Last Updated: October 13, 2022
Effective Date: October 15, 2022
We reserve the right to change this Policy at any time. In the event this Policy changes in a material manner, we will attempt to notify you through in-app notifications (if your settings permit notifications) or by notifying you the next time you launch the App. Any changes to the Policy will become effective on the date identified above. If you do not agree to such changes, you may close your account and request that your information be deleted by contacting us at [email protected]
Privacy Practices Summary
- Your personal information stays on your mobile device and is only shared with a named third-party upon your express consent to do so.
- Requests for your personal information by a named third-party always include a clear purpose statement.
- Requests for your personal information always include a start and end date for its retention by the named third-party.
- We do not sell, lease, trade, or otherwise profit from your personal information.
- You can review both your active and expired sharing history within our App.
- You will always have the ability to revoke a named third-party’s access to your personal information, unless we are required by law to limit your ability to do so.
1. WHAT TYPES OF INFORMATION DO WE COLLECT FROM YOU?
1.1. Personal Information (“PI”)
In order for you to take advantage of the App and our services, we may collect personal information (“PI”) such as:
- Your name,
- Residential address,
- Telephone number,
- E-mail address,
- Government issued identification including your passport and driver’s license information,
- Date and place of birth,
- Biometric information (including facial scans of your face geometry using the photographs and portrait images from your passport and/or driver’s license you upload into the App to confirm your identity), and
- Financial information such as credit card information, utility billing and/or consumer credit transaction information.
- We may also collect protected health information from you, depending on the types of services to which you request access.
Your PI remains stored, encrypted, and managed on your mobile device unless and until you explicitly consent to share that information with named third-parties, for specific purposes and durations. Your PI is never processed, stored, or distributed without your explicit consent.
We retain machine readable information from the document(s) you enroll into the Airside service(s) only for a limited duration and for the purposes of verifying your identity.
The only permanently retained artifacts of information related to you are audit logs associated with the identity verification we performed in connection with the documents you enrolled. We retain a perpetual record of the type(s) of verification methods performed for purposes of demonstrating a prior verification in the event the same document is presented to us for verification. These audit logs do not contain any PI, nor can it be used to identify you.
You will always have the ability to delete your PI or request that we delete your PI at any time. You will also always have ability to revoke prior consent for Airside or a named third-party to access to your PI at any time (unless we are required by law to prohibit revocation).
1.2. Non-Personally Identifiable Information (“Non-PI”)
2. HOW DO WE USE INFORMATION COLLECTED FROM YOU?
We do not sell or share your PI with third-parties for marketing purposes. Your PI remains on your device unless and until you agree to share your PI with a named third-party.
Only with your express consent, will we use your PI in the following ways:
To provide our identity verification services.
- To fulfill your requests to allow you to order and receive items through named third-parties and/or to provide you with specific information that you request.
- To send you important information regarding the App, including changes to our terms, conditions, policies, and/or other administrative information.
- To customize content within our App.
- To assist U.S federal, state, tribal, and territory public health agencies with their contact tracing efforts (only during the operation of Passenger Contact Information Submission for COVID-19 pandemic or similar government program).
Because Non-PI does not personally identify you, we may use such information for any purpose. In addition, we reserve the right to share such Non-PI with our affiliates and suppliers to improve our service offerings and to ensure the security and functionality of the App. In some instances, and only with your express consent, we may combine Non-PI with PI. If we do combine any Non-PI with PI, we will treat the combined information as PI for as long as it is so combined.
IP Addresses and Mobile Device Identifiers
We do not collect or use mobile Identifiers assigned by device manufacturers or wireless service providers. Please note that we treat IP addresses, server log files and related information as Non-PI, except where we are required to do otherwise under applicable law.
3. HOW IS YOUR INFORMATION SHARED?
With your express consent only, we may share your PI:
- To our affiliates, service providers and other third-parties who utilize our services to verify your identity and/or information.
- To an affiliate or other third-party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including without limitation in connection with any bankruptcy or similar proceedings).
- To comply as we believe to be appropriate: (a) under applicable law including laws outside your country of residence; (b) to comply with legal process; (c) to respond to mandatory requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to permit us to pursue available remedies or limit the damages that we may sustain.
4. OTHER IMPORTANT NOTICES REGARDING OUR PRIVACY PRACTICES
You are free to decline consent to provide Biometric Information to us. However, your ability to utilize the App, our services, and third-party services may require you to consent to the collection of this data.
The App will prompt you to grant us your consent and permission to use your mobile device’s camera to take your photograph or to access your existing photograph album. The selfie or photograph and the associated scan of your face are compared to other photographs you provide us and scans of those photographs.
We will retain your Biometric Information, photographs, and other PI in the App for the period provided for in the Mobile ID creation process, which may vary depending on the named third party or other recipient with whom you consent to share your PI (for example, to be eligible for TSA PreCheck), after which the access expires. Airside retains biometric information only until, and permanently destroys such data when, the initial purpose for collection or obtaining such biometric information has been satisfied. Although Airside will retain any data over which it has control for a period of no more than three years, it is not able to delete the PI retained on an End-User’s mobile device. For this reason, any PI stored on an End-User’s mobile device via the App must be deleted by the End-User directly.
Airside uses, and requires any named third-parties you may provide consent to access your PI, including Biometric Information, to use, a reasonable standard of care to store, transmit and protect from disclosure any Biometric Information collected. Any storage, transmission, and protection from disclosure is performed in a manner that is the same as or more protective than the manner in which we store, transmit and protect from disclosure other confidential and sensitive information, including personal information that can be used to uniquely identify an individual.
For Illinois users, in accordance with Illinois state law, Airside will retain biometric Information only in accordance with its BIPA policy and until the occurrence of the first of the following:
(a) The initial purpose for collecting or obtaining such biometric data has been satisfied
(b) Three years following your last interaction with Airside.
As noted above, Although Airside will retain any PI over which has control for a period of no longer than three years, it is not able to delete any data stored on an End-User’s mobile device. For that reason, any PI stored on an End-User’s mobile device must be deleted by the End-User directly.
Forums and Profiles
We may make available through our services to which you are able to post information and materials (for example, message boards, chat functionality, “profile pages” and blogs, among other services). Please note that any information you disclose through such services becomes public information and may be available to visitors to the site and to the general public. We urge you to exercise discretion and caution when deciding to disclose your PI, or any other information, on the site. WE ARE NOT RESPONSIBLE FOR THE USE OF ANY PI YOU VOLUNTARILY DISCLOSE TO THIRD-PARTIES THROUGH THE APP.
US Customs & Border Patrol (US CBP)
To fulfill a request for expedited service for US CBP processes, Airside will facilitate the transmission of relevant PI at your specific direction to US CBP via secure, encrypted processes that meet the US CBP requirements for transmission of PI. Airside will also facilitate the transmission of Passenger Contact Information for COVID-19, while the U.S. Government requires this information for entry into the US. Airside is NOT responsible for the use of such information by the US Government, including US CBP, and is NOT responsible for any actions the US Government, including US CBP, may or may not take based on that information.
Transportation Security Administration (US TSA)
To fulfill a request for expedited service for US TSA processes, Airside will facilitate the transmission of relevant PI at your specific direction to US TSA via secure, encrypted processes that meet the US TSA and US state DMV requirements for transmission of PI. Airside is NOT responsible for the use of such information by the US Government, including US TSA, and is NOT responsible for any actions the US Government, including US TSA, may or may not take based on that information.
We use reasonable organizational, technical and administrative measures to protect PI under our control. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. Please do not send us sensitive information through email.
Changing or Suppressing PI
If you would like to review, correct, update, suppress or otherwise limit our use of your PI that has been previously provided to us, you may do so by adjusting your preferences in the ‘Settings’ functions for the App or by contacting us at [email protected]. We may need to retain certain anonymized information for record-keeping and audit and compliance.
Note Regarding the Use of the App and Site by Children
The App is not to be used directly by individuals under the age of thirteen (13), and we request that such individuals not submit PI into our services. However, parents and legal guardians may enroll travel documents on behalf of their children on their own mobile devices, with some restrictions as may be indicated from within the App.
5. Specific Compliance Statements
For Airside users who are residents of the European Economic Area, Airside Mobile complies with the European Union General Data Protection Regulation (GDPR) guidelines enacted by the EU to protect data. You have rights that allow you greater access to and control over your Personal Information. You may contact us as described below to make these requests.
All inquiries concerning GDPR should be sent to our DPO via email at [email protected]. The DPO or a member of their team will respond within 48 hours.
You may review, change, or terminate your account at any time. Your rights may include the right to:
- Request access and obtain a copy of your Personal Information;
- Request correction, supplementation, anonymization, blocking, or erasure of your Personal Information that is inaccurate, incomplete, outdated, unnecessary, excessive, or processed in non-compliance with applicable requirements;
- Restrict the processing of your Personal Information; and
- Request to receive a copy of the Personal Information you provided to us in a portable form or that we transmit it to a third party.
In certain circumstances, you may also have the right to object to the processing of your Personal Information. To make such a request, please use the contact details provided below. We will consider and act upon any request in accordance with applicable data protection laws.
If we are relying on your consent to process your Personal Information, you have the right to withdraw your consent at any time. Please note however that this will not affect the lawfulness of the processing before its withdrawal, nor will it affect the processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.
Rights Relating to your Account Information
If you would at any time like to review or change the information in your account or terminate your account, you can:
- Log in to your account settings and update your account.
- Contact us using the contact information provided.
- Use the “Delete Account” feature located within the App.
As noted above, we collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household. As a California resident, you have the right to know whether we have collected such information about you during the past 12 months, the sources from whom we have collected such information, the purposes for collecting such information, to limit use of any sensitive personal information (such as biometric information), and the categories of such information that we have collected and shared with third-parties. You have the right to request deletion of such information and that we stop sharing any of your personal information. We do not sell your information. You have the right to be free from discrimination related to your exercise of your rights as a California resident.
In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in response to a consumer request or to re-identify individual data to verify a consumer request. Under certain circumstances, our customers and affiliates are required by law or regulation to retain your information for specific periods of time. In those instances, you will be informed ahead of time.
For all California residents, any such inquiries shall be responded to within forty-five (45) days. We must verify your identity with respect to such inquiries. Depending on the nature of the PI at issue, we may require additional measures or information from you as part of that verification.
For California residents under age 18 who have publicly posted content or information, you may request and obtain removal of such content or information pursuant to California Business and Professions Code Section 22581, provided you are a registered user of any Airside App or where Airside has posted this Policy. To make such a request, please send an email with a detailed description of the specific content or information.
If you have questions about how to exercise your rights under CCPA, you may request additional information by sending an email to our DPO at [email protected].
Your State Privacy Rights
State consumer privacy laws may provide their residents with additional rights regarding our use of their personal information. To learn more about your state specific rights and how to exercise them, you may contact us at [email protected].
6. Contact Information
For further information, please contact us at: