Airside Privacy Policy

Effective Date: November 26, 2024

At Airside Mobile, Inc., an Entrust Company (or “Airside”, “we”, “us”, “our”), we care about your privacy. We’ve created this Privacy Policy to help you understand how we collect, use, and share your personal information if you use the Airside Digital Identity mobile application (the “App”) or our website(s) (collectively, the “Services”).

If you are an App user in the US, you must also read our Facial Scan Policy, which takes priority over the information in this Privacy Policy to the extent there is any conflict.

You must be at least 16 years old to use the App and may need to meet another minimum age requirement to use certain features of the App. Please see the section below headed “Children’s Data” for more information.

Please note that even if you do not use the App yourself, someone else may use the App to provide and share information about you if you are traveling with them on the same booking. Please see the information under “Family and Group Travel” below for more details.

PRIVACY PRACTICES SUMMARY

You should read all of this Privacy Policy, but the main things we think you would like to know are:

We do not sell, lease, trade, or otherwise profit from your personal information.
If you add a Selfie or details of your identity document to the App, this information will reside within the App on your mobile device unless you have asked us to use this information to verify your identity or to share this information with one of our partners whose services you wish to use (in which case we will use it as explained in this Privacy Policy).
Within the App, you can see details of who (past and present) you have asked us to share your personal information with. If the App shows that we are currently sharing your information with someone, you can use the App to make us stop (unless we are required by law to limit your ability to do this). You can also delete your personal information from the App at any time.

1. WHAT TYPES OF INFORMATION DO WE COLLECT AND PROCESS?

If you use the Services, we may collect and process the following categories of personal information depending on how you choose to use our Services.

Information you provide. If you use our Services, you may provide us with your personal information. For example:

If you contact us via our website(s) feedback or contact forms, you may provide your name, email address, phone number, and the name of the company you work for.
If you use the App, you may provide us with:
- your email address (so we can create your account and communicate with you);
- a photo or video of yourself (a “Selfie”) and images and scans of your government-issued identity document (such as your passport, driver’s license, or other permitted identity document) if you ask us to verify your identity;
- your travel details, such as the date of your flight (if you choose to use a Service that requires us to have details of your travel arrangements); and
- information about your health (if you choose to use our Health Pass service to store details of your vaccinations).
- Such other information as you may choose to provide when contacting Airside with requests, complaints or other queries.

If you use our Services, we may create personal information relating to you. For example, if you use the App:

we will create unique IDs that we associate with your App account;
if you ask us to verify your identity we will:
- extract information from images and scans of your government-issued identity document (for example, document type, document number, your name, date of birth, sex, country of citizenship, document issuing authority, document expiration date); and
- generate scans of your face using the image of the face shown in your Selfie and in your government-issued identity document (“Facial Scans”). Facial Scans may be considered biometric information under applicable privacy laws, including US State biometric privacy laws (e.g. BIPA and CUBI). If you are an App user in the US, please read Airside’s Facial Scan Policy for more information.
we will create a record of your use of the App (for example, of any identity verifications you have asked us to perform, and of any data we have shared with third-party partners at your request).

Information we collect automatically. If you use our Services, we may automatically collect information about your device (such as your IP address, device type, device operating system and device language) and about your use of our Services (for example, the fact that you opened the App, or took a Selfie). We collect this information using cookies and similar technologies as explained in our Cookie Policy.

2. HOW DO WE USE THIS INFORMATION?

We do not sell, lease, trade, or otherwise profit from your personal information and we do not share your personal information with third parties for marketing purposes. We will only use your personal information for the purposes described below.

If you are a user of our Services and resident in the EEA or UK, we will only use your personal information for a particular purpose if we have a “legal basis” for this. We have set out below the legal bases we rely upon for each purpose.

a) To create your App account and send you important service information in connection with your account.

To use the App, you need to create an account using your email address. We may send important information regarding our Services (for example, notice of changes to our terms, policies, and/or other administrative information) to this email address.

Information used for this purpose: email address, Unique IDs associated with your account.

Legal basis relied upon: The processing described above is necessary for us to perform our obligations under the contract in place between you and Airside.

b) To enable you to use the App.

We use your personal information to enable you to use the App. This includes allowing you to: upload a Selfie; ask us to verify your identity or share information about your verified identity with a third party (each as explained further below); see a record of your in-App activities; and delete your information from the App.

Information used for this purpose: information that you provide or that we create to enable you to use the App.
Legal basis relied upon: The processing described above is necessary for us to perform our obligations under the contract in place between you and Airside.

c) To verify your identity at your request.

You may choose to use the App to verify your identity. To do this, you will need to provide us with a Selfie and with images and scans of your government-issued identity document (e.g. a passport or driving license). With the help of our service providers (Thales, Inc., Thales DIS USA, Inc., Onfido Limited, and Acuant, Inc.), we will conduct various checks to ensure that your identity document is genuine and to confirm that it belongs to you. Some of these checks require us to create “Facial Scans” – which are scans of your face as it appears in your Selfie and in the portrait image of you contained in your identity document. We compare these two Facial Scans to one another to confirm that the person who appears in the Selfie is also the owner of the identity document. This helps us verify your identity. The information we collect, share, and use may be considered biometric information under applicable privacy laws, including US biometric privacy laws. If you are an App user in the US, please read Airside’s Facial Scan Policy for more information.

Information used for this purpose: images and scans of your government-issued identity document and information we extract from these images and scans; Selfie; Facial Scans.

Legal basis relied upon: The processing described above is necessary for us to perform our obligations under the contract in place between you and Airside. Where we need to use Facial Scans to uniquely identify you, we will also ask for your explicit consent. The consent screen we display to you within the App will make clear how your information will be used if you consent, and you may revoke your consent at any time (see the section below headed “Your Rights” for more information).

d) To share information about your verified identity, and details of people traveling with you, with third-party partners at your request.

You may ask the App to share information about your verified identity with our third-party partners. (Depending on the service you choose to use, you may also ask the App to provide our partners with personal information you provide to us about other people who are traveling with you on the same booking.)

The information that we share will vary depending on the specific service you choose to use (further details of the services available in the App are on the Airside App section of our website). However, we will only share information about your verified identity (or personal information you have given to us about someone traveling with you) with one of our partners at your request, and we will always tell you what information will be shared. At any time, you can review your active and expired share requests within the App and you may revoke any active requests unless we are required by law to limit your ability to do so.

Please be mindful that if you ask us to share personal information with a third-party partner, Airside cannot control how that partner will use this information. Before you ask us to share any personal information you should review the partner’s privacy policy to ensure you understand what will happen to your information after we have shared it.

Information used for this purpose: images and scans of your government-issued identity document and information we extract from these images and scans; Selfie; such other information as you instruct us to share. If you are an App user in the US, the information we share may be considered biometric information under US privacy laws; please read Airside’s Facial Scan Policy for more information.

Legal basis relied upon:
- If you ask us to share your personal information with a partner, we will do so on the basis that this processing is necessary in order for us to perform our obligations under the contract in place between you and Airside.

If you ask us to share information which constitutes a “special category” of data under European/UK privacy laws (including Facial Scans if the third party will use them to uniquely identify you), we will also ask for your explicit consent. The consent screen we display to you within the App will make clear how your information will be used if you consent and you may revoke your consent at any time (see the section below headed “Your Rights” for more information).

If you ask us to share personal information about someone else who is traveling with you on the same booking (and with whom Airside may not have entered into a contract), we will do so on the basis that this is necessary for the legitimate interest of providing a Family and Group Travel service.

3. WHEN DO WE SHARE THIS INFORMATION?

We may need to share your personal information as follows:

With service providers who help us to verify your identity. If you choose to use the App to verify your identity, we will share information about you with service providers who help us conduct various checks to ensure that your identity document is genuine, and to confirm that it belongs to you. These service providers are Thales, Inc., Thales DIS USA, Inc., Onfido Limited, and Acuant, Inc.
With our third-party partners, where you ask us to do so. If you choose to ask us to share information about your verified identity (or personal information about a person traveling with you on the same booking) with one of our third-party partners, we will share information with that partner. You will need to approve this data sharing, and when we ask for your approval, we will: clearly explain what information will be shared; provide the name of the partner with whom the information will be shared; describe the purpose for which the information will be shared; and include an expiration date for your approval. Please be mindful that if you ask us to share your personal information with a partner, Airside cannot control how that partner will use your information – so before you ask us to share your information, you should review their privacy policy to ensure you understand what will happen to your information after we have shared it.
With service providers who are performing other tasks on our behalf. To be able to provide our Services and to run our business, we require the support of service providers. These service providers include: information technology and related infrastructure providers (who provide us with a place to store your personal information); data analytics providers (who help us to analyze trends); and provide us with professional (e.g. advisory and auditing) advice and services.
With other companies in Airside’s group of companies who help us to provide our services (for example, by providing ancillary engineering, technical or customer support).
With an actual or potential buyer, investor or partner (and its agents and advisers) in relation to a business transaction.
With a competent law enforcement body, regulatory, government agency, or court.
With any other person where we have a legitimate legal reason for doing so.

4. WHERE IS THIS INFORMATION STORED AND FOR HOW LONG?

For App users: We want you to know that for the majority of the time, the information you upload to the App so we can verify your identity (namely your Selfie, images/scans of your government-issued identity document and information extracted from these images/scans) remains within the App where it is only accessible to you. We do not have ongoing access to this information. The only instances in which we or others have access to this information are:

if you ask us to verify your identity. In this case, we (and the named service providers who help us to verify your identity) will be granted access to this information for a temporary period of time so we can complete your identity verification. We and our service providers will process this information in our servers and then delete it within 48 hours of having verified your identity. The only information we retain is a record of the fact that we performed a verification; or
if you ask us to share information about your verified identity with a third-party partner. We will provide the partner with access to your information for a temporary period of time. Please be mindful that once the partner has accessed your information, Airside cannot control how that partner will use it and so you should review the partner’s privacy policy to make sure you understand how your information will be used if you ask us to share it.

For App and Website users: We process your personal information for the purposes described in this Privacy Policy on servers that are in the United States. Some of the service providers and third-party partners with whom we may share your personal information will process your information outside of the EEA/ UK. If you are in the EEA/UK and we need to share your personal information with a third party who will process it in a country outside the EEA/UK which the European Commission has not said provides an adequate level of data protection, we will protect your information by requiring the third party to enter into the European Commission approved Standard Contractual Clauses (and/or their UK and Switzerland equivalents) where legally possible. You can request more details of these transfers and a copy of these standard contractual clauses by contacting us using the details provided in the section below headed “How to Contact Us.”

5. YOUR RIGHTS AND HOW TO EXERCISE THEM

Depending on where you live and subject to applicable data protection law, you may have the following rights in respect of the personal information we process about you as described in this Privacy Policy:

The right to request access to and disclosure of your information.
The right to change and/or correct inaccurate information.
The right to block or suppress the processing of your information. This enables you to request that Airside suspend the processing of your information in certain circumstances.
The right to object to our processing of your information where we are relying on legitimate interests as our legal basis for using your personal information (see the section above headed “How do we use this information” for details) and you feel such processing impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
The right to request that we delete your personal information, subject to certain exceptions. Please note: As explained in the section headed “Where is this information stored and for how long”, we do not have ongoing access to your Selfie or your government-issued identity document and so we cannot delete this information for you. You can delete this information yourself as explained below.
The right to request portability of your personal information. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
The right to withdraw your consent, if applicable. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
You also have a right to lodge a complaint with your local data protection authority or regulator.

You may exercise your rights by contacting us using the details set out in the section below headed “How To Contact Us.” However, you may also do the following within the App:

you may withdraw your consent from within the Activities section of the App;
you may delete the information you have uploaded to the App at any time. This can be accomplished by selecting the option to delete your information in the App. You may also delete the App entirely (which will automatically delete any information you have uploaded to the App); and
you may edit your email address. This can be accomplished by selecting the option to edit your email address within the App.

6. CHILDREN’S DATA

If you are younger than 16 years old, you’re not old enough to use the App. Please do not download the App or provide us with your personal information.

If you believe someone below this minimum age is using the App, please contact us using the details set out in the section below headed “How To Contact Us.”

7. FAMILY AND GROUP TRAVEL

Please read this if you are using the App to provide us with information about someone else. Some of the services available within the App allow you to submit information about another person, such as your child or another person who is traveling with you on the same booking. If you provide us with someone else’s information, you must have their permission to do so and you must make them aware of how we will use their information as described in this Privacy Policy.

Please read this if someone else has used the App to provide us with information about you. Some of the services available within the App allow a user to submit information about another person, such as their child or another person who is traveling with them on the same booking. If an App user has provided us with your information, we will use it as described in this Privacy Policy. You may exercise the rights you have over your personal information (as explained in section 5) by contacting us using the details set out in the section below headed “How To Contact Us.”

8. UPDATES TO THIS POLICY

We may need to update this Privacy Policy from time to time. In the event this Privacy Policy changes in a material way, we will notify you (for example, by sending a notification to the email address you used to set up your account or to subscribe to our newsletters). Any changes to the Privacy Policy will become effective on the date identified above.

9. HOW TO CONTACT US

If you have any questions or concerns about this Privacy Policy, please contact us as follows:

Airside Mobile, Inc. is the controller of your personal information. You may contact us at [email protected].
If you are resident in the EEA or UK, you may contact:
- Airside’s Data Protection Officer at [email protected] or Attention: Airside Data Protection Officer Heward Mills 77 Farringdon Rd London EC1M 3JU UK.
- Airside’s Data Protection Representative at [email protected] (quoting in the subject line) or using the online webform at www.datarep.com/data-request. You may also contact Airside’s Data Protection Representative by post by mailing your inquiry to the most convenient of the addresses below. Please address your inquiry to “DataRep” not Airside, but name Airside in your correspondence.

Country	Address
Austria	DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria
Belgium	DataRep, Place de L’Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium
Bulgaria	DataRep, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria
Croatia	DataRep, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia
Cyprus	DataRep, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus
Czech Republic	DataRep, Platan Office, 28. Října 205/45, Floor 3&4, Ostrava, 70200, Czech Republic
Denmark	DataRep, Lautruphøj 1-3, Ballerup, 2750, Denmark
Estonia	DataRep, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia
Finland	DataRep, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland
France	DataRep, 72 rue de Lessard, Rouen, 76100, France
Germany	DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany
Greece	DataRep, 24 Lagoumitzi str, Athens, 17671, Greece
Hungary	DataRep, President Centre, Kálmán Imre utca 1, Budapest, 1054, Hungary
Iceland	DataRep, Kalkofnsvegur 2, 3rd Floor, 101 Reykjavík, Iceland
Ireland	DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland
Italy	DataRep, Viale Giorgio Ribotta 11, Piano 1, Rome, Lazio, 00144, Italy
Latvia	DataRep, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia
Liechtenstein	DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria
Lithuania	DataRep, 44A Gedimino Avenue, 01110 Vilnius, Lithuania
Luxembourg	DataRep, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg
Malta	DataRep, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta
Netherlands	DataRep, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands
Norway	DataRep, C.J. Hambros Plass 2c, Oslo, 0164, Norway
Poland	DataRep, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland
Portugal	DataRep, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal
Romania	DataRep, 15 Piaţa Charles de Gaulle, nr. 1-T, Bucureşti, Sectorul 1, 011857, Romania
Slovakia	DataRep, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia
Slovenia	DataRep, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia
Spain	DataRep, Calle de Manzanares 4, Madrid, 28005, Spain
Sweden	DataRep, S:t Johannesgatan 2, 4th floor, Malmo, SE – 211 46, Sweden
United Kingdom	DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom

Cookie	Description
cookielawinfo-checkbox-advertisement	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
cookielawinfo-checkbox-functional	The GDPR Cookie Consent plugin sets the cookie to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-non-necessary	GDPR Cookie Consent plugin sets this cookie to record the user consent for the cookies in the "Necessary" category.
cookielawinfo-checkbox-others	Set by the GDPR Cookie Consent plugin, this cookie stores user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	This cookie is used to keep track of which cookies the user have approved for this site.
CookieLawInfoConsent	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
elementor	The website's WordPress theme uses this cookie. It allows the website owner to implement or change the website's content in real-time.
rc::a	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
rc::c	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
viewed_cookie_policy	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wpEmojiSettingsSupports	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Description
PREF	PREF cookie is set by Youtube to store user preferences like language, format of search results and other customizations for YouTube Videos embedded in different sites.
test_cookie	doubleclick.net sets this cookie to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
VISITOR_PRIVACY_METADATA	YouTube sets this cookie to store the user's cookie consent state for the current domain.
YSC	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt.innertube::nextId	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
yt-player-headers-readable	never	The yt-player-headers-readable cookie is used by YouTube to store user preferences related to video playback and interface, enhancing the user's viewing experience.
yt-remote-cast-available	session	The yt-remote-cast-available cookie is used to store the user's preferences regarding whether casting is available on their YouTube video player.
yt-remote-cast-installed	session	The yt-remote-cast-installed cookie is used to store the user's video player preferences using embedded YouTube video.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-fast-check-period	session	The yt-remote-fast-check-period cookie is used by YouTube to store the user's video player preferences for embedded YouTube videos.
yt-remote-session-app	session	The yt-remote-session-app cookie is used by YouTube to store user preferences and information about the interface of the embedded YouTube video player.
yt-remote-session-name	session	The yt-remote-session-name cookie is used by YouTube to store the user's video player preferences using embedded YouTube video.
ytidb::LAST_RESULT_ENTRY_KEY	never	The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future.

Airside Privacy Policy

Effective Date: November 26, 2024

Table of Contents

1. WHAT TYPES OF INFORMATION DO WE COLLECT AND PROCESS?

2. HOW DO WE USE THIS INFORMATION?

3. WHEN DO WE SHARE THIS INFORMATION?

4. WHERE IS THIS INFORMATION STORED AND FOR HOW LONG?

5. YOUR RIGHTS AND HOW TO EXERCISE THEM

6. CHILDREN’S DATA

7. FAMILY AND GROUP TRAVEL

8. UPDATES TO THIS POLICY

9. HOW TO CONTACT US

The gold standard in privacy and security

Solutions

Products

Company

Resources

You've Subscribed!