LAST REVISED: JUNE 21, 2022
Your privacy is important to us and we are committed to protecting the privacy of our users and the information that you share in connection with our website (“Site”) and mobile device application (“App”). This Privacy Policy includes the terms set forth herein and identifies: (i) what information we collect from you; (ii) how we process and manage such information; and (iii) your rights with respect to the use and disclosure of your information. Please contact our Privacy Team at privacy@seatboost.com if you have any questions or concerns about our Privacy Policy.
3. DISCLOSURE OF PERSONAL DATA
4. PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
7. YOUR CHOICES
9. YOUR RIGHTS (E.U. RESIDENTS)
10. ADDITIONAL INFORMATION ABOUT YOUR RIGHTS
11. E.U. RESIDENTS AND E.U. – U.S. PRIVACY SHIELD FRAMEWORK
12. MINORS
13. UPDATES
14. UNSUBSCRIBE
16. SECURITY
17. YOUR PRIVACY RIGHTS/ CALIFORNIA’S SHINE THE LIGHT LAW
18. CALIFORNIA DO NOT TRACK DISCLOSURE
19. CONTACTING US
1. PERSONAL DATA
a. Personal Data. Personal Data is information that allows someone to identify or contact you, including, for example, your name, address, telephone number, e-mail address, as well as any other non-public information about you that is associated with or linked to any of the foregoing data.
b. What data is collected. We collect Personal Data that you voluntarily provide to us, for example, when you create an Account or request information about our Site and/or App (collectively hereinafter “Services”) we may require your name, email, flight information (e.g. confirmation code), payment information, and/or other information you may provide us. We also may receive the names of other parties on your flight reservation from your airline, based on the confirmation code you provide us.
2. HOW WE USE PERSONAL DATA.
We use Personal Data to: (i) provide you with Services you request; (ii) enhance and improve Services; and (iv) provide you with customer service; (v) monitor the security or your use of Services; (vi) ensure that our content associated with the App is most effective for you and your device (vii) communicate with you about Services; and (viii) contact you with certain marketing and/or promotional materials, as well as other information that may be of interest to you. If you no longer consent to such use please send an email to privacy@seatboost.com with “OPT OUT” in the subject line.
3. DISCLOSURE OF PERSONAL DATA
We disclose your Personal Data as follows:
a. Airline. We will share your Personal Data with the air carrier that you have a confirmed travel arrangement with to assist with facilitating your bid for an upgraded class of service or ancillary services.
b. Third-Party Service Providers. We will share your Personal Data with third party service providers who help with billing, payment processing, fraud protection, support, marketing, customer service, and other services associated with Services. These Service Providers have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. Our Third-Party Service Providers are required to honor this Privacy Policy.
c. Compliance with laws and for other legitimate business purposes. We will share your Personal Data when we believe disclosure is necessary or required by law, regulation, to protect other End Users, the integrity of Services and to defend or exercise our legal rights (including lawful requests from public authorities as may be needed to meet national security and/or law enforcement requirements).
d. Affiliates. We may share some or all of your Personal Data with our parent company, subsidiaries, joint ventures, or other companies under common control (“Affiliates”), in which case we will require our Affiliates to honor this Privacy Policy.
e. Corporate restructuring. We may share some or all of your Personal Data in connection with or during negotiation of any merger, financing, acquisition or dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, Personal Data may also be transferred as a business asset. If another company acquires our business, or assets, that company will possess the Personal Data collected by us and will assume the rights and obligations regarding your Personal Data as described in this Privacy Policy.
4. PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
We have set out below, in a table format, a description of all the ways we plan to use your Personal Data, and the legal bases for the same. There is no statutory requirement for you to provide us with your Personal Data; however, if you do not provide all requested information, we may not be able to provide you with all features associated with Services. When accessing and/or using Services we may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:
a. Profile Data. Identity Data includes first name, last name, username, flight information, feedback and survey responses.
b. Contact Data. Contact Data may include email address and telephone numbers.
c. Payment Data. Payment Data includes bank name, payment method, and type of payment.
d. Technical Data. Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, bluetooth and other technology on the devices you use to access Services. PLEASE NOTE: DEPENDING ON YOUR JURISDICTION YOUR IP ADDRESS MAY BE CONSIDERED PERSONAL DATA.
e. Usage Data. Usage Data includes information about your use of Services.
f. Marketing and Communications Data. This includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We group the different kinds of Personal Data as follows:
|
PURPOSE/ACTIVITY |
TYPE OF DATA |
LAWFUL BASIS FOR PROCESSING |
|
For the purposes of providing you with Services and the administration of the same |
(a) Contact (b) Profile (c) Payment |
Performance of our obligations with you |
|
To improve and provide you with customer service |
(a) Profile (b) Contact (c) Marketing and Communications (d) Technical (e) Usage (f) Payment |
(a) Performance of our obligations with you (b) Necessary to comply with our legal obligations (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use Services) |
|
To administer and maintain Services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) |
(a) Profile (b) Contact (c) Technical (d) Usage (e) Payment |
(a) To ensure the efficient operation of our business, to provide for the proper administration of network security, and to prevent fraud (b) Necessary to comply with our legal obligations |
|
To contact you to make suggestions, send you information and updates regarding Services |
(a) Profile (b) Contact (c) Usage (d) Marketing and Communications (e) Technical |
Necessary for our legitimate interests (to study the use of Services and to develop the same) |
AFTER REMOVING ANY INFORMATION THAT WOULD PERSONALLY IDENTIFY YOU FROM WITHIN THE SET OF PERSONAL DATA, WE COLLECT FROM YOU, WE MAY COMBINE THAT INFORMATION WITH INFORMATION WE COLLECT FROM OTHER USERS AND CUSTOMERS (COLLECTIVELY THE “AGGREGATED DATA”) IN ORDER TO IMPROVE THE QUALITY AND VALUE OF SERVICES AND TO ANALYZE AND UNDERSTAND HOW OUR SERVICES ARE USED SO THAT WE CAN IMPROVE THE SAME. WE MAY SHARE AGGREGATED DATA (AFTER STRIPPING OF ANY INFORMATION THAT WOULD PERSONALLY IDENTIFY YOU).
5. CHANGE OF PURPOSE
We will only use your Personal Data for the purposes for which we collect it, unless we reasonably consider that we need to use it for additional reasons that are compatible with the original purpose. PLEASE NOTE THAT WE MAY PROCESS YOUR PERSONAL DATA WITHOUT YOUR KNOWLEDGE OR CONSENT WHERE SUCH IS REQUIRED OR PERMITTED BY LAW.
6. NON-PERSONAL DATA
a. Non-Personal Data. Non-Personal Data means data that is not associated with or linked to your Personal Data; Non-Personal Data does not, by itself, permit the identification of individual persons.
b. Cookies. Cookies are text-only pieces of information that a website transfers to an individual’s hard drive or other website-browsing equipment for record-keeping purposes. Cookies allow Services to remember important information that will make your use of the Service more convenient. Cookies will typically contain the name of the domain from which the Cookie has come, the “lifetime” of the Cookie, and a randomly generated unique number or other value. We use Cookies in several ways, including:
i. Analytical Purposes. We use Cookies to analyze your use of Services in order to improve it.
ii. User Preferences. We use Cookies to store certain preferences regarding your use of Services.
iii. Marketing. We use Cookies from third-party partners such as Google and Facebook for marketing purposes. These Cookies allow us to display promotional material to you on other sites you visit across the Internet.
iv. Device. We may use Cookies to remember your computing device when it is used to return to Services to help customize your experience. We may associate Personal Data with a Cookie file in those instances.
c. Cookie Options. Use the options in your web browser if you do not wish to receive a Cookie or if you wish to set your browser to notify you when you receive a Cookie. You can easily delete any Cookies that have been installed in the Cookie folder of your browser.
d. Log Files. As is true of most websites, we gather certain information automatically and store it in log files. This information includes IP addresses, browser type, Internet service provider (“ISP”), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information to analyze trends, administer Services, track users’ movements around the same, gather demographic information about our user base as a whole, and better tailor Services to our users’ needs. Except as noted in this Privacy Policy, we do not link this automatically-collected data to Personal Data.
e. Pixel Tags. In addition, we use “Pixel Tags” (also referred to as clear Gifs, Web beacons, or Web bugs). Pixel Tags are tiny graphic images with a unique identifier, similar in function to cookies, that are used to track online movements of users. In contrast to Cookies, which are stored on a user’s computer hard drive, Pixel Tags are embedded invisibly in Web pages. Pixel Tags also allow us to send e-mail messages in a readable format, and they tell us whether e-mails have been opened to ensure that we are sending only messages that are of interest to our users. We may use this information to reduce or eliminate messages sent to users. We do not tie the information gathered by Pixel Tags to Personal Data.
7. YOUR CHOICES
a. Targeted Advertising. If you do not want information about your activity on our sites to be used for tailored advertising, please visit the opt-out page hosted by the Network Advertising Initiative and follow the instructions there.
b. Analytics. You may opt-out of Google Analytics by following this link.
c. Google AdWords. Google AdWords marketing service is provided by Google Inc. You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page.
d. Cookies. You may disable, or delete cookies in your Web browser, but doing so may impact the usability of the website. To block cookies, you can also browse the site using your browser’s anonymous usage setting (called “Incognito” in Chrome, “InPrivate” for Internet Explorer, “Private Browsing” in Firefox and Safari etc.).
8. INTERNATIONAL TRANSFERS
a. International Data Transfer. Information collected in the European Economic Area (“EEA”) may be transferred, stored and processed by us and our service providers in the United States and other countries whose data protection laws may be different than the laws of your country. Whenever we transfer your Personal Data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented. In particular, we will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries. Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to Personal Data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield on https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en. Please note that we do not rely on the E.U.-U.S. and Swiss-U.S. Privacy Shield Frameworks as our legal basis to transfer data.
9. YOUR RIGHTS (E.U. Residents)
In certain circumstances you have the following rights:
a. Request access to your Personal Data. This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
b. Request correction of your Personal Data. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
c. Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law and our business record requirements.
d. Object to processing of your Personal Data. You may object to processing of your Personal Data whenever you believe that it impacts your fundamental rights and freedoms. You also have the right to object to processing associated with marketing.
e. Request restriction of processing your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios: (i) if you want us to establish the data’s accuracy; (ii) where our use of the data is unlawful but you do not want us to erase it; (iii) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (iv) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
f. Request transfer of your Personal Data. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to make Services available to you.
g. Right to withdraw consent. You can withdraw consent (wholly or partially) at any time where we are relying on consent to process your Personal Data. If you partially withdraw consent certain features of Services will not be available to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us at privacy@seatboost.com.
10. ADDITIONAL INFORMATION ABOUT YOUR RIGHTS
a. No fee usually required. You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
b. What we may need from you. We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
c. Time limit to respond. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
11. GOOGLE CLOUD PLATFORM STANDARDS AND CERTIFICATIONS
Our customers and regulators expect independent verification of security, privacy, and compliance controls. Google Workspace and Google Cloud Platform undergo several independent third-party audits on a regular basis to provide this assurance.
ISO/IEC 27001 (Information Security Management)
ISO/IEC 27001 is one of the most widely recognized, internationally accepted independent security standards. Google has earned ISO/IEC 27001 certification for the systems, applications, people, technology, processes, and data centers that make up our shared Common Infrastructure as well as for Google Workspace and Google Cloud Platform products. You can access these certificates via Compliance reports manager.
ISO/IEC 27017 (Cloud Security)
ISO/IEC 27017 is an international standard of practice for information security controls based on ISO/IEC 27002, specifically for Cloud Services. Google has been certified compliant with ISO/IEC 27017 for Google Workspace and Google Cloud Platform. You can access these certificates via Compliance reports manager.
ISO/IEC 27018 (Cloud Privacy)
ISO/IEC 27018 is an international standard of practice for protection of personally identifiable information (PII) in Public Cloud Services. Google has been certified compliant with ISO/IEC 27018 for Google Workspace and Google Cloud Platform. You can access these certificates via Compliance reports manager.
ISO/IEC 27701 (Privacy Information Management)
ISO/IEC 27701 is a global privacy standard that focuses on the collection and processing of personally identifiable information (PII). This standard extends the requirements of ISO/IEC 27001 and ISO/IEC 27002 to include data privacy. We have received accredited ISO/IEC 27701 certification as a PII processor for both Google Workspace and Google Cloud Platform. You can access these certificates via Compliance reports manager.
SSAE18/ISAE 3402 (SOC 2/3)
The American Institute of Certified Public Accountants (AICPA) SOC 2 (Service Organization Controls) and SOC 3 audit framework defines Trust Principles and criteria for security, availability, processing integrity, and confidentiality. Google has both SOC 2 and SOC 3 reports for Google Workspace and Google Cloud Platform. You can access these certificates via Compliance reports manager.
12. E.U. – U.S. PRIVACY SHIELD FRAMEWORK
a. General. SeatBoost participates in the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and we are committed to ensuring that we adhere to the following principles with respect to your Personal Information: Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. We are subject to the investigatory and enforcement authority of the Federal Trade Commission. To learn more about the E.U. – U.S. and Swiss-U.S. Privacy Shield Frameworks, please visit the U.S. Department of Commerce website located at the following link: https://www.privacyshield.gov/welcome. We are responsible for the Personal Data you provide us and for and shall remain liable for harm caused in connection with the onward transfer to third party service providers who assist us with making Services available to you. In the event of a conflict between the provisions set forth here and the E.U. – U.S. Privacy Shield the principles of the E.U.- U.S. Privacy Shield shall govern.
b. Dispute Resolution. Please contact us at privacy@seatboost.com if you have any questions or concerns regarding our use of your Personal Data. If we are unable to satisfactorily resolve your issue please contact our U.S. based third party dispute resolution provider at https://www.jamsadr.com/eu-us-privacy-shield (free of charge). In certain instances, described on the Privacy Shield’s website (https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint), you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
13. MINORS
Our privacy practices are consistent with the Federal Children’s Online Privacy Protection Act (“COPPA”) and we will not knowingly request or collect personal information from any child under the age of majority. If you are a minor, your parent(s) or guardian(s) must complete the registration process, in which case he/she/they will take full responsibility for all obligations set forth herein. BY CREATING A PROFILE, YOU REPRESENT THAT YOU ARE AN ADULT AND ARE EITHER ACCEPTING THIS AGREEMENT AND THE TERMS OF USE ON BEHALF OF YOURSELF OR ON BEHALF OF YOUR CHILD, IN WHICH CASE YOU AGREE TO BE PERSONALLY BOUND BY ALL OF THE TERMS AND CONDITIONS CONTAINED HEREIN.
14. UPDATES
From time to time, this Privacy Policy will be updated in whole or in part, at which time the new date will be reflected above in the “Last Revised” section. The updated Privacy Policy will immediately replace and supersede any prior agreements, unless otherwise noted. Accordingly, if you use Services after an update is published, then you will unconditionally agree to be bound by the updated provisions.
15. UNSUBSCRIBE
You will have an opportunity to unsubscribe to any emails or mailings by clicking on an “unsubscribe” hyperlink contained in promotional emails we send you. Even if you are removed from any such list, if you use the services provided through App, you will continue to receive email correspondence from us related to Services. Any opt-out by you is not deemed valid until processed by us. It is your obligation to verify that you have opted-out. We will not be liable for problems with the opt-out procedures. Please note that any request to be removed from such mailing lists may take up to one (1) week to become effective. Even if you are removed from any such list, if you order online, we will send you an email confirming your order and may need to contact you by phone, email, or regular mail if we have questions about your order.
16. THIRD PARTY WEBSITES
Services may contain links to other websites. We are not responsible for the privacy practices or the content of these other websites. You will need to check the policy statement of these other websites to understand their policies. When you access a linked website you may be disclosing private information. It is your responsibility to keep such information private and confidential.
17. SECURITY
Please note that information transported over an open network, such as the Internet or e-mail, may be accessible to anybody. We cannot guarantee the confidentiality of any communication or material transmitted via such open networks. When disclosing any Personal Data via an open network, you should remain mindful of the fact that it is potentially accessible to others, and consequently, can be collected and used by others without your consent. In particular, while Personal Data packets are often encrypted, the names of the sender and recipient are not. A third party may therefore be able to trace an existing bank account or relationship or one that is subsequently created. Even if both the sender and recipient are located in the same country data may also be transmitted via such networks to other countries regularly and without control, including to countries that do not afford the same level of data protection as your country of domicile.
18. YOUR PRIVACY RIGHTS/ CALIFORNIA’S SHINE THE LIGHT LAW
Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of personal information the business shares with third parties for direct marketing purposes by such third party and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year.
To request a copy of the information disclosure provided by us pursuant to Section 1798.83 of the California Civil Code, please contact us at 8605 Santa Monica Blvd PMB 36359, West Hollywood, California 90069, (855) 426-6789, or by contacting us at privacy@seatboost.com.
19. CALIFORNIA DO NOT TRACK DISCLOSURE
Do Not Track is a privacy preference that users can set in their web browsers. When a user turns on the Do Not Track signal, the browser sends a message to websites requesting them not to track the user. At this time, we do not recognize or respond to Do Not Track browser settings or signals and we will still receive information. As a result, we may still collect information about you and your internet activity, even if you have turned on the Do Not Track signal.
It is possible that some or all of our third-party advertising partners or members of their affiliate network may participate in consumer opt-out programs. To learn more about internet-based advertising and consumer opt-out programs go to http://aboutads.info/choices or http://www.networkadvertising.org/choices. We do not operate or control these websites, and are not responsible for the opt-out choices available there.
20. CONTACTING US
If you have any questions or complaints about how we use your Personal Data, please contact us at: 8605 Santa Monica Blvd PMB 36359, West Hollywood, California 90069, (855) 426-6789, or by contacting our Privacy Team at privacy@seatboost.com.
English 
Português 
Español 
Deutsch