NINOX DRONE - Privacy Policy

LAST UPDATED 15th JULY 2020

1.   Background

Avinor ANS is the Norwegian Provider of aerodrome control and approach control services at airports, air traffic services in Norwegian airspace and maintenance and operation of the technical infrastructure for air navigation.

NINOXDRONE (“Services”) are provided and operated by Avinor ANS using technology and services provided by Our Partners Altitude Angel and Frequentis.

In order to provide the functionality described, in the course of normal use, we collect certain data and information from and about You, and Your use of the Services.

At all times, Avinor ANS remains the Data Controller for all information you provide to Us and We will use our Partners to process it in order to deliver the functionality offered by the Services.

We understand that Your privacy is important to You and this policy sets out what information We collect, how We will use it and with whom We will share it. We respect and value the privacy of everyone who use Our Services  and will only use personal data in ways that are described here, and in a manner that is consistent with Our obligations and Your rights under the law.

Please read this Privacy Policy carefully and ensure that You understand it. Your acceptance of Our Privacy Policy is deemed to occur upon Your first use Our ServicesIf You do not accept and agree with this Privacy Policy, You must stop using Our Services immediately.

If We ever need to introduce a change to this Policy, We will write to You (if we hold Your email address) or place a notification in Our Services to make You aware of the change and how it affects You. You will have the ability to withdraw Your consent to any future changes should You wish to do so.

2.   Definitions and Interpretation

In this Policy, the following terms shall have the following meanings: 

“Account”

means an account required to access and/or use certain areas and features of Our Services;

“Cookie”

means a small text file placed on your computer or device by Our Services when you visit certain parts of Our Services and/or when you use certain features of Our Services. Details of the Cookies used by Our Services are set out in section 14, below;

“Cookie Law”

means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003;

“Personal Data”

means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to Us via Our Services. This definition shall, where applicable, incorporate the definitions provided in the EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”); and

“We/Us/Our”

means Avinor Air Navigation Services (ANS) also known by Avinor ANS, registered in Norway under company number 913 074 270 and whose registered office is at Dronning Eufemias Gate 6, Oslo in Norway, and/or Our employees, shareholders, affiliates and partners as required by the context.

Frequentis

means Frequentis AG registered in Austria under company number FN 72 115b and whose registered office is at FREQUENTIS AG, Innovationsstraße 1, A-1100 Vienna, and/or their employees, shareholders, affiliates and partners as required by the context.

Altitude Angel

means Altitude Angel Limited, registered in England & Wales under company number 9350032 and whose registered office is at 2 Blagrave Street, Reading, Berkshire, RG1 1AZ in the United Kingdom, and/or their employees, shareholders, affiliates, sister and parent companies and partners as required by the context.

Partners

means Frequentis and Altitude Angel.

Apps

means mobile device applications that We publish under the NINOXDRONE brand, either directly or using one of Our Partners.

Sites

means any web services, including application programming interfaces, that may be accessible over the world wide web and released either directly by Us or provided on our behalf by one or more of Our Partners.

Services

means the Apps, Sites and/or other services We may introduce from time-to-time under the “NINOXDRONE” brand.

3.   Information About Us

3.1               Our Services are provided by Avinor ANS, using technology from Our Partners, Altitude Angel and Frequentis

 

If you have any queries about Your personal data, or Our use of it, You can contact Our data protection officer by email at personvern@avinor.no or by opening a support ticket https://support.ninoxdrone.no

4.   What Does This Policy Cover?

4.1               This Privacy Policy applies only to Your use of Our Services. We may provide links to other apps or sites, or use data or services provided by others. Please note that We have no control over how your data is collected, stored, or used by other websites and We advise you to check the privacy policies of any such third-party apps or websites before providing any data to them.

4.2               In general, data You share with Us is held privately. Some data You share, such as drone flight reports, can be shared with others, including the general public, but only after We’ve removed Your personal contact information from it. Please keep in mind that the nature of a flight report is to disclose the flight location to others, so You should not use features that declare your flight location if You do not want others to see it. Data that We may share in this way is clearly explained when You use the feature.

4.3               We will only share other data We hold about You if We are in receipt of a legal, valid court order or warrant, properly served in accordance with relevant local laws.

5.   Your Rights

5.1               As a data subject, you have the following rights under the GDPR (the General Data Protection Regulation), which this Policy and Our use of personal data have been designed to meet or exceed:

 

5.1.1         The right to be informed about Our collection and use of personal data;

 

5.1.2         The right of access to the personal data We hold about You (see section 13);

 

5.1.3         The right to rectification if any personal data We hold about You is inaccurate or incomplete (please contact Us using the details in section 15);

 

5.1.4         The right to be forgotten – i.e. the right to ask Us to delete any personal data We hold about You (We only hold your personal data for a limited time, as explained in section 6 but if you would like Us to delete it sooner, please contact Us using the details in section 15);

 

5.1.5         The right to restrict (i.e. prevent) the processing of Your personal data;

 

5.1.6         The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation);

 

5.1.7         The right to object to Us using your personal data for particular purposes; and

 

5.1.8          Rights with respect to automated decision making and profiling.

 

5.2               If You have any cause for complaint about Our use of your personal data, please contact Us using the details provided in section 15 and We will try to solve the problem for You. If We are unable to help, you also have the right to lodge a complaint with the Norwegian supervisory authority.

 

5.3               For further information about your rights, please contact the Information Commissioner’s Office or your local Citizens’ Advice Bureau.

 

5.4               Please note that we will at all times remain the Data Controller and We have required that our Partners are compliant in their processing of Your personal data, collected when You use Our Apps and Sites.

6.   What Data Do We Collect?

Depending upon Your use of Our Apps or Sites, We may collect some or all of the following personal and non-personal data (please also see section 14 on Our use of Cookies and similar technologies):

6.1               Account Details – Name and E-mail addresses;

 

6.2               Pilot, Operator and/or organisational information including, Address, Telephone Numbers and Registration details

 

6.3               Aircraft Information (e.g .Manufacturer, Model , airframe etc)

 

6.4               Area of Operations (where and when You are planning to fly) and any associated information;

 

6.5               Information about data that You have requested Us to provide (for example, We will record the data relating to a geographic search you perform through Our Services, and store that for safety and security purposes);

 

6.6               Information that You have explicitly sent to Us that you intend for Us to share with trusted partners, authorities and/or facilities which operate as part of providing Our Services.

 

6.7               Analytical information about Your use of Our Services;

 

6.8               Other data that You explicitly ask us to store against Your user account, including Your user profile (which includes personally identifiable information, such as Your username, email address, first and last names);

 

6.9               Diagnostic information to enable Us and Our Partners to operate the service, provide support, make improvements and/or troubleshoot issues.

7.   How Do We Use Your Data?

7.1               All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with Our obligations and safeguard your rights under the GDPR at all times. For more details on security see section 8, below.

 

7.2               Our Use of Your personal data will always have a lawful basis, either because it is necessary for Our performance of a contract with You, because You have consented to Our use of Your personal data (e.g. by subscribing to emails, or sharing your flights), or because it is in Our legitimate interests. Specifically, We may use your data for the following purposes:

 

7.2.1         Providing and managing your Account (and the data stored within it);

 

7.2.2         Contacting You to provide important, mandatory account security notifications or service updates (but not for marketing purposes unless You have explicitly opted-in to receive those);

 

7.2.3         Providing, securing and managing Your access to Our Services;

 

7.2.4         Personalising and tailoring Your experience on Our Services;

 

7.2.5         Supplying Our products and services to You (please note that We require some personal data from You in order to enter into a contract with You, such as Your full name and email address at a minimum);

 

7.2.6         Personalising and tailoring Our Services for You;

 

7.2.7         Notifying You of changes to Our Services;

 

7.2.8         Replying to emails or support requests from You;

 

7.2.9         Supplying You with emails or notifications via other mechanisms that You have opted-in to (You may unsubscribe or opt-out at any time by clicking on ‘unsubscribe’ in any of our marketing communication, or by disabling the notification feature in the relevant service);

 

7.2.10     Market and/or product research;

 

7.2.11     We may share limited information with other drone pilots or authorised 3rd parties, including other users of Our Services, about your drone operations when You share this with Us via Our Services, for the purposes of advancing airspace safety.

 

7.3               With Your permission and/or where permitted by law, we may also use Your data for marketing purposes which may include contacting You by email with information, news and offers on Our products and services. We will not, however, send You any unsolicited marketing or ‘junk mail’ and will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

 

7.4               You have the right to withdraw your consent to Us using your personal data at any time, and to request that We delete it.

 

7.5               We do not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Data will therefore be retained for the following periods (or its retention will be determined on the following bases):

 

7.5.1         Personal data will be retained while you have an active Account. You may update or delete Your account at any time by accessing the relevant ‘My account’ or ‘My profile’ screens in the relevant apps or services where available, or by contacting our dedicated Data Protection Team via email to Personvern@avinor.no 

 

7.5.2         Where an account is unused for a period of 24 months, we will automatically deactivate the account and the associated personal data shall be anonymised and archived.

8.   How and Where Do We Store Your Data?

8.1               We only keep your personal data for as long as We need to in order to use it as described above in section 7, and/or for as long as We have your permission to keep it.

 

8.2               Your data will only be stored within the European Economic Area (“the EEA”). It will only be accessed by Our Partners in compliance with our agreements with them in order to provide Our Services to You, through their head offices located in Europe and/or the United Kingdom.

 

8.3               Data security is very important to Us, and to protect your data We have taken suitable measures to safeguard and secure data collected through Our Services.

 

8.4               Steps We take to secure and protect Your data include:

 

8.4.1         Use of secure data centre facilities

 

8.4.2         Using industry-standard encryption appropriately, and never creating Our own proprietary in-house developed encryption algorithms

 

8.4.3         Ensuring that only duly authorised employees or contracts are able to access limited elements of Our infrastructure

 

8.4.4         Controlling physical access to Our premises and logging visitors

9.   Do We Share Your Data?

9.1               Subject to section 8.2, We will not share any of Your data with any third parties for any purposes, without Your express permission.

9.1.1         It may be possible to use Your Account in 3rd party services or apps. In such cases, You will be explicitly asked whether You wish for Our Services to permit that app or site to access to Your personal data, together with an on-screen description of the data they are requesting Us to provide to them on your behalf. Our Services have no control over the 3rd party’s subsequent use of any data You authorise Us to share with them and a link will be provided to that 3rd party’s privacy policy at the time You are asked to authorise the request.

 

9.1.2         At any time, You can withdraw Your permission for the 3rd Party to access data stored within your Account, using the My Profile or My Account screens in Our Services (where available), or by emailing personvern@avinor.no and telling Us what service You would like to withdraw permission from.

 

9.1.3         Please note that 9.1.2 will prevent new or updated information from being shared with the 3rd party after Your request is processed, but will not explicitly delete information already held by the 3rd party up to that point. You should review the 3rd party’s privacy policy prior to authorising Us to share Your information with them to check that You are happy to provide it. This does not obligate Us, or Our Partners, to pass data removal requests to those 3rd parties on Your behalf, although We may do so if We have the ability to automatically pass this request to them via Our systems.

 

9.2               We may compile statistics about the use of Our Services including data on traffic, usage patterns, user numbers, sales, diagnostic information, screen clicks, mouse movement, searches and more. Save for diagnostic data, which We may hold to help assist Us fix a problem You report, We will endeavour to ‘anonymise’ data that can be combined with other data We hold and used to identify you. We may from time to time share such data with third parties. Data will only be shared and used within the bounds of the law.

 

9.3               In certain circumstances, We may be legally required to share certain data held by Us, which may include your personal data, for example, where We are involved in legal proceedings, where We are complying with legal requirements, a court order, or a governmental authority.

10.         What Happens If Our business ownership changes?

10.1           We may, from time to time, expand or reduce Our business and this may involve the sale and/or the transfer of control of all or part of Our business. Any personal data that You have provided will, where it is relevant to any part of Our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use that data only for the same purposes for which it was originally collected by Us.

 

10.2           In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes.

11.         How Can You Control Your Data?

11.1           In addition to Your rights under the GDPR, set out in section 4, when You submit personal data via Our Services, you may be given further options to restrict Our use of your data. In particular, We aim to give you strong controls on Our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from Us which you may also do by unsubscribing using the links provided in Our emails and at the point of providing your details).

12.         Your Right to Withhold Information

12.1           You may access certain areas of Our Services without providing any data at all. However, to use all features and functions available on Our Site you may be required to provide us with or allow for the collection of certain data.

 

12.2           You may restrict Our use of Cookies. For more information, see section 13. If You do so, not all of the features on Our Services may work as intended and We shall not be able to warrant their usability or suitability for any specific purpose.

13.         How Can You Access Your Data?

13.1           You have the right to ask for a copy of any of Your personal data held by Us (where such data is held). Under the GDPR, no fee is payable, and We will provide any and all information in response to Your request free of charge, electronically. Please contact Us for more details at personvern@avinor.no or using the contact details below in section 14.

 

13.2           If You require a printed copy of this information, we reserve the right to charge a small, reasonable fee to cover the materials, shipping and handling, in line with permitted charging under the GDPR. Requests for printed copies may take longer to fulfil.

14.         Our Use of Cookies

14.1           Our Services may place and access certain first party Cookies on your computer or device. First party Cookies are those placed directly by Us and are used only by Us. We use Cookies to facilitate and improve your experience of Our Services and to provide and improve Our products and services. We have carefully chosen these Cookies and have taken steps to ensure that your privacy and personal data is protected and respected at all times. Note that for the purposes of this privacy policy, we also include any cookies that are set by Our partners under the definition of ‘First party cookies’.

 

14.2           By using Our Services, you may also receive certain third-party Cookies on your computer or device. Third party Cookies are those placed by websites, services, and/or parties other than Us. Third Party Cookies are used in Our Services for us to improve the Website and the products and services offered based on how Users use Our Services. For more details, please refer to section 7, above, and to section 14.6 below. These Cookies are not integral to the functioning of Our Services and your use and experience of Our Services will not be impaired by refusing consent to them.

 

14.3           All Cookies used by and on Our Site are used in accordance with current Cookie Law.

 

14.4           Before Cookies are placed on your computer or device, you will be shown a prompt requesting your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling Us to provide the best possible experience and service to you. You may, if You wish, deny consent to the placing of Cookies; however certain features of Our Services may not function fully or as intended.

 

14.5           Certain features of Our Services depend on Cookies to function. Cookie Law deems these Cookies to be “strictly necessary”. These Cookies are shown below in section 14.6. Your consent will not be sought to place these Cookies, but it is still important that you are aware of them. You may still block these Cookies by changing Your internet browser’s settings as detailed below in section 14.7, but please be aware that Our Services may not work properly if you do so. We have taken great care to ensure that your privacy is not at risk by allowing them.

 

14.6           The following first party Cookies may be placed on your computer or device:

Name of Cookie

Purpose

Strictly Necessary

cookiesDirective

Records whether or not you have seen our EU Cookies Directive warning

Yes

AspNet.Application.Cookie

This cookie is required in order to maintain your logged-in user session

When logged-in

and the following third-party Cookies may be placed on your computer or device:

Name of Cookie(s)

Provider

Purpose

ai_user and ai_authUse

Microsoft

Set by Microsoft Application Insights to enable us to perform user analytics and provide technical support.

_ga, _gat and _gid

Google

This cookie is set by Google Analytics and allows us to gather usage information for the purposes of marketing and service improvement

ai_session

Microsoft

This cookie is set by Microsoft Application Insights, a tool we use for monitoring our Website for faults. This cookie helps us to determine if a specific user has faults, so we can provide a better support experience.

14.7           In addition to the controls that We provide, you can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable You to choose whether You wish to disable all cookies or only third-party Cookies. By default, most internet browsers accept Cookies, but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with Your device.

 

14.8           You can choose to delete Cookies on Your computer or device at any time, however you may lose any information that enables you to access Our Services more quickly and efficiently including, but not limited to, login and personalisation settings.

 

14.9           It is recommended that You keep Your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if You are unsure about adjusting Your privacy settings.

15.         Contacting Us

If You have any questions about Our Services or this Privacy Policy, please contact Us by email at personvern@avinor.no. Please ensure that Your query is clear, particularly if it is a request for information about the data We hold about You (as under section 13, above).

If available, it is generally recommended to contact Us using the in-app or My Account/My Profile sections of Our Services, as We can use the electronic signature of your Account to verify that the correct security credentials were entered for security purposes.

If You write to Us via any other mechanism, we may need extra time to verify your identity to safeguard Your data and privacy.

16.         Changes to Our Privacy Policy

We may change this Privacy Policy from time to time (for example, if the law changes). Any changes will be immediately posted on Our Services and you will be deemed to have accepted the terms of the Privacy Policy on your first use of Our Services following the alterations. We also recommend that you check this page regularly to keep up-to-date.