Avinode Group

Privacy Policy

Updated May 1, 2024

1. Introduction

This Privacy and Cookies Notice (the “Notice“) describes how CS Sweden Holdings AB and CAMP Systems International, Inc. (collectively “Avinode Group, ” “we“, “our” or “us”) handles personal information in connection with the Avinode Group’s products and services, which include the Avinode, Schedaero, and Paynode products and services and their associated websites and web-based and mobile applications (collectively the “Services”). The Services also include our technical maintenance and customer support services. The Services are intended for users acting in a professional capacity for informational, operational, and research purposes.

In addition, this Notice describes how Avinode Group handles personal information obtained through the public-facing pages of its websites associated with the Services (collectively the “Sites”).

This Notice describes how we use the personal information obtained through the Services, and with whom we may share that information. Depending on where you live, you may have certain rights with respect to your personal information that we process. Please see the section below titled “Your Privacy Rights” and “Additional Information for California Residents” for additional information.

This Notice does not describe the data handling practices of the air charter companies, flight departments, aircraft operators, and other customers (collectively, the “Customers”) who use the Services nor those of the third-party partners or vendors with whom Customers connect from our Services platforms to make payments, bookings or other arrangements (such as payment processing platforms and booking platforms) (collectively, the “Third-Party Vendors”). We encourage you to review the privacy notices and similar statements of the relevant Customers and Third-Party Vendors to learn about their privacy practices, including about the cookies and similar technologies they may use. With respect to privacy rights you may have with regards to personal information Customers and Third-Party Vendors may collect and provide to Avinode Group for processing, please contact the applicable Customer or Third-Party Vendor directly to submit your request.

In addition, we de-identify and/or aggregate the personal information and other data we obtain through the Services (the “De-identified Data“). The requirements and limitations described in this Notice on our collection, use, sharing, disclosure, transfer and retention of personal information do not apply to such De- identified Data as well as other information that cannot be used to identify you.

2. What Personal Information We Obtain (Categories of Personal Information We Collect)

Avinode Group obtains personal information through the Services and Sites. This personal information may be provided by you directly, such as when you complete a form available through the Services and Sites, or it may be automatically collected from your browser or mobile device using technologies such as cookies. We also obtain personal information in connection with our Customers’ use of the Services, including when they make bookings or other arrangements using the Services. In addition, Avinode Group obtains personal information about our Customers’ representatives as part of the contracting or registration process, for marketing purposes and during the ordinary course of business.

2.1 Personal information we obtain from you when you interact with the Sites:

We may ask you to provide your personal information when you engage with the Sites(for example, when you sign up for marketing emails or engage with the Sitesto request a demo). You may not be able to use certain features if you choose not to submit the requested personal information. The personal information we collect directly from you may include details such as your contact information (e.g., name, email address, phone number, company name, address).

2.2 Personal information we obtain from Customers (and their authorized users) in connection with the Services:

The personal information we obtain from our Customers and their authorized users may include:

  • Contact information (e.g., name, email address, company name and address).
  • Log in information (e.g., credentials for accessing the Services).
  • Personal information shared in connection with calls or requests to our technical, maintenance and customer support services.
  • Other personal information provided through the Services.

In addition, when Customers or others use the Services, we obtain personal information of individuals, including pilots, aircraft owners, crew members and passengers, on whose behalf bookings or other arrangements are made by the relevant Customer (the “Traveler and Crew Data“). Depending on the Service, this may include:

  • Contact information (e.g., name, email address, phone number and postal address) and demographic information (e.g., gender, date of birth).
  • Government-issued identifiers, passport information and visa status for aircraft owners/operators, passengers, and crew.
  • Flight and aircraft information (e.g., origin and destination airports, estimated travel time).
  • Payment information (e.g., credit card information, wire transfer information).
  • Training and certification information (e.g., pilot certification, flight times, and training status).
  • Other information they choose to provide through the Services (e.g., photographs, security status, rewards number).

2.3 Personal information we obtain from other sources:

We may use personal information we obtain in connection with the provision of the Services and Sites along with other personal information we may have about you, including personal information obtained offline, from Third-Party Vendors (such as booking confirmation information). In connection with the Services, we may obtain information from publicly or commercially available sources, such as the Federal Aviation Authority or national equivalent. If you are a representative of a Customer or potential customer, we may obtain personal information about you from your organization, for example, through the contract negotiation process. We may obtain your personal information if you attend an industry conference or event. We may also obtain personal information from our affiliates.

2.4 Data automatically collected through cookies and similar technologies:

We and our service providers may automatically obtain certain information (some of which may constitute personal information), when you access the Services and Sites from your web browser or mobile device, such as data about the number and frequency of visitors, technical data about browsers and devices used to access the Services and Sites, and data about crashes or other technical issues. In addition, we and third parties may automatically collect certain data through automated means about your activities over time across the browsers and devices you use to access the Services and Sites as well as across third-party sites, apps or other media. These technologies may assign or collect a unique identifier on your browser or device, and may reside, among other places, on your computer or device, within webpages or mobile apps. We may use these technologies to administer, understand the usage of, and improve the offerings of the Services and Sites.

Cookies and similar technologies on the Services and Sites may be served directly by us (referred to as ‘first-party cookies’) or by others such as data analytics companies (referred to as ‘third-party cookies’). Cookies and similar technologies are browser- and device-specific and may endure for different periods of time. Some are deleted automatically once you close your browser or exit the Services and/or Sites. These are sometimes referred to as ‘session cookies’. Other cookies are ‘persistent cookies’, meaning that they remain on your device after your browser is closed.

You have the right to choose to opt out of certain cookies and similar technologies on the Sites. However, if you choose to refuse or remove cookies and similar technologies, this could affect the availability and functionality of the and Sites, as applicable.

The Sites use analytics to measure usage and help improve both the user experience and functionality, including third-party analytics provided by Google Analytics. To opt-out of Google Analytics on your device or browser, please visit https://tools.google.com/dlpage/gaoptout and follow the instructions.

3. How We Use Personal Information We Obtain (Business or Commercial Purpose for Collecting Personal Information)

We use personal information we obtain in connection with the provision of the Services for a number of purposes, including, but not limited to:

  • Making the Services available, responding to requests or inquiries and providing customer support.
  • Performing the Services contracted or requested by our Customers, including facilitating bookings and other arrangements and enabling integrations, APIs, data exchanges with systems used by our Customers, which may include our affiliates’ offerings and third-party offerings, such as Third-Party Vendors’ offerings.
  • Improving the Services and other offerings from the Avinode Group and developing new products and services.
  • Communicating with you about the Services and our and our affiliates’ products and services.
  • Analyzing and customizing the user experience.
  • Generating statistics, performing data analytics, anonymizing and/or aggregating data to prepare internal, customer and industry insights.
  • Detecting, preventing, and responding to violations of this Notice and/or any applicable terms violations of law, or other misuse of the Services.
  • Performing audits, assessments, and testing or troubleshooting activities.
  • Backing up our systems (including for disaster recovery purposes) and enhancing the security of the Services.
  • Complying with and enforcing applicable contractual obligations or industry and legal requirements (including legal process such as court orders, warrants or subpoenas).
  • Assessing compliance with applicable laws and/or sanctions regulations.

With respect to visitors to the Sites, Customer representatives, or potential Customers, we may keep their contact information to send them communications, including email or other communications marketing and advertising our or our affiliates’ products, services and other offerings.

4. How We Provide Personal Information to Others (Business or Commercial Purpose for Providing Personal Information to Third Parties and Other Entities)

We may provide personal information we obtain in connection with the operation of the Services to others, including as follows:

  • With Third-Party Vendors with whom Customers may interact through the Services, including to make payments, bookings or other arrangements using the Services (e.g., payment processors, booking platforms), as instructed or requested by the relevant Customer.
  • With business partners (e.g., joint marketing partners).
  • With other entities, as instructed or requested by the relevant Customer (e.g., a flight scheduling system as a result of APIs or integrations).
  • With third parties that provide services or handle transactions on our behalf (e.g., email service provider).
  • With third parties that assist us in meeting our compliance obligations (e.g., service providers who complete sanctions review).
  • With government authorities as needed to facilitate the Services and to comply with applicable laws.
  • With our affiliates and subsidiaries.
  • As we believe is necessary or appropriate to protect, enforce, or defend our legal rights, the privacy or safety of our employees, users of the Services or other individuals and entities, or to comply with or enforce applicable law or legal process, including responding to court orders, warrants, subpoenas and other requests from public and government authorities.

Please note that if you complete a booking or other arrangement through the Services, we will provide the relevant Third-Party Vendor with Traveler and Crew Data to complete the transaction you requested. Third-Party Vendors may contact you directly to obtain additional information if required to facilitate your booking or to otherwise provide the requested services. These Third-Party Vendors are independent from us and are responsible for the handling and use of personal information, including personal information that we may provide to them. These Third-Party Vendors are responsible for compliance with applicable laws, including privacy laws, and rights that individuals may have with respect to their personal information. You should direct any questions or concerns with respect to information directly to such Third-Party Vendors.

We also reserve the right to transfer any of the information (including personal information) we have about you to proceed with the consideration, negotiation, or completion of a sale or transfer of all or a portion of our business or assets to a third party, such as in the event of a merger, acquisition or other disposition, or in connection with a bankruptcy reorganization, dissolution, or liquidation.

In addition, we may share your personal information with third parties when you consent to or request such sharing.

5. How We Protect Your Personal Information

We maintain reasonable administrative, technical and physical safeguards to protect the personal information we obtain through the Services. However, no method of transmission over the internet, or method of electronic storage, is 100% secure. Therefore, while we make reasonable efforts to protect your personal information, we cannot guarantee its absolute security.

7. Do Not Track

The Avinode Group does not currently take steps to respond to browsers’ “Do Not Track” signals.

8. International Data Transfers

The Avinode Group operates the Sites in different regions, including the United States. These different regions may not provide the same level of protection for your personal information as your home country. Where applicable, we take steps to comply with applicable legal requirements for the transfer of personal information.

9. Children’s Information

The Sites are not directed to, nor does the Avinode Group knowingly collect personal information from, children under the age of 18. If you become aware that your child or any child under your care has provided us with personal information without your consent, please contact us as indicated below. If any information about children is collected as a result of the Services, it is up to the relevant Customer of user of the Services to ensure that parental consent or other required permissions have been obtained.

10. Dispute Resolution/Terms & Conditions

Any dispute concerning the Services (including our use of your personal information) will be resolved per the dispute resolution provision and/or other provisions in the applicable terms for the Services you interact with.

11. Changes To This Privacy Notice

We may update this Notice from time to time to reflect changes in our privacy practices or applicable laws. In accordance with applicable law, we may make such changes without prior notice. We will publish the updated version through the Services and Sites and indicate at the top of the Notice when it was most recently updated. Your use of the Services and Sites will be governed by the current version of this Notice.

12. Your Privacy Rights

Depending on where you live, and subject to certain exceptions, you may be afforded certain rights with respect to your personal information as outlined below. Please note that in order to exercise your rights as relates to Traveler and Crew Data we hold about you on behalf of our Customers in connection with the use of the Services to manage logistics, communicate or make bookings or other arrangements on your behalf, you must contact the relevant Customer. We are not responsible for and have no control over the privacy and data security practices of our Customers, which may differ from those explained in this Notice.

12.1 Who is Responsible for Your Personal Information?

Each of our Customers is the responsible data controller for the personal information they collect and maintain using the Services, including any Traveler and Crew Data. Individuals with concerns about the personal information obtained through the Services should contact the relevant Customer with their concerns.

Depending on the Sites, the data controller for personal information we obtain from visitors to the Sites, Customer representatives, and potential Customers for our own business purposes is either CS Sweden Holdings AB or CAMP Systems International Inc. The below information applies to our data processing activities as a data controller only. You can contact us at [email protected], and please specify the Site you are contacting us about.

12.2 Legal Bases for Using Your Personal Information

Where required under applicable law, we process personal information of prospective customers/ individuals who interact with the Services to sign up for newsletters, request demos of the Services, or otherwise communicate with us, on the following legal bases:

  • To provide the Services in performance of a contract. We process personal information to perform our contractual obligations when we make the Services available to you at the request of a Customer. For example, this includes when we obtain your registration information and manage your user account. We may share your personal information on this legal basis with our affiliates and subsidiaries, our service providers and as instructed by the relevant Customer.
  • To pursue our legitimate interests. We process your personal information to meet our legitimate interests when we use your personal information to provide you with the Services and Sites, to communicate with you about our offerings and for our advertising and marketing purposes. For example, our legitimate interests include making improvements to, customizing and understanding how you interact with the Services and Sites and sending you communications about products and services we think may be of interest to you. To accomplish our legitimate interests, we may share your information with our affiliates, subsidiaries and service providers (including for our advertising and marketing purposes), with business partners and in the context of a corporate transaction. We maintain safeguards to protect the information we process to pursue our legitimate interests.
  • To comply with our legal obligations. We process and share your personal information as necessary to comply with our legal obligations when we use your information to fulfill our compliance obligations, protect our rights or the rights of others, and when we share your information with other parties where required by law or as necessary to protect our rights.
  • With your consent. We obtain your consent to process your personal information when we are required to do so by law. If consent is the legal basis on which we process your personal information, you can withdraw your consent at any time by contacting us using the information provided in the “Contact Us” section below.

12.3 Rights You May Have With Respect to Your Personal Information

In certain circumstances, and subject to exceptions, visitors to the Sites, Customer representatives, and prospective Customers may have certain rights with respect to their personal information.

If you are a visitor to the Sites, Customer representatives, or prospective Customer and you would like to submit a request to exercise rights with respect to the personal information we collected about you through the Services, please contact us with your request by email at [email protected]. For such requests, please put the statement “Privacy Rights Request” in the body of your email, as well as your full name, email address, mailing address and specify the privacy right you wish to exercise at this time. If you submit a request to exercise any of the below rights (each a “Privacy Rights Request”), we may request additional information to enable us to process your request or direct you to the applicable Customer who has provided your information to us.

  1. Right to access your personal information. You may request to access the categories and specific pieces of personal information that we collected about you through the Services
  2. Right to deletion/erasure. Subject to certain exceptions, you may ask us to delete the personal information we collected about you through the Services.
  3. Right to correct/rectify. You may submit a request to rectify or update your personal information if it is inaccurate. Please note that this is not an absolute right, and we reserve the right to reject your request where exceptions apply.
  4. Right to opt out of sale: Note that under applicable privacy laws, certain types of sharing of personal information may constitute a “sale” of your personal information. As described above, in order to deliver our Services as directed by the relevant Customer, we may provide Passenger Data to others for certain purposes, including providing personal information to Third-Party Vendors in order to make a booking. Please note that this interaction does not constitute “selling” or “sharing” your personal information as such terms are defined under applicable privacy laws, and is not subject to the right to opt out. We also engage in certain advertising practices to more accurately target our advertisements to relevant audiences, which may be considered “selling” or “sharing” your personal information under applicable state laws. In certain jurisdictions, eligible individuals have the right to opt out of the “sale” or “sharing” of their personal information. To exercise your opt out rights with respect to your device or browser, please review the cookie banner at the bottom of the Sites you have interacted with.
  5. Right to be free from discrimination. You may exercise any of the above rights without fear of being denied goods or services.
  6. Right to object. You may have the right to object and request that we cease processing your personal information for certain purposes.
  7. Right to portability. Subject to certain exceptions, you may request that we share your personal information in a usable format with another company.

In addition, certain pieces of personal information that we may have about you may be considered “sensitive” under applicable laws (e.g., account login credentials, government identifier information). Please note that we only process such information in order to provide the Services.

To submit a Privacy Rights Request, or to ask any questions regarding your privacy rights, please contact [email protected].  For such requests, please put the statement “Privacy Rights Request” in the body of your email, as well as your full name, email address, mailing address and specify the Privacy Rights Request you wish to exercise at this time.

12.4 Storing Your Personal Information

We keep the personal information for which we are a data controller for as long as we have a relationship with you. After our relationship with you has ended, we retain your personal information as necessary and appropriate to enable us to:

  • Maintain business records for analysis, understanding market trends and/or audit purposes and to improve the Services and Sites and other offerings from the Avinode Group and/or our affiliates.
  • Comply with record retention requirements under applicable laws or other relevant legal, regulatory or industry requirements.
  • Defend, establish, exercise or bring any existing or potential legal claims.
  • Carry out fraud detection and prevention.
  • Deal with any complaints regarding the Services, the Sites, and our affiliates’ offerings.

12.5 Contact, Questions and Complaints

If you are a visitor to the Sites, Customer representative, or prospective Customer you can contact us at [email protected].

Individuals in the EEA, United Kingdom, and Switzerland whose Traveler and Crew Data is processed by us as a data processor on behalf of a Customer should contact the relevant Customer with any requests or complaints.

We are committed to working with you to obtain a fair resolution in the event you have a complaint or concern about our data processing activities. Depending on where you live, however, if you believe that we have not been able to assist with your complaint or concern, you may have the right to make a complaint to a data protection authority.

In addition, certain privacy laws afford eligible residents the right to appeal a denial of a Privacy Rights Request in whole or in part.  For additional information regarding how to submit a Privacy Rights Request appeal, please email [email protected].

13. Notice at Collection/Additional Information For California Residents

Under the California Consumer Privacy Act of 2018 as amended from time to time (“CCPA”), specific disclosures are required, and eligible California residents have additional rights regarding their personal information. For information about the categories of personal information we collect, our business or commercial purpose for collecting personal information, and our business or commercial purpose for providing personal information to third parties and other entities, please review Section 2, Section 3, and Section 4 above. To learn more about rights you may have with respect to your personal information, please review the information in Section 13 above.

If you would like to exercise your CCPA rights with respect to your Passenger Data submitted by a Customer to manage logistics, communicate or make bookings or other arrangements on your behalf, please contact the Customer directly to exercise your CCPA rights. We are not responsible for and have no control over the privacy and data security practices of our Customers, which may differ from those explained in this Notice.

If you are a visitor to the Sites, Customer representative, or prospective and you would like to exercise your CCPA rights with respect to the personal information we collected about you through the Services, please contact us with your request by email at [email protected]. For such requests, please put the statement “California CCPA Rights” in the body of your email, as well as your full name and email address, and specify the CCPA right you wish to exercise at this time. You may exercise their privacy rights without fear of being denied goods or services.

14. Contact Us

If you have any questions about this Notice or if you are an eligible individual who would like to submit a Privacy Rights Request in accordance with applicable laws, please contact us at [email protected].

15. Subprocessors

Third-Party Subprocessors

Avinode Group engages the third-party entities described below to perform limited activities in connection with our services. The description shows what activity each entity performs and indicates if an entity is only relevant to a specific product. More information about each activity is provided directly below. This explains the limited processing of Customer Data the entity is authorized to perform.

Data Center Operations:
Operates and maintains the data center and equipment that stores Customer Data.

Managed Service:
A managed service that Avinode Group embeds or utilizes as part of our service offering.

 Subprocessor   PII  Registered In  Processing performed  Notes
Microsoft
  • Full Name
  • Work email address
  • Personal email address
  • Phone number
  • Company name + job title
 United States of America
  • Azure: hosted in the United States of America
  • Dynamics 365 CRM: hosted in Amsterdam, the Netherlands.
  • Business Central:
    • the Swedish BC is hosted on Ireland.
    • The American BC data is hosted in Virgina, USA.
  • Data Center Operations
  • Managed Service
  • Avinode Group services are hosted in Microsoft Azure
  • Avinode Group services utilizes a number of Microsoft Azure products and services in the delivery of our own SASS services.
  • Avinode Group uses Microsoft Dynamics 365 running in the Azure cloud
Elasticsearch Indexed document contents may include.

  • Full Name
  • Email address
  • Phone number
  • Company name + job title
 United States of America United States of America
  • Managed Service
  • Avinode Group uses Elastic Cloud to power some search functionality in our services
  • General Privacy Statement
Google Browsing history and device information. United States of America Unspecified
  • Managed Service
  • Avinode Group uses Google Analytics for our public websites. It is not used within our product offerings.
Zapier
  • Full Name
  • Work email address
  • Personal email address
  • Phone number
  • Company name + job title
 United States of America United States of America
  • Managed Service
  • Avinode Group uses Zapier for process automation.
  • Data privacy
Mailgun Email contents may include the following;

  • Name
  • Email address
  • Phone
 United States of America United States of America
  • Managed service
  • Avinode Group uses Mailgun for some email functionality.
  • Privacy Policy
Twilio SendGrid

Email contents may include the following;

  • Name
  • Email address
  • Phone number
 United States of America United States of America
New Relic None United States of America Unspecified
Pendo
  • Site activity and device characteristics
  • Full name
  • Work email address
  • Personal email address
  • Phone number
  • Company name + job title
 United States of America United States of America
Pushwoosh Message contents may include.

  • Full name
  • Email address
  • Phone number
  • Company name + job title
 United States of America United States of America
  • Managed service
  • Avinode Group uses Pushwoosh for the delivery of mobile push notifications.
Azure Databricks
  • Full name
  • Work email address
  • Personal email address
  • Phone number
  • Company name + job title
 United States of America United States of America
  • Managed service running in Microsoft Azure
  • Data analytics and warehousing
  • Privacy Notice
Zendesk
  • Full name
  • Email address
  • Phone number
  • Company name + job title
 United States of America Various AWS regions
  • Managed service running on AWS
  • Customer support and ticketing
  • Privacy Notice
Gong
  • Full name
  • Email address
  • Company name + job title
  • Recorded meeting data
 United States of America United States of America, Europe, Israel and other locations, as reasonably necessary for the proper performance and delivery of our Services
  • Managed service
  • We use Gong to record and analyze Zoom meetings. All users involved opt-into this when they join a Gong-facilitated meeting on Zoom.
  • Gong also integrates into Outlook and Dynamics to track contact + account data data along with meeting records.
  • Privacy Policy
ZoomInfo
  • Full name
  • Email address
  • Company name + job title
 United States of America USA, but also has international affiliate sub-processers: Sub-Processors
  • Managed service
  • ZoomInfo is a contact and company database we use to see customer and prospect contact information.
  • Any person can contact ZoomInfo to have their contact data removed from their database.
  • Privacy Policy
EverAfter
  • Full name
  • Email address
  • Aircraft information
  • Company name + job title
 United States of America EU, US, and Israel
  • Managed service
  • We use EverAfter as a customer onboarding hub. Customers enter their contact and company information that is relevant for setting up their account and for us to provide our services.
  • Privacy Policy