LAST REVISED: AUGUST 24, 2018
- PERSONAL DATA
- HOW WE USE PERSONAL DATA
- DISCLOSURE OF PERSONAL DATA
- PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
- CHANGE OF PURPOSE
- NON-PERSONAL DATA
- YOUR CHOICES
- INTERNATIONAL TRANSFERS
- YOUR RIGHTS (E.U. RESIDENTS)
- ADDITIONAL INFORMATION ABOUT YOUR RIGHTS
- E.U. RESIDENTS AND E.U. – U.S. PRIVACY SHIELD FRAMEWORK
- THIRD PARTY WEBSITES
- YOUR PRIVACY RIGHTS/ CALIFORNIA’S SHINE THE LIGHT LAW
- CALIFORNIA DO NOT TRACK DISCLOSURE
- CONTACTING US
1. PERSONAL DATA
a. Personal Data. Personal Data is information that allows someone to identify or contact you, including, for example, your name, address, telephone number, e-mail address, as well as any other non-public information about you that is associated with or linked to any of the foregoing data.
b. What data is collected. We collect Personal Data that you voluntarily provide to us, for example, when you create an Account or request information about our Site and/or App (collectively hereinafter “Services”) we may require your name, email, contact information, billing address, credit card inform, flight information (e.g. confirmation code) and/or other information you may provide us.
2. HOW WE USE PERSONAL DATA.
We use Personal Data to: (i) provide you with Services you request; (ii) enhance and improve Services; and (iv) provide you with customer service; (v) monitor the security or your use of Services; (vi) ensure that our content associated with the App is most effective for you and your device (vii) communicate with you about Services; and (viii) contact you with certain marketing and/or promotional materials, as well as other information that may be of interest to you. If you no longer consent to such use please send an email to firstname.lastname@example.org with “OPT OUT” in the subject line.
3. DISCLOSURE OF PERSONAL DATA
We disclose your Personal Data as follows:
a. Airline. We will share your Personal Data with the air carrier that you have a confirmed travel arrangement with to assist with facilitating your bid for an upgraded class of service.
c. Compliance with laws and for other legitimate business purposes. We will share your Personal Data when we believe disclosure is necessary or required by law, regulation, to protect other End Users, the integrity of Services and to defend or exercise our legal rights (including lawful requests from public authorities as may be needed to meet national security and/or law enforcement requirements).
4. PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
We have set out below, in a table format, a description of all the ways we plan to use your Personal Data, and the legal bases for the same. There is no statutory requirement for you to provide us with your Personal Data; however, if you do not provide all requested information, we may not be able to provide you with all features associated with Services. When accessing and/or using Services we may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:
a. Profile Data. Identity Data includes first name, last name, username, password or similar identifiers, flight information, feedback and survey responses, birthday and/or gender.
b. Contact Data. Contact Data includes billing address, delivery address, email address and telephone numbers.
c. Financial Data. Financial Data includes bank account and payment card details.
d. Technical Data. Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, bluetooth and other technology on the devices you use to access Services. PLEASE NOTE: DEPENDING ON YOUR JURISDICTION YOUR IP ADDRESS MAY BE CONSIDERED PERSONAL DATA.
e. Usage Data. Usage Data includes information about your use of Services.
f. Marketing and Communications Data. This includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We group the different kinds of Personal Data as follows:
|PURPOSE/ACTIVITY||TYPE OF DATA||LAWFUL BASIS FOR PROCESSING|
|For the purposes of providing you with Services and the administration of the same||(a) Contact
|Performance of our obligations with you|
|To improve and provide you with customer service||(a) Profile
(c) Marketing and Communications
|(a) Performance of our obligations with you
(b) Necessary to comply with our legal obligations
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use Services)
|To administer and maintain Services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||(a) Profile
|(a) To ensure the efficient operation of our business, to provide for the proper administration of network security, and to prevent fraud
(b) Necessary to comply with our legal obligations
|To contact you to make suggestions, send you information and updates regarding Services||(a) Profile
(d) Marketing and Communications
|Necessary for our legitimate interests (to study the use of Services and to develop the same)|
AFTER REMOVING ANY INFORMATION THAT WOULD PERSONALLY IDENTIFY YOU FROM WITHIN THE SET OF PERSONAL DATA, WE COLLECT FROM YOU, WE MAY COMBINE THAT INFORMATION WITH INFORMATION WE COLLECT FROM OTHER USERS AND CUSTOMERS (COLLECTIVELY THE “AGGREGATED DATA”) IN ORDER TO IMPROVE THE QUALITY AND VALUE OF SERVICES AND TO ANALYZE AND UNDERSTAND HOW OUR SERVICES ARE USED SO THAT WE CAN IMPROVE THE SAME. WE MAY SHARE AGGREGATED DATA (AFTER STRIPPING OF ANY INFORMATION THAT WOULD PERSONALLY IDENTIFY YOU).
5. CHANGE OF PURPOSE
We will only use your Personal Data for the purposes for which we collect it, unless we reasonably consider that we need to use it for additional reasons that are compatible with the original purpose. PLEASE NOTE THAT WE MAY PROCESS YOUR PERSONAL DATA WITHOUT YOUR KNOWLEDGE OR CONSENT WHERE SUCH IS REQUIRED OR PERMITTED BY LAW.
6. NON-PERSONAL DATA
a. Non-Personal Data. Non-Personal Data means data that is not associated with or linked to your Personal Data; Non-Personal Data does not, by itself, permit the identification of individual persons.
c. Cookie Options. Use the options in your web browser if you do not wish to receive a Cookie or if you wish to set your browser to notify you when you receive a Cookie. You can easily delete any Cookies that have been installed in the Cookie folder of your browser.
e. Pixel Tags. In addition, we use “Pixel Tags” (also referred to as clear Gifs, Web beacons, or Web bugs). Pixel Tags are tiny graphic images with a unique identifier, similar in function to cookies, that are used to track online movements of users. In contrast to Cookies, which are stored on a user’s computer hard drive, Pixel Tags are embedded invisibly in Web pages. Pixel Tags also allow us to send e-mail messages in a readable format, and they tell us whether e-mails have been opened to ensure that we are sending only messages that are of interest to our users. We may use this information to reduce or eliminate messages sent to users. We do not tie the information gathered by Pixel Tags to Personal Data.
7. YOUR CHOICES
a. Targeted Advertising. If you do not want information about your activity on our sites to be used for tailored advertising, please visit the opt-out page hosted by the Network Advertising Initiative and follow the instructions there.
b. Analytics. You may opt-out of Google Analytics by following this link.
c. Google AdWords. Google AdWords marketing service is provided by Google Inc. You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page.
d. Cookies. You may disable, or delete cookies in your Web browser, but doing so may impact the usability of the website. To block cookies, you can also browse the site using your browser’s anonymous usage setting (called “Incognito” in Chrome, “InPrivate” for Internet Explorer, “Private Browsing” in Firefox and Safari etc.).
8. INTERNATIONAL TRANSFERS
a. International Data Transfer. Information collected in the European Economic Area (“EEA”) may be transferred, stored and processed by us and our service providers in the United States and other countries whose data protection laws may be different than the laws of your country. Whenever we transfer your Personal Data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented. In particular, we will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries. Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to Personal Data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield on https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en.
9. YOUR RIGHTS (E.U. Residents)
In certain circumstances you have the following rights:
a. Request access to your Personal Data. This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
b. Request correction of your Personal Data. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
c. Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law and our business record requirements.
d. Object to processing of your Personal Data. You may object to processing of your Personal Data whenever you believe that it impacts your fundamental rights and freedoms. You also have the right to object to processing associated with marketing.
e. Request restriction of processing your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios: (i) if you want us to establish the data’s accuracy; (ii) where our use of the data is unlawful but you do not want us to erase it; (iii) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (iv) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
f. Request transfer of your Personal Data. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to make Services available to you.
g. Right to withdraw consent. You can withdraw consent (wholly or partially) at any time where we are relying on consent to process your Personal Data. If you partially withdraw consent certain features of Services will not be available to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us at email@example.com.
10. ADDITIONAL INFORMATION ABOUT YOUR RIGHTS
a. No fee usually required. You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
b. What we may need from you. We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
c. Time limit to respond. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
11. E.U. – U.S. PRIVACY SHIELD FRAMEWORK
a. General. SeatBoost participates in the EU-U.S. Privacy Shield Framework and we are committed to ensuring that we adhere to the following principles with respect to your Personal Information: Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. We are subject to the investigatory and enforcement authority of the Federal Trade Commission. To learn more about the E.U. – U.S. Privacy Shield Framework, please visit the U.S. Department of Commerce website located at the following link: https://www.privacyshield.gov/welcome. We are responsible for the Personal Data you provide us and for and shall remain liable for harm caused in connection with the onward transfer to third party service providers who assist us with making Services available to you. In the event of a conflict between the provisions set forth here and the E.U. – U.S. Privacy Shield the principles of the E.U.- U.S. Privacy Shield shall govern.
b. Dispute Resolution. Please contact us at firstname.lastname@example.org if you have any questions or concerns regarding our use of your Personal Data. If we are unable to satisfactorily resolve your issue please contact our U.S. based third party dispute resolution provider at https://www.jamsadr.com/eu-us-privacy-shield (free of charge). In certain instances, described on the Privacy Shield’s website (https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint), you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
You will have an opportunity to unsubscribe to any emails or mailings by clicking on an “unsubscribe” hyperlink contained in promotional emails we send you. Even if you are removed from any such list, if you use the services provided through App, you will continue to receive email correspondence from us related to Services. Any opt-out by you is not deemed valid until processed by us. It is your obligation to verify that you have opted-out. We will not be liable for problems with the opt-out procedures. Please note that any request to be removed from such mailing lists may take up to one (1) week to become effective. Even if you are removed from any such list, if you order online, we will send you an email confirming your order and may need to contact you by phone, email, or regular mail if we have questions about your order.
15. THIRD PARTY WEBSITES
Services may contain links to other websites. We are not responsible for the privacy practices or the content of these other websites. You will need to check the policy statement of these other websites to understand their policies. When you access a linked website you may be disclosing private information. It is your responsibility to keep such information private and confidential.
Please note that information transported over an open network, such as the Internet or e-mail, may be accessible to anybody. We cannot guarantee the confidentiality of any communication or material transmitted via such open networks. When disclosing any Personal Data via an open network, you should remain mindful of the fact that it is potentially accessible to others, and consequently, can be collected and used by others without your consent. In particular, while Personal Data packets are often encrypted, the names of the sender and recipient are not. A third party may therefore be able to trace an existing bank account or relationship or one that is subsequently created. Even if both the sender and recipient are located in the same country data may also be transmitted via such networks to other countries regularly and without control, including to countries that do not afford the same level of data protection as your country of domicile.
17. YOUR PRIVACY RIGHTS/ CALIFORNIA’S SHINE THE LIGHT LAW
Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of personal information the business shares with third parties for direct marketing purposes by such third party and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year.
To request a copy of the information disclosure provided by us pursuant to Section 1798.83 of the California Civil Code, please contact us at 885 N. Douglas St, El Segundo, CA 90245, (855) 426-6789, or by contacting us at email@example.com.
18. CALIFORNIA DO NOT TRACK DISCLOSURE
Do Not Track is a privacy preference that users can set in their web browsers. When a user turns on the Do Not Track signal, the browser sends a message to websites requesting them not to track the user. At this time, we do not recognize or respond to Do Not Track browser settings or signals and we will still receive information. As a result, we may still collect information about you and your internet activity, even if you have turned on the Do Not Track signal.
It is possible that some or all of our third-party advertising partners or members of their affiliate network may participate in consumer opt-out programs. To learn more about internet-based advertising and consumer opt-out programs go to http://aboutads.info/choices or http://www.networkadvertising.org/choices. We do not operate or control these websites, and are not responsible for the opt-out choices available there.