Privacy Policy

NAVBLUE GDPR PRIVACY NOTICE FOR ONLINE SHOP

  1. Privacy Statement

NAVBLUE (hereinafter “NAVBLUE“ or “we“ or “us“) appreciates your interest in our products and services and your use of our website store.navblue.aero (“Website”). Your privacy is important to us and we want you to feel comfortable using our Website. The protection of your privacy and Personal Data is an important concern to which we pay special attention throughout our business processes. Personal data collected during use of our Website is processed by us according to the legal regulations valid for the countries in which the Website is maintained.

However, the Website will include links to other websites or applications which are not necessarily covered by this Privacy Notice. In such event, we encourage you to carefully read the privacy policies of such websites.

NAVBLUE is committed to protecting the rights of individuals in line with General Data Protection Regulation (reference EU2016/679) of the European Parliament (“GDPR”) as well as each applicable national personal data protection laws and regulations (collectively referred as “Data Protection Laws and Regulations”).

In addition, Airbus Binding Corporates Rules to which NAVBLUE as a fully owned subsidiary completely adheres, protect customer and partner data throughout the entire organisation.

  1. Privacy Notice index

This Privacy Notice will inform you of the Personal Data we collect when you access and/or use the Website, how we use and disclose your Personal Data, how you can control the use and disclosure of your Personal Data and how we protect your Personal Data.

2.1. What is Personal Data?

Personal data is information that can be used to identify a person either directly or indirectly (“Personal Data”).

2.2. Which sources and what Personal Data we use?

When you use our Website, NAVBLUE will collect, use and process any Personal Data you provide to us and any information generated as a result of using the Website.

We collect the following Personal Data:

  • Identification data (e.g. your name, first name, billing and shipping address and your email address, your phone number)
  • IT Data (web browser, IP address, time zone, cookies, user activity, browsing history)
  • Economic & Financial data (e.g. your bank account number, payment information, your BIC, your card number, your IBAN)
  • Account information (role and permissions, settings and preferences, username, password…)
  • Individual web pages or products that you view, what websites or search terms referred you to the Website, and information about how you interact with the Website.

We collect your Personal Data using the following technologies: 
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, see below and/or visit http://www.allaboutcookies.org. 
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps. 
- “Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Website. 

2.3. What are the purposes of the processing of your Personal Data?

By using the Website, NAVBLUE will collect and process Personal Data in accordance with this Privacy Notice and with the applicable Data Protection Laws and Regulations. Your Personal Data may be used for the following purposes:

  • Website Browsers/AdministrationWe use your Personal Data for administrative purposes, including to help us better understand how our customers access and use our Website and applications; to implement and maintain security, anti-piracy, fraud prevention, and other services designed to protect our customers, partners and us; and to enforce our policies, directives and processes.
  • Marketing:To the extent permitted by law or with your consent, we may use your Personal Data for marketing and promotional purposes, including communications through email or equivalent electronic means. For example, we use your Personal Data, such as your email address to send news and newsletters, special offers, promotions and competitions, or to otherwise contact you about the products and services or information we think will interest you.
  • Communication:We use your Personal Data to communicate with you, including responding to requests for assistance. We can communicate with you in a variety of ways, including email and via your social media accounts if you have agreed, and/or text message.
  • Customer service: We use your Personal Data for customer service purposes, including to provide services to you, for technical support or other similar purposes, to establish and maintain customer accounts, to fulfil any orders placed through the Website (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmation).
  • Research and development: We use your Personal Data for research and development purposes, including to improve our websites, applications, services, and customer experience and for other research and analytical purposes dedicated to improve our products, services, businesses, operations and processes. More generally to improve and optimize our Website (for example, by generating analytics about how our customers browse and interact with the Website, and to assess the success of our marketing and advertising campaigns). 
    Legal compliance:We use your Personal Data to comply with applicable legal obligations, including to respond to an authority or court order or discovery request.
  • To protect us and others:Where we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of policies, terms, and other policies.

2.4. What is the basis for processing of your Personal Data?

As a responsible company, we need a lawful basis for collecting and/or processing your Personal Data. We generally rely on a number of grounds (reasons) for our business processing.

We process your Personal Data in accordance with the provisions set out in the GDPR and the relevant applicable Data Protection Laws and Regulations. The purposes for processing your Personal Data are:

  • To comply with contractual obligations:When you subscribe or purchase a particular product or service through the Websites, the purposes of processing your Personal Data are primarily determined by such product or service and we will process your Personal Data so that we can provide that product or service to you.
  • As a result of your consent: When you have consented to the processing of your Personal Data by us for certain services through the Website, you can withdraw consent at any time by following the instructions provided in the application process or by contacting us at dataprotection@navblue.aero. For further information on the right of withdrawal, please see below Section “Am I obliged to provide my Personal Data?”
  • Within the scope of a legitimate interest: On occasion, we may not need your permission to use your Personal Data, given our legitimate interest to do so but we must inform you that we do this. Examples of this are:
    • For the analysis and optimisation of the Website;
    • For ensuring IT security and the IT operation of NAVBLUE;
    • For prevention and investigation of criminal acts.
  • On the basis of NAVBLUE legal obligations or in the public interest:NAVBLUE, as any other company, is subject to legal obligations and regulations. In some cases, the processing of your Personal Data will be necessary for NAVBLUE in other to fulfil these obligations.

2.5. Who will receive your Personal Data?

Your Personal Data may be received by:

  • Authorised persons working for or on behalf of NAVBLUE andAirbus;
  • NAVBLUEand its affiliates, on a need-to-know basis for the purposes as outlined in this Privacy Notice;
  • Our agents, service providers and advisers (e.g., Third party service providers and advisers providing a variety of products and services we need such as IT maintenance and support, Personal Data storage analytics, procurement services and subcontractors of NAVBLUE, compliance and security services, etc.);
  • Other authorised third parties in connection with a reorganisation or sale of NAVBLUEbusinesses and/or assets;
  • Law enforcement or government authorities where necessary to comply with applicable law.
  • Shopify to power our online store--you can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.

2.6. Will your Personal Data be transferred to a third country outside the European Economic Area (EEA)?

NAVBLUE processes your personal data mostly in the EEA. On occasion, Personal Data is transferred to NAVBLUE or its affiliates, on a need-to-know basis, including entities outside the EEA. This transfer is subject to appropriate safeguards, and through the legal framework of our Binding Corporate Rules or through alternative contractual frameworks where a third party is engaged to help us provide web-services to you.

2.7. Which countries will NAVBLUE transfer Personal Data to?

Our Binding Corporate Rules allow us to transfer Personal Data within our international organisation, and they include a list of countries (below) which are structured to allow us to transfer personal information to the countries where we or our affiliates have a presence. For NAVBLUE, Canada, US, France and United Kingdom are where most of our processing of Personal Data takes place and below is a list of countries where Airbus, to which we may transfer your Personal Data according to this Privacy Policy, operates:

Algeria, Australia, Belgium, Brazil, Canada, Chile, China, Czech republic, Denmark, Egypt, Finland, France, French Guyana, Germany, Greece, Hong Kong, Hungary, India, Indonesia, Ireland, Italy, Japan, Kazakhstan, Libya, Malaysia, Mexico, Morocco, Netherlands, New Zealand, Norway, Oman, Philippines, Poland, Qatar, Romania, Russia, Saudi Arabia, Singapore, Slovakia, South Africa, South Korea, Spain, Sweden, Taiwan, Tanzania, Thailand, Tunisia, Turkey, United Kingdom, United States of America, Uruguay, United Arab Emirates, Vietnam.

2.8. For how long will your Personal Data be stored?

We process and store your Personal Data for as long as is required to meet our contractual and statutory obligations. If your Personal Data is no longer required for the performance of the contractual or statutory obligations, these will be erased on a regular basis unless further processing is necessary, for instance for preserving a particular evidence under the applicable. Data Protection Laws and Regulations, or in the context of legal liabilities limitation.  

In particular, we will maintain your information about the order made on our Website for our records unless and until you ask us to delete this information. 

2.9. Security

We use technical and organisational security measures in order to protect the Personal Data we have under our control against accidental or intentional manipulation, loss, destruction and against access by unauthorised persons. Our security procedures are continually enhanced as new technology becomes available.

2.10. What are your rights and how to exercise them?

You may at any time exercise your data protection rights:

  • Right to access/ obtain a report detailing the information held about you: You have the right to obtain NAVBLUE’sconfirmation as to whether or not your Personal Data is being processed by NAVBLUE and if so, what specific data is being processed.
  • Right to correct Personal Data: You have the right to change any inaccurate Personal Data concerning you.
  • Right to be forgotten: In some cases, for instance, when the Personal Data is no longer necessary in relation to the purposes for which they were collected, you have the right for your Personal Data to be erased.
  • Right to stop the processing of your data: You have the right to restrict the processing of your Personal Data by NAVBLUE, for instance when the processing is unlawful, and you oppose the erasure of your Personal Data. In such cases, your Personal Data will only be processed with your consent or for the exercise or defense of legal claims.
  • Right to data portability: Under some circumstances provided by law, you have the right to receive the Personal Data concerning you in a structured, commonly used and machine-readable format and/or transmit those Personal Data to another controller.
  • Right to object and to withdraw consent: please see below section “Am I obliged to provide by Personal Data?”

To this effect, please contact NAVBLUE in writing either by e-mail at the following address: dataprotection@navblue.aero or you can write to the addresses below: NAVBLUE SAS, 1 rond-point Maurice Bellonte, 31700 Blagnac cedex, France.

2.11. Am I obliged to provide my Personal Data?

You may at any time object to the processing of your Personal Data or where your consent is required, withdraw such consent by contacting us at dataprotection@navblue.aero. However, please note that if you withdraw your consent, you may not be able to access and use certain information, features or services of the Website.

2.12. To what extent will decision-making be automated?

As a matter of principle, we do not use fully automated decision-making processes. In the event that we should use such processes in individual cases we will inform you of this and of your rights in this respect separately if prescribed by law.

2.13. Will profiling take place?

As a matter of principle, your Personal Data will not be processed automatically with the objective of evaluating certain personal aspects (profiling). In the event that we should process your Personal Data with the objective of conducting profiling we will inform you of this and of your rights in this respect separately if prescribed by law.

2.14. How can I contact the responsible for processing my Personal Data?

If you are unhappy with the way in which your Personal Data has been processed or should you have questions regarding the processing of your Personal Data, you may refer in the first instance to our Group Data Protection Officer, who is available for enquiries, suggestions or complaints, at the following email: address dataprotection@airbus.com or you can write to the addresses below : Airbus SA, Head of Data Protection, HAP, 1 rond-point Maurice Bellonte 31700 Blagnac cedex, France.

2.15. Can I ask for assistance to the competent authorities?

If you remain unsatisfied, then you have the right to apply directly to a Data Protection Supervisory Authority. Listed below are the main European countries where NAVBLUE operates and the relevant Supervisory Authority:

FRANCE : CNIL
UK : 
ICO

2.16. Minors 

The Site is not intended for individuals under the age of 18 years

2.17. DoNoTrack 

We respect DoNotTrack browser settings through our Matomo analytics platform and will not capture data through our analytics platform when this setting is detected. 

2.18. Behaviour advertisement

As described above, we may contact you to provide you with marketing communications we believe may be of interest to you. We do not conduct any behavioural advertising and any marketing communication that you receive will include opt-out links to unsubscribe from any such future communications. 

  1. What are cookies?

Cookies are small files that may be downloaded on your device when you access and use our Website. They allow the Website to recognise your device and store information about your preferences or past actions. We use cookies to record the preferences of our users, to enable us to optimise the design of our Websites. They ease navigation and increase the user-friendliness of websites and applications. Cookies also help us to identify the most popular sections of our Websites. This enables us to provide content that is more accurately suited to your needs, and, in doing so, improve our service. Cookies can be used to determine whether there has been any contact between us and your device in the past.

Personal details can be saved in cookies, provided that you have consented, for example, in order to facilitate secure online access so that you not need to enter your user ID and password again.

Please find below a table with specific information for each cookie that we may use on our Website:

Cookies necessary for the functioning of the store:

Name

Function

_ab

Used in connection with access to admin.

_orig_referrer

Used in connection with shopping cart.

_secure_session_id

Used in connection with navigation through a storefront.

Cart

Used in connection with shopping cart.

cart_sig

Used in connection with checkout.

cart_ts

Used in connection with checkout.

checkout_token

Used in connection with checkout.

Secret

Used in connection with checkout.

Secure_customer_sig

Used in connection with customer login.

storefront_digest

Used in connection with customer login.

 

Cookies for reporting and analytics:

Name

Function

_landing_page

Track landing pages.

_orig_referrer

Track landing pages.

_s

Shopify analytics.

_shopify_fs

Shopify analytics.

_shopify_s

Shopify analytics.

_shopify_sa_p

Shopify analytics relating to marketing & referrals.

_shopify_sa_t

Shopify analytics relating to marketing & referrals.

_shopify_uniq

Shopify analytics.

_shopify_visit

Shopify analytics.

_shopify_y

Shopify analytics.

_y

Shopify analytics.

tracked_start_checkout

Shopify analytics relating to checkout.

_pk_id

Used to store details about the visitor such as the unique visitor ID

_pk_ref

Used to store the attribution (where the visit originated) information, the referrer initially used to visit the website

_pk_ses, _pk_cva, _pk_hsr

Short lived cookies (30 mins) used to temporarily store data for the visit

_pk_testcookie

Created and will then be immediately deleted.  Used for browser compatibility check

mtm_consent

Create with no expiry to remember that consent was given by the user for tracking

 

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

If you continue browsing the Websites, we understand that you accept the use of cookies. You can revoke this consent at any time. You can also manage and control the cookies we use on our Websites through the use of cookies tools.

If you choose not to accept cookies, you can still visit our Websites. Most browsers automatically accept cookies. You can prevent cookies from being stored on your hard drive by setting your browser to not accept cookies. The exact instructions for this can be found in the manual for your browser. You can delete cookies already on your hard drive at any time. However, if you choose not to accept cookies it may result in a reduced availability of the services provided by our Websites.

For the purpose of statistical analysis NAVBLUE uses Matomo Analytics. You may block the collection and analysis of statistical data regarding your access to and use of our Website by adjusting the DoNotTrack in your browser.  You can find instructions on how to do this for the most common browsers and devices by clicking here.

  1. Modification of the Privacy Notice

NAVBLUE will update this Privacy Notice from time to time in order to reflect the changes in our practices and services and also to remain compliant to Data Protection Laws and Regulations. We will inform you of any substantial modification in how we process your Personal Data.

Date of Last Revision: 2020 02 25