SITA and its affiliates (“SITA”), are committed to protecting the privacy of California consumers with whom we interact.
This CCPA Privacy Statement is a California-specific supplement to SITA’s general Privacy Statement. The rights set forth in this CCPA Privacy Statement are in addition to any applicable privacy rights set forth in SITA’s general Privacy Statement (such as your ability to unsubscribe from SITA registrations or marketing communications through the SITA preference center).
1. The California Consumer Privacy Act of 2018
The California Consumer Privacy Act of 2018 and its regulations, (Cal. Civ. Code §1798.100 et seq., as amended, “CCPA”) gives California residents (CCPA “consumers”) rights and control over their personal information.
2. What is a CCPA “consumer”?
A CCPA “consumer” is a natural person who resides in California. For the purposes of this Privacy Statement, consumer does not include California-resident job-applicants or SITA employees.
3. What is “personal information”?
"Personal information" is defined as information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or California household. Personal information does not include:
- Publicly available information from government records.
- De-identified or aggregated information.
- Other regulated information that is excluded from the CCPA's scope, such as:
- medical information governed by the California Confidentiality of Medical Information Act (CMIA);
- protected health information collected by a covered entity or business associated governed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA);
- clinical trial data subject to the Federal Policy for the Protection of Human Subjects;
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
4. SITA does not sell any personal information
Personal information subject to the CCPA, is “sold” under the CCPA when it is shared with a third party or another business for monetary or other valuable consideration, and not for an authorized or exempt reason/purpose under CCPA (see the full definition in CCPA §1798.140 (t)(1)).
Under the CCPA, a business that sells California consumers’ personal information to others: 1) must give notice to the consumer before selling their personal information to others; and 2) must provide the right to opt out of the sale of their personal information.
SITA does not sell personal information. Thus, these notification and opt-out requirements do not apply to SITA.
5. SITA as a service provider (not a CCPA business) in relation to passengers and users of SITA tools pursuant to services sold to SITA Customers
SITA provides business-to-business (B2B) services to companies in the transport industry, such as airlines and airports (SITA Customers). Where SITA provides these services it is a CCPA “service provider” to SITA Customers, collecting and processing personal information in connection with the services only on SITA Customers’ behalf.
If you are a passenger/traveler, or a user of SITA-provided tools/software/platforms in the course of your employment with a SITA Customer, and you have any questions about your personal information, SITA advises that you please contact the airline or airport through which you travelled, or your employer, in relation to your personal information and your rights under the CCPA, as SITA’s ability to respond to you as a service provider under CCPA is restricted, and SITA is not the relevant CCPA business in relation to the processing of your personal information.
6. Who does this statement relate to?
This CCPA Privacy Statement relates to you if you are a California resident (a CCPA consumer) and SITA communicates or interacts with you, in relation to the marketing or the potential supply of services to your company that your company does not yet receive (“you” in the following paragraphs). SITA is a CCPA business in relation to your personal information, and not a service provider, and provides you the following disclosures and information, including in relation to your rights under CCPA.
Please note: the CCPA provides exemptions from certain CCPA requirements (including disclosure and consumer rights requirements) in respect of consumer personal information reflecting communications or transactions with employees, contractors, directors, and officers of SITA Customers related to services actually/currently provided to those customers or to SITA’s due diligence on SITA Customers (“B2B communications exemption”), until and including December 31, 2020. If this exemption is removed or amended by the California legislature, SITA will update this Statement to include any relevant disclosures required in connection with B2B communications. Notwithstanding the B2B communications exemption SITA collects and processes such personal information securely in accordance with SITA’s general Privacy Statement.
7. Categories of Personal Information collected and/or disclosed (CCPA “Notice at Collection” information)
The table below outlines the categories of Personal Information (as defined by the CCPA) that we have collected and/or disclosed for a business or commercial purpose in the preceding twelve months. While the examples of Personal Information provided for each category are taken from the CCPA they are included only to help you understand what the categories mean, and more information about our specific practices can be found in SITA’s general Privacy Statement.
|Category||Examples of types of Personal Information within Category||Categories of Sources of information||SITA collects category||SITA discloses category||SITA sells category|
|A. Identifiers||Name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.||Information you provide directly to us or automatically through your interaction with our websites, and vendors’ platforms.||YES||YES||NO|
|B. Categories of Personal Information in Cal. Civ. Code 1798.80(e)||Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Not including publicly available information that is lawfully made available to the general public from federal, state, or local government records.||Information you provide directly to us.||YES||YES||NO|
|C. Characteristics of Protected Classifications under California or Federal Law||Race or color, ancestry or national origin, religion or creed, age (over 40), mental or physical disability, sex (including gender and pregnancy, childbirth, breastfeeding or related medical conditions), sexual orientation, gender identity or expression, medical condition, genetic information, marital status, military and veteran status.||Information you provide directly to us.||YES||YES||NO|
|D. Commercial Information||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||Information you provide directly to us or automatically through your interaction with our websites, and vendors’ platforms.||YES||YES||NO|
|E. Biometric Information||Physiological, biological, or behavioral characteristics, including DNA, that can be used, singly or in combination with each other or with other identifying data, to establish individual identity, such as imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.||N/A||NO||NO||NO|
|F. Internet of Other Electronic Network Activity Information||Browsing history, search history, and information regarding a consumer’s interaction with an internet website, application or advertisement.||Information you provide directly to us or automatically through your interaction with our websites, and vendors’ platforms.||YES||YES||NO|
|G. Geolocation Data||Such as physical location, IP address.||YES||YES||NO|
|H. Sensory Information||Audio, electronic, visual, thermal, olfactory, or similar information.||N/A||NO||NO||NO|
|I. Professional or employment-related information||Job application or resume information, past and current job history, and job performance information||YES||YES||NO|
|J. Non-Public Education Information (as defined in 20 U.S.C. 1232g; 34 C.F.R. Part 99)||Records that are directly related to a student maintained by an educational agency or institution or by a party acting for the agency or institution.||N/A||NO||NO||NO|
|K. Inferences Drawn from Personal Information||Consumer profiles reflecting a consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||YES||YES||NO|
8. SITA’s use of Personal Information (CCPA “Notice at Collection” information)
The CCPA defines various business and commercial purposes for collecting, using, and disclosing Personal Information. While we collect, use, and disclose Personal Information pursuant to SITA’s general Privacy Statement as a whole, SITA wishes to clarify that this includes your Personal Information in accordance with the following specific CCPA business and commercial purposes:
- Auditing related to SITA’s current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
- Debugging to identify and repair errors that impair existing intended functionality.
- Short-term, transient use, in relation to SITA’s current interaction with you.
- Contracting with service providers to perform services on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of SITA.
- Undertaking internal research for technological development and demonstration.
- Undertaking activities to verify or maintain the quality or safety of our services, and to improve, upgrade, or enhance our services.
- Otherwise enabling or effecting, directly or indirectly, a commercial transaction between SITA and your company.
9. SITA’s disclosure of Personal Information (CCPA “Notice at Collection” information)
As also explained in our general Privacy Statement, we share your Personal Information with the following categories of third parties:
- SITA’s service providers, including for data analytics and marketing and advertising our products and services to you.
- Third parties as required to comply with laws and similar disclosures, including but not limited to federal, state or local authorities, judicial or similar authorities in relation to legal claims, and law enforcement agencies where SITA in good faith believes conduct or activity violates applicable laws (in which cases such disclosures are not restricted by the CCPA).
- Third parties in connection with a merger, sale, or asset transfer (in which case such disclosure is not restricted by the CCPA).
- Other third parties for whom we have obtained your permission to disclose your Personal Information.
10. Exercising your rights under CCPA
The CCPA provides California consumers with certain rights related to their personal information as set out below. To submit a request based on these rights, please contact us via our DSR Data Subject Rights Center or at email@example.com or toll-free at 866 588 0497 (enter “0” and then enter the PIN – 777).
When receiving a request, we are required to verify that the individual making the request is actually you before we can fulfill the request. When you submit a request will we will notify you of what information we need to verify your identity (depending on the nature of the request and your personal information). California consumers may exercise their rights themselves or may use an authorized agent to make requests to disclose certain information about the processing of their personal information or to delete personal information on their behalf. If you use an authorized agent to submit a request, we may require that you provide us additional information demonstrating that the agent is acting on your behalf.
We will endeavor to fulfill a verifiable request within 45 days of submission using the methods described above. If we need additional time to fulfill the request, we will let you know in writing why we need more time and how much more time is being requested. The disclosures we provide only cover the 12-month period preceding receipt of your request. Where we are unable to comply with your request, we will explain why we cannot comply.
We will not charge you for responding to your request, unless (in the unlikely event) it is excessive, repetitive, or clearly inappropriate. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Under the CCPA, requests for personal information may only be made a maximum of twice per 12 months period.
11. Subject to applicable law, with respect to your personal information you have the following rights under the CCPA:
Right to know what personal information is being collected, for what purposes and with whom it is shared
You have the right to request from a business disclosure of the categories and specific pieces of personal information it has collected from them in the preceding 12 months, the categories of sources from which such personal information is collected, the business or commercial purpose for collecting or selling such personal information, and the categories of third parties with whom the business shares personal information.
Right to know whether your personal information is sold or disclosed for a business purpose and to whom
You have the right to request from a business that sells or discloses personal information for a business purpose separate lists of the categories of personal information collected, sold or disclosed for a business purpose in the preceding 12 months, including the categories of third parties to whom the personal information was sold or disclosed for a business purpose. SITA does not sell personal information. As required by CCPA regulations, SITA additionally confirms that it has no actual knowledge that it sells any personal information of minors under 16 years of age.
Right to say no to the sale of your personal information
The CCPA requires businesses that sell personal information to allow residents the ability to opt out of the selling of their information. Again, as SITA does not sell personal information, this opt out-right does not apply to you or SITA.
Right to non-discrimination if you exercise your privacy rights
The CCPA prohibits businesses from discriminating against a California consumer for exercising any of their rights under the CCPA, including by:
- denying goods or services to the consumer.
- charging the consumer different prices or rates for goods or services, including through the use of discounts or other benefits or by imposing penalties.
- providing the consumer a different level or quality of goods or services.
- suggesting that the consumer exercising their rights will receive a different price or rate for goods or services or a different level or quality of goods or services.
Right to deletion
California consumers have the right to request that a business delete any of their personal information that the business collected from them, subject to certain exceptions in CCPA §1798.105.
12. Contact for more information
If you have any questions or concerns about SITA’s privacy policies and practices, please contact us at firstname.lastname@example.org.
This SITA CCPA Privacy Statement last updated: 1 May 2020