Privacy Policy

Smarte Carte Privacy Policy

Effective 7/10/2023

WELCOME!

This Privacy Policy is here to help you understand how we collect, use, disclose, and process your Personal Data (as defined below). We also describe your choices and rights with respect to how we process that Personal Data. Please read this policy carefully.

Your use of our Services indicates your acknowledgment of the practices described in this Privacy Policy.

WHO WE ARE

This is the Privacy Policy (“Privacy Policy”) of Smarte Carte, Inc. (“Company”, “us”, “our”, or “we”), a Delaware Corporation with an address of 4455 White Bear Parkway, St. Paul, MN 55110-7641. You can contact us using the information below.

SCOPE

This Privacy Policy applies to our “Services” which include:

  • our website at smartecarte.com (including any subdomains or mobile versions of the “Corporate Site”); and
  •  any other website or services where we post or reference this Privacy Policy.

This Privacy Policy applies only to our Services. This Privacy Policy does not apply to information processed by other third parties, for example, airports, airlines, and third-party websites or services, unless those parties collect or process information on our behalf. Please review any relevant third party’s privacy policy for information regarding their privacy practices.

COLLECTION AND USE OF PERSONAL DATA

Personal Data We Collect

We may collect and process information that relates to identified or identifiable individuals (“Personal Data”). We collect and process the following categories of Personal Data:

Identity Data – Personal Data about you and your identity, such as your name, employer/company affiliation, and other similar identifiers.

Contact Data – Personal Data used to contact an individual, e.g. email address, physical address, or phone number.

Device Data – Personal Data relating to your device, browser, or application e.g. IP addresses, MAC addresses, identifiers from cookies, session history and similar browsing metadata, and other data generated by your device or browser, including via cookies and similar technologies.

Payment Data – Information such as payment card data and relevant information provided in connection with a financial transaction.

User Content – Any information or content you provide in connection with a request for Airport Services request, e.g. item descriptions and details, images, etc., including any additional Personal Data you may include in the User Content.

Sources of Personal Data

We collect Personal Data from the following sources:

You – We collect Personal Data from you directly, for example, when you input information into an online form, sign up for a list, or contact us directly.

Your Devices – We may collect certain Personal Data automatically from your devices. For example, we collect Device Data automatically using cookies and similar technologies when you use access our Corporate Sites or when you open our marketing communications.

Service Providers – We receive Personal Data from third parties with whom we have a relationship in connection with their performance of services or processing of transactions on our behalf.

Data we create – We (or third parties operating on our behalf) create and infer Personal Data based on our observations or analysis of other Personal Data we process, and we may correlate this data with other data we process about you.

Personal Data Processing Contexts

Lost Item Requests & Ticket Submission

We process Identity Data, Contact Data, Device Data, and User Content when you submit a request (e.g. a lost item request) through our Airport Services (“Request”). Some Requests may require you to pay a fee, in which case we (or our payment services provider) will process Payment Data. We use this Personal Data as necessary to create a Request ticket in our Services and to fulfill, manage, and provide you with important updates about your Request. Payment Data is processed only as necessary to process applicable payments. We will also process this data for certain Business Purposes (described below). We may process this information as appropriate to contact you with updates relating to the status of your Request, or to arrange pickup/delivery, and similar purposes. Where allowed by law, we may also process your Identity Data and Contact Data as described in the Marketing Communications section below.

Marketing Communications

We may process Identity Data, Device Data and Contact Data in connection with email or SMS marketing or promotional communications, which you might receive if you choose to receive marketing communications, or (subject to limitations of applicable law) engage in a transaction allowing us to send you those marketing communications. We may use Identity Data and Contact Data as necessary to customize, deliver, and otherwise process marketing communications, and for other appropriate Business Purposes.

We may also automatically collect Device Data and related Identity Data from devices receiving marketing communications if you open or interact with those marketing communications. We may process such Personal Data as part of our business interests in understanding whether our emails are opened or other aspects of engagement with our marketing communications.

Feedback and Surveys

We generally process Identity Data, Contact Data, and User Content collected in connection with customer surveys or questionnaires. We generally process this Personal Data as necessary to respond to customer requests/concerns, to create aggregate analytics regarding customer satisfaction, and to improve our Services. We may also store and analyze feedback to create Aggregate Data or for other appropriate Business Purposes.

Scheduling/Appointments/Contact Us

When you contact us through the Services using a contact us box, through our chat, via email, to schedule a pickup, or make an appointment, we process Personal Data such as Identity Data, Device Data, and any User Content you provide. We use this Personal Data as necessary to communicate with you about the subject matter of your request and related matters, to arrange a meeting, or otherwise perform the services you request. We may use such Personal Data for marketing purposes where permitted by local laws (see below) and relevant to the subject matter or your inquiry, as well as for appropriate Business Purposes.

Corporate Site, Web Services Portal

Generally

When you access our Corporate Site or Airport Services online, we automatically collect and process Device Data and certain Identity Data (such as your IP address or similar identifiers). We use this data as necessary to initiate or deliver certain features or functions through our Services, such as maintaining sessions, delivering pages, logging activities for security purposes, etc. We use this Personal Data as necessary to provide the Services and features that users use, to carry out users’ requests, and for other appropriate Business Purposes.

Cookies and Similar Tracking Technologies

We, and certain third parties, automatically collect and process Identity Data, Contact Data, Inference Data, and Device Data when you interact with cookies and similar technologies on our Corporate Site and Airport Services webpages. We may receive this data from third parties to the extent allowed by the applicable third party. Please note that the privacy policies of third parties may also apply to certain processing of the Personal Data collected through them.

Subject to your rights and choices, we may use this information as follows:

1. For “essential” or “functional” purposes, such as to enable various features of the Services, such maintaining a session. Strictly necessary cookies may be installed without consent, and you may be unable to limit the collection of data via strictly necessary cookies in order to use our Services.

2. For “analytics” and “personalization” purposes, consistent with our legitimate interests in how the Services are used or performs, how users engage with and navigate through the Services, what sites users visit before visiting our Services, how often they visit our Site, and other similar information, to modify the appearance of the Services to usage history, tailor the Services based on geographic location, and understand characteristics of users in certain locations. For example, we use Google Analytics to better understand who is using the Service and how people are using it. Google Analytics uses cookies to collect and store information such as Service pages visited, places where users click, time spent on each Service page, Internet Protocol address, type of operating system used, location-based data, device ID, search history, gender, age, and phone number. We use this information to improve the Service and as otherwise described in this Privacy Policy. Please see http://www.google.com/policies/privacy/partners/ for information about how Google Analytics uses this information.

3. On our Corporate Site only, for “advertising,” so that you can see advertisements from us or relating to our Services on other websites or devices. These technologies and the data they collect, may be used by advertisers to deliver ads across the internet (including third-party sites and services) that are based on content you have viewed on our Corporate Site. These tracking technologies may also help prevent you from seeing the same advertisements too many times and help us understand whether you have interacted with or viewed ads delivered to you, or to develop similar performance metrics. This collection of Personal Data and the delivery of retargeted ads may take place both on our Site and on third-party websites. For example, third-party advertisers, services, and service providers (such as Google) that participate in an ad network may deliver personalized ads, and collect Personal Data that is linked or linkable to information collected on our Services, to further personalize your ads.

Note: Some of these technologies can be used by us and/or our third-party service providers (e.g. Google) to identify you across Web Services, devices, sites, services, and over time.

Support

We collect and process Identity Data, Contact Data, Transaction Data, and in some cases, Device Data, and User Content (e.g. documentation or descriptions of issues) when you contact us for support. We use this Personal Data as necessary to provide the requested Services, to respond to your request, and to otherwise fulfill our contract with you, as appropriate. We may also process this Personal Data to provide marketing communications and for appropriate Business Purposes.

Business Purposes of Processing

In addition to the specific processing purposes described above, we typically process Personal Data for several general “Business Purposes” related to the day-to-day operation of our business, as follows.

Contractual Necessity; Service Provision

We process any Personal Data as is necessary to provide the Services, and as otherwise necessary to fulfill our contractual obligations to you, e.g. to provide you with the information, features, and services you request. Similarly, we may process payment in relation to billing, invoicing, payment, and other account management functions.

Our Legitimate Interests and Internal Business Purposes

We may process Personal Data (and we may create related Inference Data or other Personal Data), as appropriate in connection with our legitimate interests in carrying out common business functions, e.g.:

  • improving or optimizing the design and functionality of our Services;
  • to develop new features or services;
  • to personalize the Web Services or Services, display, UI/UX elements, or other features of the Services;
  • for customer service purposes;
  • to assess compliance with applicable agreements and laws;
  • for internal reporting and modeling, e.g. to understand what parts of our Services are most relevant to users, how users interact with various aspects of our Services, how our Services perform or fail to perform, etc.;
  • to detect, prevent, and respond to information security risks to the Services or users, e.g. through the creation and analysis of access logs and other relevant metadata, analysis of network traffic, device patterns and characteristics, and similar processing; and
  • to detect and mitigate fraud, and otherwise monitor and ensure the security, availability, and stability of the Services.

Aggregate Data

We process Personal Data as necessary in connection with our legitimate interests in the creation of aggregate analytics relating to how our Services are used, the services our users use most, to create service delivery metrics, and to create other reports regarding the use of our Services, and other similar information. The resulting aggregate data will not contain information from which an individual may be readily identified.

Transactional Communications

To respond to communications, reach out to you about your use or our provision of our Service, your account, to provide other relevant notifications or information, or request information or feedback. From time to time, we may use your Personal Data to send important notices, such as communications about purchases and changes to our terms, conditions, and policies, or other information that relating to the Service to which you are subscribed or that you use.

Security, Safety, and Fraud Prevention

To protect our users and customers, individuals, our employees and Company, for loss prevention, to enforce our contractual rights or remedies, and to prevent fraud.

Corporate Activity

We may process Personal Data as necessary to carry out actual or prospective corporate transactions, e.g. as part of corporate restructuring, mergers, acquisitions, and other similar administrative purposes, including related due diligence.

Compliance and Public Interest

We may also process any Personal Data as necessary to comply with our legal obligations, such as where you exercise your rights under applicable law; for the establishment and defense of legal claims; where we must comply with our legal obligations; lawful requests from appropriate airport or air carrier security, government or law enforcement officials; or as may be required to meet national security or law enforcement requirements, or to prevent illegal activity. We may also process data to protect the vital interests of individuals, or on certain public interest grounds, each to the extent allowed under applicable law.

Other Processing of Personal Data

If we process Personal Data in a context not described in this Privacy Policy, this Privacy Policy will still apply generally (e.g. with respect to individuals’ rights and choices) unless otherwise stated when you provide it.

DATA SHARING

Information we collect may be shared with or made available to a variety of parties, depending upon the purpose for and context in which that information was provided. We generally share data with the parties and in the contexts described below.

Airports and Carriers

We may share certain Personal Data with airports and air carriers located in the airports where our Web Services are offered in order to provide our Services (e.g. for lost and found) or in the event the airport or air carrier has a legitimate interest in or business purpose for receiving the information. For example, we may share your name and contact information with an airport representative in order to verify ownership of a bag, or to arrange shipping or reunification with lost items, or as appropriate to ensure the security of airports, air carriers, related operations, or for other legitimate interests or business purposes of Smarte Carte, its partner airports, and air carriers.

Service Providers

In connection with our general business operations, product/service improvements, to enable certain features, and in connection with our other lawful business interests, we may share Personal Data with processors, service providers, or subprocessors who provide services or process data on our behalf. For example, we may use cloud-based hosting providers to host our Services or disclose information as part of our own internal operations, such as security operations, internal research, etc.)

Corporate Events

Any Personal Data may be processed in the event that we go through a business transition, such as a merger, acquisition, liquidation, sale of all or a portion of our assets, joint venture, securities offering, bankruptcy, reorganization, liquidation, dissolution, or other transaction. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.

Affiliates

In order to streamline certain business operations, share promotions and content we believe would be of interest to you, and develop products and services that better meet the interests and needs of our customers, we may share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies.

Legal Disclosures

In some circumstances, we may, without notice or your consent, disclose your Personal Data, any communications sent or received by you, and any other Personal Data that we may have about you to the extent we believe such disclosure is legally required, in response to a request from airport or air carrier security, the Transportation Security Administration or other government agencies or authorities, as appropriate to prevent or respond to a crime (including in connection with law enforcement, airport security, or national security investigations), to investigate violations of applicable contractual obligations, or when in the vital interests of us or any person. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Data to such parties.

Other Disclosures

We may disclose any Personal Data in accordance with your consent, or on certain public interest grounds. For example, we may process Personal Data as necessary to fulfill our legal obligations, to protect the vital interests of any individuals, for public health, and other matters in the public interest.

YOUR RIGHTS & CHOICES

Your Rights

Generally

You may have certain rights in the Personal Data we process. Please note these rights may vary based on the country or state where you reside, and our obligations under applicable law. To submit a request to exercise your rights under applicable law, you may email us at [email protected].

Rights Request Verification

If you submit a request, we typically must verify your identity to ensure that you have the right to make that request, reduce fraud, and to ensure the security of Personal Data. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf.
We may require that you match personal information we have on file in order to adequately verify your identity. If you have an account, we may require that you log into the account to submit the request as part of the verification process. We may not grant access to certain Personal Data to you if prohibited by law.

Your Choices

You have the following choices regarding the Personal Data we process:

Consent – If you consent to processing, you may withdraw your consent at any time. You may be required to close your account in order to withdraw consent where your consent is necessary to perform essential aspects of our Services.

Marketing Communications – You have the choice to opt – out of or withdraw your consent to marketing communications. You may have a legal right not to receive such messages in certain circumstances, in which case, you will only receive direct marketing communications if you consent. You may exercise your choice via the links in our communications or by contacting us re: direct marketing.

Cookies & Similar Tech – If you do not want information collected through the use of cookies and similar technologies, you can manage/deny cookies and certain similar technologies using your browser’s settings menu. You must opt out of the use of some third-party services directly via the third party. For example, to opt – out of Google’s analytic and marketing services, visit Google Ads Privacy Policy, or you can also opt out of these Google features by downloading and installing Google’s opt – out browser add – on.

SECURITY

We implement and maintain commercially reasonable security measures to secure your Personal Data from unauthorized processing. While we endeavor to protect our Services and your Personal Data unauthorized access, use, modification and disclosure, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others.

DATA RETENTION

We retain Personal Data for so long as it, in our discretion, is necessary to achieve the processing purposes described in this Privacy Policy, and in any event, for so long as is required by law or necessary to provide the Services. We retain information from a Request for 5 years after the Request is closed. We will review retention periods periodically and may sometimes pseudonymize or anonymize data held for longer periods. We may also retain and use your Personal Data as necessary to comply with our legal obligations, resolve disputes, and/or for the period required or permitted by laws in applicable jurisdictions.

MINORS

Our Services are neither directed at nor intended for use by minors under the age of majority in the relevant jurisdiction. Further, we do not knowingly collect Personal Data from such individuals. If we learn that we have inadvertently done so, we will promptly delete it.

FACE ID LOCKER RENTALS

NOTICE OF COLLECTION

Welcome to Smarte Carte Smarte Locke lockers! In order to use the Face ID unlock feature for your Smarte Carte locker (“Locker”), we will collect a scan of your facial geometry, which includes data relating to personal biological characteristics, or information based upon such characteristics (“Biometric Data”). We collect, use, and process your Biometric Data solely for the purpose of associating your facial scan with a specific Locker, and to enable you to unlock your Locker door using our facial recognition system. 

If you pay by credit card, we will collect payment card data (“Payment Data”) in order to process your payment. 

We do not sell Biometric Data or Payment Data, nor use it for advertising or for any commercial purposes. Your Biometric Data will not be shared or disclosed with third parties or used for any other purpose without your consent, except as required by law. Payment Data is processed by our third-party payment processing system. We automatically delete Biometric Data and any personal data associated with your Biometric Data from the Smarte Locke Locker system on a daily basis. We do not retain Payment Data after the payment transaction.

Please note: the Smart Locker Face ID system operates only over local networks, is not connected to the Internet, and is not part of Smarte Carte’s other online services. 

YOUR RIGHTS & CHOICES

Revoking Consent– Use of the facial recognition features of our Lockers is optional, and you may use a PIN code, QR code, or Barcode as an alternative to unlocking your locker. If you elect to use the facial recognition features, you may revoke your consent for Smarte Carte to use your Biometric Data at any time by speaking with a customer service representative. If you choose to revoke consent and you still want to use our Lockers, you will be required to designate and use a pin, QR code, or barcode to unlock your Locker. 

Under the California Consumer Privacy Act (“CCPA”) and other state privacy laws, residents of certain US states may also have the following rights, subject to regional requirements, exceptions, and limitations.

Confirm– Right to confirm whether we process your personal data.

Access/Know– Right to request any of the following: (1) the categories of personal data we have collected, sold/shared, or disclosed for a commercial purpose; (2) the categories of sources from which your personal data was collected; (3) the purposes for which we collected or sold/shared your personal data; (4) the categories of third parties to whom we have sold/shared your personal data, or disclosed it for a business purpose; and (5) the specific pieces of personal data we have collected about you.

Portability– Right to request that we provide certain personal data in a common, portable format.

Deletion– Right to delete certain personal data that we hold about you.

Correction– Right to correct certain personal data that we hold about you.

Non-Discrimination– California residents have the right not to receive discriminatory treatment as a result of their exercise of rights conferred by the CCPA.

To exercise your rights and choices, please contact Smarte Carte at smartecarte.com/contact. Please note, however, that we will be unable to fulfill rights requests with respect to data that has been deleted.

 

CONTACT US

4455 White Bear Parkway
St. Paul, MN 55110-7641
Phone: 651-429-3614
1-800-838-1176 (toll-free)
[email protected]