Loading...
Loading...
At Aviatize we attach great importance to the protection of your Personal Data. This Privacy Policy sets out how we protect your Personal Data and who you can turn to for more information or to invoke your legal rights. If you provide us with Personal Data of other persons, such as your collaborators or Operators that will be using the Aviatize software, or associated services or other white labeled solutions provided by Aviatize (hereafter the “Tool” and the “Services”), please inform these persons of our Privacy Policy before entrusting us with their Personal Data. We reserve our right to amend this Privacy Policy from time to time, if legislation or our internal practices so require. At all times you can find the current version of our Privacy Policy on our website http://www.aviatize.com/privacy-policy . If you do not agree with these terms, you should not use or access the Website, the Tool or our Services.
The legal entity controlling the processing of your Personal Data is Aviatize BV, a Belgian company with limited liability whose registered office is located at Kerkstraat 106, 9050 Gentbrugge, Belgium, registered under company number 0643.586.288 and/or (as specified below) its affiliate Aviatize LLC, an Arizona limited liability company, having its principal place of business at 4636 E Fighter Aces Drive, Mesa, AZ 85215, USA with EIN number 93-3919122, hereafter separately “Aviatize BV” or “Aviatize LLC” and collectively “Aviatize”, “us” and/or “we”. When we refer to our website (“Website(s)”), we mean www.aviatize.com, www.idronect.com, www.app.aviatize.com, www.one.aviatize.com, www.platform.idronect.com, or any other dedicated website where we offer access to our Tool and/or Services.
Aviatize processes Personal Data of its customers and potential customers (hereafter “Customers”), as well as contact persons of its Customers for the following purposes: (1) conveying offers, invoicing and administration, management of the Customer or sales relationship, as well as legally required purposes linked to this purpose, and (2) direct marketing. Aviatize also processes Personal Data of visitors to our Website that fill out the contact page, for the sole purpose of (3) responding to the visitor’s request sent to us via the contact page. Aviatize BV will act as controller for these commercial activities, and the processing will be subject to Belgian and EU data protection laws, unless the activities are directed towards the US or US Customers. In that case, Aviatize LLC will act as controller, the processing will be subject to the laws of Arizona and all transactions shall be considered to take place within Arizona. Additionally, on our Website we may use cookies. For more information in relation to cookies, please revert to the cookie policy and pop up to be found on our Website. Apart from the processing that Aviatize performs as processor for the Customer (see Aviatize PRIVACY POLICY Part II here below), Aviatize BV is also processing data of the Users of the Tool for its own purpose of: (4) optimization of the Tool (e.g. making the Tool smarter and better performing).
The legal basis for these processing operations is respectively:
When you interact with our Website, advertisements or other content provided by us or processors on behalf of us, or are receiving our Services through your computer, phone or mobile device (“Device(s)”), Aviatize automatically collects certain information (“Automatically-Collected Data”) about or from your Device, such as, without limitation, your browser information on our server logs including your IP address, browser type, browser versions, browser language, browser plug-in type and version, country and time zone, URLs that refer visitors to our Website, dates and times of visits to our Website, page views and site navigation, geographic location, cookie information, web beacons, pixel tags, device fingerprinting or other means, the page you requested, duration of activity on our Website, searches, shopping behavior and preferences, hardware model, operating system version, unique device identifiers, mobile network information, and purchases.
Aviatize may obtain personal and non-personal data from third-party sources such as YouTube. This information may be utilized, analyzed, and/or compared with information that we have collected from you or that you have submitted to the Website or in the use of the Services. If Aviatize obtains information from third-party sources other than from its own processors, Aviatize takes commercially reasonable measures to ensure the third parties lawfully obtained and provided the information to us. If the third parties unlawfully obtained and/or provided the information to us despite our reasonable measures to ensure the third parties complied with all legal requirements in obtaining and providing the information to us, you understand, agree, and acknowledge that your sole legal remedy is against the third party that engaged in the unlawful activity and that you will not assert any cause of action, claim or demand against us.
We process your Personal Data for the purpose of sales, as long as necessary in the context of the contracts entered into with you or with your organisation. Personal Data of inactive Customers, being after termination of our contracts, are retained for as long as necessary for legal, compliance or tax and accounting reasons or for as long as your purchases could give rise to legal claims. We process your Personal Data for direct marketing purposes until you oppose the processing of your Personal Data for that purpose, or if the processing was based on your consent, until you withdraw your consent.
We process your personal data as long as necessary to deal with and give follow up to your request. The data is not retained afterwards (unless the case being, in the context of another processing for another purpose as detailed in this Privacy Policy).
Your data is processed and stored as long as this is useful for the optimization of the Tool subject to appropriate technical and organizational measures in order to safeguard your rights and freedoms, such as in particular pseudonymisation.
Aviatize takes reasonable security measures to protect your Personal Data against unauthorized access, loss, alteration, or destruction. These measures include encryption, pseudonymisation and physical security measures to guard against unauthorized access to systems where we store Personal Data, and the usage of reputable third party vendors. Despite these reasonable measures, we cannot guarantee our security measures are impenetrable. Therefore, although we take reasonable steps to secure your information, we cannot and do not promise or warrant that your information will always remain secure.
Following Personal Data may be shared in accordance with this Privacy Policy : 1. All Personal Data with third party processors that provide services for us such as suppliers of IT and hosting services, and for relevant Personal Data email marketing and communication platforms, that are all acting on behalf of Aviatize and with whom Aviatize has entered into adequate processor contracts. These processors will only use the data for the purposes determined by Aviatize and in accordance with this Privacy Policy Part I. Aviatize LLC may also act as processor for Aviatize BV, and vice versa. In addition, Aviatize may also share Personal Data with, or receive Personal Data from accounting and payment providers under adequate contractual guarantees. Notwithstanding the foregoing, it is possible that Aviatize must disclose your Personal Data : 2. To the competent authorities (i) when Aviatize is obliged to do so under the law or in the context of legal proceedings and (ii) for the protection and defense of our rights.
Aviatize BV shall not transfer Personal Data, to a country outside the European Economic Area, unless it will make sure to have taken sufficient measures in accordance with GDPR in order to justify this transfer of personal data outside of the EEA. Aviatize will either enter into standard contractual clauses controller to processor as approved by the EC Commission with the data importer, or only transfer to a data importer that is covered by an adequacy decision. Aviatize LLC may transfer personal data outside of the United States so long as it has implemented appropriate safeguards in accordance with applicable data protection laws. If a transfer is necessary, Aviatize LLC will ensure compliance by either entering into standard contractual clauses with the data recipient or transferring data only to countries deemed to have adequate data protection measures. By using the Website, the Tool and/or Services, you acknowledge and agree that your information may be transferred to our facilities and to recipients with whom we share Personal Data as described in this Privacy Policy.
We will not sell any Personal Data you submit to us to any third party provided, however, that Aviatize is permitted to: (i) disclose under contractual guarantees with the buyer and sell your Personal Data as part of our business, in the event of a merger, acquisition, change of control or sale of substantially all of our assets or our business (or any substantially similar transaction), and (ii) sell aggregated and/or deidentified information that we may collect related to you and your use of the Website, Tool or Services.
From time to time, Aviatize may be required to respond to a subpoena, a court order or similar investigative demand from law enforcement, a government agency, or a private litigant. Aviatize reserves all rights to defend, within its sole discretion, against such legal requests, demands, and claims. For instance, Aviatize may raise or waive legal objections or rights. Aviatize also reserves the right to disclose your information, as allowed by applicable law, when we believe it is reasonably appropriate based on the situation. Such disclosure may occur but is not limited to, disclosing your Personal Data in connection with efforts to: (i) investigate, prevent, or commence other actions regarding suspected illegal activity or other wrongdoing; (ii) protect or defend the rights, property or safety of our company, our Users, our employees, or others; (iii) comply with applicable law or cooperate with law enforcement; or (iv) enforce the Terms of Service or other agreements or policies between you and us related to the Website, the Tool or the Services.
In relation to the Personal Data that are processed by Aviatize, you have a number of legal rights:
If any terms of this Privacy Policy are held invalid and/or unenforceable by a court of law or a competent jurisdiction, the remaining provisions of this Privacy Policy shall remain in full force and effect.
In order to invoke your rights, please contact us at our dedicated privacy e-mail address: privacy@aviatize.com , or send us a letter at the addresses specified above. If on the other hand you have any questions, remarks or complaints in relation to our Privacy Policy or how we process your data, do not hesitate to contact us, either by telephone or e-mail. Privacy manager: Tom Verbruggen Tel: +1 480 718 7129 E-mail: privacy@aviatize.com If you have any complaints in relation to how Aviatize BV processes your Personal Data, you may file a complaint with the Supervisory Authority: www.gegevensbeschermingsautoriteit.be
The processing considered here below is the processing by Aviatize and/or in the Tool of Customer Personal Data such as data of Users as defined in the Terms of Service. These Customer Personal Data are processed on behalf of the Customer and for the Customer’s purposes. This processing either forms an inherent part of the Customer’s use of the Tool, or relates to Aviatize’s support given for the Tool in the event of incidents. Specific processing operations relate to for instance authentication, reading, creation and submission of flight and business related information, sending of data, monitoring the usage of the software, supporting incidents and customization. With regard to this processing, Aviatize processes the relevant Customer Personal Data on behalf of its Customer. Therefore Aviatize qualifies as a processor for such processing. The Customer of Aviatize takes the initiative for the processing: it decides to use the Tool. Hence, it is the Customer that determines the purposes and means of the processing of the Customer Personal Data and thus qualifies as controller with regard to such processing. Aviatize shall only process the Customer Personal Data for the same Customer Purposes upon request of the Customer and in accordance with its instructions. The customer in its capacity as controller shall be responsible to comply with all (legal) obligations vested in the controller, in particular the obligation to inform the data subjects on the purposes of its processing.
Aviatize processes Customer Personal Data on behalf of its Customer for the purposes of the Customer. In the context of these Customer Purposes, Aviatize shall perform the following processing operations for the Customer:
The categories of data subjects are the following:
Aviatize shall retain the Customer Personal Data as long as the Agreement is ongoing. Once the Agreement has been terminated, the Customer Personal Data shall be deleted within six months.
The Customer generally authorizes Aviatize to appeal to sub-processors for the processing of Personal Data for the Customer Purposes specified under this policy. The Customer approves Aviatize BV and Aviatize LLC as well as the following sub-processors:
| Sub-processor | Location | Services | Data Accessible? | Legal Basis / DPA |
|---|---|---|---|---|
| Amazon Web Services Inc. | Seattle, WA, USA | Cloud Hosting Services | Yes | DPA https://docs.aws.amazon.com/whitepapers/latest/navigating-gdpr-compliance/aws-data-processing-addendum-dpa.html |
| Google Inc. | Mountain View, CA, USA | Cloud Hosting Services Google Suite Tag Manager Google Analytics | Yes | DPA https://cloud.google.com/terms/data-processing-addendum |
| Mailgun Technologies, Inc. | San Antonio, TX, USA | Emails which are sent from the platforms are being sent through Mailgun services | Yes | DPA https://www.mailgun.com/legal/dpa/ |
| MongoDB Inc | Dublin, Ireland | Database hosting is provided by MongoDB | Yes | DPA https://www.mongodb.com/legal/data-processing-agreement |
| Twilio Inc. | San Francisco, CA, USA | If you turn on SMS alerts, Twilio receives basic info to provide you text alerts (e.g., phone number). | Yes | Twilio https://www.twilio.com/en-us/legal/data-protection-addendum |
| Functional Software, Inc. dba Sentry | Vienna, Austria | Sentry tracks potential errors in our system in order to continuously improve the software | Yes | DPA https://sentry.io/legal/dpa/ |
| Slack | Dublin, Ireland | Chat communications, Customer Support | Yes | DPA https://slack.com/intl/en-gb/terms-of-service/data-processing |
| Dublin, Ireland | Communications | Yes | DPA https://www.whatsapp.com/legal/business-data-processing-terms | |
| Zoom Inc. | San Jose, California, USA | Online meetings, Webinars | Yes | DPA https://www.zoom.com/en/blog/data-europe-updating-zooms-dpa/ |
| Pipedrive | Tallinn, Estonia | Customer Resource Management | Yes | GDPR Compliant DPA |
| 650 Industries Inc. (Expo) | Palo Alto, CA, USA | Facilitates Push Notifications | Yes | DPA https://docs.expo.dev/regulatory-compliance/data-and-privacy-protection/ |
| Apideck | Belgium | When certain integrations are used | Yes | DPA https://compliance.apideck.com/dpa |
| Sage Intacct | San Jose, CA, United States | When accounting integration is activated | Yes | GDPR Compliant DPA |
| Clover | Sunnyvale, CA, United States | When Clover payments are being used | Yes | DPA https://www.clover.com/terms?srsltid=AfmBOoqigHFCHB2aHpKumF6PZv1NvGNB4hzKudFSLpn5BPonZ2yGSY0k |
| DevRev | Palo Alto, CA, United States | Customer Support, Knowledge Hub | Yes | DPA https://devrev.ai/legal/dpa |
| Stripe Inc. | San Francisco, CA, USA | Stripe receives billing information, such as your name, credit card details, and address when payments are processed through the system | Yes | DPA https://stripe.com/en-mt/legal/dpa |
| Exact Online | Belgium | When accounting integration is activated | Yes | GDPR compliant |
These sub-processors are at least bound by the same obligations by which Aviatize is bound under this Policy. Aviatize shall update this list from time to time as required. Aviatize shall inform the Customer of any intended changes concerning the addition or replacement of other sub-processors, thereby giving the Customer the opportunity to object to such changes.
Aviatize BV shall not transfer Customer Personal Data, to a country outside the European Economic Area, unless it will make sure to have taken sufficient measures in accordance with GDPR in order to justify this transfer of personal data outside of the EEA. Aviatize will either enter into standard contractual clauses processor to processor as approved by the EC Commission with the data importer, or only transfer to a data importer that is covered by an adequacy decision. Aviatize LLC may transfer personal data outside of the United States so long as it has implemented appropriate safeguards in accordance with applicable data protection laws. If a transfer is necessary, Aviatize LLC will ensure compliance by either entering into standard contractual clauses with the data recipient or transferring data only to countries deemed to have adequate data protection measures. By using the Website, the Tool and/or Services, you acknowledge and agree that your information may be transferred to our facilities and to recipients with whom we share Personal Data as described in this Privacy Policy.
Aviatize commits to assist the Customer, taking into account the nature of the processing, with: 1) the fulfillment of the Customer’s duty to answer a request of a data subject for exercising the data subject's rights laid down in Chapter III of the GDPR and applicable state laws; 2) taking the appropriate measures for the safety of the Customer Personal Data and reporting any breaches to the safety and security of Customer Personal Data; 3) carrying out a data protection impact assessment, in case the Customer considers such assessment to be (legally) required. In case a situation occurs in which the Customer wishes to call upon the assistance of Aviatize, the Customer will promptly notify Aviatize by e-mail and by telephone.
Aviatize undertakes to implement the following appropriate technical and organisational security measures necessary for the protection of Customer Personal Data:
Aviatize shall implement technical measures to:
Prior to termination of the Agreement, the Customer has the possibility to export all Customer Personal Data to another IT-system. After termination of the Agreement, Aviatize may, and will within six months, delete all Customer Personal Data.
Aviatize shall maintain the Customer Personal Data confidential and thus not disclose any Customer Personal Data to third parties, without the prior written agreement of the Customer. Aviatize will ensure that its employees and sub-processors, engaged in the performance of the Agreement, are informed about the confidential nature of the Customer Personal Data, and are bound by similar confidentiality obligations.
The Customer is entitled to control Aviatize’s compliance with this Processor Policy at any given moment. During Aviatize’s regular business hours, and provided that the Customer has given Aviatize at least one month’s prior notice of the date of the audit, Aviatize will allow the Customer to visit the premises where the Customer Personal Data is processed in order to verify compliance with this Processor Policy. The costs for the performance of such an audit are borne by the Customer, unless the result of the audit shows that Aviatize has committed serious shortcomings in the implementation of this Processor Policy.
Privacy manager: Tom Verbruggen Tel: +1 480 718 7129 E-mail: privacy@aviatize.com