Privacy Policy

1. WHAT TYPES OF INFORMATION DO WE COLLECT FROM YOU?

1.1. Personal Information (“PI”)

In order for you to take advantage of the App and our services, we may collect personal information (“PI”) such as:

• Your name,
• Residential address,
• Telephone number,
• E-mail address,
• Government issued identification including your passport and driver’s license information,
• Sex,
• Date and place of birth,
• Biometric information (including facial scans of your face geometry using the photographs and portrait images from your passport and/or driver’s license you upload into the App to confirm your identity), and
• Financial information such as credit card information, utility billing and/or consumer credit transaction information.
• We may also collect protected health information from you, depending on the types of services to which you request access.

Your PI remains stored, encrypted, and managed on your mobile device unless and until you explicitly consent to share that information with named third-parties, for specific purposes and durations. Your PI is never processed, stored, or distributed without your explicit consent.

We retain machine readable information from the document(s) you enroll into the Airside service(s) only for a limited duration and for the purposes of verifying your identity.
The only permanently retained artifacts of information related to you are audit logs associated with the identity verification we performed in connection with the documents you enrolled. We retain a perpetual record of the type(s) of verification methods performed for purposes of demonstrating a prior verification in the event the same document is presented to us for verification. These audit logs do not contain any PI, nor can it be used to identify you.

You will always have the ability to delete your PI or request that we delete your PI at any time. You will also always have ability to revoke prior consent for Airside or a named third-party to access to your PI at any time (unless we are required by law to prohibit revocation).

1.2. Non-Personally Identifiable Information (“Non-PI”)

Non-PI is aggregated information, demographic information and any other information that does not reveal your specific identity. We and our named third-party service providers may collect Non-PI from you, and we may aggregate PI in a manner such that the end-product does not personally identify you or any other user of the App. We and our named third-party service providers may also use cookies, pixel tags, web beacons, and other similar technologies to better serve you with more tailored information and facilitate your ongoing use of our App.

2. HOW DO WE USE INFORMATION COLLECTED FROM YOU?

2.1. PI

We do not sell or share your PI with third-parties for marketing purposes. Your PI remains on your device unless and until you agree to share your PI with a named third-party.

Only with your express consent, will we use your PI in the following ways:
To provide our identity verification services.

1. To fulfill your requests to allow you to order and receive items through named third-parties and/or to provide you with specific information that you request.
2. To send you important information regarding the App, including changes to our terms, conditions, policies, and/or other administrative information.
3. To customize content within our App.
4. To assist U.S federal, state, tribal, and territory public health agencies with their contact tracing efforts (only during the operation of Passenger Contact Information Submission for COVID-19 pandemic or similar government program).

2.2. Non-PI

Because Non-PI does not personally identify you, we may use such information for any purpose. In addition, we reserve the right to share such Non-PI with our affiliates and suppliers to improve our service offerings and to ensure the security and functionality of the App. In some instances, and only with your express consent, we may combine Non-PI with PI. If we do combine any Non-PI with PI, we will treat the combined information as PI for as long as it is so combined.

IP Addresses and Mobile Device Identifiers
We do not collect or use mobile Identifiers assigned by device manufacturers or wireless service providers. Please note that we treat IP addresses, server log files and related information as Non-PI, except where we are required to do otherwise under applicable law.

3. HOW IS YOUR INFORMATION SHARED?

With your express consent only, we may share your PI:

1. To our affiliates, service providers and other third-parties who utilize our services to verify your identity and/or information.
2. To an affiliate or other third-party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including without limitation in connection with any bankruptcy or similar proceedings).
3. To comply as we believe to be appropriate: (a) under applicable law including laws outside your country of residence; (b) to comply with legal process; (c) to respond to mandatory requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to permit us to pursue available remedies or limit the damages that we may sustain.

4. OTHER IMPORTANT NOTICES REGARDING OUR PRIVACY PRACTICES

Biometric Information
You are free to decline consent to provide Biometric Information to us. However, your ability to utilize the App, our services, and third-party services may require you to consent to the collection of this data.

The App will prompt you to grant us your consent and permission to use your mobile device’s camera to take your photograph or to access your existing photograph album. The selfie or photograph and the associated scan of your face are compared to other photographs you provide us and scans of those photographs.

We will retain your Biometric Information, photographs, and other PI in the App for the period provided for in the Mobile ID creation process, which may vary depending on the named third party or other recipient with whom you consent to share your PI (for example, to be eligible for TSA PreCheck), after which the access expires. Airside retains biometric information only until, and permanently destroys such data when, the initial purpose for collection or obtaining such biometric information has been satisfied. Although Airside will retain any data over which it has control for a period of no more than three years, it is not able to delete the PI retained on an End-User’s mobile device. For this reason, any PI stored on an End-User’s mobile device via the App must be deleted by the End-User directly.

Airside uses, and requires any named third-parties you may provide consent to access your PI, including Biometric Information, to use, a reasonable standard of care to store, transmit and protect from disclosure any Biometric Information collected. Any storage, transmission, and protection from disclosure is performed in a manner that is the same as or more protective than the manner in which we store, transmit and protect from disclosure other confidential and sensitive information, including personal information that can be used to uniquely identify an individual.

For Illinois users, in accordance with Illinois state law, Airside will retain biometric Information only in accordance with its BIPA policy and until the occurrence of the first of the following:

(a) The initial purpose for collecting or obtaining such biometric data has been satisfied

(b) Three years following your last interaction with Airside.

As noted above, Although Airside will retain any PI over which has control for a period of no longer than three years, it is not able to delete any data stored on an End-User’s mobile device. For that reason, any PI stored on an End-User’s mobile device must be deleted by the End-User directly.

Forums and Profiles
We may make available through our services to which you are able to post information and materials (for example, message boards, chat functionality, “profile pages” and blogs, among other services). Please note that any information you disclose through such services becomes public information and may be available to visitors to the site and to the general public. We urge you to exercise discretion and caution when deciding to disclose your PI, or any other information, on the site. WE ARE NOT RESPONSIBLE FOR THE USE OF ANY PI YOU VOLUNTARILY DISCLOSE TO THIRD-PARTIES THROUGH THE APP.

Third-parties
This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including without limitation any of our affiliates and any third party operating any site to which this site contains a link. The inclusion of a link on the site does not imply endorsement of the linked site by us or by our affiliates.

US Customs & Border Patrol (US CBP)
To fulfill a request for expedited service for US CBP processes, Airside will facilitate the transmission of relevant PI at your specific direction to US CBP via secure, encrypted processes that meet the US CBP requirements for transmission of PI. Airside will also facilitate the transmission of Passenger Contact Information for COVID-19, while the U.S. Government requires this information for entry into the US. Airside is NOT responsible for the use of such information by the US Government, including US CBP, and is NOT responsible for any actions the US Government, including US CBP, may or may not take based on that information.

Transportation Security Administration (US TSA)
To fulfill a request for expedited service for US TSA processes, Airside will facilitate the transmission of relevant PI at your specific direction to US TSA via secure, encrypted processes that meet the US TSA and US state DMV requirements for transmission of PI. Airside is NOT responsible for the use of such information by the US Government, including US TSA, and is NOT responsible for any actions the US Government, including US TSA, may or may not take based on that information.

Security
We use reasonable organizational, technical and administrative measures to protect PI under our control. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. Please do not send us sensitive information through email.

Changing or Suppressing PI
If you would like to review, correct, update, suppress or otherwise limit our use of your PI that has been previously provided to us, you may do so by adjusting your preferences in the ‘Settings’ functions for the App or by contacting us at [email protected]. We may need to retain certain anonymized information for record-keeping and audit and compliance.

Note Regarding the Use of the App and Site by Children
The App is not to be used directly by individuals under the age of thirteen (13), and we request that such individuals not submit PI into our services. However, parents and legal guardians may enroll travel documents on behalf of their children on their own mobile devices, with some restrictions as may be indicated from within the App.

Contacting Us
If you have any questions regarding this Privacy Policy, please contact our DPO (Data Protection Officer) by e-mail at [email protected].

Mobile-Passport App
Mobile Passport has been decommissioned and is no longer operable as of the most recent update to this Privacy Policy. If you previously used Mobile Passport and have any questions regarding your rights or PI, please contact our DPO (Data Protection Officer) by e-mail at [email protected]. Please note that e-mail communications will not necessarily be secure; accordingly you should not include credit card information in your e-mail correspondence with us.

5. Specific Compliance Statements

GDPR Compliance

For Airside users who are residents of the European Economic Area, Airside Mobile complies with the European Union General Data Protection Regulation (GDPR) guidelines enacted by the EU to protect data. You have rights that allow you greater access to and control over your Personal Information. You may contact us as described below to make these requests.

All inquiries concerning GDPR should be sent to our DPO via email at [email protected]. The DPO or a member of their team will respond within 48 hours.

You may review, change, or terminate your account at any time. Your rights may include the right to:

• Request access and obtain a copy of your Personal Information;
• Request correction, supplementation, anonymization, blocking, or erasure of your Personal Information that is inaccurate, incomplete, outdated, unnecessary, excessive, or processed in non-compliance with applicable requirements;
• Restrict the processing of your Personal Information; and
• Request to receive a copy of the Personal Information you provided to us in a portable form or that we transmit it to a third party.

In certain circumstances, you may also have the right to object to the processing of your Personal Information. To make such a request, please use the contact details provided below. We will consider and act upon any request in accordance with applicable data protection laws.

If we are relying on your consent to process your Personal Information, you have the right to withdraw your consent at any time. Please note however that this will not affect the lawfulness of the processing before its withdrawal, nor will it affect the processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.

Rights Relating to your Account Information
If you would at any time like to review or change the information in your account or terminate your account, you can:

• Log in to your account settings and update your account.
• Contact us using the contact information provided.
• Use the “Delete Account” feature located within the App.

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use and/or comply with applicable legal requirements.

California Residents—CCPA

As noted above, we collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household. As a California resident, you have the right to know whether we have collected such information about you during the past 12 months, the sources from whom we have collected such information, the purposes for collecting such information, to limit use of any sensitive personal information (such as biometric information), and the categories of such information that we have collected and shared with third-parties. You have the right to request deletion of such information and that we stop sharing any of your personal information. We do not sell your information. You have the right to be free from discrimination related to your exercise of your rights as a California resident.

In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in response to a consumer request or to re-identify individual data to verify a consumer request. Under certain circumstances, our customers and affiliates are required by law or regulation to retain your information for specific periods of time. In those instances, you will be informed ahead of time.

For all California residents, any such inquiries shall be responded to within forty-five (45) days. We must verify your identity with respect to such inquiries. Depending on the nature of the PI at issue, we may require additional measures or information from you as part of that verification.

For California residents under age 18 who have publicly posted content or information, you may request and obtain removal of such content or information pursuant to California Business and Professions Code Section 22581, provided you are a registered user of any Airside App or where Airside has posted this Policy. To make such a request, please send an email with a detailed description of the specific content or information.

If you have questions about how to exercise your rights under CCPA, you may request additional information by sending an email to our DPO at [email protected].

Your State Privacy Rights
State consumer privacy laws may provide their residents with additional rights regarding our use of their personal information. To learn more about your state specific rights and how to exercise them, you may contact us at [email protected].

6. Contact Information

For further information, please contact us at:

Privacy Office: [email protected]
GDPR Representative: [email protected]
Airside Mobile DPO: [email protected]
Information Security: [email protected]
US office PSTN: + 800-209-1467