NetJets Inc. California Privacy Notice
Effective Date: January 1, 2020
This California Privacy Notice (“Notice”) applies to “Consumers” as defined by the California Consumer Privacy Act (“CCPA”) as a supplement to other privacy policies or notices published by NetJets Inc. and its subsidiaries and affiliates (“NetJets” “us” “we” “our”). In the event of a conflict between any other NetJets policy, statement, or notice of general applicability posted or referenced on our websites, apps, products, or services, including, without limitation.
This Notice covers the collection, use, disclosure, and sale of California Consumers’ “Personal Information” (“PI”) as defined by the CCPA, except to the extent such PI is exempt from the notice obligations of the CCPA. This Notice also covers rights California Consumers have under the CCPA.
Consistent with the CCPA, job applicants, current and former employees, and independent contractors (“Personnel”), and subjects of certain business-to-business communications acting solely in their capacity as representatives of another business, are not considered “Consumers” for purposes of this California Privacy Notice or the rights described herein. While we have included our data practices regarding Personnel in our disclosures in Section 1 (PI We Collect) and Section 2 (Sharing of PI), Personnel will not have the rights described in Section 3 (California Privacy Rights). Publicly available information is also not treated as PI under the CCPA, so this Notice is not intended to apply to that data, and your Consumer privacy rights do not apply to that data.
To aid in readability, in some places we have abbreviated or summarized CCPA terms or language, but a full copy of the CCPA is available here for your review, and in some places in this Notice we cite and/or link to specific CCPA sections for your reference. Terms defined in the CCPA that are used in this Notice shall have the same meaning as in the CCPA.
1. PI WE COLLECT
Sources of PI | Business or Commercial Purposes for PI Collection | |
---|---|---|
1. Identifiers (as defined in CCPA §1798.140(o)(1)(A)) This may include but is not limited to, a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. |
|
|
2. Personal Records (as defined in CCPA §1798.140(o)(1)(B)) This may include information such as: physical characteristics or description, signature, telephone number, education, employment, employment history, insurance policy number, bank account number, credit card number, debit card number, or any other financial information medical information, or health insurance information. |
|
|
3. Personal Characteristics or Traits (as defined in CCPA §1798.140(o)(1)(C)) This may include, but is not limited to, sex, marital status, religion, veteran status, familial status, race, disability, gender identity, and creed. |
|
|
4. Customer Account Details/Commercial Information (as defined in CCPA §1798.140(o)(1)(D)) This may include, but is not limited to, records of personal property; products or services purchased, obtained, or considered; or other purchasing or consuming histories or tendencies. |
|
|
5. Internet Usage Information (as defined in CCPA §1798.140(o)(1)(F)) This may include, but is not limited to, browsing history, search history, and information regarding your interaction with an internet website, application, or advertisement. |
|
|
6. Geolocation Data (as defined in CCPA §1798.140(o)(1)(G)) This may include, but is not limited to, precise physical location or movements and travel patterns. |
|
|
7. Professional or Employment Information (as defined in CCPA §1798.140(o)(1)(I)) This may include, but is not limited to, professional, educational, or employment-related information. |
|
|
8. Non-public Education Records (as defined in CCPA §1798.140(o)(1)(J)) This may include, but is not limited to, education records directly related to a student and maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. |
|
|
A. Sources of PI
We may collect your PI directly from you or from NetJets-generated data related to services provided to you, vendors, data resellers, affiliates, as well as public sources of data such as government databases. For more specifics tied to each category of PI, see the chart above.
B. Use of PI
Generally, we collect, retain, use, and disclose your PI to provide you services and as otherwise related to the operation of our business. For more specific detail on our collection of PI, and the purposes therefore, see the chart above at PI WE COLLECT. For more detail on our disclosures of PI, see the next section SHARING OF PI.
As detailed in the chart above, we may collect, use, and disclose the PI we collect for one or more of the following business purposes:
- Performing services (§1798.140(d)(5));
- Security (§1798.140(d)(2));
- Auditing interactions with consumers (§1798.140(d)(1));
- Short-term or Transient Use (§1798.140(d)(4));
- Undertaking Internal Research (§1798.140(d)(6));
- Quality Assurance (§1798.140(d)(7));
- Debugging (§1798.140(d)(3)).
Our vendors may themselves engage service providers or subcontractors to enable our vendors to perform services for us, which sub-processing is, for purposes of certainty, an additional business purpose for which we are providing you notice.
We may collect, use, and disclose your PI for commercial purposes, such as for interest-based advertising.
In addition, we may collect, use, and disclose your PI as required or permitted by applicable law.
For more specifics tied to each category of PI, see the chart above.
2. Sharing of PI
A. Disclosures:
We may share your PI (as described above in PI WE COLLECT in B. Use of PI) with our service providers and other qualified vendors for a business purpose, including as follows:
Business Purposes for Disclosures | Categories of Recipients of Business Purpose Disclosure | |
---|---|---|
1. Identifiers (as defined in CCPA §1798.140(o)(1)(A)) |
|
|
2. Personal Records (as defined in CCPA §1798.140(o)(1)(B)) |
|
|
3. Personal Characteristics or Traits (as defined in CCPA §1798.140(o)(1)(C)) |
|
|
4. Customer Account Details/Commercial Information (as defined in CCPA §1798.140(o)(1)(D)) |
|
|
5. Internet Usage Information (as defined in CCPA §1798.140(o)(1)(F)) |
|
|
6. Geolocation Data (as defined in CCPA §1798.140(o)(1)(G)) |
|
|
7. Professional or Employment Information (as defined in CCPA §1798.140(o)(1)(I)) |
|
|
8. Non-public Education Records (as defined in CCPA §1798.140(o)(1)(J)) |
|
|
B. Sale:
If you direct us to share PI we may, and that is not a sale. Also, disclosures amongst the entities that constitute NetJets as defined above are not a sale.
We, however, may sell your PI (as the term “sell” is defined by the CCPA). Although there is not yet a consensus, we treat the collection of PI via third party cookies and tracking technologies, other than by our service providers that limit their use of the PI, as a sale. The PI sold may include the following:
Purposes for Selling | Categories of Recipients of PI Sold | |
---|---|---|
1. Identifiers (as defined in CCPA §1798.140(o)(1)(A)) |
|
|
2. Customer Account Details/Commercial Information (as defined in CCPA §1798.140(o)(1)(D)) |
|
|
3. Internet Usage Information (as defined in CCPA §1798.140(o)(1)(F)) |
|
|
3. CALIFORNIA PRIVACY RIGHTS
We provide California Consumers the privacy rights described in this section. You have the right to exercise these rights via an authorized agent who meets the agency requirements of the CCPA and related regulations. As permitted by the CCPA, any request you submit to us is subject to an identification and residency verification process (“Verifiable Consumer Request”). We will not fulfill your CCPA request unless you have provided sufficient information for us to reasonably verify you are the Consumer about whom we collected PI. Please follow the instructions below and respond to any follow-up inquires we may make.
Some PI we maintain about Consumers is not sufficiently associated with enough PI about the Consumer for us to be able to verify that it is a particular Consumer’s PI when a Consumer request that requires verification pursuant to the CCPA’s verification standards is made (e.g., clickstream data tied only to a pseudonymous browser ID). As required by the CCPA we do not include that PI in response to those requests. If we cannot comply with a request, we will explain the reasons in our response. You are not required to create an account with us to make a Verifiable Consumer Request. We will use PI provided in a Verifiable Consumer Request only to verify your identity or authority to make the request and to track and document request responses, unless you also gave it to us for another purpose.
We will make commercially reasonable efforts to identify Consumer PI that we collect, process, store, disclose, and otherwise use and to respond to your California Consumer privacy rights requests. We reserve the right to direct you to where you may access and copy responsive PI yourself. We will typically not charge a fee to fully respond to your requests; however, we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded, or overly burdensome. If we determine that the request warrants a fee, or that we may refuse it, we will give you notice explaining why we made that decision. You will be provided a cost estimate and the opportunity to accept such fees before we will charge you for responding to your request.
Consistent with the CCPA and our interest in the security of your PI, we will not deliver to you your Social Security number, driver’s license number, or other government-issued ID number, financial account number, any health or medical identification number, an account password, or security questions or answers in response to a CCPA request.
Your California Consumer privacy rights are as follows:
A. The Right to Know:
i. Information Rights:
You have the right to send us a request, no more than twice in a 12-month period, for any of the following for the period that is 12 months prior to the request date:
- The categories of PI we have collected about you
- The categories of sources from which we collected your PI
- The business or commercial purposes for our collecting or selling your PI
- The categories of third parties to whom we have shared your PI
- The specific pieces of PI we have collected about you
- A list of the categories of PI disclosed for a business purpose in the prior 12 months, or that no disclosure occurred
- A list of the categories of PI sold about you in the prior 12 months, or that no sale occurred. If we sold your PI, we will explain the following:
- The categories of your PI we have sold
- The categories of third parties to which we sold PI, by categories of PI sold for each third party
- Your first and last name and, if you are acting as an agent for another individual, the first and last name of the individual who is the subject of the request and your relationship to that individual
- Contact information for follow-up, including a phone number or email address
- Explanation of your connection to NetJets (Owner, employee, vendor, etc.)
- Your residential address
- Explanation of your request related to your personal information
Please note that PI is retained by us for various time periods, so we may not be able to fully respond to what might be relevant going back 12 months prior to the request.
ii. Obtaining Copies of PI:
You have the right to make or obtain a transportable copy, no more than twice in a 12-month period, of your PI that we have collected in the period that is 12 months prior to the request date and are maintaining. To make a request, send an email to NJUS-DataProtectionOfficer@netjets.com or call us at 1-855-689-2391. Your email or voicemail should include the following information:
- Your first and last name and, if you are acting as an agent for another individual, the first and last name of the individual who is the subject of the request and your relationship to that individual
- Contact information for follow up, including a phone number or email address
- Explanation of your connection to NetJets (Owner, employee, vendor, etc.)
- Your residential address
- Explanation of your request related to your personal information
B. Do Not Sell:
NetJets' sale of personal information, as that term is defined by CCPA, is limited to certain cookie and/or pixel information that is hosted on our website and shared with IT and social media companies related to internet-based advertising and other internet services used by NetJets. You have the right to direct us to not sell your PI by clicking on the "Do Not Sell My Personal Information" link on the bottom of our homepage. If you click on the “Do Not Sell My Personal Information” link, we will add a cookie to your browser to identify your selection. For browsers with the “Do Not Sell My Personal Information” cookie enable, we will disable all third-party cookies with tracking technologies other than by our service providers that limit their use of the PI to not include a sale. Because we manage our “Do Not Sell My Personal Information” tracking through cookies, your selection is based on the browser you are using to make the selection and will not apply to every browser/device that you may use. Also, if you clear your browser cookies, we may no longer retain your selection. In the future we may add signals to tell third parties to restrict cookie data processing to service provider purposes. However, we are not responsible for how any such third party looks for or responds to these signals.
We do not knowingly sell the PI of Consumers we know are younger than 16 years of age. If you think we may have unknowingly collected PI for sale of yourself or of your child under the age of 13 years, or if you are at least 13 years old but under 16 years old, exercising the opt-out will stop our selling of the PI.
We may disclose your PI for the following purposes, which are not a sale: (i) if you direct us to share PI; (ii) to comply with your requests under the CCPA; (iii) disclosures amongst the entities that constitute NetJets as defined above, or as part of a merger or asset sale; and (iv) as otherwise required or permitted by applicable law.
C. Delete:
Except to the extent we have a basis for retention under CCPA, you may request that we delete your PI that we have collected directly from you and are maintaining. Our retention rights include, without limitation, to complete transactions and service you have requested or that are reasonably anticipated, for security purposes, for legitimate internal business purposes, including maintaining business records, to comply with law, to exercise or defend legal claims, and to cooperate with law enforcement. Note also that we are not required to delete your PI that we did not collect directly from you. To make a request, send an email to NJUS-DataProtectionOfficer@netjets.com or call us at 1-855-689-2391. Your email or voicemail should include the following information:
- Your first and last name and, if you are acting as an agent for another individual, the first and last name of the individual who is the subject of the request and your relationship to that individual
- Contact information for follow up, including a phone number or email address
- Explanation of your connection to NetJets (Owner, employee, vendor, etc.)
- Your residential address
- Explanation of your request related to your personal information
D. Non-Discrimination and Financial Incentive Programs:
We will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights.
E. Authorized Agents:
An authorized agent may make a request on your behalf by submitting the information requested in the sections above, subject to our verification of you and your agent.
F. Limitation on Rights:
Notwithstanding anything to the contrary, we may collect, use, and disclose your PI as required or permitted by applicable law and this may override your CCPA rights. In addition, we need not honor any of your requests to the extent that doing so would infringe upon our or any other person or party’s rights or conflict with applicable law.
4. ADDITIONAL CALIFORNIA NOTICES
A. Third-Party Marketing and Your California Privacy Rights:
California's "Shine the Light" law permits California residents to request certain information regarding our disclosure of PI to third parties for their own direct marketing purposes.
We do not share personal information as defined by California Civil Code § 1798.83 (“Shine the Light” law) with third parties for their direct marketing purposes without your express consent. If you are a California resident, you may request information about our compliance with the “Shine the Light” law by contacting us here or by sending a letter to 4111 Bridgeway Avenue, Columbus, OH 43219, (Attention: Legal Department). Any such request must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each year.
B. Online Privacy Practices:
For more information about our online practices and your California rights specific to our online services, see our online Privacy Policy. Without limitation, Californians who visit our online services and seek or acquire goods, services, money, or credit for personal, family, or household purposes are entitled to the following notices of their rights:
C. Tracking and Targeting:
When you visit our online services, we and third parties may use tracking technologies to collect usage information based on your device for a variety of purposes, including serving you advertising, based on your having visited our services or your activities across time and third-party locations. Some browsers may enable you to turn on or off a so-called “Do Not Track” signal. Because there is no industry consensus on what these signals should mean and how they should operate, we do not look for or respond to “Do Not Track” signals. For more information on tracking and targeting and your choices regarding these practices, see our online Privacy Policy.
5. Contact Us
Call today for a personal consultation with one of our private aviation experts.