PRIVACY Policy

Inflyter takes the privacy of users seriously. We are committed to protecting and respecting your privacy. In this Privacy Policy, see how we manage data collected from our app & website.

This Privacy Policy informs you about the way we, Inflyter, process your personal data when you visit and use our website (www.inflyter.com) and our application (Inflyter Digital Duty Free App) (collectively our “systems”) and are provided with our services.

This Privacy Policy can be printed for reference by using the print command in the settings of any browser.

 

1. Types of data processed

Among the types of personal data we process, by ourselves or through third-parties, there are your: 

  • First name, last name, date of birth, profession, company name, phone number, email address, password, profile picture; 
  • Contacts permission, approximate location permission (non-continuous), photo library permission, camera permission (without saving or recording); 
  • Cookies, geographic position, usage data; 
  • Crash information, device information, universally unique identifier (UUID), unique device identifiers for advertising (e.g. Google Advertiser ID or IDFA); 
  • Other necessary types of personal data.

Complete details on each type of personal data processed are provided in the “Purposes of processing” section below or by specific explanation texts displayed prior to the personal data processing.

Personal data may be freely provided by you, or, in case of usage data, obtained automatically when using our systems. 

Unless specified otherwise, all personal data requested by our systems is mandatory and failure to provide such personal data may make it impossible for our systems to provide our services. In cases where our systems specifically state that some personal data is not mandatory, you are free not to communicate this personal data without consequences to the availability or the functioning of our systems and services. If you are uncertain about which personal data is mandatory, you are welcome to contact us.

Any use of Cookies or of other tracking tools by our systems or by suppliers of third-party services used by our systems serves the purpose of providing our services as required by you, in addition to any other purposes described in the present Privacy Policy and in our Cookie Policy.

You are responsible for any third-party personal data obtained, published or shared by you through our systems and confirm that you have the third-party’s consent to provide such personal data to us.

 

2. Legal basis of processing

We may process your personal data if one of the following applies:

  • You have given you consent for one or more specific purposes. Please note that under some legislations outside the European Union and the European Economic Area, we may be allowed to process your personal data until you object to such processing (“opt-out”), without having to rely on consent or any other of the following legal basis; 
  • Provision of your personal data is necessary for the performance of a contract with us and/or for any pre-contractual obligations thereof;
  • Processing is necessary for compliance with a legal obligation to which we are subject;
  • Processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in us;
  • Processing is necessary for the purposes of the legitimate interests pursued by us or by a third-party.

In any case, we will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of your personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

 

3. Method of processing

We take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of your personal data.

Personal data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the indicated purposes. 

In addition to us, in some cases, your personal data may be accessible to certain types of persons in charge of or involved with the operation of our systems (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by us. 

 

4. Place of processing

Your personal data is processed at our operating offices and in any other places where the parties involved in the processing are located.

Depending on your location, data transfers may involve transferring your personal data to a country other than yours, including outside the European Union and the European Economic Area. 

To find out more about the place of processing of such transferred personal data, you can check the “Purposes of processing” section below.

 

5. Purposes of processing

Your personal data is processed by us and other third-parties in order to allow us to:

  • Provide our services;
  • Comply with our legal obligations;
  • Respond to enforcement requests;
  • Protect our rights and interests (or yours or those of third-parties);
  • Detect any malicious or fraudulent activity;
  • Perform other activities such as: access to third-party accounts, contacting you, handling payments, hosting and backend infrastructure, infrastructure monitoring, location-based interactions, managing contacts and sending messages, platform services and hosting, registration and authentication, remarketing and behavioural targeting, social features, advertising, analytics, backup saving and management, device permissions for personal data access, registration and authentication provided directly by our systems, selling goods and services online.

For specific information about the personal data used for the listed purposes, please see below: 

Facebook permissions   

Our systems may ask for some Facebook permissions allowing it to connect and perform actions with your Facebook account provided by Facebook Inc. and to retrieve information, including personal data, from it. For more information about the following permissions, refer to the Facebook permissions documentation and to the Facebook Privacy Policy.

 

  • Basic information

By default, this includes certain personal data such as id, name, picture, gender, and your locale. Certain of your connections, such as Friends, are also available. If you have made more of your personal data public, more information will be available.

 

  • Contact email

Provides access your contact email address.

 

  • Email

Provides access to your primary email address.

 

  • Hometown

Provides access to your hometown.

 

  • Upload photos

Allows to add or modify your photos.

 

 

Device permissions for personal data access

 

Depending on your specific device, our systems may request certain permissions that allow them to access your device data as described below. By default, these permissions must be granted by you before the respective information can be accessed. Once the permission has been given, it can be revoked by you at any time. In order to revoke these permissions, you may refer to your device settings or contact us for support. The exact procedure for controlling app permissions may be dependent on your device and software. Please note that the revoking of such permissions might impact the proper functioning of our systems.

 

  • Approximate location permission (non-continuous)

Used for accessing your approximate device location. Our systems may collect, use, and share your location data in order to provide location-based services. Your geographic location is determined in a manner that is not continuous. This means that it is impossible for our systems to derive your approximate position on a continuous basis.

 

  • Camera permission, without saving or recording

Used for accessing the camera or capturing images and video from the device.  Our systems do not save or record the camera output.

 

  • Contacts permission

Used for accessing contacts and profiles on your device, including the changing of entries.

 

  • Photo library permission

Allows access your photo library.

 

 

Access to third-party accounts

 

This type of service allows our systems to access personal data from your account on a third-party service and perform actions with it. These services are not activated automatically but require explicit authorization by you.

 

  • Facebook account access 

Allows our systems to connect with your Facebook account provided by Facebook, Inc. Permissions asked: contact email, email, hometown, upload photos. Place of processing: United States – Privacy Policy. Privacy Shield participant.

 

Advertising

 

 

This type of service allows your personal data to be utilized for advertising communication purposes displayed in the form of banners and other advertisements on our systems, possibly based on your interests. This does not mean that all personal data is used for this purpose. For information and conditions of use please see our Cookie Policy.

 

 

Analytics

 

 

This type of services enables us to monitor and analyse web traffic and can be used to keep track your behaviour. For information and conditions of use please see our Cookie Policy.

 

 

Backup saving and management

 

 

This type of service allows us to save and manage backups of our systems on external servers managed by service providers. The backups may include the source code and content as well as the personal data that you provide to our systems.

 

  • Amazon Glacier 

A service to save and manage backups provided by Amazon Web Services Inc. Personal data processed: various types of personal data as specified in the privacy policy of the service. Place of processing: United States – Privacy Policy.

 

 

Contacting you

 

 

  • Mailing list or newsletter 

By registering on the mailing list or for the newsletter, your email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning our systems and services. Your email address might also be added to this list as a result of signing up to our systems or after making a purchase. Personal data processed: email address, first name, last name, phone number.

 

  • Phone contact 

If you provide your phone number you might be contacted for commercial or promotional purposes related to our systems and services, as well as for fulfilling support requests. Personal data processed: phone number.

 

 

Handling payments

 

 

Unless otherwise specified, our systems process any payments by credit card, bank transfer or other means via external payment service providers. In general and unless otherwise stated, you are requested to provide your payment details and personal information directly to such payment service providers. Our systems are not involved in the processing of such information: instead, they will only receive a notification by the relevant payment service provider as to whether payment has been successfully completed.

 

  • Stripe 

A payment service provided by Stripe Inc. Personal data processed: various types as specified in the privacy policy of the service. Place of processing: United States – Privacy Policy. Privacy Shield participant.

 

 

Hosting and backend infrastructure

 

 

This type of service has the purpose of hosting personal data and files that enable our systems to run and be distributed, as well as to provide a ready-made infrastructure to run specific features or parts of our systems. Some services among those listed below, if any, may work through geographically distributed servers, making it difficult to determine the actual location where the personal data is stored.

 

  • Amazon Web Services (AWS) 

A hosting and backend service provided by Amazon Web Services, Inc. Personal data processed: various types as specified in the privacy policy of the service. Place of processing: Ireland – Privacy Policy. Privacy Shield participant.

 

  • GitHub Pages 

A hosting service provided by GitHub, Inc. Personal data processed: various types as specified in the privacy policy of the service. Place of processing: United States – Privacy Policy. Privacy Shield participant.

 

 

Infrastructure monitoring

 

 

This type of service allows this our systems to monitor the use and behaviour of their components so their performance, operation, maintenance and troubleshooting can be improved. The type of personal data processed depends on the characteristics and mode of implementation of the service, which function is to filter the activities of our systems.

 

  • Crashlytics 

A monitoring service provided by Google Ireland Limited. Personal data processed: crash information; device information; universally unique identifier (UUID). Place of processing: Ireland – Privacy Policy. Privacy Shield participant.

 

 

Location-based interactions

 

 

  • Geolocation

Our systems may collect, use, and share your location data in order to provide location-based services. Most browsers and devices provide tools to opt-out from this feature by default. If explicit authorization has been provided, your location data may be tracked by our systems.  

 

  • Non-continuous geolocation 

Our systems may collect, use, and share your location data in order to provide location-based services. Most browsers and devices provide tools to opt out from this feature by default. If explicit authorization has been provided, your location data may be tracked by this our systems. Your geographic location is determined in a manner that is not continuous, either at your specific request or when you do not point out your current location in the appropriate field and allows our systems to detect the position automatically.

 

 

Managing contacts and sending messages

 

 

This type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with you. The service may also collect data concerning the date and time when the message was viewed by you, as well as when you interacted with it, such as by clicking on links included in the message.

 

  • Amazon Simple Email Service

An email address management and message sending service provided by Amazon.com Inc. Personal Data processed: email address. Place of processing: United States – Privacy Policy. Privacy Shield participant.

 

 

Platform services and hosting

 

 

These services have the purpose of hosting and running key components of our systems, therefore allowing the provision of our systems from within a unified platform. Such platform provides a wide range of tools to us – e.g. analytics, user registration, commenting, database management, e-commerce, payment processing – that imply the collection and handling of personal data. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the personal data is stored.

 

  • Apple App Store

Our systems are distributed on Apple’s App Store, a platform for the distribution of mobile apps, provided by Apple Inc. By virtue of being distributed via this app store, Apple collects basic analytics and provides reporting features that enables us to view usage analytics data and measure the performance of our systems. Much of this information is processed on an opt-in basis. You may opt-out of this analytics feature directly through your device settings. More information on how to manage analysis settings can be found on this page. Personal data processed: usage data. Place of processing: United States – Privacy Policy. Privacy Shield participant.

 

 

Registration and authentication

 

 

By registering or authenticating, you allow our systems to identify you and give you access to dedicated services. Depending on what is described below, personal data may be collected and stored for registration or identification purposes only. The personal data collected is therefore only that necessary for the provision of the service requested by you. Third-parties may also provide registration and authentication services. In this case, our systems will be able to access some personal data, stored by these third-party services, for registration or identification purposes.

 

  • Direct registration 

You register by filling out the registration form and providing your personal data directly to our systems. Personal data processed: first name, last name, date of birth, profession, company name, email address, profile picture and other types of personal data.

 

  • Linkedin OAuth

A registration and authentication service provided by Linkedin Corporation and connected to the Linkedin social network. Personal data processed: various types as specified in the privacy policy of the service. Place of processing: United States – Privacy Policy. Privacy Shield participant.

 

  • Facebook Authentication

A registration and authentication service provided by Facebook, Inc. and connected to the Facebook social network. Personal data processed: various types as specified in the privacy policy of the service. Place of processing: United States – Privacy Policy. Privacy Shield participant.

 

  • Auth0 

A registration and authentication service provided by Auth0, Inc. To simplify the registration and authentication process, Auth0 can make use of third-party identity providers and save the information on its platform. Personal data processed: Cookies, email address, first name, last name, password, picture, various types as specified in the privacy policy of the service. Place of processing: United States – Privacy Policy; European Union – Privacy Policy. Privacy Shield participant.

 

 

Remarketing and behavioural targeting

 

 

This type of service allows our systems and their partners to inform, optimize and serve advertising based on past use of our systems by you. This activity is performed by tracking usage data and by using Cookies, information that is transferred to the partners that manage the remarketing and behavioural targeting activity. For information and conditions of use please see our Cookie Policy.

 

 

Selling goods and services online

 

 

  • Restricted Sales (Duty Free Price, Sensitive Products)

In order to be purchased, some products available for sale may require extra verification steps to comply with merchant’s local sales regulations and/or local applicable governmental laws. To do so, we reserve the right to ask for an official identity documentation and/or a boarding pass scan to complete the order process. All collected information is used with the sole purpose of local sales regulation compliance and/or local applicable governmental laws and are only kept for the time necessary to fulfil this purpose.

 

 

Social features

 

 

  • Public profile 

You may have public profiles that other users can display. In addition to the personal data provided, this profile may contain your interactions with our systems. Personal data processed: first name, last name, company name, geographic position, picture.

 

 

Other

 

 

 

  • Push notifications

Our systems may send push notifications to you to achieve the purposes outlined in this Privacy Policy. You may in most cases opt-out of receiving push notifications by visiting your device settings, such as the notification settings for mobile phones, and then change those settings for our systems, some or all of the apps on the particular device. You must be aware that disabling push notifications may negatively affect the utility of our systems.

 

  • Access the address book

Our systems may request access to your address book.

 

 

6. Retention time

Your personal data shall be processed and stored for as long as required by the purpose they have been collected for:

  • Personal data collected for purposes related to the performance of a contract between you and us shall be retained until such contract has been fully performed;
  • Personal data collected for the purposes of our legitimate interests shall be retained as long as needed to fulfil such purposes; 
  • We may be allowed to retain your personal data for a longer period whenever you have given consent to such processing, as long as such consent is not withdrawn;
  • We may be obliged to retain your personal data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.

Once the retention period expires, your personal data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

 

7. Your rights

You may exercise certain rights regarding your personal data processed by us. In particular, you have the right to do the following:

  • Withdraw your consent at any time. You have the right to withdraw consent where you have previously given your consent to the processing of your personal data.
  • Object to processing of your personal data. You have the right to object to the processing of your personal data if the processing is carried out on a legal basis other than consent. Further details are provided below.
  • Access your personal data. You have the right to learn if personal data is being processed by us, obtain disclosure regarding certain aspects of the processing and obtain a copy of the personal data undergoing processing.
  • Verify and seek rectification. You have the right to verify the accuracy of your personal data and ask for it to be updated or corrected.
  • Restrict the processing of your personal data. You have the right, under certain circumstances, to restrict the processing of your personal data. In this case, we will not process your personal data for any purpose other than storing it.
  • Have your personal data deleted or otherwise removed. You have the right, under certain circumstances, to obtain the erasure of your personal data from us.
  • Receive your personal data and have it transferred to another controller. You have the right to receive your personal data in a structured, commonly used and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that your personal data is processed by automated means and that the processing is based on your consent, on a contract which you are part of or on pre-contractual obligations thereof.
  • Lodge a complaint. You have the right to bring a claim before your competent data protection authority.

Where personal data is processed for a public interest, in the exercise of an official authority vested in us or for the purposes of the legitimate interests pursued by us, you may object to such processing by providing a ground related to your particular situation to justify the objection. 

Should your personal data be processed for direct marketing purposes, you can object to that processing at any time without providing any justification. To learn whether we are processing your personal data for direct marketing purposes, you may refer to the “Purposes of processing” section above.

Any requests to exercise your rights can be directed to us through the contact details provided in this Privacy Policy. These requests can be exercised free of charge and will be addressed by us as early as possible and always within one month.

 

8. Cookie Policy and “Do Not Track” requests

Our systems use Cookies and other technologies named Trackers. To learn more, you may consult our Cookie Policy.

Our systems do not support “Do Not Track” requests. To determine whether any of the third-party services our systems use honour the “Do Not Track” requests, please read their respective privacy policies.

 

9. Legal action

Your personal data may be used for legal purposes by us in court or in the stages leading to possible legal action arising from improper use of our systems or our related services.

You declare to be aware that we may be required to reveal personal data upon request of public authorities.

 

10. System logs and maintenance

For operation and maintenance purposes, our systems and any third-party services may collect files that record interaction with our systems (System logs) and personal data (such as the IP address) for this purpose.

 

11. Information pertaining to children

We do not knowingly collect or solicit personal data from anyone under the age of 18. If you are under 18, please do not attempt to register for our services or send any personal data about yourself to us. 

If we learn that we have collected personal data from a child under age 18, we will delete that information as quickly as possible. If you believe that a child under 18 may have provided us personal data, please contact us a soon as possible.

 

12. Additional information

In addition to the information contained in this Privacy Policy, our systems may provide you with additional and contextual information concerning particular services or the processing of personal data upon request.

More details concerning the processing of personal data may be requested from us at any time. Please see the contact information at the beginning of this Privacy Policy.

 

13. Contact information

Data controller:

Inflyter SAS
191-195 Avenue Charles de Gaulle
92200 Neuilly-sur-Seine
FRANCE

Registered in France under SIREN 811169812

Data Protection Officer:

To exercise any of your rights or if you have any questions about our Privacy Policy please contact privacy@inflyter.com

 

14. Changes to this Privacy Policy

We reserve the right to make changes to this Privacy Policy at any time by notifying you on this page and possibly within our systems and/or – as far as technically and legally feasible – sending a notice to you via any contact information available to us. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.

Should the changes affect processing activities performed on the basis of your consent, we shall collect new consent from you, where required.

This Privacy Policy relates solely to our systems, if not stated otherwise herein.

 

Latest update: September 30, 2020 

    CONTACT US

      WORK WITH US