LiFE IN THE AIR
Privacy Policy
March 3, 2021


Introduction

This privacy policy (the "Privacy Policy") describes how Life In The Air, Inc., a Washington State, USA-based company with an office at 800 Bellevue Way NE, Suite 500 / 154, Bellevue, WA, 98004-4289, USA, processes personal information obtained through the Life in the Air service.

We provide our end users with a platform for in-flight services that is available via iOS or Android apps or the web version. We also have a website located at ife.travel (the "App", "Website" and, collectively, the "Service").

This Privacy Policy is prepared in accordance with applicable Canadian legislation (Personal Information Protection and Electronic Documents Act, PIPEDA), the EU General Data Protection Regulation (GDPR) and the best international practices in personal data protection.


Data Protection Officer

Having the greatest respect for your personal information, we have appointed our CEO, Bayram Annakov, as our Data Protection Officer and person accountable for our information processing policies and practices. You can send any inquiries or complaints to [email protected] or contact our Data Protection Department at [email protected].


Contents:

1. Which information do we process and for which purposes?
2. Who has access to your information?
3. What are your choices and rights with respect to your personal information?
4. How to delete and block cookies
5. How do we keep your information safe and secure?
6. How long do we store your personal information?
7. Where do we store your personal information?
8. What principles do we follow when processing information?
9. How do we process information concerning children?
10. How will we notify you about changes to our privacy policy?
11. What will we do if there is a personal information breach?
12. Links to other websites


1. WHICH INFORMATION DO WE PROCESS AND FOR WHICH PURPOSES?

We make every effort to make our processing activities transparent and open. Below is the exhaustive list of information we process about you, the purposes we pursue, the third parties we share information with and the timeframes during which we process information.

We always ensure that a valid legal ground for processing personal information is in place, though under different laws such grounds may differ. Below, we provide information on the legal grounds we rely on under the Canadian PIPEDA and the EU GDPR.

Should we later decide to use your information in any other way, we will inform you in advance so that you can exercise your rights as a data subject.

We do not process any sensitive information or special categories of data (e.g. data revealing racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, or genetic and biometric data) or information related to criminal convictions and offences.



PURPOSE No. 1: To provide you with the Service

We process only the information that you provide to us. The scope of information directly depends on the services you use, i.e. if you do not use any of the features, we do not require or process the corresponding information. However, if you refuse to provide such information, we most likely will not be able to communicate with you and provide the services that require the processing of data.

The legal ground for processing is your consent (clause 4.3 of Schedule 1 of the PIPEDA) or the performance of a contract with you (art. 6(1)(b) of the GDPR).

More details:
PURPOSE No. 2: To improve the Service and make it more user friendly

Like most online service providers, we use certain analytical technologies to help us to make the App and the Website meet your needs by analysing which features are most popular, counting visitors to pages and analysing which pages are visited.

We do not match the data with other data sources to reveal your identity, nor do we use the data for direct marketing.

The legal ground for processing is your consent (clause 4.3 of Schedule 1 of the PIPEDA) or our legitimate interest to improve the Service (art. 6(1)(f) of the GDPR). If you want to opt out from the processing of analytical cookies and information on your interaction with the App, please email us at email. You may also alter the security settings of your web browser (more details).

More details:

PURPOSE No. 3: To comply with legislation and to settle possible legal claims

We process some personal information to comply with applicable legislation (including US law) and to settle legal claims which may arise in connection with the Service, as well as to ensure the possibility to execute regulatory requests and directives from the authorities.

The legal ground for processing is your consent (clause 4.3 of Schedule 1 of the PIPEDA) or our legitimate interest in complying with non-EU legislation applicable to us (art. 6(1)(f) of the GDPR).

More details:
PURPOSE No. 4. To provide you with promotion information and news.

You may separately opt-in during use of the services to a one-time email communication from us in order to receive promotional information and/or news about a product or service you are interest in.

Further, you may be given the opportunity to provide your email address to third-parties who will provide you with promotional offers and in which case additional terms and conditions will be provided to you at the time of your opt-in to such communications. If you chose to provide your email address to any third party companies then you should contact such third parties with any questions about their privacy policies and security practices.

You may also provide your email address on our website in order to be contacted in order to learn more about our Services.

Where we are required to have a legal basis for this processing of your personal data, we rely upon consent. if you have any questions about promotional information and emails please email us at [email protected]



2. WHO HAS ACCESS TO YOUR INFORMATION?

To provide the Service, we share part of your information with the following parties as described above:

· the airline;

· the payment service provider

Our IT infrastructure is constructed in such a way that we use the Google Cloud platform for storing all data, with servers located worldwide (privacy policy). Please make sure that these data storage practices correspond with your interests.

As a US-based company, we must comply with US legislation and cannot exclude the possibility that we receive and comply with information access requests from US or foreign governments, courts, law enforcement officials and national security authorities, with respect to our users. In such cases, we may disclose your information to the requestor.



3. WHAT ARE YOUR CHOICES AND RIGHTS WITH RESPECT TO YOUR PERSONAL INFORMATION?

Some information specified in p. 1 above is available in your profile. You can access and update your personal information on your own there. You can also access history of your purchases at Purchases page.

Subject to applicable legislation, you also have the full legal right to:

· request from us the personal information we collected and information on how we process it;

· demand rectification or erasure of information;

· request to restrict the processing of your personal information (blocking);

· object to the processing of your personal information;

· ask us to transfer the personal information we process to any other project, company and/or any other entity or person you deem appropriate (data portability right);

· withdraw your consent (as set forth by the Canadian PIPEDA) to the processing of your personal information at any time, subject to legal or contractual restrictions. However, this may restrict our ability to offer or provide our services to you.

We will do our best to fulfil your request in the shortest possible time and in line with applicable legislation. However, in some cases, we may be required to continue storing information for regulatory purposes even though you require us to delete it. Should this be the case, we will inform you about such storage.

We do not use your personal information for any automated decision making covered by article 22 of the GDPR.

If you are not satisfied with our personal information processing activities and/or have any other complaints, please contact our Data Protection Officer or Data Protection Department (contact details can be found here).

You also have the full legal right to lodge a complaint with a supervisory authority. If you are in Canada, you may contact the Office of the Privacy Commissioner of Canada. If you are in the EU, you can find your National Data Protection Authority here.



4. HOW TO DELETE AND BLOCK COOKIES

You may adjust your browser settings to stop your device receiving and storing cookies, to allow receiving and storing cookies from selected websites only, or to be notified before receiving cookies. Please note, however, that these settings may have negative effects on the usability and user guidance of websites and other online services. You may delete cookies stored in your browser at any time. Information stored in such cookies will be removed from your device.

More information about cookies, including how to see what cookies have been set and how to manage and delete them is available here: https://www.cookiesandyou.com/.



5. HOW DO WE KEEP YOUR INFORMATION SAFE AND SECURE?

No one can guarantee that information transmission over the Internet or the methods used for electronic storage are 100% secure. Bear this in mind before submitting any information about yourself.

However, the security of your personal information is one of our top priorities. We protect personal information in a manner appropriate for the sensitivity of the information. We make every reasonable effort to prevent any loss, misuse, disclosure or modification of personal information, as well as any unauthorised access to personal information. For this purpose, we have implemented a number of measures, including the following safeguards:

· Technological: We use https protocol to secure data transmitted via open wi-fi networks on the aircraft. We have implemented firewalls to prevent unauthorised entry into our databases. We use role-based access controls (i.e. access is granted only to those employees and third parties who strictly need it).

We use Google Cloud to store the data. Google has designed the security of its infrastructure in layers that build upon one another, from the physical security of data centers, to the security protections of hardware and software, to the processes used to support operational security. This layered protection creates a strong security foundation. A full list of security measures undertaken by Google Cloud can be found here.

· Organisational: We adopted this Privacy Policy and have procedures in place with respect to the protection, retention and destruction of personal information. We check that our service providers involved in the Service have policies and processes in place to ensure that the information in their care is always properly safeguarded. We have signed confidentiality agreements to ensure that all our employees and service providers that access personal information undertake appropriate confidentiality obligations. We train our employees and regularly remind of their privacy responsibilities.

Copies of this Privacy Policy and other related policies are available upon request.

· Physical: We restrict physical access to laptops and other equipment used for accessing and storing data on the aircraft and outside it.

· We also comply with the Payment Card Industry Data Security Standard (PCI DSS) to ensure secure processing of your bank card information.



6. HOW LONG DO WE STORE YOUR PERSONAL INFORMATION?

We store your personal information for the entire period you use the Service and for the period necessary to be compliant with US legislative requirements to which we are subject, as well as to settle possible legal claims.

The timeframes for information processing are specified here. After the expiration of those timeframes, we retain only aggregated reporting and statistical data (e.g. overall number of users, total amount of orders, high-level breakdown of preferences). It impossible to directly or indirectly identify you based on these data.

If you delete your account in the App or on the Website, we will also delete the corresponding information on our servers (except for the information that we have to store to meet legal requirements).



7. WHERE DO WE STORE YOUR PERSONAL INFORMATION?

First, all the information you enter in the App or on the Website is collected in the local database placed on the aircraft. Then it is synchronised with a Google Cloud database where the data is further stored.

Google Cloud servers are located worldwide and data are stored in Google's network of geographically distributed data centres (see Google's website for more details). The information may be processed outside of your local state or outside of Canada and the EU, including in the US, where we are headquartered.

Data protection and other laws in different countries might not be as comprehensive as those in your country, but please be assured that we have taken steps to ensure that your privacy is protected. With respect to the data of EU users, we ensure that there are appropriate safeguards as set forth in Article 46 of the GDPR (e.g. standard data protection clauses regarding a party storing or otherwise accessing data are in place), or we rely on derogations for specific situations as set forth in Article 49 of the GDPR, i.e. the performance of a contract with you.



8. WHAT PRINCIPLES DO WE FOLLOW WHEN PROCESSING INFORMATION?

We have the greatest respect for your personal information. During the collection and processing of your personal information, we strictly adhere to the best business practices and principles of applicable legislation, including:

· collecting information only for the predetermined, explicit and legitimate purposes described herein. We do not disclose the information or process it in a manner incompatible with our initial purposes, unless we obtain your consent or otherwise ensure legal compliance.

· taking full responsibility for personal information under our control and designating a Data Protection Officer for accountability purposes.

· making the best effort to process personal information fairly and in a transparent manner. We collect information only by fair and lawful means. We arrange knowledge and consent of the individual when we a required to do so by law.

· collecting only personal information that we deem adequate, relevant and in a volume strictly necessary to achieve the purposes.

· keeping personal information accurate, complete and, when necessary, up to date. We erase or rectify personal information that is inaccurate without delay.

· keeping personal information in a form that identifies you for no longer than necessary and in line the purposes for which the personal information was collected and processed.

· ensuring appropriate security safeguards for your personal information, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage by using appropriate technical or organisational measures.



9. HOW DO WE PROCESS INFORMATION CONCERNING CHILDREN?

The App and Website are for a general audience and are not directed at anyone under the age of 16. Should a child whom we know to be under 16 send personal information to us, we will use that information only to respond directly to that child to inform him or her that we must have parental consent before processing their personal information.



10. HOW WILL WE NOTIFY YOU ABOUT CHANGES TO OUR PRIVACY POLICY?

We reserve the right to modify our Privacy Policy at any time. If we decide to do so, we will notify you in one of the following ways:

· send you a message to your profile or to your email address;

· send a notification to your profile in the App;

· post the notification on the Website.



11. WHAT WILL WE DO IF THERE IS A PERSONAL INFORMATION BREACH?

If there is a breach with respect to information subject to the Canadian PIPEDA and such breach creates a real risk of significant harm to you, we will without undue delay notify the competent supervisory authority of the breach.

If a breach occurs that results in a risk to your rights and freedoms with respect to information subject to the EU GDPR that results in a risk to your rights and freedoms, we will without undue delay and where feasible notify the competent supervisory authority of the breach within 72 hours after having become aware of it.

If a breach is likely to result in a high risk (real risk of significant harm) to your rights and freedoms, we will notify you in the following way:

· if you provided us with your email address, we will send a communication to your email address;

· if no email address is specified in your account, we will post a notification in the App or on the Website.



12. LINKS TO OTHER WEBSITES

There are links to other websites in the App and on the Website. They are provided for your convenience only. This Privacy Policy does not cover, nor we are responsible for, any processing activities performed on these other websites. Namely, we are not responsible for processing personal data on other pages.

Made on
Tilda