1. Application of This Policy.
1.1 This Policy applies to our collection, use, and processing of your personal information. We collect, use and process your personal information when you use our Services. This includes when you use our Website or Application, book flights with us, or communicate with us in any format, and when you interact with our advertising and applications on social media and other third-party sites and applications.
1.2 This Policy does not apply to information collected by any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Website or Application. These companies will have their own privacy policies and you should check these policies to find out how they will use your data.
1.3 Please read this Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is to not use the Services. By accessing or using the Services, you agree to this Policy.
1.5 You should not provide us your information if you do not want your information collected, used or disclosed as described in this Policy.
1.6 If you have questions about this Policy, please contact us at GDPR@xojet.com.
2. Children under the Age of 13
2.1 The Application and the Website are not intended for children under 13 years of age. However, due to the nature of our Services, XO may collect and maintain travel information about children under the age of 13 when necessary to comply with aviation or security regulations, for safety or security reasons or as otherwise necessary for XO to arrange transportation or other Services requested by you.
2.2 We use the information collected about children known to be under age 13 only to provide Services not for any marketing or promotional purposes
2.3 We will disclose personal information about children if required by law, e.g., to comply with a court order or subpoena, or to protect the safety and security of members.
2.4 If you are under age 13, do not use or provide any information through the Application or the Website or through any of their features, do not make any purchases through the Application or the Website, do not use any interactive features of the Application or the Website and do not provide any information about yourself to us, including, but not limited to, your name, address, telephone number, email address or any screen name or user name you may use. If we learn that we have collected or received personal information from a child under age 13 without verification of parental or guardian consent, we will delete that information. If a child under age 13 has provided us with personal information without parental or guardian consent, the parent or guardian may contact us at GDPR@xojet.com.
3. Our processing of Your Personal Data.
This section sets out when, how and why we collect your personal information. Whenever we process your personal information, we are required to have a legal justification for doing so. To find out the legal justification that we rely on when processing your personal information, please see section 10 ("Lawful Bases for Processing").
3.1 Creating and Identifying Your Account. Upon registration with XO, we welcome you to develop a user account to improve and simplify your use of our Services, to customize your experience and to enable us to provide you with more relevant information and communications. We collect several types of information from you to create and identify your account, including your name, telephone number, email address, your mobile device push token identifier, your account user name and password, and other information that you may provide. You may then manage your account and update this information at any time by logging into our Services with your username and password.
3.2 Utilizing and Personalizing the Services. In addition to the information provided by you to create and identify your account, we also ask you to provide additional information when you book a flight or utilize other products or Services offered by XO, including but not limited to: (a) Identification Information to allow us to verify your identity, including your date of birth, address and driving license number, passport number or other national identification number; (b) Payment Details that you provide to us to process payments, including your card number, account number, sort code, expiry date and security code; (c) Flight Information. that you provide to us relating to your flight, including your passport details and other information that may be required to pass through border controls; (d) Health and Medical Information. that you provide to us so that we can ensure that you have a safe and comfortable flight, such as your weight, any disabilities that you may have or dietary requirements; and (e) Correspondence with or about you such as letters or emails regarding any complaints that you may have concerning our Services.
3.3 We use all of the information listed in Sections 3.1 and 3.2 to provide you with products and Services. In particular, we use this information for one or more of the following reasons: To allow us to manage our relationship with you and to allow us to contact you to keep you informed of your bookings and other requests, such as requests to change your booking details; To contact you with reminders regarding your bookings and your flight via in-app messaging, SMS and/or email (e.g. check-in or gate change information), to notify you of any disruption to your flight (e.g. if your flight is delayed or cancelled), or to advise you of the availability of catering or other inflight services requested by you; To verify your identity where we are required to do so; To process payments for the Services we provide to you, including processing your membership fees and payments due in relation to flights that you book, and to process any refunds that may be due to you; To allow flight operators to calculate luggage allowances for a specific flight and to ensure they are able to balance the aircraft, and to ensure they are aware of any disabilities or dietary requirements; To ensure that you are able to successfully board your flight, you have a safe and comfortable flight and to enable you to navigate border control; To investigate and respond to and resolve complaints concerning our Services, or to provide you with customer support in order to assist you; To allow us to respond to any of the rights you have, or to comply with any of the rights that you have exercised; To send relevant marketing information to you where you have consented to receiving it.
3.4 Automatic Data Collection. In addition to the personal information we collect from you, as you navigate through, interact with and use our Services, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions and patterns, including:
3.4.1 Device IDs. A device ID (device identification) is a unique device identification associated with a mobile device. It may be possible to limit device ID tracking by adjusting the settings on your mobile device. However, if limit device ID tracking you may be unable to access the Application or certain features in the Application.
3.4.2 Geolocation Tracking. Mobile devices contain a GPS (global positioning system) chip that uses satellite data to calculate your geolocation. It may be possible to disable geolocation tracking by turning off the location feature in the settings on your mobile device. However, if you disable location tracking you may be unable to access the Application or certain features in the Application.
3.4.3 Cookies. A cookie is a small file placed on your computer or mobile device. It may be possible to refuse to accept cookies by adjusting the settings on your browser or mobile device. However, if you select this setting you may be unable to access the Application or the Website or certain features in the Application or the Website.
3.4.4 Web Beacons. Pages of the Website, the Application and electronic communications may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit XO, for example, to count users who have visited those pages or opened a message and for other related statistics (for example, recording the popularity of certain content and verifying system and server integrity). Some web beacons may be disabled by adjusting the settings in your browser or email settings or by installing browser add-ons. However, if you disable web beacons, you may be unable to access the Application or the Website or certain features in the Application or the Website.
3.4.5 Server Logs. A server log is a log file (or several files) that are automatically created and maintained by a server that track activities performed. Server logs cannot be disabled by users.
We use the information listed in this section to troubleshoot application errors and to provide you with the most up to date application and features, to collect information about your activities over time and across third-party websites or other online services (behavioural tracking), to improve the Application and the Website and to deliver better and more personalized Services, and to determine relevant flights, products, services, and promotions that you may be interested in (for example, this data allows us to use your location to send you push notifications about what is going on around you), and for purposes of analytics and flight scheduling, such as to calculate your charter fare.
3.5 Your User Contributions. You also may provide information to be published or displayed (hereinafter, "posted") on public areas of the Application or the Website, or to be transmitted to other users of the Application or the Website or third parties (collectively, "User Contributions"). Your User Contributions are posted on and transmitted to others at your own risk. We cannot control the actions of other users of the Application or the Website with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.
3.6 Information That You Provide About Others. In certain circumstances we may collect other people's information from you, such as where you book flights for other people - we will require you to provide their name, date of birth and passport information. Where you provide other people's personal information, it is your responsibility to ensure that those people are happy for you to share their personal information with us, and to make them aware of how and why we use their personal information by telling them about the information contained within this Policy.
When you visit our Website or Application, we collect certain information by automated means using cookies. Cookies are small text files stored on your device when you visit a website. For more information on the cookies that we use please read our Cookies Policy.
5. How We Share Your Information.
5.1 Sharing with Third-Parties. We may share your information with the following third parties: (a) our subsidiaries and affiliates to enable us to operate and manage our business and whom may provide certain services to us or you from time to time; (b) to providers of professional services who provide certain services to us, such as consultancy, banking, legal, insurance and accounting services; (c) to service providers who we use to support our business and allow us to provide the Services to you, including third parties who: operate aircrafts on our behalf to enable us to provide the flights we offer you, who provide food and beverage services and other services you ask us to provide through our concierge team, perform certain searches for us (including searches of public records), including to enable us to verify your identity and to perform fraud protection and credit risk searches, process payments on our behalf, provide our IT infrastructure, provide IT services to us such as data storage services, data analytics and hosting services, provide service and maintenance services to us to ensure that our Website and Application work properly; (d) to event partners who organise or provide services at an event on our behalf; and (e) to social media, advertising and other companies who we use to provide you with information about our Services and to measure the performance of our advertising campaigns.
5.3 If you have any questions relating to how we share your personal information, or if you would like further details on the information we share with the parties above, please contact us at GDPR@xojet.com.
6. Transfer of Your Information to Other Countries.
6.1 In certain circumstances, we may transfer your personal information to a third country outside of the EEA, such as United States. Whenever we transfer your personal information to a third country, we will only do so if an adequate level of protection is afforded to it by ensuring that at least one of the following safeguards is implemented:
6.1.1 The country to which your personal information will be transferred has been deemed by the European Commission to provide an adequate level of protection for personal information;
6.1.2 Where we have put in place specific contracts with the party to whom we will transfer your personal information that include the EU Standard Contractual Clauses; or
6.1.3 Where the third party to whom we are transferring the personal information is based in the US, they are part of the Privacy Shield.
6.2 If you have any questions relating to transfers of your personal information, or you would like to obtain information on the specific safeguards in place in relation to transfer to a particular third party or third country, please contact us at GDPR@xojet.com.
7. Our Retention of Your Data.
7.1 We will only retain your information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of providing Services to you, and for satisfying any legal, regulatory, tax, accounting or reporting requirements.
7.2 We will retain the information that we collect about you while you are utilizing JetSmarter's services and accessing the Application and, unless we are required to keep your information for longer to comply with any legal, regulatory, tax, accounting or reporting requirements, we will delete it [within 5 years of your last Application access.
7.3 In certain circumstances you have the right to ask us to delete your data sooner (see "Your Choices and Rights" below). Following receipt of such a request, we will delete all of the information that we are not required to retain.
7.4 If you have any questions or queries about the retention period for certain information, you can simply contact us at GDPR@xojet.com.
8. Your Choices and Rights.
8.1 Your Choices. Where we rely on your consent to enable us to process your information, you can withdraw it at any time by doing the following:
8.1.1 To change your marketing preferences or to stop receiving marketing, or for any other situation where we have obtained your consent to process your information, contact us at GDPR@xojet.com.
8.1.2 To disable location tracking and push notifications, you can change the settings on your device. To stop push notifications, you will need to use your browser settings.
8.1.3 You can also choose not to provide us with any information; however, it may be needed to utilize the Services, and, where you do not provide us with the information we have requested, we may not be able to perform the terms of a contract we have with your or to provide you with the Services.
8.2 Your Rights. You also have rights over how your personal information is used, including:
8.2.1 The right to object to our processing of your data where we are relying on a legitimate interest to process your information and there is something about your particular situation that makes you want to object to processing on this ground as you feel it impacts on your rights and freedoms. This includes where we make automated decisions about you without any human intervention in the process, or where we process your information for direct marketing purposes;
8.2.2 The right to request that your information be erased where there is no good reason for us continuing to process it;
8.2.3 The right to restrict us from processing your information further in certain circumstances, such as where you want us to establish the data's accuracy or the reason for us processing it;
8.2.4 The right to obtain information regarding the processing of your personal data and the right to receive a copy of the information we hold about you;
8.2.5 The right to have some of the data you provide to us sent to a new provider in a standard format in certain circumstances; and
8.2.6 The right to correct, amend, or update information that is inaccurate or incomplete (where you have an account with us, you can also do this by logging in and updating your information).
8.2.7 You can obtain further information about your rights from your local supervisory authority. The supervisory authority in the UK is the Information Commission's Office and further information can be found at www.ico.org.uk or via its telephone helpline +44(0)303 123 1113.
8.2.8 You also have the right to lodge a complaint with a supervisory authority if you are not happy with how we handle your information; although we encourage you to try to resolve any complaints directly with us before doing so by contacting us at GDPR@xojet.com.
9. Exercising Your Rights (Including Correcting and Deleting Your Information).
9.1 You may send us an email at GDPR@xojet.com to exercise any of your rights described above. Please note that, while we will carefully assess every request we receive, we may not always be able to comply with your request. When this happens, we will explain why. For example, we may not accommodate a request to change or delete information if we believe it would violate any law or legal requirement or where we require the information to exercise or defend legal claims. We also may not accommodate a request to change information if we believe the change would cause the information to be incorrect, and If you ask us to delete your User Contributions from the Application or the Website, copies of your User Contributions may remain viewable in cached and archived pages or might have been copied or stored by other users of the Application or the Website.
9.2 Please note that if you exercise certain rights, it may have an effect on our ability to provide you with the Services you have requested. For example, we cannot delete your personal information except by also deleting your user account (which may result in cancellation of your membership); and we are not able to provide you with a flight booking where you do not provide us with your name, date of birth and passport information.
10. Security and Confidentiality.
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to our Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We also urge you to be careful about giving out or posting your information in public areas like message boards as the information you share in public areas may be viewed by other users. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to the Application or the Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures.
11. Lawful Bases For Processing.
We will only collect and process personal information about you if we have a lawful reason to do so. The lawful reason we rely upon to process your personal information will generally be one of the following:
11.1 Where we need to process your personal information to perform the contract we are about to enter into or have already entered into with you;
11.2 Where it is necessary for our legitimate interests in operating our business lawfully and effectively, managing our relationship with and providing Services to you, and to ensure the safety of our customers and other third parties; or
11.3 In certain circumstances, such as where we provide you with marketing information, where we use geolocation tracking, or where we process special category personal information (e.g. information relating to your health), where you have given your consent to us doing so.
Where we rely on your consent to process your personal information, you have the right to refuse to give your consent or to withdraw your consent at any time. For more information on how you can withdraw your consent please see section 8.1 ("Your Choices") above. If you have any questions or queries about the lawful reasons upon which we collect and use your personal information, please contact us at GDPR@xojet.com.
We may update this Policy to reflect changes to our information practices. Such changes will be effective upon posting on the Application and the Website, unless we make significant changes to the Policy where we will notify you before they become effective. We encourage you to periodically review this page for the latest information on our information practices.
13. Questions and Contact Details.
If you have any questions about this Policy, or our approach to privacy, please contact us by mail at XO Global LLC., 500 E Broward Blvd., 19th Floor, Fort Lauderdale, FL 33394 or via email at GDPR@xojet.com. You can also contact XO Global LLC’s representative within the EU for the purposes of Article 27, via email at Stewart.Haynes@vistaglobal.com.