Copyright Airside Mobile, Inc. an Entrust Company, 2024. All rights reserved.
Airside Privacy Policy
Effective Date: June 18, 2024
Table of Contents
At Airside Mobile, Inc., an Entrust Company (or “Airside”, “we”, “us”, “our”), we care about your privacy. We’ve created this Privacy Policy to help you understand how we collect, use, and share your personal information if you use the Airside Digital Identity mobile application (the “App”) or our website(s) (collectively, the “Services”).
If you are an App user in the US, you must also read our Biometric Information Policy, which takes priority over the information in this Privacy Policy to the extent there is any conflict.
You must be at least 16 years old to use the App and may need to meet another minimum age requirement to use certain features of the App. Please see the section below headed “Children’s Data” for more information.
Please note that even if you do not use the App yourself, someone else may use the App to provide and share information about you if you are traveling with them on the same booking. Please see the information under “Family and Group Travel” below for more details.
PRIVACY PRACTICES SUMMARY
You should read all of this Privacy Policy, but the main things we think you would like to know are:
- We do not sell, lease, trade, or otherwise profit from your personal information.
- If you add a Selfie or details of your identity document to the App, this information will reside within the App on your mobile device unless you have asked us to use this information to verify your identity or to share this information with one of our partners whose services you wish to use (in which case we will use it as explained in this Privacy Policy).
- Within the App, you can see details of who (past and present) you have asked us to share your personal information with. If the App shows that we are currently sharing your information with someone, you can use the App to make us stop (unless we are required by law to limit your ability to do this). You can also delete your personal information from the App at any time.
1. WHAT TYPES OF INFORMATION DO WE COLLECT AND PROCESS?
If you use the Services, we may collect and process the following categories of personal information depending on how you choose to use our Services.
Information you provide. If you use our Services, you may provide us with your personal information. For example:
- If you contact us via our website(s) feedback or contact forms, you may provide your name, email address, phone number, and the name of the company you work for.
- If you use the App, you may provide us with:
- your email address (so we can create your account and communicate with you);
- a photo or video of yourself (a “Selfie”) and images and scans of your government-issued identity document (such as your passport, driver’s license, or other permitted identity document) if you ask us to verify your identity;
- your travel details, such as the date of your flight (if you choose to use a Service that requires us to have details of your travel arrangements); and
- information about your health (if you choose to use our Health Pass service to store details of your vaccinations).
- Such other information as you may choose to provide when contacting Airside with requests, complaints or other queries.
Information we create. If you use our Services, we may create personal information relating to you. For example, if you use the App:
- we will create unique IDs that we associate with your App account;
- if you ask us to verify your identity we will:
- extract information from images and scans of your government-issued identity document (for example, document type, document number, your name, date of birth, sex, country of citizenship, document issuing authority, document expiration date); and
- generate scans of your face using the image of the face shown in your Selfie and in your government-issued identity document (“Facial Scans”). Facial Scans may be considered biometric information under applicable privacy laws, including US State biometric privacy laws (e.g. BIPA and CUBI). If you are an App user in the US, please read Airside’s Biometric Information Policy for more information.
- we will create a record of your use of the App (for example, of any identity verifications you have asked us to perform, and of any data we have shared with third-party partners at your request).
Information we collect automatically. If you use our Services, we may automatically collect information about your device (such as your IP address, device type, device operating system and device language) and about your use of our Services (for example, the fact that you opened the App, or took a Selfie). We collect this information using cookies and similar technologies as explained in our Cookie Policy.
2. HOW DO WE USE THIS INFORMATION?
We do not sell, lease, trade, or otherwise profit from your personal information and we do not share your personal information with third parties for marketing purposes. We will only use your personal information for the purposes described below.
If you are a user of our Services and resident in the EEA or UK, we will only use your personal information for a particular purpose if we have a “legal basis” for this. We have set out below the legal bases we rely upon for each purpose.
a) To create your App account and send you important service information in connection with your account.
To use the App, you need to create an account using your email address. We may send important information regarding our Services (for example, notice of changes to our terms, policies, and/or other administrative information) to this email address.
- Information used for this purpose: email address, Unique IDs associated with your account.
- Legal basis relied upon: The processing described above is necessary for us to perform our obligations under the contract in place between you and Airside.
b) To enable you to use the App.
We use your personal information to enable you to use the App. This includes allowing you to: upload a Selfie; ask us to verify your identity or share information about your verified identity with a third party (each as explained further below); see a record of your in-App activities; and delete your information from the App.
- Information used for this purpose: information that you provide or that we create to enable you to use the App.
- Legal basis relied upon: The processing described above is necessary for us to perform our obligations under the contract in place between you and Airside.
c) To verify your identity at your request.
You may choose to use the App to verify your identity. To do this, you will need to provide us with a Selfie and with images and scans of your government-issued identity document (e.g. a passport or driving license). With the help of our service providers (Thales, Inc., Thales DIS USA, Inc., Onfido Limited, and Acuant, Inc.), we will conduct various checks to ensure that your identity document is genuine and to confirm that it belongs to you. Some of these checks require us to create “Facial Scans” – which are scans of your face as it appears in your Selfie and in the portrait image of you contained in your identity document. We compare these two Facial Scans to one another to confirm that the person who appears in the Selfie is also the owner of the identity document. This helps us verify your identity. The information we collect, share, and use may be considered biometric information under applicable privacy laws, including US biometric privacy laws. If you are an App user in the US, please read Airside’s Biometric Information Policy for more information.
- Information used for this purpose: images and scans of your government-issued identity document and information we extract from these images and scans; Selfie; Facial Scans.
- Legal basis relied upon: The processing described above is necessary for us to perform our obligations under the contract in place between you and Airside. Where we need to use Facial Scans to uniquely identify you, we will also ask for your explicit consent. The consent screen we display to you within the App will make clear how your information will be used if you consent, and you may revoke your consent at any time (see the section below headed “Your Rights” for more information).
d) To share information about your verified identity, and details of people traveling with you, with third-party partners at your request.
You may ask the App to share information about your verified identity with our third-party partners. (Depending on the service you choose to use, you may also ask the App to provide our partners with personal information you provide to us about other people who are traveling with you on the same booking.)
The information that we share will vary depending on the specific service you choose to use (further details of the services available in the App are on the Airside App section of our website). However, we will only share information about your verified identity (or personal information you have given to us about someone traveling with you) with one of our partners at your request, and we will always tell you what information will be shared. At any time, you can review your active and expired share requests within the App and you may revoke any active requests unless we are required by law to limit your ability to do so.
Please be mindful that if you ask us to share personal information with a third-party partner, Airside cannot control how that partner will use this information. Before you ask us to share any personal information you should review the partner’s privacy policy to ensure you understand what will happen to your information after we have shared it.
- Information used for this purpose: images and scans of your government-issued identity document and information we extract from these images and scans; Selfie; such other information as you instruct us to share. If you are an App user in the US, the information we share may be considered biometric information under US privacy laws; please read Airside’s Biometric Information Policy for more information.
- Legal basis relied upon:
- If you ask us to share your personal information with a partner, we will do so on the basis that this processing is necessary in order for us to perform our obligations under the contract in place between you and Airside.
- If you ask us to share information which constitutes a “special category” of data under European/UK privacy laws (including Facial Scans if the third party will use them to uniquely identify you), we will also ask for your explicit consent. The consent screen we display to you within the App will make clear how your information will be used if you consent and you may revoke your consent at any time (see the section below headed “Your Rights” for more information).
- If you ask us to share personal information about someone else who is traveling with you on the same booking (and with whom Airside may not have entered into a contract), we will do so on the basis that this is necessary for the legitimate interest of providing a Family and Group Travel service.
e) To customize content within our App.
We use your device’s language preference setting to set the language of the App for you.
- Information used for this purpose: Device language.
- Legal basis relied upon: The processing described above is necessary for us to perform our obligations under the contract in place between you and Airside.
f) To handle and respond to your requests, complaints, or other queries.
If you contact us via the App, website or otherwise, with a request (for example, if you subscribe to one of our email newsletters), a complaint, or a query, we will need to use certain personal information about you in order to handle and respond to your communication.
- Information used for this purpose: The information processed for these purposes will depend upon the nature of your query but will include your contact details, details of your request, complaint, or query, and any of the personal information we hold that is necessary to handle and respond to your query.
- Legal basis relied upon: This will depend upon the nature of your query and our relationship with you, but we will typically rely on the fact that this processing is necessary:
- for us to perform our contract with you (for example, if you are an App user with a question about the App);
- for compliance with a legal obligation (for example, if you contact us seeking to exercise your legal rights in respect of your personal information); or
- for a legitimate interest (for example, Airside has a legitimate interest in responding to website queries about our products and services, and in providing email newsletters to people on request. Please note that you may unsubscribe from our newsletters at any time by clicking the unsubscribe link in the email sent to you).
g) To enforce our terms and policies.
We use the personal information we have about you to enforce our terms and policies. This may include suspending or banning your account if we decide that you are violating the terms that govern your use of our Website(s) or the App (for example, if we learn that you are using the App and are younger than 16 years old). We process personal information for this purpose on the basis that it is necessary for us to perform our obligations under the contract in place between you and Airside.
h) To analyze the use of our Services so we can review and improve our Services.
We use your personal information to analyze and better understand how people are using our Services so that we can improve them. For example, if you ask us to verify your identity, but our technology is unable to scan your government-issued identity document, we may record this error and associate it with limited information about your identity document (such as the country that issued it and the year it was issued) so we can improve our technology’s ability to scan those types of document.
- Information used for this purpose: Information collected using cookies and similar technologies (such as Google Analytics and Firebase Performance Monitoring). For example, the fact that you created or deleted your account, captured a Selfie, or uploaded an identity document plus associated metadata (for example, the date on which you did these things, your user ID (as set by Airside), and your device operating system). See our Cookie Policy for more information, and click on this link to learn more about Google Analytics. Please note:
- Legal basis relied upon: We rely on consent where this is required by law to collect your information using cookies or similar technology (as explained further in our Cookie Policy). Otherwise we process your information on the basis that we have a legitimate interest in reviewing and improving our Services.
i) To keep our Services stable and secure.
We use your personal information to identify technical and security issues (such as App crashes or technical bugs) so we can keep our Services functioning and secure.
- Information used for this purpose: Information collected using cookies and similar technologies (such as Firebase Crashlytics). See our Cookie Policy for more information.
- Legal basis relied upon: We rely on consent where this is required by law to collect your information using cookies or similar technology (as explained further in our Cookie Policy). Otherwise we process your information on the basis that we have a legitimate interest in identifying and tackling any technical or security issues to ensure the Services are continuously available and functioning securely.
j) In connection with a business transaction or to obtain professional advice.
We may use the personal information we have about you in connection with an actual or proposed divestiture, merger, acquisition, joint venture, bankruptcy, dissolution, reorganization, or any other similar transaction or proceeding, or to obtain professional advice. We use personal information for these purposes on the basis that it is necessary for Airside’s legitimate interest in running its business in a commercial and compliant manner.
k) For compliance with a legal obligation, to exercise, establish or defend legal rights, or to protect someone’s vital interests.
In exceptional cases, we may need to use the personal information we have about you where this is necessary for compliance with a legal obligation, to exercise, establish or defend legal rights, or to protect someone’s vital interests. For example, we may be required by law to disclose information in response to a request from a government or law enforcement body. The legal basis we rely upon will depend upon the specific purpose for which it is necessary to use your personal information, but we will only process your information where it is necessary for compliance with a legal obligation; necessary to protect your or another person’s vital interests; or necessary for the purpose of a legitimate interest.
Note for users who are not old enough to enter into an enforceable contract.
As explained in a) – g) above, we use your personal information for certain purposes because this is necessary in order for us to perform our contract with you. However, if you are under the age of majority (which is 18 years old in most countries) with a limited ability to enter into an enforceable contract, we may not be able to rely upon this legal basis. If this is the case, we will instead use your personal information for the purposes described in a) – g) above on the basis that our use of your information is for the purpose of a legitimate interest. In particular, we have a legitimate interest in using your personal information to: create your account and send you important service information; enable you to use the App; verify your identity at your request; share information about your verified identity with third-party partners at your request; customize content within the App; handle and respond to your requests, complaints or other queries; and enforce our terms and policies.
- Information used for this purpose: the information described under a) – g) above.
- Legal basis relied upon: The processing described above is necessary for our legitimate interests as described above.
3. WHEN DO WE SHARE THIS INFORMATION?
We may need to share your personal information as follows:
- With service providers who help us to verify your identity. If you choose to use the App to verify your identity, we will share information about you with service providers who help us conduct various checks to ensure that your identity document is genuine, and to confirm that it belongs to you. These service providers are Thales, Inc., Thales DIS USA, Inc., Onfido Limited, and Acuant, Inc.
- With our third-party partners, where you ask us to do so. If you choose to ask us to share information about your verified identity (or personal information about a person traveling with you on the same booking) with one of our third-party partners, we will share information with that partner. You will need to approve this data sharing, and when we ask for your approval, we will: clearly explain what information will be shared; provide the name of the partner with whom the information will be shared; describe the purpose for which the information will be shared; and include an expiration date for your approval. Please be mindful that if you ask us to share your personal information with a partner, Airside cannot control how that partner will use your information – so before you ask us to share your information, you should review their privacy policy to ensure you understand what will happen to your information after we have shared it.
- With service providers who are performing other tasks on our behalf. To be able to provide our Services and to run our business, we require the support of service providers. These service providers include: information technology and related infrastructure providers (who provide us with a place to store your personal information); data analytics providers (who help us to analyze trends); and provide us with professional (e.g. advisory and auditing) advice and services.
- With other companies in Airside’s group of companies who help us to provide our services (for example, by providing ancillary engineering, technical or customer support).
- With an actual or potential buyer, investor or partner (and its agents and advisers) in relation to a business transaction.
- With a competent law enforcement body, regulatory, government agency, or court.
- With any other person where we have a legitimate legal reason for doing so.
4. WHERE IS THIS INFORMATION STORED AND FOR HOW LONG?
For App users: We want you to know that for the majority of the time, the information you upload to the App so we can verify your identity (namely your Selfie, images/scans of your government-issued identity document and information extracted from these images/scans) remains within the App where it is only accessible to you. We do not have ongoing access to this information. The only instances in which we or others have access to this information are:
- if you ask us to verify your identity. In this case, we (and the named service providers who help us to verify your identity) will be granted access to this information for a temporary period of time so we can complete your identity verification. We and our service providers will process this information in our servers and then delete it within 48 hours of having verified your identity. The only information we retain is a record of the fact that we performed a verification; or
- if you ask us to share information about your verified identity with a third-party partner. We will provide the partner with access to your information for a temporary period of time. Please be mindful that once the partner has accessed your information, Airside cannot control how that partner will use it and so you should review the partner’s privacy policy to make sure you understand how your information will be used if you ask us to share it.
For App and Website users: We process your personal information for the purposes described in this Privacy Policy on servers that are in the United States. Some of the service providers and third-party partners with whom we may share your personal information will process your information outside of the EEA/ UK. If you are in the EEA/UK and we need to share your personal information with a third party who will process it in a country outside the EEA/UK which the European Commission has not said provides an adequate level of data protection, we will protect your information by requiring the third party to enter into the European Commission approved Standard Contractual Clauses (and/or their UK and Switzerland equivalents) where legally possible. You can request more details of these transfers and a copy of these standard contractual clauses by contacting us using the details provided in the section below headed “How to Contact Us.”
5. YOUR RIGHTS AND HOW TO EXERCISE THEM
Depending on where you live and subject to applicable data protection law, you may have the following rights in respect of the personal information we process about you as described in this Privacy Policy:
- The right to request access to and disclosure of your information.
- The right to change and/or correct inaccurate information.
- The right to block or suppress the processing of your information. This enables you to request that Airside suspend the processing of your information in certain circumstances.
- The right to object to our processing of your information where we are relying on legitimate interests as our legal basis for using your personal information (see the section above headed “How do we use this information” for details) and you feel such processing impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- The right to request that we delete your personal information, subject to certain exceptions. Please note: As explained in the section headed “Where is this information stored and for how long”, we do not have ongoing access to your Selfie or your government-issued identity document and so we cannot delete this information for you. You can delete this information yourself as explained below.
- The right to request portability of your personal information. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
- The right to withdraw your consent, if applicable. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You also have a right to lodge a complaint with your local data protection authority or regulator.
You may exercise your rights by contacting us using the details set out in the section below headed “How To Contact Us.” However, you may also do the following within the App:
- you may withdraw your consent from within the Activities section of the App;
- you may delete the information you have uploaded to the App at any time. This can be accomplished by selecting the option to delete your information in the App. You may also delete the App entirely (which will automatically delete any information you have uploaded to the App); and
- you may edit your email address. This can be accomplished by selecting the option to edit your email address within the App.
6. CHILDREN’S DATA
If you are younger than 16 years old, you’re not old enough to use the App. Please do not download the App or provide us with your personal information.
If you believe someone below this minimum age is using the App, please contact us using the details set out in the section below headed “How To Contact Us.”
7. FAMILY AND GROUP TRAVEL
Please read this if you are using the App to provide us with information about someone else. Some of the services available within the App allow you to submit information about another person, such as your child or another person who is traveling with you on the same booking. If you provide us with someone else’s information, you must have their permission to do so and you must make them aware of how we will use their information as described in this Privacy Policy.
Please read this if someone else has used the App to provide us with information about you. Some of the services available within the App allow a user to submit information about another person, such as their child or another person who is traveling with them on the same booking. If an App user has provided us with your information, we will use it as described in this Privacy Policy. You may exercise the rights you have over your personal information (as explained in section 5) by contacting us using the details set out in the section below headed “How To Contact Us.”
8. UPDATES TO THIS POLICY
We may need to update this Privacy Policy from time to time. In the event this Privacy Policy changes in a material way, we will notify you (for example, by sending a notification to the email address you used to set up your account or to subscribe to our newsletters). Any changes to the Privacy Policy will become effective on the date identified above.
9. HOW TO CONTACT US
If you have any questions or concerns about this Privacy Policy, please contact us as follows:
- Airside Mobile, Inc. is the controller of your personal information. You may contact us at [email protected].
- If you are resident in the EEA or UK, you may contact:
- Airside’s Data Protection Officer at [email protected] or Attention: Airside Data Protection Officer Heward Mills 77 Farringdon Rd London EC1M 3JU UK.
- Airside’s Data Protection Representative at [email protected] (quoting in the subject line) or using the online webform at www.datarep.com/data-request. You may also contact Airside’s Data Protection Representative by post by mailing your inquiry to the most convenient of the addresses below. Please address your inquiry to “DataRep” not Airside, but name Airside in your correspondence.
Country | Address |
Austria | DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria |
Belgium | DataRep, Place de L’Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium |
Bulgaria | DataRep, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria |
Croatia | DataRep, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia |
Cyprus | DataRep, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus |
Czech Republic | DataRep, Platan Office, 28. Října 205/45, Floor 3&4, Ostrava, 70200, Czech Republic |
Denmark | DataRep, Lautruphøj 1-3, Ballerup, 2750, Denmark |
Estonia | DataRep, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia |
Finland | DataRep, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland |
France | DataRep, 72 rue de Lessard, Rouen, 76100, France |
Germany | DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany |
Greece | DataRep, 24 Lagoumitzi str, Athens, 17671, Greece |
Hungary | DataRep, President Centre, Kálmán Imre utca 1, Budapest, 1054, Hungary |
Iceland | DataRep, Kalkofnsvegur 2, 3rd Floor, 101 Reykjavík, Iceland |
Ireland | DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland |
Italy | DataRep, Viale Giorgio Ribotta 11, Piano 1, Rome, Lazio, 00144, Italy |
Latvia | DataRep, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia |
Liechtenstein | DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria |
Lithuania | DataRep, 44A Gedimino Avenue, 01110 Vilnius, Lithuania |
Luxembourg | DataRep, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg |
Malta | DataRep, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta |
Netherlands | DataRep, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands |
Norway | DataRep, C.J. Hambros Plass 2c, Oslo, 0164, Norway |
Poland | DataRep, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland |
Portugal | DataRep, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal |
Romania | DataRep, 15 Piaţa Charles de Gaulle, nr. 1-T, Bucureşti, Sectorul 1, 011857, Romania |
Slovakia | DataRep, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia |
Slovenia | DataRep, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia |
Spain | DataRep, Calle de Manzanares 4, Madrid, 28005, Spain |
Sweden | DataRep, S:t Johannesgatan 2, 4th floor, Malmo, SE – 211 46, Sweden |
United Kingdom | DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom |
