1. Types of Personal Information we process and why
The types of Personal Information that we may process in connection with the provision of our Services and via our Websites may be provided by you voluntarily; collected automatically on our Websites (e.g. by using cookies or other online technologies); or provided to us by or collected on behalf of third parties (e.g. by one of our business clients) in order for us to perform our Services for them.
"Personal Information" means data which allows the identification of a natural person directly or indirectly from that data. Examples may include name, address, email, telephone number, customer ID, or tax ID. It includes personal data as defined under EU law.
(i) Information provided voluntarily by users of our Websites
In order to use certain areas of our Websites, you must first complete the registration form and create a user name and password. During registration, you are required to give contact details such as your name and email address. We use these contact details to contact you about such of the services described on our Websites in which you have expressed interest.
You have the option to provide us with additional information which we use to provide you with a more personalized experience on our Websites, which includes presenting content more relevant to you based on the sector you specify, e.g. airline, airport.
SITA is the sole owner of the information collected on our Websites (SITA.aero or other SITA owned / controlled Websites).
You can use the unsubscribe function at any time if you no longer wish to be registered with us.
Provision of information
Any Personal Information that you provide through our Websites will be used for the purpose of providing you with information about SITA and its products and services. Such information will be sent to you using the contact details you have submitted via these Websites.
Surveys or contests
From time to time, we may provide you with the opportunity to participate in contests or surveys on our Websites. If you wish to participate, we will request certain Personal Information from you. Participation in these surveys or contests is completely voluntary and you can choose whether or not to provide such Personal Information. The requested Personal Information typically includes contact information and demographic information. We use this information to further understand our market and your requirements.
Product offers and updates
If you have registered on our Websites, we will occasionally send you information on SITA’s products and services. If you no longer wish to receive these types of communications, you may unsubscribe by following the instructions in section 8 below.
If you wish to subscribe to our newsletter(s), we will use your contact information, e.g. your name and email address to send the newsletter to you. If you no longer wish to receive our newsletters, you may unsubscribe by following the instructions in section 8 below.
We will send you strictly service-related announcements on rare occasions when it is necessary to do so. For instance, if our service is temporarily suspended for maintenance, we might send you an email.
Based upon the Personal Information you provide us, we will send you a welcome email. We will also communicate with you in response to your enquiries, to provide the services you request, and to manage your account. We will communicate with you by email or telephone.
We store information that we collect through log files to create a (registration) “profile” of your preferences. We tie your Personal Information, and e.g. your purchasing and engagement (which pages visited) history, to information in the (registration) profile in order to provide tailored promotions and marketing offers and to improve the content of the Websites for you.
To update or change your profile, please check the profile section of the Websites. See also Section 8 which makes available a link to the Preference Center to make such changes. To delete your profile, please visit the DSR Data Subject Rights Center.
(ii) Information collected automatically on our Websites
Cookies and similar technology
We also store or gather other information automatically and may store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and navigation data.
Cookies and similar technologies are used by SITA so that we can make it easier for you to access our Websites, to understand usage and for other purposes.
(iii) Information provided to us by or collected on behalf of third parties to perform our Services
This information includes, but is not limited to, name and contact details, flight information, passport details, payment information and biometrics which we use to perform our Services.
Where the information is provided by one of our business clients who shares Personal Information with us or instructs us to collect or process Personal Information, their privacy statement may also apply and you should read any privacy notices provided on their sites.
2. Legal Basis
If you are from the European Economic Area, there needs to be a legal basis for the collection and use of the Personal Information described above. This will depend on the Personal Information concerned and the specific context in which the information is collected. We sometimes process Personal Information because we are providing a service to one of our partners and in those circumstances, it will be our partners' responsibility to ensure a legal basis exists.
However, when it is our responsibility to do so, we will normally collect Personal Information about you only (i) where we need the Personal Information to perform a contract, (ii) where the processing is in our legitimate interests and not overridden by your rights, (iii) where we have your consent to do so, or (iv) where we are otherwise authorized under applicable law. In some cases, we may also have a legal obligation to collect Personal Information from you or may otherwise need the Personal Information to protect your vital interests or those of another person.
If we ask you to provide Personal Information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not (as well as of the possible consequences if you do not provide your Personal Information).
If we collect and use your Personal Information in reliance on our legitimate interests (or those of any third party), this interest will normally be to operate our Website or provide our Services and for our legitimate commercial interest, for instance, when responding to your queries, improving our platform, undertaking marketing, or for the purposes of detecting or preventing illegal activities.
3. Personal information sharing and disclosure
Except as provided in this Privacy Statement, we will not share, sell, license, trade or rent any Personal Information to or with any third party without your consent, unless we are required to do so when processing Personal Information under the instructions and on behalf of one of our business clients.
We will share your personal data in the following ways:
- Third party service providers, agents and distributors ("Service Providers"): We may share your information with our service providers who process Personal Information to provide services to us or on our behalf (e.g., to assist us with the functioning of our Websites). We have contracts with our service providers that prohibit them from sharing the personal data about individuals that they collect or that we provide to them with anyone else, or using it for other purposes.
- Group entities: We may share your personal data with other subsidiaries, affiliate companies or agents of the SITA group of entities for the purposes explained above.
- Fraud prevention: We may disclose the personal data we collect about individuals when we believe disclosure is necessary to investigate, prevent, or respond to suspected illegal or fraudulent activity or to protect the safety, rights, or property of us, individuals, or others.
- Law enforcement purposes: If requested or required by government authorities, such as law enforcement authorities, courts, or regulators, or otherwise to comply with the law, we may disclose any information we have about individuals. We also may disclose information collected about an individual in order to exercise or protect legal rights or defend against legal claims.
- Sale or merger of our business: We may transfer your personal data to a third party if we or any of our affiliates are involved in an actual or potential corporate restructuring (e.g., a sale, merger, or other transfer of assets).
- Advertisers and advertising networks: We may share your personal data with advertisers and advertising networks who place ads (including sponsored links in search results) on our Websites.
4. Data transfers
We are a global organization and our information systems are in several countries around the world. This means that we may transfer Personal Information to our subsidiaries, affiliate companies or agents, and also to third parties, which may be located outside the European Economic Area ("EEA"), including for processing an order and providing you with support services. For transfers outside the EEA within the SITA Group we have executed a Data Transfer Agreement (which incorporate the EU's Standard Contractual Clauses). For transfers to third parties outside the SITA Group, we have taken appropriate safeguards to require that the Personal Information we process will remain protected in accordance with this Privacy Statement.
For more information and to obtain a copy of the safeguards we have put in place, please see below under "Contact".
5. Retention of Personal Information
We retain Personal Information we process from you where we have an ongoing legitimate business need to do so (for example, to provide our Website or Services or to comply with applicable legal, tax or accounting requirements, or pursuant to an ongoing service contract). When the information we process is to provide our business partners with a service they have requested, they are normally responsible for the retention.
When we have no ongoing legitimate business need to process certain Personal Information, we will either delete or anonymize it or, if this is not possible (for example, because this Personal Information has been stored in backup archives), then we will securely store this Personal Information and isolate it from any further processing until deletion is possible.
6. How do we keep your information secure?
We take the security of the Personal Information we process seriously and use appropriate technical and organizational measures to protect it against unauthorized processing, disclosure, alteration or damage. The measures we use are designed to provide a level of security appropriate to the risk of processing your Personal Information. However, because no security system can be 100% effective, we cannot completely guarantee the security of any information we may have collected from or about individuals.
7. Links to other sites
These Websites contain links to other sites that are not owned or controlled by SITA. Please be aware that we, SITA, are not responsible for the privacy practices of such other sites.
We encourage you to stay aware when you leave our Websites and to read the privacy statements of each and every website that collects Personal Information.
8. Access to Personal Information and other rights
Where we collect and process your Personal Information in the context of our Website(s), you may access, update and rectify your Personal Information on your profile directly. In some countries (including in the EEA) you may a more general right to access, update or rectify Personal Information as well as have additional rights. You may for example, request that your Personal Information be erased or restricted. In addition, you may have the right to object to the processing of your Personal Information and request to have your Personal Information handed over to you or to another organization (data portability). You may also have the right to complain to a data protection authority about our collection and use of your Personal Information.
You can use the unsubscribe function at any time if you no longer wish to be registered with us. To obtain a copy of your Personal Information, or request the deletion of your account, please visit the DSR Data Subject Rights Center.
To the extent that we process your personal data based on your (initial) consent / opt-in, and not on other legal grounds, we will provide you with the opportunity to ‘opt-out’ later of having your personal data used for certain purposes when we ask for this information. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.
If you no longer wish to receive our marketing communications, you may opt-out of / unsubscribe from receiving them by following the instructions included in each newsletter or communication or via the Preference Center. For all other requests, such as (full) personal data erasure, please visit the DSR Data Subject Rights Center.
Where we process Personal Information in the context of providing our Services to our business partners, they will be normally responsible for responding to your requests with regard to the processing of your Personal Information and you should read any privacy notices provided on their sites.
9. Operational improvement and security
You acknowledge that SITA may create aggregated and anonymized data from the Personal Information supplied as part of the Services or via the Websites, and that such data (the “Anonymized Data”) will no longer be Personal Information. SITA may use the Anonymized Data for purposes of security testing and operational improvement, and to provide other organizations with reports. This provision is subject to all other parts of this document, and SITA shall at all times comply with its obligations under applicable agreements and laws, and follow best practices for research.
10. Changes to this Privacy Statement
From time to time we may update this Statement in response to changing legal, technical or business developments. When we do, we will publish the changes on the Website, as appropriate. If material changes are made to this Statement, we will take appropriate measures to inform you, consistent with the significance of the changes we make. Your continued use of our Services and Websites after the effective date of such changes constitutes your acceptance of such changes.
You can submit any questions or concerns that you may have regarding our Privacy Statement by contacting us at firstname.lastname@example.org
©SITA - last updated: 7 September 2018