ATLANTIC AVIATION's Commitment to Privacy
A. What is Personal Information?
Personal information is information that identifies an individual or that can be reasonably associated with a specific person or entity, such as a name, contact information, Internet (IP) address and information about an individual's purchases and online activities.
B. Collection of Personal Information
We collect the personal information that you provide us, such as when you:
- Create a user profile on http://atlanticaviation.com;
- Enroll in the Atlantic Aviation Awards Program ("Program");
- Contact us for any reason; or
- Participate in a survey or promotion.
We may automatically collect some information when you visit our website, such as your computer's IP address and operating system, the site from which you linked to us, your site activity, and the time and date of your visit. This information may be collected through the use of "cookies" and web beacons. We also receive information from third parties who help us correct our records, prevent fraud, and provide customer services or special promotions or products. We may combine any of this information with the other personal information we maintain about you.
C. Use of Personal Information by ATLANTIC AVIATION
The personal information we collect is generally used to process your requests or transactions, provide you with high-quality service, tell you about opportunities we think will be of interest and administer your account, including distribution of our own surveys and publications. For example, we may:
- Communicate membership opportunities and programs; and
- Provide you with promotional information about other Atlantic Aviation products and services ("Promotional Information").
D. Sharing of Personal Information
We share information in these circumstances:
Processing and issuance of Award Certificates and Program Cards.
We may provide to a third party information as necessary to fulfill a request for Awards Certificate and/or Program Card you have placed with us. Please note that we give suppliers, and others involved in the distribution chain only the information needed to provide you the products or services you order, and we require them to keep the information confidential and not to use it for other purposes. We are not responsible for any information you provide directly to these parties, and we encourage you to become familiar with their practices before disclosing information directly to them.
We may contract with others to perform services on our behalf. If any of these service providers need access to your personal information, we require them to use it only to perform the services for us. We also require that they maintain the confidentiality of the information and/or return the information to us when they no longer need it.
E. Other Uses and Disclosures
In addition, we may use or disclose personal information in the good faith belief that we are lawfully authorized to do so, or that doing so is reasonably necessary to protect you, to comply with legal process or authorities, to respond to any claims, or to protect the rights, property or personal safety of Atlantic Aviation, our employees, our customers, or the public. Information about Program Participants, including personal information, may be disclosed or transferred as part of, or during negotiations of, any merger or sale of company assets or acquisition.
F. Protection of Personal Information
We have physical, administrative and technical security measures in place to protect personal information from loss, misuse or alteration while it is under our control. We are required to collect, process and maintain payment card information in accordance with the data security rules adopted by credit card companies such as Visa, MasterCard and American Express. This means that we do not retain debit card PINs or credit card security codes, and that any time we maintain a credit card number, such as when you create an online account, we must limit access to it and use strong encryption to protect it. Further, when you enter personal information online, that information is encrypted prior to transmission using a security protocol called SSL (Secure Sockets Layer). We also use SSL to allow you to securely view your online account and registration information.
Online account information is accessible only by using a password. You must keep your password confidential. You are responsible for all uses of http://atlanticaviation.com by anyone using your password. Please advise us immediately by calling 888-213-8060 if you believe your password has been misused.
G. Online Specifics
Information Gathering and Use.
Like most web sites, our servers log your IP address, the URL from which you accessed our site, your browser type, and the date and time of your purchases and other activities. We use this information for system administration, troubleshooting, fraud investigation and communications from Atlantic Aviation (only).
Finally, we use web beacons to determine when and how many times a page has been viewed. Again, we use this information for our own marketing purposes.
Your browser will accept cookies and allow automatic collection of information unless you change the browser default settings. If cookies are disabled the web site will not load properly.
We use third party analytics to help us evaluate our users’ use of Atlantic Aviation websites and applications; compile statistical reports on activity; and improve our content and website performance. We only use these third-party analytics service providers on certain areas of our website, and they are limited in the type of information they can collect and the purpose for which they can process the information.
We do not currently respond to your browser’s Do Not Track signal, and we do not permit third parties other than our analytics service providers to track Atlantic Aviation users’ activity over time on our websites and applications. We do not track your online browsing activity on any other online services.
Links to Other Sites
H. Email Communications
From time to time, we may send you emails regarding updates to our websites, mobile applications or products/services, notices about our organization, or information about products/services we offer (or promotional offers from third parties) that we think may be of interest to you. If you wish to unsubscribe from such emails, simply click the “unsubscribe” link provided at the bottom of the email communication. You may also update your subscriptions by clicking the “unsubscribe preferences” link. Note that you cannot unsubscribe from certain services-related email communications (e.g., account verification, confirmations of transactions, technical or legal notices).
Atlantic Aviation is the owner of all email distribution lists distributed using Atlantic Aviation websites and applications, and Atlantic Aviation is solely responsible for the composition and membership of each list. Atlantic Aviation will not conduct any of the following activities to obtain email distribution lists: harvest emails from web sites; purchase lists (regardless of whether they are opt-in or not); have a pre-checked field on websites/forms; have a subscription form that subscribes users to an unrelated list; add an email address into a list without the consumer’s express permission; send unsolicited mail to newsgroups, message boards, distribution lists, or email addresses; email a consumer who has requested to be removed from your list; and utilize a list older than six (6) months without reconfirming the recipients’ subscriptions.
All Atlantic Aviation subscribers to be used in connection with Atlantic Aviation websites and applications have provided permission to Atlantic Aviation to send them email. An opt-in can occur via either a sign-up form on a web site, at a point-of-sale sign-up form, or on a physical sign-up sheet. Any opt-in form should include a clear description of what will be sent and how often it will be sent. Purchased lists may not be used within Atlantic Aviation’s websites and/or applications, regardless of the source or permission status.
For Canadian recipients, CASL (“Canada’s Anti-Spam Legislation) prohibits spam, malware, spyware, address harvesting, unauthorized alteration of transmission data as well as false and misleading electronic representations. The sender must identify itself and the persons on whose behalf a commercial electronic message is sent. Commercial electronic messages may be sent only to recipients who have given their prior consent (opt-in). All recipients’ express, or in certain cases implied, prior permission is required. When there is a business or non-business relationship, a recipient’s implied consent applies for a period of 36 months.
I. CALIFORNIA PRIVACY RIGHTS
Section 1798.83 of the California Civil Code permits California residents to request from a business, with whom the California resident has an established business relationship, certain information about the types of personal information the business has shared with third parties for those third parties' direct marketing purposes and the names and addresses of the third parties with whom the business has shared such information during the immediately preceding calendar year. You may make one (1) request each year by emailing us at firstname.lastname@example.org or writing us at:
Data Protection Officer
ATTN: Chris Rackard
MIC Global Services
5201 Tennyson Pkwy, Suite 150
Plano, TX 75024
If you are a California resident under age 18 and a registered user of the Service, you may ask us to remove content or information that you have posted to the Service by emailing us at email@example.com. Please note that such removal does not ensure complete or comprehensive removal of the content or information posted (for example, your content or information may remain visible because it was copied and posted or reposted by a third party).
J. Questions or Concerns
If you have any questions or concerns about this privacy statement or would like to contact us for any reason, you can us at 888-213-8060.
K. Changes to this Statement
We may change this privacy statement at any time, but will alert you that changes have been made by indicating at the top of the privacy statement the date it was last updated. We encourage you to review our privacy statement to make sure you understand how your Personal Information will be used. If we make a material change to how we use Personal Information and the new uses are unrelated to uses we disclose in this statement, we will communicate the changes in advance.
The purpose of this policy is to ensure compliance with the data privacy regulations as set forth by the EU General Data Protection Regulation (GDPR).
This policy applies to personal data obtained and processed regarding individuals within the European Union and the European Economic Area (EEA).
Atlantic means Atlantic Aviation FBO Inc., a Delaware corporation, whose address is 5201 Tennyson Parkway, Suite 150, Plano, Texas 75024.
GDPR means General Data Protection Regulation (EU) 2016/679, a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the EEA.
(c) Data Controller
Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information is, or is to be, processed.
(d) Data Processor
Data Processor means any natural or legal person who processes the data on behalf of the Data Controller.
(e) Data Subject
Data Subject is any living individual who is using our services and is the subject of Personal Data.
(f) Personal Data
Personal Data means any information relating to a Data Subject, whereby person can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
This policy applies to all employees of Atlantic Aviation FBO Holdings LLC, (a subsidiary of Macquarie Infrastructure Corporation “MIC”), and its related legal entities in all geographies, business lines and functions.
3. Questions About the Policy.
Questions about this policy should be directed to GDPRHelp@atlanticaviation.com.
Principles for processing personal data Our principles for processing personal data are:
(a) Fairness and lawfulness. When we process Personal Data, the individual rights of the Data Subjects must be protected. All Personal Data must be collected and processed in a legal and fair manner.
(b) Restricted to a specific purpose. The Personal Data of each Data Subject must be processed only for specific purposes.
(c) Transparency. The Data Subject must be informed of how his/her data is being collected, processed and used.
What Personal Data we collect and process
Atlantic collects several different types of Personal Data for various purposes. Personal Data Atlantic may collect may include, but is not limited to:
- First name and last name
- Phone number
- Address, State, Province, ZIP/Postal code, City
- Email address
- Passport number
How we use the personal data
Atlantic uses the collected Personal Data for various purposes:
- To provide the Data Subject with services
- To notify the Data Subject about changes to our services and/or products
- To provide customer support
- To facilitate compliance with government regulations
- To gather analysis or valuable information so that we can improve our services
- To detect, prevent and address technical issues
Legal basis for collecting and processing personal data
Atlantic’s legal basis for collecting and using the personal data described in this Data Protection Policy depends on the personal data we collect and the specific context in which we collect the information:
(a) Atlantic needs to perform a contract with you
(b) You have given Atlantic permission to do so
(c) Processing your personal data is in Atlantic’s legitimate interests
(d) Atlantic needs to comply with the law
When do we collect Personal Data about Data Subjects?
We collect Personal Data about a Data Subjects when the Data Subject uses our services and when the Data Subject uses our website.
For example, we may collect Personal Data about a Data Subject when the Data Subject:
(i) Requests us to book a car or hotel reservation or other products or services;
(ii) Books a flight with a company with which Atlantic does business, who transfers Personal Data to Atlantic in connection with our provision of services;
(iii) Uses one of our customer services managers for help;
(iv) Uses our fixed based operations;
(v) Uses terminals, hangars or offices provided by us or our agents;
(vi) Completes a client survey or provides us with feedback;
(vii) Interacts with us via social media, such as Facebook. In addition, we may receive Personal Data about Data Subjects from third parties, such as:
(viii) Companies that contract with us to provide services to Data Subjects;
(ix) Companies contracted by us to provide services to Data Subjects;
(x) Companies involved in your travel plans, including aircraft operators and customs and immigration authorities;
(xi) Companies such as car rental providers and car hire providers that participate in our services.
Security, storage, and transfer
We are committed to ensuring that Personal Data is secure at all times. We have in place suitable physical, electronic and managerial procedures to safeguard and secure the Personal Data we collect online.
All of our employees and suppliers with access to Personal Data and/or who are associated with the processing of that data are contractually obliged to respect the confidentiality of such Personal Data. All Personal Data will be stored on and processed by our systems and may also be stored on and processed by systems of a third-party data processor(s) appointed by us. The Personal Data that we collect from Data Subjects may be transferred to, and stored at, a destination outside the EEA. It may also be processed by employees operating outside the EEA who work for us or for one of our suppliers. Such employees may be engaged in, amongst other things, the provision of support services. We obtain Personal Data pursuant to the performance of necessary services, as set forth above. We believe that it is in our legitimate interests to do so.
In addition, to the extent that a Data Subject is being presented with this policy to obtain the Data Subject’s consent for us to process and retain Personal Data, by assenting as set forth herein, the Data Subject agrees to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that Personal Data is treated securely and in accordance with this Policy, the GDPR, and any data protection related laws that are applicable to Atlantic.
Retention of personal data
Atlantic will retain the Personal Data of a Data Subject only for as long as is necessary for the purposes set out in this Policy.
Atlantic will retain and use the Data Subject’s information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.
Transmission of information over the internet
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect a Data Subject’s Personal Data, we cannot guarantee the security of such data transmitted to us by a Data Subject. Any such transmission that originates with the Data Subject is at the Data Subject’s risk. Once we have received Personal Data, we will use commercially reasonable procedures and security features to try to prevent unauthorized access.
Data protection rights
Data Subjects have certain data protection rights. Any Data Subject who wishes to be informed what Personal Data we hold about such person and wishes such data to be removed from our systems is instructed to contact GDPRHelp@atlanticaviation.com.
In certain circumstances, Data Subjects have the following data protection rights:
- The right to access, update or to delete the information we have on the Data Subject
- The right of rectification
- The right to object
- The right of restriction
- The right to data portability
- The right to withdraw consent
Withdrawal of Consent
If a Data Subject withdraws consent to the processing of Personal Data of the Data Subject at any time, it may mean we will not be able to provide all or parts of the products or services the Data Subject may have requested from us.
Providing information about someone else
To the extent that a contracting or other third party is providing Personal Data to us about someone else that third party should confirm that the Data Subject has appointed the third party to act for the Data Subject, has consented to the processing of the Data Subject’s Personal Data, and that the third party has informed the Data Subject of our identity, of this Policy, and of the purposes (as set out in this Policy) for which their Personal Data will be processed.
How to access, review, transfer and delete Personal Data
We will make Personal Data available to a Data Subject upon request from the Data Subject. If we are informed that the Personal Data that we hold about the Data Subject is incorrect or is used inappropriately, we will correct, update or delete such data as appropriate. The Data Subject also has other rights such as the right to request from us erasure of personal data or restriction of processing or to object to processing and the right to data portability. For information about how to get access to Personal Data and for exercising the rights set out above, please contact GDPRHelp@atlanticaviation.com.
The Data Subject also has the right to lodge a complaint with a supervisory authority established within the EEA. List of contact details of supervisory authorities within the EEA is available here.
Responsibility for overseeing compliance with the law and corporate Policy rests with Atlantic Aviation management (Atlantic Aviation’s Division Heads), MIC’s Senior Compliance Manager, Atlantic Aviation General Counsel and ultimately the MIC Board of Directors.
If any portion of this Policy is held to be invalid or unenforceable for any reason by a court or governmental authority of competent jurisdiction or by a supervisory authority, then such portion will be deemed to be stricken and the remainder of this Policy shall continue in full force and effect.
Further details about rights of Data Subjects under the GDPR can be accessed here.
The General Data Protection Regulation (EU) 2016/679 ("GDPR") is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. Superseding the Data Protection Directive 95/46/EC, the regulation contains provisions and requirements pertaining to the processing of personal data of individuals (formally called data subjects in the GDPR) inside the EEA, and applies to an enterprise established in the EEA or - regardless of its location and the data subjects' citizenship - that is processing the personal information of data subjects inside the EEA.