This Privacy Policy applies to the use of the marketplace e-commerce website of JFK International Air Terminal LLC (“JFKIAT”), operator of Terminal 4 at John F. Kennedy International Airport, New York, USA (“T4”).
The JFKIAT T4 marketplace e-commerce website www.jfkt4.inflyter.com (the “website”) is provided and operated by Inflyter SAS, a company registered in France under SIREN number 811 169 812 RCS Nanterre, whose registered office is located at 191-195 Avenue Charles de Gaulle, 92200 Neuilly-sur-Seine, France (“Inflyter”).
Inflyter takes the privacy of users seriously. We are committed to protecting and respecting your privacy.
This Privacy Policy informs you about the way we, Inflyter, process your personal data when you visit and use this website and are provided with our services.
This Privacy Policy can be printed for reference by using the print command in the settings of any browser.
Among the types of personal data we process, by ourselves or through third-parties, there are your:
Complete details on each type of personal data processed are provided in the “Purposes of processing” section below or by specific explanation texts displayed prior to the personal data processing.
Personal data may be freely provided by you, or, in case of usage data, obtained automatically when using this website.
Unless specified otherwise, all personal data requested by this website is mandatory and failure to provide such personal data may make it impossible to provide our services. In cases where this website specifically states that some personal data is not mandatory, you are free not to communicate this personal data without consequences to the availability or the functioning of this website and services. If you are uncertain about which personal data is mandatory, you are welcome to contact us.
Any use of Cookies or of other tracking tools by our website or by suppliers of third-party services used by our website serves the purpose of providing our services as required by you, in addition to any other purposes described in the present Privacy Policy and in our Cookie Policy.
You are responsible for any third-party personal data obtained, published or shared by you through this website and confirm that you have the third-party’s consent to provide such personal data to us.
We may process your personal data if one of the following applies:
In any case, we will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of your personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
We take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of your personal data.
Personal data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the indicated purposes.
In addition to us, in some cases, your personal data may be accessible to certain types of persons in charge of or involved with the operation of our systems (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as data processors by us.
Your personal data is processed at our operating offices and in any other places where the parties involved in the processing are located.
Depending on your location, data transfers may involve transferring your personal data to a country other than yours, including outside the European Union and the European Economic Area.
To find out more about the place of processing of such transferred personal data, you can check the “Purposes of processing” section below.
Your personal data is processed by us and other third-parties (including, but not limited to, JFKIAT and sellers from whom you may purchase goods via the website) in order to allow us to:
For specific information about the personal data used for the listed purposes, please see below:
|
Facebook permissions |
Our systems may ask for some Facebook permissions allowing it to connect and perform actions with your Facebook account provided by Facebook Inc. and to retrieve information, including personal data, from it. For more information about the following permissions, refer to the Facebook permissions documentation and to the Facebook Privacy Policy.
By default, this includes certain personal data such as id, name, picture, gender, and your locale. Certain of your connections, such as Friends, are also available. If you have made more of your personal data public, more information will be available.
Provides access your contact email address. Provides access to your primary email address.
Provides access to your hometown.
Allows to add or modify your photos. |
|
Device permissions for personal data access |
Depending on your specific device, our systems may request certain permissions that allow them to access your device data as described below. By default, these permissions must be granted by you before the respective information can be accessed. Once the permission has been given, it can be revoked by you at any time. In order to revoke these permissions, you may refer to your device settings or contact us for support. The exact procedure for controlling app permissions may be dependent on your device and software. Please note that the revoking of such permissions might impact the proper functioning of our systems.
Used for accessing your approximate device location. Our systems may collect, use, and share your location data in order to provide location-based services. Your geographic location is determined in a manner that is not continuous. This means that it is impossible for our systems to derive your approximate position on a continuous basis. |
|
Access to third-party accounts |
This type of service allows our systems to access personal data from your account on a third-party service and perform actions with it. These services are not activated automatically but require explicit authorization by you.
Allows our systems to connect with your Facebook account provided by Facebook, Inc. Permissions asked: contact email, email, hometown, upload photos. Place of processing: United States – Privacy Policy. Privacy Shield participant. |
|
Advertising |
This type of service allows your personal data to be utilized for advertising communication purposes displayed in the form of banners and other advertisements on our systems, possibly based on your interests. This does not mean that all personal data is used for this purpose. For information and conditions of use please see our Cookie Policy. |
|
Analytics |
This type of services enables us to monitor and analyse web traffic and can be used to keep track your behaviour. For information and conditions of use please see our Cookie Policy. |
|
Backup saving and management |
This type of service allows us to save and manage backups of our systems on external servers managed by service providers. The backups may include the source code and content as well as the personal data that you provide to our systems.
A service to save and manage backups provided by Amazon Web Services Inc. Personal data processed: various types of personal data as specified in the privacy policy of the service. Place of processing: United States – Privacy Policy. |
|
Contacting you |
By registering on the mailing list or for the newsletter, your email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning our systems and services. Your email address might also be added to this list as a result of signing up to our systems or after making a purchase. Personal data processed: email address, first name, last name, phone number.
If you provide your phone number you might be contacted for commercial or promotional purposes related to our systems and services, as well as for fulfilling support requests. Personal data processed: phone number. |
|
Handling payments |
Unless otherwise specified, our systems process any payments by credit card, bank transfer or other means via external payment service providers. In general and unless otherwise stated, you are requested to provide your payment details and personal information directly to such payment service providers. Our systems are not involved in the processing of such information: instead, they will only receive a notification by the relevant payment service provider as to whether payment has been successfully completed.
A payment service provided by Stripe Inc. Personal data processed: various types as specified in the privacy policy of the service. Place of processing: United States – Privacy Policy. Privacy Shield participant. |
|
Hosting and backend infrastructure |
This type of service has the purpose of hosting personal data and files that enable our systems to run and be distributed, as well as to provide a ready-made infrastructure to run specific features or parts of our systems. Some services among those listed below, if any, may work through geographically distributed servers, making it difficult to determine the actual location where the personal data is stored.
A hosting and backend service provided by Amazon Web Services, Inc. Personal data processed: various types as specified in the privacy policy of the service. Place of processing: Ireland – Privacy Policy. Privacy Shield participant.
A hosting service provided by GitHub, Inc. Personal data processed: various types as specified in the privacy policy of the service. Place of processing: United States – Privacy Policy. Privacy Shield participant. |
|
Location-based interactions |
Our systems may collect, use, and share your location data in order to provide location-based services. Most browsers and devices provide tools to opt-out from this feature by default. If explicit authorization has been provided, your location data may be tracked by our systems.
Our systems may collect, use, and share your location data in order to provide location-based services. Most browsers and devices provide tools to opt out from this feature by default. If explicit authorization has been provided, your location data may be tracked by this our systems. Your geographic location is determined in a manner that is not continuous, either at your specific request or when you do not point out your current location in the appropriate field and allows our systems to detect the position automatically. |
|
Managing contacts and sending messages |
This type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with you. The service may also collect data concerning the date and time when the message was viewed by you, as well as when you interacted with it, such as by clicking on links included in the message.
An email address management and message sending service provided by Amazon.com Inc. Personal Data processed: email address. Place of processing: United States – Privacy Policy. Privacy Shield participant. |
|
Registration and authentication |
By registering or authenticating, you allow our systems to identify you and give you access to dedicated services. Depending on what is described below, personal data may be collected and stored for registration or identification purposes only. The personal data collected is therefore only that necessary for the provision of the service requested by you. Third-parties may also provide registration and authentication services. In this case, our systems will be able to access some personal data, stored by these third-party services, for registration or identification purposes.
You register by filling out the registration form and providing your personal data directly to our systems. Personal data processed: first name, last name, date of birth, profession, company name, email address, profile picture and other types of personal data.
A registration and authentication service provided by Linkedin Corporation and connected to the Linkedin social network. Personal data processed: various types as specified in the privacy policy of the service. Place of processing: United States – Privacy Policy. Privacy Shield participant.
A registration and authentication service provided by Facebook, Inc. and connected to the Facebook social network. Personal data processed: various types as specified in the privacy policy of the service. Place of processing: United States – Privacy Policy. Privacy Shield participant.
A registration and authentication service provided by Auth0, Inc. To simplify the registration and authentication process, Auth0 can make use of third-party identity providers and save the information on its platform. Personal data processed: Cookies, email address, first name, last name, password, picture, various types as specified in the privacy policy of the service. Place of processing: United States – Privacy Policy; European Union – Privacy Policy. Privacy Shield participant. |
|
Remarketing and behavioural targeting |
This type of service allows our systems and their partners to inform, optimize and serve advertising based on past use of our systems by you. This activity is performed by tracking usage data and by using Cookies, information that is transferred to the partners that manage the remarketing and behavioural targeting activity. For information and conditions of use please see our Cookie Policy. |
|
Selling goods and services online |
In order to be purchased, some products available for sale may require extra verification steps to comply with merchant’s local sales regulations and/or local applicable governmental laws. To do so, we reserve the right to ask for an official identity documentation and/or a boarding pass scan to complete the order process. All collected information is used with the sole purpose of local sales regulation compliance and/or local applicable governmental laws and are only kept for the time necessary to fulfil this purpose. |
|
Social features |
You may have public profiles that other users can display. In addition to the personal data provided, this profile may contain your interactions with our systems. Personal data processed: first name, last name, company name, geographic position, picture. |
Your personal data shall be processed and stored for as long as required by the purpose they have been collected for:
Once the retention period expires, your personal data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
You may exercise certain rights regarding your personal data processed by us. In particular, you have the right to do the following:
Where personal data is processed for a public interest, in the exercise of an official authority vested in us or for the purposes of the legitimate interests pursued by us, you may object to such processing by providing a ground related to your particular situation to justify the objection.
Should your personal data be processed for direct marketing purposes, you can object to that processing at any time without providing any justification. To learn whether we are processing your personal data for direct marketing purposes, you may refer to the “Purposes of processing” section above.
Any requests to exercise your rights can be directed to us through the contact details provided in this Privacy Policy. These requests can be exercised free of charge and will be addressed by us as early as possible and always within one month.
Our systems use Cookies and other technologies named Trackers. To learn more, you may consult our Cookie Policy.
Our systems do not support “Do Not Track” requests. To determine whether any of the third-party services this website uses honour the “Do Not Track” requests, please read their respective privacy policies.
Your personal data may be used for legal purposes by us in court or in the stages leading to possible legal action arising from improper use of this website or our related services.
You declare to be aware that we may be required to reveal personal data upon request of public authorities.
For operation and maintenance purposes, this website and any third-party services may collect files that record interaction with this website (System logs) and personal data (such as the IP address) for this purpose.
We do not knowingly collect or solicit personal data from anyone under the age of 18. If you are under 18, please do not attempt to register for our services or send any personal data about yourself to us.
If we learn that we have collected personal data from a child under age 18, we will delete that information as quickly as possible. If you believe that a child under 18 may have provided us personal data, please contact us a soon as possible.
In addition to the information contained in this Privacy Policy, this website may provide you with additional and contextual information concerning particular services or the processing of personal data upon request.
More details concerning the processing of personal data may be requested from us at any time. Please see the contact information below.
Data controller:
Inflyter SAS
191-195 Avenue Charles de Gaulle
92200 Neuilly-sur-Seine
FRANCE
Registered in France under SIREN 811169812
Data Protection Officer:
To exercise any of your rights or if you have any questions about our Privacy Policy please contact privacy@inflyter.com
We reserve the right to make changes to this Privacy Policy at any time by notifying you on this section of the website page and possibly within our systems and/or – as far as technically and legally feasible – sending a notice to you via any contact information available to us. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.
Should the changes affect processing activities performed on the basis of your consent, we shall collect new consent from you, where required.
This Privacy Policy relates solely to this website, if not stated otherwise herein.
Latest update: May 10, 2021
