Privacy Shield Notice

Last updated: October 2, 2018

Airy complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries (including Liechtenstein, Norway & Iceland) and Switzerland transferred to the United States pursuant to Privacy Shield. Airy has certified that it adheres to the Privacy Shield Principles as set forth below with respect to such data. If there is any conflict between the policies in the Privacy Policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov.

Purpose

The purpose of this Privacy Shield Notice (“Notice”) is to outline how we comply with the Principles with respect to the personal information we collect from EU and Swiss individuals and transfer to the United States. If you would like to obtain additional information regarding our privacy practices in connection with information collected on this website in general, please refer to our Privacy Policy. If there is any conflict between this Notice and the Privacy Policy, this Notice shall prevail.

Scope

This Notice applies to any personal information received by Airy from the European Union (including Liechtenstein, Norway & Iceland) or Switzerland in reliance on Privacy Shield.

Data Processing Activities

Airy at times acts as a data processor or a data controller when processing personal data transferred from the EEA or Switzerland. Though the types of data Airy collects and processes may vary depending on the Account Terms and our customers’ preferences, data we collect typically includes personal information relating to our users, web browsing behavior and other information relating to a user’s device used to access the services, and other information as described in our Privacy Policy. Airy processes this data to provide our business and consumer services; customer service and product support; communications and marketing; online advertising; analytics to inform and improve our services; and for other internal purposes.

Data Shield Principles

1. Notice. We will provide individuals with notice of our data collection and processing practices in our Privacy Policy, describing what personal information we collect, the purpose and use of personal information, the categories of third parties with whom we may share such information (and the purposes for which we do so), the individual’s right to access such information, the choices and means through which the individual may limit the use and disclosure of personal information, and other disclosures consistent with the Notice Principle.

You can read about our data collection and processing practices in our main Privacy Policy.

2. Choice. We will provide an individual opt-out or opt-in choice before we share their data with third parties other than our agents and service providers, or before we use it for a purpose other than it was originally collected or subsequently authorized. To limit the use and disclosure of your personal information, please submit a written request to privacy@airy.co.

3. Onward Transfers (Transfer to Third Parties). Airy may transfer personal information to certain third parties (as described in our Privacy Policy). Where we transfer personal information to a third party, will take reasonable and appropriate steps to ensure the third-party processes personal information for limited and specified purposes and in a manner consistent with Airy’s Privacy Shield obligations. Where the transfer is to a third-party agent acting on our behalf, Airy may be liable if such third parties fail to meet those obligations, and we are responsible for the event giving rise to the damage.

In certain situations, we may be also required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

4. Security. We take reasonable and appropriate measures to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction. We have implemented appropriate physical, electronic and managerial procedures to help safeguard and secure personal information from loss, misuse, unauthorized access or disclosure, alteration or destruction.

5. Data Integrity and Purpose Limitation. We will process personal information in a manner that is compatible with and relevant to the purpose for which it was collected or authorized by individuals. To the extent necessary for those purposes, we will take reasonable steps to ensure that personal information is accurate, complete, current and reliable for its intended use.

6. Access. EU and Swiss individuals have the right to reasonable access to the personal information about you that we hold. On request, we will also take reasonable steps to correct, update, amend or delete any information that is demonstrated to be inaccurate, except where the burden or expense of doing so would be disproportionate to the risks to your privacy in the case in question or where the rights of third parties would be violated.

An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct their query to privacy@airy.co. If requested to remove data, we will respond within a reasonable timeframe.

7. Jurisdiction and Enforcement. As part of our participation in Privacy Shield, we are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

8. Lawful Requests. Airy may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

9. Contact and Recourse. In compliance with the Privacy Shield Principles, Airy commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. If you have any questions about this Notice or the information that we collect from you in reliance on Privacy Shield, please contact us at privacy@airy.co or write to:

Airy, Inc.

44 Tehama St.

San Francisco, CA 94105, USA

In the event that you are concerned about how personal information you have provided to Airy has been used, please address your inquiry or complaint first to us at the address listed above. Airy takes all concerns about privacy and use of personal information very seriously, and shall endeavor to reply to you within 45 days of receiving a complaint. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, you may submit your complaint free of charge to JAMS, Airy’s designated Privacy Shield dispute resolution provider, using this link: https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.