WHO WE ARE
- our website at smartecarte.com (including any subdomains or mobile versions of the “Corporate Site”); and
COLLECTION AND USE OF PERSONAL DATA
Personal Data We Collect
We may collect and process information that relates to identified or identifiable individuals (“Personal Data”). We collect and process the following categories of Personal Data:
Identity Data – Personal Data about you and your identity, such as your name, employer/company affiliation, and other similar identifiers.
Contact Data – Personal Data used to contact an individual, e.g. email address, physical address, or phone number.
Device Data – Personal Data relating to your device, browser, or application e.g. IP addresses, MAC addresses, identifiers from cookies, session history and similar browsing metadata, and other data generated by your device or browser, including via cookies and similar technologies.
Payment Data – Information such as payment card data and relevant information provided in connection with a financial transaction.
User Content – Any information or content you provide in connection with a request for Airport Services request, e.g. item descriptions and details, images, etc., including any additional Personal Data you may include in the User Content.
Sources of Personal Data
We collect Personal Data from the following sources:
You – We collect Personal Data from you directly, for example, when you input information into an online form, sign up for a list, or contact us directly.
Your Devices – We may collect certain Personal Data automatically from your devices. For example, we collect Device Data automatically using cookies and similar technologies when you use access our Corporate Sites or when you open our marketing communications.
Service Providers – We receive Personal Data from third parties with whom we have a relationship in connection with their performance of services or processing of transactions on our behalf.
Data we create – We (or third parties operating on our behalf) create and infer Personal Data based on our observations or analysis of other Personal Data we process, and we may correlate this data with other data we process about you.
Personal Data Processing Contexts
Lost Item Requests & Ticket Submission
We process Identity Data, Contact Data, Device Data, and User Content when you submit a request (e.g. a lost item request) through our Airport Services (“Request”). Some Requests may require you to pay a fee, in which case we (or our payment services provider) will process Payment Data. We use this Personal Data as necessary to create a Request ticket in our Services and to fulfill, manage, and provide you with important updates about your Request. Payment Data is processed only as necessary to process applicable payments. We will also process this data for certain Business Purposes (described below). We may process this information as appropriate to contact you with updates relating to the status of your Request, or to arrange pickup/delivery, and similar purposes. Where allowed by law, we may also process your Identity Data and Contact Data as described in the Marketing Communications section below.
We may process Identity Data, Device Data and Contact Data in connection with email or SMS marketing or promotional communications, which you might receive if you choose to receive marketing communications, or (subject to limitations of applicable law) engage in a transaction allowing us to send you those marketing communications. We may use Identity Data and Contact Data as necessary to customize, deliver, and otherwise process marketing communications, and for other appropriate Business Purposes.
We may also automatically collect Device Data and related Identity Data from devices receiving marketing communications if you open or interact with those marketing communications. We may process such Personal Data as part of our business interests in understanding whether our emails are opened or other aspects of engagement with our marketing communications.
Feedback and Surveys
We generally process Identity Data, Contact Data, and User Content collected in connection with customer surveys or questionnaires. We generally process this Personal Data as necessary to respond to customer requests/concerns, to create aggregate analytics regarding customer satisfaction, and to improve our Services. We may also store and analyze feedback to create Aggregate Data or for other appropriate Business Purposes.
When you contact us through the Services using a contact us box, through our chat, via email, to schedule a pickup, or make an appointment, we process Personal Data such as Identity Data, Device Data, and any User Content you provide. We use this Personal Data as necessary to communicate with you about the subject matter of your request and related matters, to arrange a meeting, or otherwise perform the services you request. We may use such Personal Data for marketing purposes where permitted by local laws (see below) and relevant to the subject matter or your inquiry, as well as for appropriate Business Purposes.
Corporate Site, Web Services Portal
When you access our Corporate Site or Airport Services online, we automatically collect and process Device Data and certain Identity Data (such as your IP address or similar identifiers). We use this data as necessary to initiate or deliver certain features or functions through our Services, such as maintaining sessions, delivering pages, logging activities for security purposes, etc. We use this Personal Data as necessary to provide the Services and features that users use, to carry out users’ requests, and for other appropriate Business Purposes.
Cookies and Similar Tracking Technologies
We, and certain third parties, automatically collect and process Identity Data, Contact Data, Inference Data, and Device Data when you interact with cookies and similar technologies on our Corporate Site and Airport Services webpages. We may receive this data from third parties to the extent allowed by the applicable third party. Please note that the privacy policies of third parties may also apply to certain processing of the Personal Data collected through them.
Subject to your rights and choices, we may use this information as follows:
1. For “essential” or “functional” purposes, such as to enable various features of the Services, such maintaining a session. Strictly necessary cookies may be installed without consent, and you may be unable to limit the collection of data via strictly necessary cookies in order to use our Services.
3. On our Corporate Site only, for “advertising,” so that you can see advertisements from us or relating to our Services on other websites or devices. These technologies and the data they collect, may be used by advertisers to deliver ads across the internet (including third-party sites and services) that are based on content you have viewed on our Corporate Site. These tracking technologies may also help prevent you from seeing the same advertisements too many times and help us understand whether you have interacted with or viewed ads delivered to you, or to develop similar performance metrics. This collection of Personal Data and the delivery of retargeted ads may take place both on our Site and on third-party websites. For example, third-party advertisers, services, and service providers (such as Google) that participate in an ad network may deliver personalized ads, and collect Personal Data that is linked or linkable to information collected on our Services, to further personalize your ads.
Note: Some of these technologies can be used by us and/or our third-party service providers (e.g. Google) to identify you across Web Services, devices, sites, services, and over time.
We collect and process Identity Data, Contact Data, Transaction Data, and in some cases, Device Data, and User Content (e.g. documentation or descriptions of issues) when you contact us for support. We use this Personal Data as necessary to provide the requested Services, to respond to your request, and to otherwise fulfill our contract with you, as appropriate. We may also process this Personal Data to provide marketing communications and for appropriate Business Purposes.
Business Purposes of Processing
In addition to the specific processing purposes described above, we typically process Personal Data for several general “Business Purposes” related to the day-to-day operation of our business, as follows.
Contractual Necessity; Service Provision
We process any Personal Data as is necessary to provide the Services, and as otherwise necessary to fulfill our contractual obligations to you, e.g. to provide you with the information, features, and services you request. Similarly, we may process payment in relation to billing, invoicing, payment, and other account management functions.
Our Legitimate Interests and Internal Business Purposes
We may process Personal Data (and we may create related Inference Data or other Personal Data), as appropriate in connection with our legitimate interests in carrying out common business functions, e.g.:
- improving or optimizing the design and functionality of our Services;
- to develop new features or services;
- to personalize the Web Services or Services, display, UI/UX elements, or other features of the Services;
- for customer service purposes;
- to assess compliance with applicable agreements and laws;
- for internal reporting and modeling, e.g. to understand what parts of our Services are most relevant to users, how users interact with various aspects of our Services, how our Services perform or fail to perform, etc.;
- to detect, prevent, and respond to information security risks to the Services or users, e.g. through the creation and analysis of access logs and other relevant metadata, analysis of network traffic, device patterns and characteristics, and similar processing; and
- to detect and mitigate fraud, and otherwise monitor and ensure the security, availability, and stability of the Services.
We process Personal Data as necessary in connection with our legitimate interests in the creation of aggregate analytics relating to how our Services are used, the services our users use most, to create service delivery metrics, and to create other reports regarding the use of our Services, and other similar information. The resulting aggregate data will not contain information from which an individual may be readily identified.
To respond to communications, reach out to you about your use or our provision of our Service, your account, to provide other relevant notifications or information, or request information or feedback. From time to time, we may use your Personal Data to send important notices, such as communications about purchases and changes to our terms, conditions, and policies, or other information that relating to the Service to which you are subscribed or that you use.
Security, Safety, and Fraud Prevention
To protect our users and customers, individuals, our employees and Company, for loss prevention, to enforce our contractual rights or remedies, and to prevent fraud.
We may process Personal Data as necessary to carry out actual or prospective corporate transactions, e.g. as part of corporate restructuring, mergers, acquisitions, and other similar administrative purposes, including related due diligence.
Compliance and Public Interest
We may also process any Personal Data as necessary to comply with our legal obligations, such as where you exercise your rights under applicable law; for the establishment and defense of legal claims; where we must comply with our legal obligations; lawful requests from appropriate airport or air carrier security, government or law enforcement officials; or as may be required to meet national security or law enforcement requirements, or to prevent illegal activity. We may also process data to protect the vital interests of individuals, or on certain public interest grounds, each to the extent allowed under applicable law.
Other Processing of Personal Data
Information we collect may be shared with or made available to a variety of parties, depending upon the purpose for and context in which that information was provided. We generally share data with the parties and in the contexts described below.
Airports and Carriers
We may share certain Personal Data with airports and air carriers located in the airports where our Web Services are offered in order to provide our Services (e.g. for lost and found) or in the event the airport or air carrier has a legitimate interest in or business purpose for receiving the information. For example, we may share your name and contact information with an airport representative in order to verify ownership of a bag, or to arrange shipping or reunification with lost items, or as appropriate to ensure the security of airports, air carriers, related operations, or for other legitimate interests or business purposes of Smarte Carte, its partner airports, and air carriers.
In connection with our general business operations, product/service improvements, to enable certain features, and in connection with our other lawful business interests, we may share Personal Data with processors, service providers, or subprocessors who provide services or process data on our behalf. For example, we may use cloud-based hosting providers to host our Services or disclose information as part of our own internal operations, such as security operations, internal research, etc.)
Any Personal Data may be processed in the event that we go through a business transition, such as a merger, acquisition, liquidation, sale of all or a portion of our assets, joint venture, securities offering, bankruptcy, reorganization, liquidation, dissolution, or other transaction. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.
In order to streamline certain business operations, share promotions and content we believe would be of interest to you, and develop products and services that better meet the interests and needs of our customers, we may share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies.
In some circumstances, we may, without notice or your consent, disclose your Personal Data, any communications sent or received by you, and any other Personal Data that we may have about you to the extent we believe such disclosure is legally required, in response to a request from airport or air carrier security, the Transportation Security Administration or other government agencies or authorities, as appropriate to prevent or respond to a crime (including in connection with law enforcement, airport security, or national security investigations), to investigate violations of applicable contractual obligations, or when in the vital interests of us or any person. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Data to such parties.
We may disclose any Personal Data in accordance with your consent, or on certain public interest grounds. For example, we may process Personal Data as necessary to fulfill our legal obligations, to protect the vital interests of any individuals, for public health, and other matters in the public interest.
YOUR RIGHTS & CHOICES
You may have certain rights in the Personal Data we process. Please note these rights may vary based on the country or state where you reside, and our obligations under applicable law. To submit a request to exercise your rights under applicable law, you may email us at [email protected].
Rights Request Verification
If you submit a request, we typically must verify your identity to ensure that you have the right to make that request, reduce fraud, and to ensure the security of Personal Data. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf.
We may require that you match personal information we have on file in order to adequately verify your identity. If you have an account, we may require that you log into the account to submit the request as part of the verification process. We may not grant access to certain Personal Data to you if prohibited by law.
You have the following choices regarding the Personal Data we process:
Consent – If you consent to processing, you may withdraw your consent at any time. You may be required to close your account in order to withdraw consent where your consent is necessary to perform essential aspects of our Services.
Marketing Communications – You have the choice to opt – out of or withdraw your consent to marketing communications. You may have a legal right not to receive such messages in certain circumstances, in which case, you will only receive direct marketing communications if you consent. You may exercise your choice via the links in our communications or by contacting us re: direct marketing.
We implement and maintain commercially reasonable security measures to secure your Personal Data from unauthorized processing. While we endeavor to protect our Services and your Personal Data unauthorized access, use, modification and disclosure, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others.
Our Services are neither directed at nor intended for use by minors under the age of majority in the relevant jurisdiction. Further, we do not knowingly collect Personal Data from such individuals. If we learn that we have inadvertently done so, we will promptly delete it.
4455 White Bear Parkway
St. Paul, MN 55110-7641