Effective Date: May 1, 2024

 

This Privacy and Cookies Notice (the “Notice“) describes how Netherlands Software Holdings B.V.  (“FBO One” “we“, “our” or “us“) handles personal information in connection with the operation of the FBO One website, available at https://fboone.com/ (the “Site“), and our online booking, logistics management and communications and operations management tool (the “Services“). The Services also include our technical, maintenance and customer support services. The Site and the Services are made available for users acting in a professional capacity, and are intended for informational, operational, and research purposes.

 

This Notice describes how we use the personal information obtained through the Site and the Services and with whom we may share it. Depending on where you live, you may have additional rights with respect to your personal information we process. Please see the section titled “Your Privacy Rights,” and “Additional Information for California Residents” sections below for more information.

 

This Notice does not describe the data handling practices of the FBOs, flight departments, aircraft operators, pilots and other customers (collectively, the “Customers”) who use the Services nor those of the third-party partners or vendors with whom Customers connect to make bookings or other arrangements (such as hotels or car-rental companies) (collectively, the “Third-Party Vendors”). We encourage you to review the privacy notices and similar statements of the relevant Customers and Third-Party Vendors to learn about their privacy practices, including about the cookies and similar technologies they may use. With respect to privacy rights you may have with regards to personal information Customers and Third-Party Vendors may collect and provide to FBO One for processing, please contact the applicable Customer or Third-Party Vendor directly to submit your request.

 

In addition, we de-identify and/or aggregate the personal information and other data we obtain through the Site and the Services (the “De-identified Data“). The requirements and limitations described in this Notice on our collection, use, sharing, disclosure, transfer, and retention of personal information do not apply to such De-identified Data as well as other information that cannot be used to identify you.

FBO One obtains personal information when you interact with the Site or the Services. This personal information may be provided by you directly, such as when you complete a form on the Site, or it may be automatically collected from your browser or mobile device using technologies such as cookies. We also obtain personal information in connection with our Customers’ use of the Services, including when they make bookings or other arrangements using the Services. In addition, FBO One obtains personal information about our Customers’ representatives as part of the contracting or registration process, for marketing purposes and during the ordinary course of business.

 

2.1 Personal information we obtain from you through the Site:

 

We may ask you to provide your personal information when you interact with the Site. You may not be able to use certain features if you choose not to submit the requested personal information. The personal information we collect directly from you may include details such as your contact information (e.g., first and last name, email address, phone number, and company name).

 

2.2 Personal information we obtain from Customers (and their authorized users) in connection with the Services:

The personal information we obtain from our Customers and their authorized users may include:

 

• · Contact information (e.g., name, email address, company name).
• · Log in information (e.g., credentials for accessing the Services).
• · Payment information (e.g. payment card information, billing information).
• · Other personal information provided through the Services.
• · Personal information shared in connection with calls or requests to our technical, maintenance and customer support services.

 

In addition, when Customers use the Services, we obtain personal information of individuals, including pilots, crew members and passengers, on whose behalf bookings or other arrangements are made by the relevant Customer (the “Passenger Data“). This may include:

 

• · Contact information (e.g., name, email address, phone number and postal address) and demographic information (e.g., gender, date of birth).
• · Government-issued identifiers, passport information and visa status for pilots, passengers, and crew.
• · Flight and aircraft information (e.g., origin and destination airports, estimated travel time).
• · Payment card information.
• · Other information they choose to provide through the Services.

 

2.3 Personal information we obtain from other sources:

 

We may use personal information we obtain through the Site or in connection with the provision of the Services along with other personal information we may have about you, including personal information obtained offline, from Third-Party Vendors (such as booking confirmation information). In connection with the Services, we may obtain information from publicly or commercially available sources, such as the Federal Aviation Authority or national equivalent. If you are a representative of a Customer or potential customer, we may obtain personal information about you from your organization, for example, through the contract negotiation process. We may obtain your personal information if you attend an industry conference or event. We may also obtain personal information from our affiliates.

 

2.4 Data automatically collected through cookies and similar technologies:

 

We and our service providers may automatically obtain certain information (some of which may constitute personal information), when you access the Site and the Services from your web browser or mobile device, such as data about the number and frequency of visitors, technical data about IP addresses, browsers and devices used to access the Site and the Services, and data about crashes or other technical issues.

We use personal information we obtain in connection with the operation of the Site and the provision of the Services for a number of purposes, including, but not limited to:

 

• · Making the Site and the Services available, responding to requests or inquiries and providing customer support.
• · Performing the Services contracted or requested by our Customers, including facilitating bookings and other arrangements and enabling integrations, APIs, data exchanges with systems used by our Customers, which may include our affiliates’ offerings and third-party offerings, such as Third-Party Vendors’ offerings.
• · Improving the Site, the Services and other offerings of FBO One and our affiliates, and developing new products and services.
• · Communicating with you about the Site, the Services and our and our affiliates’ products and services.
• · Analyzing and customizing the user experience.
• · Generating statistics, performing data analytics, anonymizing and/or aggregating data to prepare internal, customer and industry insights.
• · Detecting, preventing, and responding to violations of this Notice, violations of law, or other misuse of the Site or the Services.
• · Performing audits, assessments, and testing or troubleshooting activities.
• · Backing up our systems (including for disaster recovery purposes) and enhancing the security of the Site and Services.
• · Complying with and enforcing applicable contractual obligations or industry and legal requirements (including legal process such as court orders, warrants or subpoenas).
• · Assessing compliance with applicable laws and/or sanctions regulations.

 

With respect to Site visitors, Customer representatives, and potential Customers, we may keep their contact information to send them communications, including email or other communications marketing and advertising our or our affiliates’ products, services and other offerings.

We may provide personal information we obtain in connection with the operation of the Site and the Services to others, including as follows:

 

• · With Third-Party Vendors with whom Customers make bookings or other arrangements using the Services (e.g., hotels, car-rental companies), as instructed or requested by the relevant Customer.
• · With business partners (e.g., joint marketing partners).
• · With other entities, as instructed or requested by the relevant Customer (e.g., a flight scheduling system as a result of APIs or integrations).
• · With third parties that provide services or handle transactions on our behalf (e.g., email service provider).
• · With third parties who assist us in meeting our legal obligations (e.g., service providers who complete sanctions review).
• · With government authorities as needed to facilitate the Services and to comply with applicable laws.
• · With our affiliates and subsidiaries.
• · As we believe is necessary or appropriate to protect, enforce, or defend our legal rights, the privacy or safety of our employees, users of the Site and the Services or other individuals and entities, or to comply with or enforce applicable law or legal process, including responding to court orders, warrants, subpoenas and other requests from public and government authorities.

 

Please note that if you complete a booking or other arrangement through the Services, we will provide the relevant Third-Party Vendor with Passenger Data to complete the transaction you requested. Third-Party Vendors may contact you directly to obtain additional information if required to facilitate your booking or to otherwise provide the requested services. These Third-Party Vendors are independent from us and are responsible for the handling and use of personal information, including personal information that we may provide to them. These Third-Party Vendors are responsible for compliance with applicable laws, including privacy laws, and rights that individuals may have with respect to their personal information. You should direct any questions or concerns with respect to information directly to such Third-Party Vendors.

 

We also reserve the right to transfer any of the information (including personal information) we have about you to proceed with the consideration, negotiation, or completion of a sale or transfer of all or a portion of our business or assets to a third party, such as in the event of a merger, acquisition or other disposition, or in connection with a bankruptcy reorganization, dissolution, or liquidation.

 

In addition, we may share your personal information with third parties when you consent to or request such sharing.

We maintain reasonable administrative, technical and physical safeguards to protect the personal information we obtain through the Site and the Services. However, no method of transmission over the internet, or method of electronic storage, is 100% secure. Therefore, while we make reasonable efforts to protect your personal information, we cannot guarantee its absolute security.

The Site and the Services may contain links to third-party websites or features, including through integrations, APIs or other feeds. We are not responsible for the collection or use of your personal information by such third parties. We encourage you to review the privacy policies or other similar statements applicable to third-party websites or features.

FBO One does not currently take steps to respond to browsers’ “Do Not Track” signals.

FBO One operates the Site and the Services in different regions, including the United States. These different regions may not provide the same level of protection for your personal information as your home country. Where applicable, we take steps to comply with applicable legal requirements for the transfer of personal information.

The Site is not directed to, nor does FBO One knowingly collect personal information from, children under the age of 18. If you become aware that your child or any child under your care has provided us with personal information without your consent, please contact us as indicated below. If any information about children is collected as a result of the Services, it is up to the relevant Customer of user of the Services to ensure that parental consent or other required permissions have been obtained.

Any dispute concerning the Site or Services (including our use of your personal information) will be resolved per the dispute resolution provision and/or other applicable provisions which govern your use of the Site and Services.

We may update this Notice from time to time to reflect changes in our privacy practices or applicable laws. In accordance with applicable law, we may make such changes without prior notice. We will publish the updated version on the Site and indicate at the top of the Notice when it was most recently updated. Your use of the Site and the Services will be governed by the current version of this Notice.

Depending on where you live, and subject to certain exceptions, you may be afforded certain rights with respect to your personal information as outlined below.  Please note that in order to exercise your rights as relates to Passenger Data we hold about you on behalf of our Customers who use the Services to make bookings or other arrangements on your behalf, you must contact the relevant Customer to exercise your rights. We are not responsible for and have no control over the privacy and data security practices of our Customers, which may differ from those explained in this Notice.

 

12.1 Who is Responsible for Your Personal Information?

 

Each of our Customers is the responsible data controller for the personal information they collect and maintain using the Services. Individuals with concerns about the personal information obtained through the Services should contact the relevant Customer with their concerns.

 

The data controller for personal information we obtain from Site visitors, Customer representatives, and potential Customers for our own business purposes is Netherlands Software Holdings B.V. The below information applies to our data processing activities as a data controller only. You can contact us at privacy@amsterdamsoftware.com.

 

12.2 Legal Bases for Using Your Personal Information

 

We process personal information of Site visitors, Customers’ representatives or potential Customers for different purposes on the following legal bases:

 

• · To provide the Services in performance of a contract. We process personal information to perform our contractual obligations when we make the Services available to you at the request of a Customer. For example, this includes when we obtain your registration information and manage your user account. We may share your personal information on this legal basis with our affiliates and subsidiaries, our service providers and as instructed by the relevant Customer.
• · To pursue our legitimate interests. We process your personal information to meet our legitimate interests when we use your personal information to provide you with the Site, to communicate with you about our offerings and for our advertising and marketing purposes. For example, our legitimate interests include making improvements to, customizing and understanding how you interact with the Site and the Services and sending you communications about products and services we think may be of interest to you. To accomplish our legitimate interests, we may share your information with our affiliates, subsidiaries and service providers (including for our advertising and marketing purposes), with business partners and in the context of a corporate transaction. We maintain safeguards to protect the information we process to pursue our legitimate interests.
• · To comply with our legal obligations. We process and share your personal information as necessary to comply with our legal obligations when we use your information to fulfill our obligations under applicable law, protect our rights or the rights of others and when we share your information with other parties where required by law or as necessary to protect our rights.
• · With your consent. We obtain your consent to process your personal information when we are required to do so by law. If consent is the legal basis on which we process your personal information, you can withdraw your consent at any time by contacting us using the information provided in the “Contact Us” section below.

 

12.3 Rights You May Have With Respect to Your Personal Information

 

In certain circumstances, and subject to exceptions, Site visitors, Customer representatives, and prospective Customers may have certain rights with respect to their personal information.

 

If you are a Site visitor, Customer representative, or prospective Customer, and you would like to submit a request to exercise rights with respect to the personal information we collected about you through our Site or Services, please contact us with your request by email at privacy@amsterdamsoftware.com. For such requests, please put the statement “Privacy Rights Request” in the body of your email, as well as your full name, email address, mailing address and specify the privacy right you wish to exercise at this time. If you submit a request to exercise any of the below rights (each a “Privacy Rights Request“), we may request additional information to enable us to process your request or direct you to the applicable Customer who has provided your information to us.

 

1. · Right to access your personal information. You may request to access the categories and specific pieces of personal information that we collected about you through the Site or Services.
2. · Right to deletion/erasure. Subject to certain exceptions, you may ask us to delete the personal information we collected about you through the Site or Services.
3. · Right to correct/rectify. You may submit a request to rectify or update your personal information if it is inaccurate. Please note that this is not an absolute right, and we reserve the right to reject your request where exceptions apply.
4. · Right to be free from discrimination. You may exercise any of the above rights without fear of being denied goods or services.
5. · Right to object. You may have the right to object and request that we cease processing your personal information for certain purposes.
6. · Right to portability. Subject to certain exceptions, you may request that we share your personal information in a usable format with another company.

 

Note that under applicable privacy laws, certain types of sharing of personal information may constitute a “sale” of your personal information. As described above, in order to deliver our Services as directed by the relevant Customer, we may provide Passenger Data to others for certain purposes, including providing personal information to Third-Party Vendors in order to make a booking. Please note that this interaction does not constitute “selling” or “sharing” your personal information as such terms are defined under applicable privacy laws. In addition, certain pieces of personal information that we may have about you may be considered “sensitive” under applicable laws (e.g., account login credentials, government identifier information). Please note that we only process such information in order to provide the Services, including to facilitate a booking.

 

To submit a Privacy Rights Request, or to ask any questions regarding your privacy rights, please contact privacy@amsterdamsoftware.com.  For such requests, please put the statement “Privacy Rights Request” in the body of your email, as well as your full name, email address, mailing address and specify the Privacy Rights Request you wish to exercise at this time.

 

12.4 Storing Your Personal Information

 

We keep the personal information for which we are a data controller for as long as we have a relationship with you. After our relationship with you has ended, we retain your personal information as necessary and appropriate to enable us to:

 

• · Maintain business records for analysis, understanding market trends and/or audit purposes and to improve the Site, the Services and other offerings from FBO One and/or our affiliates.
• · Comply with record retention requirements under applicable laws or other relevant legal, regulatory or industry requirements.
• · Defend, establish, exercise or bring any existing or potential legal claims.
• · Carry out fraud detection and prevention.
• · Deal with any complaints regarding the Site, the Services or other FBO One’ and our affiliates’ offerings.

 

12.5 Contact, Questions and Complaints

 

If you are a Site visitor, Customer representative, or prospective Customer, you can contact us at privacy@amsterdamsoftware.com.

 

Individuals in the EEA, United Kingdom, and Switzerland whose Passenger Data is processed by us as a data processor on behalf of a Customer should contact the relevant Customer with any requests or complaints.

 

We are committed to working with you to obtain a fair resolution in the event you have a complaint or concern about our data processing activities. Depending on where you live, however, if you believe that we have not been able to assist with your complaint or concern, you may have the right to make a complaint to a data protection authority.

 

In addition, certain privacy laws afford eligible residents the right to appeal a denial of a Privacy Rights Request in whole or in part.  For additional information regarding how to submit a Privacy Rights Request appeal, please email privacy@amsterdamsoftware.com.

Under the California Consumer Privacy Act of 2018 as amended from time to time (“CCPA”), specific disclosures are required, and eligible California residents have additional rights regarding their personal information. For information about the categories of personal information we collect, our business or commercial purpose for collecting personal information, and our business or commercial purpose for providing personal information to third parties and other entities, please review Section 2, Section 3, and Section 4 above. To learn more about rights you may have with respect to your personal information, please review the information in Section 13 above.

 

If you would like to exercise your CCPA rights with respect to your Passenger Data submitted by a Customer to make a booking or other arrangement through our Services, please contact the Customer directly to exercise your CCPA rights. We are not responsible for and have no control over the privacy and data security practices of our Customers, which may differ from those explained in this Notice.

 

Under CCPA, certain types of sharing of personal information may constitute a “sale” of your personal information. As described above, in order to deliver our Services, we may provide Passenger Data to others for certain purposes, including providing personal information to Third-Party Vendors in order to make a booking. Please note that this interaction does not constitute “selling” or ” sharing” your personal information as such terms are defined under applicable privacy laws. In addition, certain pieces of personal information that we may have about you may be considered “sensitive” under applicable laws (e.g., account login credentials, government identifier information). Please note that we only process such information in order to provide the Services, including to facilitate a booking.

 

If you are a Site visitor, Customer representative, or prospective Customer, and you would like to exercise your CCPA rights with respect to the personal information we collected about you through our Site or Services, please contact us with your request by email at privacy@amsterdamsoftware.com.  For such requests, please put the statement “California CCPA Rights” in the body of your email, as well as your full name and email address and specify the CCPA right you wish to exercise at this time. You may exercise their privacy rights without fear of being denied goods or services.

 

If you have any questions about this Notice or if you are an eligible individual who would like to submit a Privacy Rights Request in accordance with applicable laws, please contact us at privacy@amsterdamsoftware.com.

Mailchimp

FBO One uses MailChimp for some email functionality.

· Full Name & address
· Work email address
· Company name
· National personal identification numbers
· Gender
· Date of birth
· Marital status
· Travel history

United States of America

Subprocessor’s Name	Nature and Subject Matter of the Processing	Location of Processing (Country)
Amazon AWS	FBO One uses AWS for Cloud Hosting and storage. · Full Name & address · Work email address · Company name · National personal identification numbers · Gender · Date of birth · Marital status · Travel history	Ireland
Basecamp	FBO One uses Basecamp for customer onboarding · Full name · Work email address · Personal email address · Phone number · Company name + job title	United States of America
Google	FBO One uses Google Analytics for understanding product usage. · FBO One visitor behavior	United States of America
Microsoft	FBO One uses Microsoft Azure for Cloud Hosting and storage. · Full Name · Work email address · Company name	United States of America
New Relic	FBO One uses New Relic as a managed service for application performance monitoring (APM)	United States of America
Pendo	FBO One uses Pendo as a managed service for understanding product usage. · Full Name · Work email address · Personal email address · FBO One visitor behavior · Browsing history · IP addresses used to access FBO One	United States of America
Salesforce	FBO One uses Salesforce as a managed service for CRM · Full Name · Work email address · Personal email address · Phone number · Company name + job title	United States of America
Zendesk	FBO One uses Zendesk as a managed service for support ticketing and knowledge base tools · Full Name · Work email address · Personal email address	United States of America