This notice was last updated on 21st April 2021. We may change this notice from time to time, so please check this page occasionally to make sure you are happy with any changes.
We are committed to respecting your privacy and information that could identify you as an individual (‘personal data’). This notice describes the personal data we may collect about you, how we use and secure it, and your rights in respect of such personal data.
Who are we?
We are Airbox Systems, experts in collaborative and interactive mapping solutions. We are a company registered in England and Wales number 10298260, with our registered office at 4 The Quadrangle, Downsview Road, Grove Business Centre, Wantage, OX12 9FA, UK. Unless stated otherwise, we are the controller of the personal data described in this notice.
How do we collect personal data?
We collect and combine personal data from the following sources:
- Information you provide to us
You may provide us with personal data by filling in forms on our website, submitting information to one of our product or service portals, meeting with us, or contacting us via post, telephone, email, chat or other form of communication.
- Information we collect ourselves
When you visit our websites or portals, we may automatically collect information about the device you are using and the way that you use such site or portal.
- Information we receive from others
We may receive personal data from publicly available sources and other organisations such as advertisers, suppliers, service providers, trade agents and resellers. If you apply for a job with us, we may receive information from recruitment agencies, employment background screening agencies and your named referees.
What personal data do we collect?
Personal data collected might include items such as your name, date of birth, gender, job title, contact details, IP address or other unique device ID. If you make a purchase from our website, we pass your payment details onto our third-party e-commerce provider.
If you apply for a job with us, we may also ask you to provide work and educational history, information about your skills and experience, and proof of your right to work in the relevant country. You may also be required to undergo background check/ security vetting, in which case we will pass the relevant information to third-party vetting provider or government agency. You are not required to provide all requested information, but failure to do so may result in us being unable to proceed with your candidacy for a role.
How do we use your personal data?
Our usage will be based on performance of our contract with you, compliance with our legal obligations, protection of your health (or the health of another person) in an emergency, pursuance of our legitimate interests (provided that these are not overridden by your rights, freedoms and interests), your consent, or another purpose permitted by law. Some examples are given below.
We do not share your personal information with any third parties for the purposes of advertising and marketing.
We may send you information about our products and services. Where required by law, we will obtain your consent before contacting you. You can ask us to stop sending you marketing communications at any time by contacting [email protected] or clicking on any unsubscribe options in the communications that you receive. We do not sell or rent personal data to third parties.
We may use your personal data to provide the products and services you requested, manage your account, and send you notices and correspondence about your account. We may also use your personal data for the purposes of billing, forecasting, product roadmap and lifecycle planning, trend analysis and financial reporting.
If you contact us to report problems or ask questions about our products and services, we will record details of our interaction with you in our support ticket management system. We may use this information to respond to your request, improve our existing products and services, research and develop new products and services, troubleshoot and remedy issues with our products and services, monitor trends, monitor support response times and effectiveness, seek feedback about our products and services, monitor customer satisfaction, and provide staff training.
If we come to your site or otherwise access your systems and data to perform installation and other consultancy services, we may have incidental access to your personal data. In this case, you will be the controller and we will act as your processor. We will comply with your reasonable instructions to maintain the authenticity, confidentiality, security and integrity of your personal data.
Open source submissions
If you contribute code to our open source projects, we may record your name and details of your submission in our code repositories, company records and in publicly available notices that are included with the code.
We may log personal data while monitoring our company systems, data and equipment for the purposes of threat detection and prevention, investigating and remedying security incidents, and ensuring lawful use of such systems, data and equipment.
We may use your personal data to enforce our terms and conditions and to carry out checks aimed at preventing illegal activities such as export and trade sanction violations, bribery, fraud, corruption and modern slavery. We may also maintain compliance records and report on the steps we have taken to auditors and authorities.
We may use the personal data that you provide during the recruitment process for evaluating your suitability for current and future employment opportunities, record keeping in relation to recruiting and improving our recruitment processes. If you accept an offer of employment with us, any relevant personal data collected during the recruitment process will become part of your personnel records. In other cases, we will retain your information on file for a period of 6 months. At the end of this period, we may contact you to ask if you would like us to retain the information for a further period.
How do we use location data?
Our applications bring various sources of situational awareness information together into a single place to provide a common operating picture for our users. This information includes location data. Based on permissions which can be set in the host device, our applications track and display a user’s location in near real-time. The collection of location information is limited to that required for these functional purposes and is used only as part of this functionality as laid out in our user documentation. Real-time location information is shared with other permitted users of the applications, only within groups determined by the users or their organizations and as laid out in our user documentation.
We retain location data for up to 30 days unless requested otherwise and under custom arrangements on a per customer basis. This stored information is shared with no third parties unless specifically requested by the customer.
Airbox apps which collect location data are: MOSAIC, ACANS, Mission Control, Track App.
Who else may access your personal data?
We may share your personal data with service providers and suppliers who process personal data on our behalf in the course of providing their goods and services. For example, if you apply for a job with us, we use a cloud-based, third-party recruiting platform and may also be assisted by third party service providers for processes such as employment background screening. We will also share your personal data with those persons involved in the interview and selection process. We include data protection provisions in our contracts and verify the security measures of these service providers and suppliers in order to safeguard your personal data during processing.
We may also share your personal data with courts and other organisations where necessary to comply with legal obligations (for example in response to a court order) or to exercise or defend our legal rights, tax and social security authorities, group companies, insurers, lawyers, accountants, auditors, professional advisors, and buyers investors or transferees of our business or parts of our business.
Where is your personal data located?
Your personal data may be processed outside of the European Economic Area (EEA), including in countries with less protective data protection laws. In such circumstances, we take appropriate steps to safeguard your data to EEA data protection standards. For more information or to request copies of the standard contractual clauses, please contact [email protected].
How long do we keep your personal data?
We retain personal data for as long as necessary for the purpose for which the personal data was collected, or for such longer period required by law or otherwise necessary to defend or exercise our legal rights. At the end of this period (or expiry of our backup archive retention period if later), we will either delete or anonymise the personal data. For example, we automatically retain data for existing customers, we would retain CVs for 6 months, and data as required on a commercial or legal basis.
What rights do you have?
You have the following rights in respect of your personal data:
- Access Request information about personal data we hold on you
- Rectification Correct or update your personal data
- Objection Object to processing of personal data based on our legitimate interests
- Restriction Ask us to retain but otherwise stop actively processing personal data
- Erasure Request deletion of your personal data
- Portability Request your personal data in machine-readable format
- Withdrawal Withdraw consent for future processing, if we process based on your consent
- Decisions To not be subject to significant decisions based solely on automated processing
- Complaints Contact the Information Commissioner’s Office with complaints about our processing
Depending on the circumstances, we may need to verify your identity before complying with your request and we may not always be able to comply with your request in full (for example when producing your information may reveal another person’s personal data or when there is an overriding interest or conflicting legal obligation).
We may provide links to sites that are owned by other individuals or organisations. This notice only applies to us and we cannot be responsible for the privacy practices of others. We encourage you to read the privacy policies and notices on other sites that you visit.
We have ISO27001 accreditation, and have technical and organisational measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure and unauthorized access, taking into account the nature of the personal data and the associated risks.
Where you have been given or you have chosen passwords or other access control mechanisms, you are responsible for keeping these items confidential.
If you have any questions or complaints about this notice or our handling of your personal data, or if you would like to exercise any of your rights, please contact us via email to [email protected], or via post to: 4 The Quadrangle, Downsview Road, Grove Business Centre, Wantage, OX12 9FA, UK.