access history of your purchases at Purchases page.
Subject to applicable legislation, you also have the full legal right to:
from us the personal information we collected and information on how we process it;
· demand rectification
· request to restrict the processing of your personal information (blocking
to the processing of your personal information;
· ask us to transfer the personal information we process to any other project, company and/or any other entity or person you deem appropriate (data portability right
· withdraw your consent
(as set forth by the Canadian PIPEDA) to the processing of your personal information at any time, subject to legal or contractual restrictions. However, this may restrict our ability to offer or provide our services to you.
We will do our best to fulfil your request in the shortest possible time and in line with applicable legislation. However, in some cases, we may be required to continue storing information
for regulatory purposes even though you require us to delete it. Should this be the case, we will inform you about such storage.
We do not use your personal information for any automated decision making covered by article 22 of the GDPR.
If you are not satisfied with our personal information processing activities and/or have any other complaints, please contact our Data Protection Officer or Data Protection Department (contact details can be found here
You also have the full legal right to lodge a complaint
with a supervisory authority. If you are in Canada, you may contact the Office of the Privacy Commissioner of Canada
. If you are in the EU, you can find your National Data Protection Authority here
. 4. HOW TO DELETE AND BLOCK COOKIES
You may adjust your browser settings to stop your device receiving and storing cookies, to allow receiving and storing cookies from selected websites only, or to be notified before receiving cookies. Please note, however, that these settings may have negative effects on the usability and user guidance of websites and other online services. You may delete cookies stored in your browser at any time. Information stored in such cookies will be removed from your device.
More information about cookies, including how to see what cookies have been set and how to manage and delete them is available here: https://www.cookiesandyou.com/
. 5. HOW DO WE KEEP YOUR INFORMATION SAFE AND SECURE?
No one can guarantee that information transmission over the Internet or the methods used for electronic storage are 100% secure. Bear this in mind before submitting any information about yourself.
However, the security of your personal information is one of our top priorities. We protect personal information in a manner appropriate for the sensitivity of the information. We make every reasonable effort to prevent any loss, misuse, disclosure or modification of personal information, as well as any unauthorised access to personal information. For this purpose, we have implemented a number of measures, including the following safeguards:
· Technological: We use https protocol to secure data transmitted via open wi-fi networks on the aircraft. We have implemented firewalls to prevent unauthorised entry into our databases. We use role-based access controls (i.e. access is granted only to those employees and third parties who strictly need it).
We use Google Cloud to store the data. Google has designed the security of its infrastructure in layers that build upon one another, from the physical security of data centers, to the security protections of hardware and software, to the processes used to support operational security. This layered protection creates a strong security foundation. A full list of security measures undertaken by Google Cloud can be found here
· Physical: We restrict physical access to laptops and other equipment used for accessing and storing data on the aircraft and outside it.
· We also comply with the Payment Card Industry Data Security Standard (PCI DSS)
to ensure secure processing of your bank card information. 6. HOW LONG DO WE STORE YOUR PERSONAL INFORMATION?
We store your personal information for the entire period you use the Service
and for the period necessary to be compliant with US legislative
requirements to which we are subject, as well as to settle possible legal claims.
The timeframes for information processing are specified here
. After the expiration of those timeframes, we retain only aggregated reporting and statistical data (e.g. overall number of users, total amount of orders, high-level breakdown of preferences). It impossible to directly or indirectly identify you based on these data.
If you delete your account in the App or on the Website, we will also delete the corresponding information on our servers (except for the information that we have to store to meet legal requirements
). 7. WHERE DO WE STORE YOUR PERSONAL INFORMATION?
First, all the information you enter in the App or on the Website is collected in the local database placed on the aircraft. Then it is synchronised with a Google Cloud database where the data is further stored.
Google Cloud servers are located worldwide and data are stored in Google's network of geographically distributed data centres
(see Google's website
for more details). The information may be processed outside of your local state or outside of Canada and the EU, including in the US, where we are headquartered.
Data protection and other laws in different countries might not be as comprehensive as those in your country, but please be assured that we have taken steps to ensure that your privacy is protected. With respect to the data of EU users, we ensure that there are appropriate safeguards
as set forth in Article 46 of the GDPR (e.g. standard data protection clauses regarding a party storing or otherwise accessing data are in place), or we rely on derogations
for specific situations as set forth in Article 49 of the GDPR, i.e. the performance of a contract with you. 8. WHAT PRINCIPLES DO WE FOLLOW WHEN PROCESSING INFORMATION?
We have the greatest respect for your personal information. During the collection and processing of your personal information, we strictly adhere to the best business practices and principles of applicable legislation, including:
· collecting information only for the predetermined, explicit and legitimate purposes
described herein. We do not disclose
the information or process it in a manner incompatible with our initial purposes, unless we obtain your consent or otherwise ensure legal compliance.
· taking full responsibility
for personal information under our control and designating a Data Protection Officer for accountability
· making the best effort to process personal information fairly
and in a transparent manner.
We collect information only by fair and lawful means. We arrange knowledge and consent
of the individual when we a required to do so by law.
· collecting only personal information that we deem adequate, relevant
and in a volume strictly necessary
to achieve the purposes.
· keeping personal information accurate, complete
and, when necessary, up to date
. We erase or rectify personal information that is inaccurate without delay.
· keeping personal information in a form that identifies you for no longer than necessary
and in line the purposes for which the personal information was collected and processed.
· ensuring appropriate security safeguards for your personal information
, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage by using appropriate technical or organisational measures. 9. HOW DO WE PROCESS INFORMATION CONCERNING CHILDREN?
The App and Website are for a general audience and are not directed at anyone under the age of 16
· send you a message to your profile or to your email address;
· send a notification to your profile in the App;
· post the notification on the Website. 11. WHAT WILL WE DO IF THERE IS A PERSONAL INFORMATION BREACH?
If there is a breach with respect to information subject to the Canadian PIPEDA
and such breach creates a real risk of significant harm to you,
we will without undue delay notify the competent supervisory authority of the breach.
If a breach occurs that results in a risk to your rights and freedoms with respect to information subject to the EU GDPR
that results in a risk to your rights and freedoms,
we will without undue delay and where feasible notify the competent supervisory authority of the breach within 72 hours
after having become aware of it.
If a breach is likely to result in a high risk (real risk of significant harm) to your rights and freedoms, we will notify you in the following way:
· if you provided us with your email address, we will send a communication to your email address
· if no email address
is specified in your account, we will post a notification in the App
or on the Website
12. LINKS TO OTHER WEBSITES