Privacy Policy

August 2019. This privacy statement (also referred to as Atlantic Aviation's Privacy Policy) explains our privacy practices for our customers who use our website http://atlanticaviation.com.

ATLANTIC AVIATION's Commitment to Privacy

We respect your right to privacy. We do not sell, rent, share or disclose personal information to third parties without your prior consent, except in the circumstances described in this Privacy Policy. In addition, your ability to make informed choices about the uses of your information is important to us. This privacy statement explains our policy regarding the collection, use, disclosure and protection of personal information.

A. What is Personal Information?

Personal information is information that identifies an individual or that can be reasonably associated with a specific person or entity, such as a name, contact information, Internet (IP) address and information about an individual's purchases and online activities.

B. Collection of Personal Information

We collect the personal information that you provide us, such as when you:

- Create a user profile on http://atlanticaviation.com;

- Enroll in the Atlantic Aviation Awards Program ("Program");

- Contact us for any reason; or

- Participate in a survey or promotion.

We may automatically collect some information when you visit our website, such as your computer's IP address and operating system, the site from which you linked to us, your site activity, and the time and date of your visit. This information may be collected through the use of "cookies" and web beacons. We also receive information from third parties who help us correct our records, prevent fraud, and provide customer services or special promotions or products. We may combine any of this information with the other personal information we maintain about you.

C. Use of Personal Information by ATLANTIC AVIATION

The personal information we collect is generally used to process your requests or transactions, provide you with high-quality service, tell you about opportunities we think will be of interest and administer your account, including distribution of our own surveys and publications. For example, we may:

- Communicate membership opportunities and programs; and

- Provide you with promotional information about other Atlantic Aviation products and services ("Promotional Information").

D. Sharing of Personal Information

We share information in these circumstances:

Processing and issuance of Award Certificates and Program Cards.

We may provide to a third party information as necessary to fulfill a request for Awards Certificate and/or Program Card you have placed with us. Please note that we give suppliers, and others involved in the distribution chain only the information needed to provide you the products or services you order, and we require them to keep the information confidential and not to use it for other purposes. We are not responsible for any information you provide directly to these parties, and we encourage you to become familiar with their practices before disclosing information directly to them.

Our Contractors.

We may contract with others to perform services on our behalf. If any of these service providers need access to your personal information, we require them to use it only to perform the services for us. We also require that they maintain the confidentiality of the information and/or return the information to us when they no longer need it.

E. Other Uses and Disclosures

In addition, we may use or disclose personal information in the good faith belief that we are lawfully authorized to do so, or that doing so is reasonably necessary to protect you, to comply with legal process or authorities, to respond to any claims, or to protect the rights, property or personal safety of Atlantic Aviation, our employees, our customers, or the public. Information about Program Participants, including personal information, may be disclosed or transferred as part of, or during negotiations of, any merger or sale of company assets or acquisition.

F. Protection of Personal Information

We have physical, administrative and technical security measures in place to protect personal information from loss, misuse or alteration while it is under our control. We are required to collect, process and maintain payment card information in accordance with the data security rules adopted by credit card companies such as Visa, MasterCard and American Express. This means that we do not retain debit card PINs or credit card security codes, and that any time we maintain a credit card number, such as when you create an online account, we must limit access to it and use strong encryption to protect it. Further, when you enter personal information online, that information is encrypted prior to transmission using a security protocol called SSL (Secure Sockets Layer). We also use SSL to allow you to securely view your online account and registration information.

Online account information is accessible only by using a password. You must keep your password confidential. You are responsible for all uses of http://atlanticaviation.com by anyone using your password. Please advise us immediately by calling 888-380-0685 if you believe your password has been misused.

G. Online Specifics

Information Gathering and Use.

We use cookies. Cookies are small files that are stored on your computer. They enable us to monitor online activity. We use this information to help optimize your user experience. Cookies are not spyware, and Atlantic Aviation does not collect multi-site data or share information with others that we gather through cookies.

Like most web sites, our servers log your IP address, the URL from which you accessed our site, your browser type, and the date and time of your purchases and other activities. We use this information for system administration, troubleshooting, fraud investigation and communications from Atlantic Aviation (only).

Finally, we use web beacons to determine when and how many times a page has been viewed. Again, we use this information for our own marketing purposes.

Your browser will accept cookies and allow automatic collection of information unless you change the browser default settings. If cookies are disabled the web site will not load properly.

We use third party analytics to help us evaluate our users’ use of Atlantic Aviation websites and applications; compile statistical reports on activity; and improve our content and website performance. We only use these third-party analytics service providers on certain areas of our website, and they are limited in the type of information they can collect and the purpose for which they can process the information.

We do not currently respond to your browser’s Do Not Track signal, and we do not permit third parties other than our analytics service providers to track Atlantic Aviation users’ activity over time on our websites and applications. We do not track your online browsing activity on any other online services.

Links to Other Sites

From our web site you can link to websites of third parties who we allow to offer goods and services to our members or who provide functions and amenities to our site. If it is not clear from the context that you are being directed to a third party site, we endeavor to notify you that you are visiting a site where a different privacy policy applies. In general, any personal information you provide on the linked pages is provided directly to that third party and is subject to that third party's privacy policy. We are not responsible for the content or privacy and security practices and policies of websites to which we link. We encourage you to learn about their privacy and security practices and policies before providing them with personal information.

H. Email Communications

From time to time, we may send you emails regarding updates to our websites, mobile applications or products/services, notices about our organization, or information about products/services we offer (or promotional offers from third parties) that we think may be of interest to you. If you wish to unsubscribe from such emails, simply click the “unsubscribe” link provided at the bottom of the email communication. You may also update your subscriptions by clicking the “unsubscribe preferences” link. Note that you cannot unsubscribe from certain services-related email communications (e.g., account verification, confirmations of transactions, technical or legal notices).

Atlantic Aviation is the owner of all email distribution lists distributed using Atlantic Aviation websites and applications, and Atlantic Aviation is solely responsible for the composition and membership of each list. Atlantic Aviation will not conduct any of the following activities to obtain email distribution lists: harvest emails from web sites; purchase lists (regardless of whether they are opt-in or not); have a pre-checked field on websites/forms; have a subscription form that subscribes users to an unrelated list; add an email address into a list without the consumer’s express permission; send unsolicited mail to newsgroups, message boards, distribution lists, or email addresses; email a consumer who has requested to be removed from your list; and utilize a list older than six (6) months without reconfirming the recipients’ subscriptions.

All Atlantic Aviation subscribers to be used in connection with Atlantic Aviation websites and applications have provided permission to Atlantic Aviation to send them email. An opt-in can occur via either a sign-up form on a web site, at a point-of-sale sign-up form, or on a physical sign-up sheet. Any opt-in form should include a clear description of what will be sent and how often it will be sent. Purchased lists may not be used within Atlantic Aviation’s websites and/or applications, regardless of the source or permission status.

For Canadian recipients, CASL (“Canada’s Anti-Spam Legislation) prohibits spam, malware, spyware, address harvesting, unauthorized alteration of transmission data as well as false and misleading electronic representations. The sender must identify itself and the persons on whose behalf a commercial electronic message is sent. Commercial electronic messages may be sent only to recipients who have given their prior consent (opt-in). All recipients’ express, or in certain cases implied, prior permission is required. When there is a business or non-business relationship, a recipient’s implied consent applies for a period of 36 months.

I. CALIFORNIA PRIVACY RIGHTS

Section 1798.83 of the California Civil Code permits California residents to request from a business, with whom the California resident has an established business relationship, certain information about the types of personal information the business has shared with third parties for those third parties' direct marketing purposes and the names and addresses of the third parties with whom the business has shared such information during the immediately preceding calendar year. You may make one (1) request each year by emailing us at privacy@micglobalservices.com or writing us at:

Data Protection Officer
ATTN: Kevin Walsh
MIC Global Services
5201 Tennyson Pkwy, Suite 150
Plano, TX 75024

If you are a California resident under age 18 and a registered user of the Service, you may ask us to remove content or information that you have posted to the Service by emailing us at privacy@micglobalservices.com. Please note that such removal does not ensure complete or comprehensive removal of the content or information posted (for example, your content or information may remain visible because it was copied and posted or reposted by a third party).

J. Questions or Concerns

If you have any questions or concerns about this privacy statement or would like to contact us for any reason, you can us at 888-380-0685.

K. Changes to this Statement

We may change this privacy statement at any time, but will alert you that changes have been made by indicating at the top of the privacy statement the date it was last updated. We encourage you to review our privacy statement to make sure you understand how your Personal Information will be used. If we make a material change to how we use Personal Information and the new uses are unrelated to uses we disclose in this statement, we will communicate the changes in advance.

EUROPEAN UNION CITIZENS AND RESIDENTS PRIVACY POLICY

1. Introduction.

The purpose of this policy is to ensure compliance with the data privacy regulations as set forth by the EU General Data Protection Regulation (GDPR).

This policy applies to personal data obtained and processed regarding individuals within the European Union and the European Economic Area (EEA).

Definitions

(a) Atlantic

Atlantic means Atlantic Aviation FBO Inc., a Delaware corporation, whose address is 5201 Tennyson Parkway, Suite 150, Plano, Texas 75024.

(b) GDPR

GDPR means General Data Protection Regulation (EU) 2016/679, a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the EEA.

Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information is, or is to be, processed.

(d) Data Processor

Data Processor means any natural or legal person who processes the data on behalf of the Data Controller.

(e) Data Subject

Data Subject is any living individual who is using our services and is the subject of Personal Data.

(f) Personal Data

Personal Data means any information relating to a Data Subject, whereby person can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. Applicability.

This policy applies to all employees of Atlantic Aviation FBO Inc, (a subsidiary of Macquarie Infrastructure Corporation “MIC”), and its related legal entities in all geographies, business lines and functions.

3. Questions About the Policy.

Questions about this policy should be directed to GDPRHelp@atlanticaviation.com.

4. Compliance.

Principles for processing personal data

Our principles for processing personal data are:

(a) Fairness and lawfulness. When we process Personal Data, the individual rights of the Data Subjects must be protected. All Personal Data must be collected and processed in a legal and fair manner.

(b) Restricted to a specific purpose. The Personal Data of each Data Subject must be processed only for specific purposes.

What Personal Data we collect and process

Atlantic collects several different types of Personal Data for various purposes. Personal Data Atlantic may collect may include, but is not limited to:

First name and last name
Phone number
Address, City, State, Province, ZIP/Postal code
Email address
Passport number

How we use the personal data

Atlantic uses the collected Personal Data for various purposes:

To provide the Data Subject with services
To notify the Data Subject about changes to our services and/or products
To provide customer support
To facilitate compliance with government regulations
To gather analysis or valuable information so that we can improve our services
To detect, prevent and address technical issues

Legal basis for collecting and processing personal data

Atlantic’s legal basis for collecting and using the personal data described in this privacy policy depends on the personal data we collect and the specific context in which we collect the information:

(a) Atlantic needs to perform a contract with you

(b) You have given Atlantic permission to do so

(d) Atlantic needs to comply with the law

When do we collect Personal Data about Data Subjects?

We collect Personal Data about a Data Subjects when the Data Subject uses our services and when the Data Subject uses our website.

For example, we may collect Personal Data about a Data Subject when the Data Subject:

(i) Requests us to book a car or hotel reservation or other products or services;

(ii) Books a flight with a company with which Atlantic does business, who transfers Personal Data to Atlantic in connection with our provision of services;

(iii) Uses one of our customer services managers for help;

(iv) Uses our fixed based operations;

(v) Uses terminals, hangars or offices provided by us or our agents;

(vi) Completes a client survey or provides us with feedback;

(vii) Interacts with us via social media, such as Facebook. In addition, we may receive Personal Data about Data Subjects from third parties, such as:

(viii) Companies that contract with us to provide services to Data Subjects;

(ix) Companies contracted by us to provide services to Data Subjects;

(x) Companies involved in your travel plans, including aircraft operators and customs and immigration authorities;

(xi) Companies such as car rental providers and car hire providers that participate in our services.

How we use cookies

Cookies are a small amount of data sent from the server, which then may be stored on a Data Subject’s computer’s hard disk drive. We may collect information about a Data Subject’s computer, including where available the Data Subject’s IP address, operating system and browser type, for system administration. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. For the same reason, we may obtain information about a Data Subject’s general internet usage by using a cookie file which is stored on the hard drive of the Data Subject’s computer. Cookies help us to improve our services and to deliver a better and more personalized service. A Data Subject can delete all cookies that are already on the Data Subject’s computer and may refuse to accept cookies by activating the setting on the Data Subject’s browser which allows the Data Subject to refuse the setting of cookies. However, if this setting is selected, the Data Subject may be unable to access certain parts of our services. Unless the browser setting is adjusted so as to refuse cookies, our system will issue cookies when a Data Subject logs on to our services, unless the cookies to be issued require the Data Subject’s informed consent.

Security, storage, and transfer

We are committed to ensuring that Personal Data is secure at all times. We have in place suitable physical, electronic and managerial procedures to safeguard and secure the Personal Data we collect online.

All of our employees and suppliers with access to Personal Data and/or who are associated with the processing of that data are contractually obliged to respect the confidentiality of such Personal Data. All Personal Data will be stored on and processed by our systems and may also be stored on and processed by systems of a third-party data processor(s) appointed by us. The Personal Data that we collect from Data Subjects may be transferred to, and stored at, a destination outside the EU and EEA. It may also be processed by employees operating outside the EU and EEA who work for us or for one of our suppliers. Such employees may be engaged in, amongst other things, the provision of support services. We obtain Personal Data pursuant to the performance of necessary services, as set forth above. We believe that it is in our legitimate interests to do so.

In addition, to the extent that a Data Subject is being presented with this policy to obtain the Data Subject’s consent for us to process and retain Personal Data, by assenting as set forth herein, the Data Subject agrees to this transfer, storing and/or processing. We will take all steps reasonably necessary to ensure that Personal Data is treated securely and in accordance with this Policy, the GDPR, and any data protection related laws that are applicable to Atlantic.

Retention of personal data

Atlantic will retain the Personal Data of a Data Subject only for as long as is necessary for the purposes set out in this Policy.

Atlantic will retain and use the Data Subject’s information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.

Transmission of information over the internet

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect a Data Subject’s Personal Data, we cannot guarantee the security of such data transmitted to us by a Data Subject. Any such transmission that originates with the Data Subject is at the Data Subject’s risk. Once we have received Personal Data, we will use commercially reasonable procedures and security features to try to prevent unauthorized access.

Data protection rights

Data Subjects have certain data protection rights. Any Data Subject who wishes to be informed what Personal Data we hold about such person and wishes such data to be removed from our systems is instructed to contact GDPRHelp@atlanticaviation.com.

In certain circumstances, Data Subjects have the following data protection rights:

The right to access, update or to delete the information we have on the Data Subject
The right of rectification
The right to object
The right of restriction
The right to data portability
The right to withdraw consent

Withdrawal of Consent

If a Data Subject withdraws consent to the processing of Personal Data of the Data Subject at any time, it may mean we will not be able to provide all or parts of the products or services the Data Subject may have requested from us.

Providing information about someone else

To the extent that a contracting or other third party is providing Personal Data to us about someone else that third party should confirm that the Data Subject has appointed the third party to act for the Data Subject, has consented to the processing of the Data Subject’s Personal Data, and that the third party has informed the Data Subject of our identity, of this Policy, and of the purposes (as set out in this Policy) for which their Personal Data will be processed.

How to access, review, transfer and delete Personal Data

We will make Personal Data available to a Data Subject upon request from the Data Subject. If we are informed that the Personal Data that we hold about the Data Subject is incorrect or is used inappropriately, we will correct, update or delete such data as appropriate. The Data Subject also has other rights such as the right to request from us erasure of personal data or restriction of processing or to object to processing and the right to data portability. For information about how to get access to Personal Data and for exercising the rights set out above, please contact GDPRHelp@atlanticaviation.com.

Disputes

The Data Subject also has the right to lodge a complaint with a supervisory authority established within the EEA. List of contact details of supervisory authorities within the EEA is available here.

5. Accountability.

Responsibility for overseeing compliance with the law and corporate Policy rests with Atlantic Aviation management (Atlantic Aviation’s Division Heads), MIC’s Senior Compliance Manager, Atlantic Aviation General Counsel and ultimately the MIC Board of Directors.

If any portion of this Policy is held to be invalid or unenforceable for any reason by a court or governmental authority of competent jurisdiction or by a supervisory authority, then such portion will be deemed to be stricken and the remainder of this Policy shall continue in full force and effect.

6. History.

Further details about rights of Data Subjects under the GDPR can be accessed here.

The General Data Protection Regulation (EU) 2016/679 ("GDPR") is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. Superseding the Data Protection Directive 95/46/EC, the regulation contains provisions and requirements pertaining to the processing of personal data of individuals (formally called data subjects in the GDPR) inside the EEA, and applies to an enterprise established in the EEA or - regardless of its location and the data subjects' citizenship - that is processing the personal information of data subjects inside the EEA.