3. Categories of personal data processed by Bluebox
Bluebox will collect data required to complete payment for access to the system and will pass this data to our payment processing partner to process these transactions.
The Personal Data collected may include:
- Payment details: your name, credit or debit card number, expiry date and CVV number required to complete a payment
- Some services provided via the system will require capture of your address details to complete payment
Usage Data collected may include:
- Session & App ID
- Device data, including MAC address, type of device and operating system version
- Usage data, including type(s) of content used, duration, and content playback statistics
- Flight Information
Usage data will not be able to be associated with any Personal Data provided for payment purposes
4. How we collect information
We collect information from you when you:
- Complete a survey: We collect the information you submit in survey responses about your consumer experiences and preferences. This does not include any Personal Identifiable Data and completion of a survey is entirely voluntary
- Using the Bluebox Entertainment system: We automatically collect Usage Data when you interact with the Bluebox Entertainment system. This Usage Data includes content playback statistics which we collect in order to improve and enhance the customer experience. During the interaction with the Bluebox Entertainment system we also collect device data such as device type and Operating System version. This device data is used only for troubleshooting purposes and may be shared with Bluebox but contains no Personal Data.
5. Legal grounds for collecting and processing
Whenever we process your personal information we must have something called a “legal basis”. The legal bases we use are
- Consent: You have told us you are happy for us to process your personal information for a specific purpose
- Contract: we require your personal data to fulfil our contractual obligations in order to provide you with our services
6. Your rights and choices concerning Personal Data processing
6.1 The right to be informed
At the time of collecting personal data we will inform the individual what we plan to do with their data, where that data will be processed and the details of their rights under the GDPR.
6.2 The right to access
Individuals have the right to request any personal data held by Bluebox either verbally or in writing and if they do so are entitled to obtain the following:
- The personal data in question
- The purpose of the processing
- The categories of data
- The identities of all other parties we have already, or will in future, share that data with
- How long we plan to hold their data, or the criteria by which we determine that period
- The existence of any automated decision making, including profiling, a meaningful explanation of the criteria used to make those decisions and the consequences of those automated decisions on the individual
6.3 The right to rectification
Individuals have the right to have inaccurate personal data rectified. An individual may also be able to have incomplete personal data completed. We will comply with any request to rectify incorrect information within one month of receipt. However, this can be extended to 2 months where the request is complex.
We will also inform Bluebox of the corrections required.
6.4 The right to erasure/be forgotten
Individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in the following circumstances:
- The data subject withdraws their consent or objects to the processing and there are no overriding legitimate interest to continue processing
- The personal data is no longer necessary in relation to the purpose for which it was collected/processed
- The personal data was unlawfully processed or must be erased in order to comply with a legal obligation
- The personal data is processed in relation to the offer of information society services to a child.
6.5 The right to restrict processing
Individuals have the right to request the restriction or suppression of their personal data. Bluebox may still store personal data but will not make use of it. Data processing restriction requests will be responded to within one month.
Individuals may request to restrict the processing when processing it is unlawful, when they have contested its accuracy, when they have objected to the processing and we are considering whether we have legitimate ground which overrides this or when we no longer need the data, but the data subject requires it to establish, exercise or defend a legal claim.
6.6 The right to data portability
Bluebox will provide an individual with their personal data in a manner that allows them to easily take that data elsewhere. That data will be in a machine-readable format, ie. spreadsheet or export file (.CSV, .TXT, etc). Data portability requests will be processed within one month. This can be extended to 2 months where the request is complex.
The right to data portability only applies to personal data you have provided to Bluebox, where the processing is based on consent or the performance of a contract and where processing is carried on by automated means.
6.7 The right to object
Individuals have the absolute right to object to the processing of their personal data if it is for direct marketing purposes (including profiling). Bluebox will inform data subjects of their right to object and where the data subject objects to direct marketing we will cease immediately. There are no exemptions or grounds to refuse.
When a data subject objects to processing their personal data in other ways than direct marketing then Bluebox will comply with this request unless we have overriding compelling legitimate grounds to continue processing or that the processing is for the establishment, exercise or defence of legal claims.
6.8 Rights in relation to automated decision making and profiling
If Bluebox makes decisions about individuals based on automated profiling, we will provide a mechanism whereby the individual can obtain human intervention. This means processes that use profiling must also allow for a manual override.
The above right does not apply if the automated decision:
- is necessary for entering into or performance of a contract between Bluebox and the individual;
- is authorised by law (e.g. for the purposes of fraud or tax evasion prevention);
- is based on explicit consent; or
- does not have a legal or similarly significant effect on the data subject.
7. Cookies Policy
7.1 What are Cookies
Cookies are small data files that websites send to or access on your computer, laptop or mobile device. They contain information about your device such as user settings, device information and usage history.
- Store play events on your device to allow a more seamless playback experience.
- Record device visit and session cookies to streamline the user experience
- To record previously watched content events
- To record survey entry events
7.3 Controlling or restricting Cookies
You can control Cookies through your internet browser settings, either by blocking all or some Cookies. There may also be settings which alert you whenever a cookie is placed on your device. You may also be able to reject mobile device identifiers via settings on your mobile device. Although you are not required to accept Bluebox Entertainment Cookies blocking them may detrimentally affect the user experience
8. Retention and disposal of Personal Data
Bluebox will securely store your Personal Data until we can transfer it to our secure payment processing party after which time we will delete it automatically and within a maximum period of 48 hours.
Data security is of upmost importance to Bluebox. We have a rigid set of information security managements systems policies and procedures which are continuously reviewed and improved. These policies and procedures help us to safeguard against theft and other threats to the confidentiality and integrity of your data.
If you have reason to believe that the Bluebox Entertainment System’s security has been compromised, please contact email@example.com
10. Children’s Privacy
11. Cross-border transfers of personal data
Bluebox Aviation Systems Ltd is based and primarily operates out of the United Kingdom and as such we must comply with the EU’s GDPR legislation. Please note that we may transfer your data to Bluebox who may be based in a country which does not have such a comprehensive set of data protection laws. We will pass your personal information to our third party payment processors in connection with goods and services that you have bought through us. When we do this, your personal information will continue to be subject to one or more appropriate safeguards set out in the law.
12. Contact Us
If you have any questions about privacy when using the Bluebox Entertainment system, please contact us by one of the following means:
By email: firstname.lastname@example.org
Attn: Data Protection Team
Bluebox Aviation Systems Ltd