Disruption, solved.
PROCESSOR PRIVACY POLICY | AviLabs and Plan3
Last updated 28 March 2022.
We are committed to protecting your safety and privacy, and we take our responsibilities regarding the protection of personal information seriously.
-
Who we are
AviLabs is in the business of providing disruption management software and related services to airlines and develops, maintains, operates, and markets a flight monitoring and disruption handling software for the travel industry called Plan3. Therefore, AviLabs is the company behind the Plan3 product.
Any references in this Processor Privacy Policy (the “Processor Policy”) to “AviLabs” “we”, “us” or “our” means AviLabs ehf., a company registered in Iceland with registration number no. 5208192150 and registered office at Nóatún 17, 105 Reykjavik, Iceland.
2. When AviLabs is a Data Processor/Service provider for its Customers
As mentioned above, AviLabs is in the business of providing disruption management software (called Plan3) and related services to airlines or travel companies. AviLabs is therefore a company who provides services to such companies – who are our customers. These companies may upload personal information to the Plan3 product in relation to their passengers or end users. In such cases, our customer is going to be the data controller of such personal data, while AviLabs will be the data processor. As such, AviLabs customers, not AviLabs itself, determine how and why personal data submitted to the Plan3 is used, either by or at the direction of such customers.
Therefore, this Processor Privacy Policy sets out how we go about processing personal data (as data processors) for the purposes of providing the Plan3 service to our customers pursuant to the applicable data processing terms with those customers. In other words, AviLabs, will be processing data as a data processor in relation to individuals who have had their personal information uploaded to the Plan3 product by its customers (i.e. the airline the individuals are travelling with).
We note that as data controllers, our customers are responsible for disclosing the rights of individuals with respect to their personal data and other information regarding the collection and use of that personal data, in accordance with the GDPR (the EU General Data Protection Regulation) and their own privacy policies. As such, we recommend that you visit the controller’s own privacy policy for further information about your relationship with him as well.
3. Scope of this Processor Privacy Policy
This Processor Privacy Policy covers the processing of personal data that AviLabs performs as a data processor for and on behalf of its customers. Insofar as it acts as a data controller, AviLabs processes personal data in accordance with the AviLabs Privacy Policy.
4. Personal data processed under this policy
Avilabs acts as a data processor with respect to any personal data comprised in the data uploaded to Plan3 by the customer.
5. Why we use personal data as a data processor
AviLabs uses the personal data to provide its services, mainly the Plan3 product, to its customers pursuant to the applicable data processing terms with those customers.
6. Disclosure of personal data
AviLabs does not disclose personal data uploaded to Plan3 to third parties except where permitted or requested by its applicable customer, or where required by law.
AviLabs does not sell, rent or lease personal data uploaded to Plan3.
AviLabs may disclose personal data uploaded to Plan3 to its contracted service providers so that they can provide AviLabs with services, such as IT, system administration and hosting, and customer support.
7. How long we keep personal data for
Our data retention depends on the data processing terms with our customers and their choices, type of personal data, purposes of its collection and processing, and applicable law.
8. Protecting personal data
We are committed to protecting the personal data we hold and we have implemented appropriate technical and organisational measures against unauthorised, accidental or unlawful access, loss, destruction or damage of such data. We use standard, industry-wide practices such as firewalls, encryption of data at rest and in transit, and (in certain areas) Secure Socket Layers (“SSL”) to protect such information.
In addition, we only allow access to our employees, agents, contractors or other parties who have a business need to know.
9. Your data protection rights
You have specific rights under the GDPR that allow you to understand and, to certain extent, control how your personal data is processed. You can obtain information about the applicable rights and how to exercise them from the relevant customer that is the data controller of your personal data.
Within the scope of our authorization to do so, AviLabs will work with its customers, the data controllers, to support them in providing their data subjects access to their personal data that AviLabs holds on behalf of its customers. AviLabs will also take steps to enable individuals, in connection with its customers, to correct, amend, or delete personal data that is demonstrated to be inaccurate.
If you have further questions about the collection, retention and use of your personal data, about your choices and rights regarding such collection, retention and use, or wish to exercise your rights under applicable law, you should contact the entity (e.g. the airline that serviced you) that is the data controller of your personal data, as the data controller may be in the best position to resolve your issue. If you decide to send us an enquiry related to the data controller, we will forward any such communications to our customer, provide you with contact information for the customer, and work with the customer to address your questions and/or facilitate your choices and rights as appropriate.
However, if you have questions about our role as a data processor, you are welcome to submit your questions or request in accordance with Section 11 of this Processor Privacy Policy.
10. Updates to this Policy
AviLabs reserves the right to update or modify this Privacy Policy at any time without prior notice. Any updates will be posted on the AviLabs/Plan3 website.
11. Contact information
Questions or comments in relation to this Policy, and/or requests concerning your rights under GDPR, should all be directed to our Data Protection Officer in writing to the following email: dpo@avilabs.is, or to our address: AviLabs ehf., Nóatúni 17, 105 Reykjavík, Iceland.