Date of Last Revision: 27 April 2017
1.1 What if data is transmitted internationally?
Visitors may want to know whether their personal information will be transferred out of their country of origin. Please be aware that when registering or requesting a transaction on Jeppesen Sites, Jeppesen reserves the right to transfer the visitor’s personal data to computers in the United States or any other country where Jeppesen or its affiliates, subsidiaries or service providers maintain facilities. The data protection laws in these countries may be different from, and less stringent than the visitor’s country of residence. By using the Sites or by providing any personal or other information to Jeppesen, express consent is given to Jeppesen to conduct such transfers and processing. Jeppesen takes steps to ensure that the data collected under this Policy is processed according to the provisions of this Policy and the requirements of applicable law wherever the data is located.
2. Application of Generally Accepted Privacy Principles (GAPP)
Jeppesen is committed to providing reasonable protection from loss, inappropriate use, or inappropriate disclosure of the Personal Information that is entrusted to the company. In an effort to provide protection that is as consistent as possible for all individuals who provide Personal Information to the company, Jeppesen has established a privacy program that is based on the Generally Accepted Privacy Principles (GAPP) identified by the Assurance Services Executive Committee (ASEC) of the American Institute of Certified Public Accountants (AICPA) and the Assurance Services Development Board (ASDB) of the Canadian Institute of Chartered Accountants (CICA). These ten principles (covering Management, Notice, Choice and Consent, Collection, Use and Retention, Access, Disclosure to Third Parties, Security for Privacy, Quality, Monitoring and Enforcement) were developed to serve as a universal framework of privacy best practices that companies can use to evaluate their programs and develop sound policies and practices.
Accountability for Data Privacy at Jeppesen has been assigned to the Data Privacy Office (DPO). Responsibilities of the DPO include:
- Ensuring that processes have been implemented for the appropriate collection, use, disclosure and retention of personal information in accordance with applicable law and the Generally Accepted Privacy Principles (GAPP).
- Ensuring that privacy plans in compliance with Data Privacy laws and regulations are documented in writing and implemented.
- Provision of guidance, consultation and training regarding privacy issues.
Compliance with privacy plans including:
- Performing monitoring and verifications for compliance with existing privacy plans. Verifications include ongoing monitoring and enforcement of privacy plans.
- Coordination and alignment with Boeing’s Global Privacy Office whenever appropriate
- Follow up on deficiencies or opportunities for improvement. The DPO will maintain verification records and respond to inquiries or complaints.
- Maintenance and assignment of data privacy training materials
- Assurance that reliable methods for dispute resolution and incident response are available and clearly communicated
- Providing support to business owners by assessing products and services to ensure compliance with applicable privacy laws
Jeppesen will notify individuals about the purposes for which they collect, use, disclose and retain information about them. Jeppesen will also provide information about how individuals can contact Jeppesen with any inquiries or complaints, the types of third parties to which it discloses the information and the choices and means Jeppesen offers for limiting its collection, use, disclosure and retention.
2.3 Choice and Consent
Jeppesen will give individuals the opportunity to choose when their Personal Information will be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected or subsequently authorized.
Personal Information is collected for the reasons provided in the Uses Permitted. This defined scope is included in the Product or Service privacy notice. If the scope requires redefinition, the privacy notice will be reissued and Data Collection will be subject to 2.3 Choice and Consent once again.
2.4.1 Special Notice Regarding Children
Jeppesen Sites are not designed for, nor is Personal Information knowingly collected from children under the age of 13. Children under 13 years of age should not provide Personal Information to Jeppesen or Affiliates. Users of the Services available on the Sites must be at least 18 years old and competent to enter into a contract. Children under the age of 18 may only use the Services with involvement of a parent or guardian.
2.4.2 Third Party Sites
2.4.3 Collection from Social Media sites
Personal Information may also be collected in connection with "liking", posting, commenting or otherwise contacting Jeppesen or its Affiliates via web pages or content that Jeppesen administers on third-party sites such as Facebook or YouTube.
Jeppesen advertises online in a variety of ways, including displaying ads across the Internet and on the Sites. Information is collected about which ads are displayed, which ads are clicked on, and on which web page the ad was displayed.
The Sites and some services and advertisements may contain "cookies." A cookie is a piece of data that is stored on an individual’s hard drive and records preferences and other data about a visit to the Sites. Like many websites, Jeppesen.com does not currently respond to “do not track” browser headers. Clear gifs (also known as web beacons) may also be used on the Sites. E-mails sent may include a clear gif that tells whether an e-mail was received or opened, or if a link within the e-mail was clicked. Individuals may opt out of receiving marketing communications. Jeppesen or its Affiliates may also use a third party advertising company to display ads on the Sites.
NOTE: If cookies are blocked, some portions of the Sites may not function properly.
2.4.5 Collection and use of location data
When using Jeppesen sites, actual location information may be collected and processed. Various technologies are used to determine location, including IP address, GPS, and other sensors that may, for example, provide information on nearby devices, Wi-Fi access points and cell towers. Location data is used in accordance with the section ‘Uses Permitted', and disclosed in accordance with the section ‘Use, retention and disposal'.
2.5 Use, retention and disposal
Jeppesen will use an individual’s Personal Information only for Uses Permitted stated herein or in the Product or Service privacy notice and will only be provided to parties with a need to know. Reasonable attempts to use anonymized data will be made prior to disclosure.
When an account is terminated, Jeppesen will only be entitled to retain Personal Information pursuant to applicable information retention policies. Personal Information will be deleted at the conclusion of the applicable retention policy retention period.
Individuals may request access to Personal Information about them that Jeppesen holds and be able to correct, amend, or delete that information where it is inaccurate, except where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy in the case in question, or where the rights of persons other than the individual would be violated. If an individual would like to have access to Personal Information Jeppesen holds about them, please e-mail firstname.lastname@example.org, or write to Jeppesen, Data Privacy Office, 55 Inverness Drive East, Englewood, CO 80112, USA.
Customer California Privacy Rights - Under California law, Individuals who are California residents are entitled to annually request and obtain information about the Personal Information shared, if any, with other businesses for their own direct marketing. If applicable, the information would include the categories of Personal Information and the names and addresses of those businesses with which Personal Information was shared for the prior calendar year. To make such a request, please send an email to email@example.com. Written requests may be sent to Jeppesen, Attention: Data Privacy Office, 55 Inverness Drive East, Englewood, CO 80112-5498. Please note that not all information sharing is covered under the California law, and only information on covered sharing will be included in any response.
2.7 Disclosure to Third Parties
Prior to any transfer of Personal Information to third parties, Jeppesen will ensure that each third party has entered into a written agreement with Jeppesen that includes adequate protection of Personal Information that may be transferred to the third party by Jeppesen.
2.8 Security for Privacy
Jeppesen will make reasonable efforts to ensure that Jeppesen, its Affiliates and Third Party Service Providers will implement reasonable and appropriate technical and organizational security measures to protect entrusted Personal Information from unauthorized or unlawful loss, unauthorized access, disclosure, alteration, and destruction.
2.9 Quality and Data integrity
Jeppesen will take reasonable steps to ensure that data is accurate, complete, and current for its intended use.
2.10 Monitoring and Enforcement
Jeppesen conducts periodic assessments to ensure compliance with its Data Privacy policies. Relevant discrepancies will be corrected in a timely manner.
Jeppesen also provides (a) various methods for which each individual's complaints and disputes can be investigated and resolved, (b) assessments to ensure compliance with policies; and (c) commits to remedy problems arising out of a failure to comply with the principles.
With regard to complaints concerning verification, correction or deletion of any Personal Information collected, or to communicate any questions or concerns regarding this Policy or Jeppesen's treatment of Personal Information, please e-mail firstname.lastname@example.org, or by writing to Jeppesen, Data Privacy Office, 55 Inverness Drive East, Englewood, CO 80112, USA.
Certain information may also be corrected by using the "Account" and "Profile" section of the Sites. Please note that in certain circumstances, Personal Information may not be able to be removed or changed.
Upon receipt of formal written complaints, it is Jeppesen's policy to contact the complainant regarding any concerns. If unable to reach a resolution, various other methods may be used to investigate and resolve the dispute.
3. Employee Training
Jeppesen will train targeted Employees who have access to Personal Information in the care, handling and protection of Personal Information.
4.1 Data Privacy Office (DPO): Refer to Section 2.1, Management for DPO responsibilities
4.2 Information Security (IS): IS will implement sufficient and reasonable technical, administrative and logical security controls to ensure the safety and protection of Personal Information. In addition, IS will develop and maintain an effective information security breach notification process.
4.3 Jeppesen Human Resources Organizations: Human Resources will provide and maintain business processes which implement the Notice, Choice and Access principles for Employee Personal Information.
4.4 Jeppesen organizations administering contracts or agreements: Procurement organizations (such as Supplier Management and contracts organizations) will maintain business processes and contractual terms and conditions that help ensure data is transferred in accordance with provisions of this Policy and the requirements of applicable law.
4.5 All Jeppesen organizations using Personal Information: Organizations will maintain business processes that implement the Data Integrity principle.
5. Security Incidents
If Jeppesen or its Affiliates are made aware of any Security incidents, Jeppesen will review and investigate in accordance with company policies and procedures, as well as any applicable statutes and regulations. Once a Security Incident has been determined to have taken place, Jeppesen will conduct an investigation to determine root cause and implement reasonable solutions to ensure the safety and security of Personal Information in its custody. Affected individuals will be notified as reasonably practical after a Security Incident has been determined to have taken place unless Jeppesen or its Affiliate is subject to a legal or regulatory constraint.
Affiliate: A company not specifically part of Jeppesen but operationally reports into Jeppesen
Customer: A person or organization who receives products or services from Jeppesen
Disclosing Party: A party that discloses Personal Information to the other party
Disclosing Party Personal Data: Personal Information disclosed to Jeppesen
Employee: Someone who is employed by Jeppesen either as an Employee or a contract Employee
Personal Information: Information that specifically identifies an individual (such as an individual's name, address, e-mail address, telephone number or other identifier that permits the physical or online contacting of a specific individual) or that is associated with an identifiable person (such as demographic information or information about a person's activities when such information is linked to personally identifying information).
Processing: Any operation or set of operations performed upon Personal Information, whether automated or manually, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, erasure or destruction.
Security Incident: An incident where the confidentiality of Personal Information within Jeppesen's custody has been materially compromised posing a reasonable possibility of harm.
Third Party Service Provider or Vendor: A third party reasonably selected by Jeppesen to provide services. Examples of Third Party Service Providers include technology service providers, business process outsourcing service providers and call center service providers.
Uses Permitted: Jeppesen's use of Personal Information includes:
- Undertaking activities related to Accounts for Products and Services with agreed to terms
- Managing an individual's relationship with Jeppesen
- Use within specific Jeppesen products and/or services
- Improving Jeppesen products, sites and services (by itself or in combination with data from other Jeppesen offerings or third parties)
- Risk assessment, information security management, statistical, trend analysis and planning purposes
- Monitoring and recording calls and electronic communications for quality, training, investigation and fraud prevention purposes
- Detection, prevention, investigation and prosecution of Employee crime
- Undertaking normal and reasonable business activities
- Administration and management of Employees (i.e. benefits, use of company assets, salary planning, etc.)
- Sharing Personal Information with The Boeing Company for workforce analysis, surveys and improvement purposes
Vendors: Third party entities hired by Jeppesen to perform fee-based services or provide goods for fee.
7. Dispute Resolution
Verification, correction or deletion of any Personal Information collected, or to communicate any questions or concerns regarding this Policy or Jeppesen's and its Affiliates’ treatment of Personal Information, please e-mail email@example.com, or by writing to Jeppesen, Data Privacy Office, 55 Inverness Drive East, Englewood, CO 80112, USA. Certain information may also be corrected by using the "Account" and "Profile" section of the Sites. Please note that in certain circumstances, Personal Information may not be able to be removed or changed. Upon receipt of formal written complaints, it is Jeppesen's policy to contact the complainant regarding any concerns.
8. Right to Revise/ Amend
9. Privacy Shield
Jeppesen is responsible for the processing of personal data it receives, under the Privacy Shield Frameworks, and subsequently transfers to a third party acting as an agent on its behalf. Jeppesen complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Jeppesen is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Jeppesen may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact JAMS, our U.S.-based third party dispute resolution provider, free of charge here.
Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.