March 3, 2021
This privacy policy (the "Privacy Policy") describes how Life In The Air, Inc., a Washington State, USA-based company with an office at 800 Bellevue Way NE, Suite 500 / 154, Bellevue, WA, 98004-4289, USA, processes personal information obtained through the Life in the Air service.
We provide our end users with a platform for in-flight services that is available via iOS or Android apps or the web version. We also have a website located at lifeintheair.com (the "App", "Website" and, collectively, the "Service").
This Privacy Policy is prepared in accordance with applicable Canadian legislation (Personal Information Protection and Electronic Documents Act, PIPEDA), the EU General Data Protection Regulation (GDPR) and the best international practices in personal data protection.
Having the greatest respect for your personal information, we have appointed our CEO, Greg Kott, as our Data Protection Officer and person accountable for our information processing policies and practices. You can send any inquiries or complaints to greg.kott@ife.travel or contact our Data Protection Department at support@ife.travel.
We make every effort to make our processing activities transparent and open. Below is the exhaustive list of information we process about you, the purposes we pursue, the third parties we share information with and the timeframes during which we process information.
We always ensure that a valid legal ground for processing personal information is in place, though under different laws such grounds may differ. Below, we provide information on the legal grounds we rely on under the Canadian PIPEDA and the EU GDPR.
Should we later decide to use your information in any other way, we will inform you in advance so that you can exercise your rights as a data subject.
We do not process any sensitive information or special categories of data (e.g. data revealing racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, or genetic and biometric data) or information related to criminal convictions and offences.
We process only the information that you provide to us. The scope of information directly depends on the services you use, i.e. if you do not use any of the features, we do not require or process the corresponding information. However, if you refuse to provide such information, we most likely will not be able to communicate with you and provide the services that require the processing of data.
The legal ground for processing is your consent (clause 4.3 of Schedule 1 of the PIPEDA) or the performance of a contract with you (art. 6(1)(b) of the GDPR).
More details:
| Sub-purpose | Information | Third parties | Period of storage |
|---|---|---|---|
| To identify you | •Name (you can use any name you want, including a pseudonym) •Flight details from the boarding pass you scan (departure and arrival city, booking reference, flight No., date, class, seat No.). •Platform (iOS, Android or web interface) •Access / refresh token | Airline | As long as you have an account (We also store part of this information to meet a legal requirement |
| To serve orders | •Name •Details of the order (order No., ordered item, quantity, time of creation, processing status, total price, cancelled orders, reason for cancellation) •Seat No | Airline | During the flight (We also store part of this information to meet a legal requirement |
| To receive confirmation of payment | • Bank card details •Total price of the order, order No. | Payment service provider | For the payment transaction only unless you opt in to having your payment details stored on your device until you remove it, update it, or delete your account. (We will not have access to your payment details when stored on your device) |
| To send you a payment receipt (if you ask for it) | •Email •Order details •Masked bank card number | No | Up to sending an email to you (We also store part of this information to meet a legal requirement |
| To settle any problems with payment (if arises), return funds | •Order details •Last four digits of your bank card | Payment service provider | Up to settling the problem |
| To provide you with the possibility to communicate with other passengers | •Name •Messages in private and public chats | Airline, The users you communicate with | Three years from the chat date (We also store part of this information to meet a legal requirement |
| To settle any problems with payment (if arises), return funds | •Order details •Last four digits of your bank card | Payment service provider | Up to settling the problem |
| To provide you with the possibility to share information about yourself with other passengers | •Name •Job information •Photo •Languages you speak. •Status (ready to chat / not) | Airline, Other users (if the status of your profile is not private) | As long as you have an account |
| To send you service-related email | No | As long as you have an account |
Like most online service providers, we use certain analytical technologies to help us to make the App and the Website meet your needs by analysing which features are most popular, counting visitors to pages and analysing which pages are visited.
We do not match the data with other data sources to reveal your identity, nor do we use the data for direct marketing.
The legal ground for processing is your consent (clause 4.3 of Schedule 1 of the PIPEDA) or our legitimate interest to improve the Service (art. 6(1)(f) of the GDPR). If you want to opt out from the processing of analytical cookies and information on your interaction with the App, please email us at email. You may also alter the security settings of your web browser.
More details:
| Sub-purpose | Information | Third parties | Period of storage |
|---|---|---|---|
| To improve the App and make it more user friendly | • Log files of your interaction with the App (see the full list of possible events and user properties collected by Google Analytics for Firebase in iOS, Android App) | Google, LLC (Google Analytics for Firebase) | Up to 60 days (in line with Google’s data retention policy) |
| To improve the Website and make it more user friendly | •Cookie files: _ga_gid to distinguish users _gat to throttle request rate •Access / refresh token •Website language | Google LLC (Google Analytics) | Up to 38 months, depending on the cookie type (in line with Google’s data retention policy) |
| To provide customer service and to improve the service | Name, email, telephone number, Airline name, Airline flight seat number | Zendesk, Inc. | Up to 36 months after user’s last use of the services |
We process some personal information to comply with applicable legislation (including US law) and to settle legal claims which may arise in connection with the Service, as well as to ensure the possibility to execute regulatory requests and directives from the authorities.
The legal ground for processing is your consent (clause 4.3 of Schedule 1 of the PIPEDA) or our legitimate interest in complying with non-EU legislation applicable to us (art. 6(1)(f) of the GDPR).
More Details:
| Sub-purpose | Information | Third parties | Period of storage |
|---|---|---|---|
| To comply with legislation, settle possible legal claims and execute regulatory requests and directives | •Name •Your orders and confirmation of payment •Confirmation that payment receipt was sent •Email •Your messages in private and public chats •Other information required to resolve a claim | Agencies, authorities, courts and government bodies requiring provision of the information | Three years from the date of the order / chat or claim / regulatory request (if arises) |
You may separately opt-in during use of the services to a one-time email communication from us in order to receive promotional information and/or news about a product or service you are interest in.
Further, you may be given the opportunity to provide your email address to third-parties who will provide you with promotional offers and in which case additional terms and conditions will be provided to you at the time of your opt-in to such communications. If you chose to provide your email address to any third party companies then you should contact such third parties with any questions about their privacy policies and security practices.
You may also provide your email address on our website in order to be contacted in order to learn more about our Services.
Where we are required to have a legal basis for this processing of your personal data, we rely upon consent. if you have any questions about promotional information and emails please email us at support@ife.travel.
To provide the Service, we share part of your information with the following parties as described above:
As a US-based company, we must comply with US legislation and cannot exclude the possibility that we receive and comply with information access requests from US or foreign governments, courts, law enforcement officials and national security authorities, with respect to our users. In such cases, we may disclose your information to the requestor.
Some information specified in p. 1 above is available in your profile. You can access and update your personal information on your own there. You can also access history of your purchases at Purchases page.
Subject to applicable legislation, you also have the full legal right to:
We will do our best to fulfil your request in the shortest possible time and in line with applicable legislation. However, in some cases, we may be required to continue storing information for regulatory purposes even though you require us to delete it. Should this be the case, we will inform you about such storage.
We do not use your personal information for any automated decision making covered by article 22 of the GDPR.
If you are not satisfied with our personal information processing activities and/or have any other complaints, please contact our Data Protection Officer or Data Protection Department (contact details can be found here).
You also have the full legal right to lodge a complaint with a supervisory authority. If you are in Canada, you may contact the Office of the Privacy Commissioner of Canada. If you are in the EU, you can find your National Data Protection Authority here.
You may adjust your browser settings to stop your device receiving and storing cookies, to allow receiving and storing cookies from selected websites only, or to be notified before receiving cookies. Please note, however, that these settings may have negative effects on the usability and user guidance of websites and other online services. You may delete cookies stored in your browser at any time. Information stored in such cookies will be removed from your device.
More information about cookies, including how to see what cookies have been set and how to manage and delete them is available here: https://www.cookiesandyou.com/.
No one can guarantee that information transmission over the Internet or the methods used for electronic storage are 100% secure. Bear this in mind before submitting any information about yourself.
However, the security of your personal information is one of our top priorities. We protect personal information in a manner appropriate for the sensitivity of the information. We make every reasonable effort to prevent any loss, misuse, disclosure or modification of personal information, as well as any unauthorised access to personal information. For this purpose, we have implemented a number of measures, including the following safeguards:
We use Google Cloud to store the data. Google has designed the security of its infrastructure in layers that build upon one another, from the physical security of data centers, to the security protections of hardware and software, to the processes used to support operational security. This layered protection creates a strong security foundation. A full list of security measures undertaken by Google Cloud can be found here.
Copies of this Privacy Policy and other related policies are available upon request.
We store your personal information for the entire period you use the Service and for the period necessary to be compliant with US legislative requirements to which we are subject, as well as to settle possible legal claims.
The timeframes for information processing are specified Section 1. After the expiration of those timeframes, we retain only aggregated reporting and statistical data (e.g. overall number of users, total amount of orders, high-level breakdown of preferences). It impossible to directly or indirectly identify you based on these data.
If you delete your account in the App or on the Website, we will also delete the corresponding information on our servers (except for the information that we have to store to meet legal requirements.
First, all the information you enter in the App or on the Website is collected in the local database placed on the aircraft. Then it is synchronised with a Google Cloud database where the data is further stored.
Google Cloud servers are located worldwide and data are stored in Google's network of geographically distributed data centres (see Google's website for more details). The information may be processed outside of your local state or outside of Canada and the EU, including in the US, where we are headquartered.
Data protection and other laws in different countries might not be as comprehensive as those in your country, but please be assured that we have taken steps to ensure that your privacy is protected. With respect to the data of EU users, we ensure that there are appropriate safeguards as set forth in Article 46 of the GDPR (e.g. standard data protection clauses regarding a party storing or otherwise accessing data are in place), or we rely on derogations for specific situations as set forth in Article 49 of the GDPR, i.e. the performance of a contract with you.
We have the greatest respect for your personal information. During the collection and processing of your personal information, we strictly adhere to the best business practices and principles of applicable legislation, including:
The App and Website are for a general audience and are not directed at anyone under the age of 16. Should a child whom we know to be under 16 send personal information to us, we will use that information only to respond directly to that child to inform him or her that we must have parental consent before processing their personal information.
We reserve the right to modify our Privacy Policy at any time. If we decide to do so, we will notify you in one of the following ways:
If there is a breach with respect to information subject to the Canadian PIPEDA and such breach creates a real risk of significant harm to you, we will without undue delay notify the competent supervisory authority of the breach.
If a breach occurs that results in a risk to your rights and freedoms with respect to information subject to the EU GDPR that results in a risk to your rights and freedoms, we will without undue delay and where feasible notify the competent supervisory authority of the breach within 72 hours after having become aware of it.
If a breach is likely to result in a high risk (real risk of significant harm) to your rights and freedoms, we will notify you in the following way:
There are links to other websites in the App and on the Website. They are provided for your convenience only. This Privacy Policy does not cover, nor we are responsible for, any processing activities performed on these other websites. Namely, we are not responsible for processing personal data on other pages.