EFFECTIVE DATE: January 1, 2020
LAST UPDATED: January 10, 2020
1. Scope and Consent
2. Information Practices: How We Collect, Use, Retain, and Disclose Personal Information
The information we collect through the Site is controlled by Panasonic Avionics Corporation, which is headquartered in the United States at 26200 Enterprise Way, Lake Forest, CA 92630. The information collected through products and services through our airline customers is controlled by the airline customers.
The Information We Collect About You
We collect information about you directly from you and from third parties, as well as automatically through your use of our Services. Please note that we do not collect personal information when you download our Cabin Media Player App to your computer or mobile device.
Information We Collect Directly From You through the Site. The information we collect from you depends on how you use our Site. When you contact us through the Site, we may collect identifiers such as your name, email address, company name, country of origin, phone number, and your reasons for contacting us.
Information We Collect About Airline Passengers. The information we collect on behalf of your airline depends on how you use our in-flight entertainment system (“IFE”). When you purchase WiFi or movies through the IFE, we collect contact information and unique identifiers such as your name, address, payment information, purchase details and devices used to access the IFE. We may combine this information with information provided directly from the airline you are flying with such as your name, frequent flyer number, or flight number.
Information We Collect Through Our Corporate Customer Relationships. In order to manage our customer relationships with our corporate customers and to provide access to our portals (e.g. myIFE, Hangar Developer Program, NEXT Insights), we collect identifiers and employment-related information about and from our customers’ employees. To request access to our customer portals, you may provide us with identifiers or employment-related information such as your name, your job title and the name of the PAC customer company you work for; your contact information, such as your business email and phone number; and the username and password you would like to use to access the portal. We may seek other employee identifiers to administer our corporate customer contracts and to market our products and services to corporate customers. When you subscribe to our “What’s New” blog, we may collect information such as your name, email address, and profession.
How We Use Your Information
We use your information, including your personal information, for the following purposes:
How We Share Your Information
We may share your information, including personal information, as follows:
We also may disclose information in the following circumstances.
We Do Not Sell Your Personal Information
We have not sold your personal information in the preceding 12 months and do not intend to sell in the future without your prior written consent. We do not and will not sell the personal information of minors under 16 years of age without affirmative authorization.
Your information will be retained in accordance with our data retention policy which is designed to retain data for as long as needed for us to comply with our contractual obligations, employment obligations, and other business purposes, including global legal obligations to retain data.
3. Summary of Information Practices in Last 12 Months
The below table summarizes our personal information collection, use, and sharing practices in the preceding 12 months since we last updated this Policy. As reflected in this table, we may share your personal information with the below entities.
|Category of Personal Information Collected||Examples||Categories of Sources||Commercial/Business Purpose||Categories of Third Parties with Whom PAC Shares PI|
|Professional or Employment-related Information||Job history, educational history, First Name, Last Name, Physical Address||Applicants, corporate customers, and outside sources such as credit bureaus||Process and evaluate applications for positions with PAC, administrative purposes||Service providers such as HR vendors or cloud providers|
|Business Contact||First Name, Last Name, Login ID, Password, phone number, email address, physical address, job title||Business Contacts||Administration of corporate customer contracts, education and marketing of our products and services to corporate customers, access to our portals or systems||Cloud service provider|
|Marketing Contact/Subscriber||First Name, Last Name, email address||Marketing contact directly, Subscriber directly||Education of our new products and services, our events at trade shows, communications||Cloud service provider|
|Corporate Website Visitor||IP Address, referring URL, First Name, Last Name, email address||Corporate Website Visitor||Education of our new products and services||Cloud service provider|
|Corporate Office Visitor||First Name, Last Name, Photograph, IP Address, MAC address||Corporate Office Visitor||Security, Allowing Access to our Corporate premises||N/A|
|Information We Collect as a Service Provider on Behalf of our Airline Customers|
|Identifiers||Full name, email address, phone number, account login||You, your host airline||Processing payments, customer services, protecting against malicious, deceptive, fraudulent or illegal activity and enabling or effecting, directly or indirectly, a commercial transaction||Service providers, payment processors, law enforcement authorities, and those involved in legal proceedings, with consent|
|Unique identifiers or personal identifiers||IP address, device IDs||You||Processing or fulfilling orders and transactions, and enabling or effecting, directly or indirectly, a commercial transaction||Service providers|
|Internet and other network activity||Browsing activity||You, Your mobile devices and computers||Customer inquiry and troubleshooting purposes||Your airline provider|
|Financial Information||Credit card or other payment information||You||Processing or fulfilling orders and transactions||Service provider payment processor|
Cookies. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to understand aggregated activities at our Site.
Disabling Cookies. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether.
5. Third-Party Links
Our Site may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Policy but instead is governed by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites.
6. Security of My Personal Information
We have implemented reasonable security measures to protect the information we collect from unauthorized access, exfiltration, theft, loss, misuse, disclosure, alteration, or destruction. Please be aware that despite our best efforts, no data security measures can guarantee security.
You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.
7. Children’s Privacy
Our Site is not directed to children under the age of sixteen (16), nor do we market products or services to such children. We request that children do not provide personally identifiable information through our Site. We do not knowingly collect information from children under 16 without parental consent.
8. Information for EU Individuals
Our Policy lays out strict requirements for handling personal data pertaining to customers, prospects, business partners and employees. It meets the requirements of the General Data Protection Regulation (GDPR), EU-US Privacy Shield framework, US-Swiss Safe Harbor and ensures compliance with the applicable principles of national and international data protection laws. The policy sets a globally applicable data protection and security standard for our company and regulates the sharing of information between our business units, subsidiaries, and affiliates.
As part of the overall compliance effort, and particularly as part of the participation in the EU-US Privacy Shield, we are committed to complying with the Privacy Principles pertaining to (1) Notice, (2) Data Integrity and Purpose Limitation, (3) Choice, (4) Security, (5) Access, (6) Accountability for Onward Transfer, and (7) Recourse, Enforcement and Liability. A detailed explanation of these Principles can be found on the EU-US Privacy Shield website at https://www.privacyshield.gov and our compliance with the EU-US Privacy Shield can be found below (Please see Section 10).
Our managers and employees are obligated to adhere to the Panasonic Data Protection Policy and observe all applicable data protection laws and regulations.
9. GDPR Compliance
When we act as Data Controller: If we process your personal information in our capacity as a data controller, the following applies:
We collect, use, and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:
If we process your data as a Data Processor: For certain activities where we provide inflight Wi-Fi and entertainment services to our corporate customers, including airlines, we act only on the instruction of those corporate customers. In those situations, the corporate customer is the Data Controller for that purpose. Where we process your data in our capacity as a data processor on behalf of the Data Controller, you may exercise your data subject access rights by contacting your airline directly.
Your Legal Rights under GDPR. Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, European Union individuals have certain rights in relation to your personal information:
Right to access, correct, and delete your personal information: You have the right to request access to the personal information that we hold about you and:(a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred. You also have the right to request that we delete your information. We are not required to comply with your request to erase personal information if the processing of your personal information is necessary for compliance with a legal obligation or for the establishment, exercise, or deference of legal claims.
Right to restrict the processing of your personal information: You have the right to restrict the use of your personal information when (i) you contest the accuracy of the data; (ii) the use is unlawful but you do not want us to erase the data; (iii) we no longer need the personal information for the relevant purposes, but we require it for the establishment, exercise, or defense of legal claims; or (iv) you have objected to our personal information use justified on our legitimate interests verification as to whether we have a compelling interest to continue to use your data.
We can continue to use your personal information following a request for restriction, where:
Right to data portability: To the extent that we process your information (i) based on your consent or under a contract; and (ii) through automated means, you have the right to receive such personal information in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller.
Right to object to the processing of your personal information: You can object to any processing of your personal information which has our legitimate interests as its legal basis if you believe your fundamental rights and freedoms outweigh our legitimate interests. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority as well.
How to Exercise Your Rights: In situations where we are a Data Controller, if you would like to exercise any of the rights described above, please send us a request firstname.lastname@example.org. In your message, please indicate the right you would like to exercise and the information that you would like to access, review, correct, or delete.
We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance, if your request is manifestly unfounded or excessive.
We may not always be able to fully address your request, for example, if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
EU Data Protection Authorities. PAC commits to cooperate with EU Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
Cross-border Transfer of Information. PAC generally maintains servers and systems in the United States hosted by service providers. We also may subcontract the processing of your data to, or otherwise share your data with, other third parties in the United States or countries other than your country of residence. As a result, where the personal information that we collect through the Site or in connection with providing services to or administering our relationship with a corporate customer is transferred to and processed in the United States or anywhere else outside the European Economic Area (EEA) for the purposes described above, we will take steps to ensure that the information receives the same level of protection as if it remained within the EEA, including entering into data transfer agreements, using the EU Commission approved Standard Contractual Clauses, or by relying on certification schemes such as the EU – US Privacy Shield. You have a right to details of the mechanisms under which your data is transferred outside the EEA. Please see our Privacy Shield Notice or visit https://www.privacyshield.gov/participant?id=a2zt000000001GtAAI&status=Active for information about our Privacy Shield practices and certification.
10. Privacy Shield
Panasonic Avionics Corporation participates in the Privacy Shield framework. Our certification with the Privacy Shield may be verified by accessing the Privacy Shield List at https://www.privacyshield.gov.
PRIVACY SHIELD PRINCIPLES
We comply with the seven Privacy Principles established by the Privacy Shield:
1. NOTICE.By providing this Policy we inform you about (1) our participation in the Privacy Shield and provide above a link to the Privacy Shield List, (2) the types of personal data we collect and the adherence of all our business units, subsidiaries and affiliates to the Principles, (3) our commitment to treat all personal data received from the EU in reliance on the Privacy Shield in accordance with the Principles, (4) the purposes for which it collects and uses personal information, (5) how to contact us with any inquiries or complaints, including any relevant establishment in the EU that can respond to such inquiries or complaints, (6) the type or identity of third parties to which we disclose personal information, and the purposes for which we do so, (7) the right of individuals to access their personal data, (8) the choices and means we offer individuals for limiting the use and disclosure of their personal data, and (9) the independent dispute resolution body designated to address complaints and provide appropriate and free-of-charge recourse, (10) being subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission, the U.S. Department of Transportation or any other U.S. authorized statutory body, (11) your right, under certain conditions, to invoke binding arbitration, (12) our requirement to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, and (13) our liability in cases of onward transfers to third parties.
2. CHOICE. If applicable, we offer you the opportunity to choose (opt-out) whether your personal information is (1) to be disclosed to a third party or (2) to be used for a purpose that is materially different from the purpose for which it was originally collected or subsequently authorized by you. If this option is not offered to you automatically when the information is collected please contact us at the contact information provided below.
Please note that in some cases it is not necessary to provide choice when disclosure is made to a third party that is acting as an agent to perform tasks on behalf of and under the instructions of the organization. However, we will always enter into a contract with the agent.
Certain information is considered “Sensitive Personal Information.” As used herein, Sensitive Personal Information means personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information pertaining to the sex life of the individual. For sensitive personal information, we will obtain the affirmative express consent (“opt-in”) from you if such information is to be (1) disclosed to a third party or (2) used for a purpose other than those for which it was originally collected or subsequently authorized by you through the exercise of opt-in choice. In addition, we should treat as sensitive any personal information received from a third party where the third party identifies and treats it as sensitive.
3. ACCOUNTABILITY FOR ONWARD TRANSFER.To transfer personal information to a third party acting as a controller, we comply with the Notice and Choice Principles. We enter into a contract with the third-party controller that provides that such data may only be processed for limited and specified purposes consistent with the consent provided by you and that the recipient will provide the same level of protection as the Principles.
To transfer personal data to a third party acting as an agent, we: (1) transfer such data only for limited and specified purposes; (2) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles; (3) take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with our obligations under the Principles; (4) upon notice, take reasonable and appropriate steps to stop and remediate unauthorized processing; and (5) provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the Privacy Shield organization upon request.
4. SECURITY.We have in place reasonable and appropriate measures to protect the Personal Information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the processing and the nature of the personal data.
5. DATA INTEGRITY AND PURPOSE LIMITATION. Our processing of Personal Information is limited to the information that is relevant for the purposes of the processing. We do not process Personal Information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you. To the extent necessary for those purposes, we take reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete, and current. We will adhere to the Principles for as long as it retains such information.
6. ACCESS. We will provide you with access to your Personal Information that we hold and you will be able to correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated.
7. RECOURSE, ENFORCEMENT, AND LIABILITY. Effective privacy protection must include robust mechanisms for assuring compliance with the Principles, recourse for individuals who are affected by non-compliance with the Principles, and consequences for the organization when the Principles are not followed. Therefore, our Policy provides for (1) readily available independent recourse mechanisms by which your complaints and disputes will be investigated and expeditiously resolved at no cost to you and by reference to the Principles, and damages awarded where the applicable law or private sector initiatives so provide; (2) follow-up procedures for verifying that the attestations and assertions we make about our privacy practices are true and that privacy practices have been implemented as presented and, in particular, with regard to cases of noncompliance; and (3) obligations to remedy problems arising out of our failure to comply with the Principles and compliance with any sanctions assessed against us.
PANASONIC RECOURSE MECHANISM. Any questions or concerns regarding the use or disclosure of personal information should be directed to address listed in the Contact section of this Policy, below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information by reference to the principles contained in this Policy. For complaints that cannot be resolved directly between us and you, we have agreed to participate in the following dispute resolution procedures in the investigation and resolution of complaints to resolve disputes pursuant to the Privacy Shield Principles: (1) for disputes involving employment-related personal information received by us from the EEA, we have agreed to cooperate with the data protection authorities in the EEA and to participate in the dispute resolution procedures of the panel established by the European data protection authorities; (2) for disputes involving all other personal information received by us from the EEA, we have agreed to use International Centre for Dispute Resolution, a division of the American Arbitration Association dispute resolution (“ICDR/AAA”). Individuals who submit a question or concern to us and who do not receive acknowledgment of the inquiry or who think their question or concern has not been satisfactorily addressed should then contact the ICDR/AAA on the Internet (http://www.icdr.org), by mail, phone or by fax. The website lists the addresses, phone/fax number for your location. Inquiries by mail or fax should identify Panasonic Avionics Corporation as the company to which a concern or question has been submitted, and include a description of the privacy concern, the name of the individual submitting the inquiry, and whether ICDR/AAA may share the details of the inquiry with us. ICDR/AAA will act as a liaison to our company to resolve these disputes. The dispute resolution process shall be conducted in English. Please note that we are also subject to the jurisdiction of the U.S. Federal Trade Commission and other U.S. government agencies.
11. California Residents: Choices for Access, Deletion, and Right to Non-Discrimination.
If you are a California resident, you have the right to know what personal information we collect, use, disclose or sell about you under the California Consumer Privacy Act (“CCPA”). Additionally, you have the right to access and delete your personal information. Please note, if you are an airline passenger and would like to exercise your rights under the CCPA, please contact your airline directly.
To exercise these privacy rights and choices, please follow the instructions below:
Verification: Please note, we will take steps to verify your identity before fulfilling any of the above requests. As we don’t have two pieces of personal information from you, we will request a copy of your California identification as well as request you to verify through an authentication e-mail.
Authorized Agents: Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to you. In order to designate an authorized agent to make a request on your behalf, you must provide written proof that you have consented to this designation unless the agent has power of attorney pursuant to California Probate Code sections 4000-4465. You must also verify your identity directly with us by providing a copy of your government issued identification.
Response Timing and Format: We will respond to a verified consumer request for personal information within 45 days of receipt. If we require more time (up to 90 days), we will notify you of the reason and extension period in writing.
Anti-Discrimination Right: You have the right to be free from discrimination in product quality, goods or services if you choose to exercise your privacy rights under the CCPA.
Do Not Track: Your browser may deliver a “Do-Not-Track (‘DNT’) signal” to this Site. We will honor a “Do-Not-Track” signal as a valid opt-out request.
12. Additional Choices
What Choices Do I Have Regarding Promotional Emails?
We may send periodic promotional emails to you. You may opt-out of such promotional emails by following the opt-out instructions contained in the email. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving promotional emails, we may still send you emails about your account or any services you have requested or received from us.
Access To My Personal Information
If you have created an account to access any of our customer portals, you may modify the personal information that you have submitted by logging into your account and updating your information. Please note that copies of information that you have updated, modified or deleted may remain viewable in cached and archived pages of the Services for a period of time.
If you are a resident of the European Union, please see the Information for EU Individuals section above for additional information on accessing your information and other legal rights available to you under European Union law.
13. Contact Us
14. Changes to this Policy
This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Site.