Privacy Policy

ALFA Aero Solutions Inc., and its affiliates or corporate partners, ("AASI" or "we"/”our”), collect, use, and disclose Personal Information in compliance Canadian and applicable laws when individuals access or Websites, and when providing services to our users or individuals who reach out to us (together, “you” or “your”).  This Policy serves to let you know how we collect, use, and disclose your personal information when you visit, access, log-in to, or use our Websites, or purchase a Subscription to the Services.

DEFINITIONS

Unless otherwise defined herein, capitalized terms shall have the following meaning:

“Customer” means the organization or entity that purchases a Subscription to access and use the Services, and each individual User authorized to access the Services.

“Services” shall mean the ALFA Airport Revenue Management Software (“AARMS”), a comprehensive airport billing solution that supports aeronautical billing, lease or concession revenue management, and customer invoicing and reporting.

“Subscription” shall mean a Customer’s purchase of access to and use of the Services.

“Website” shall mean (i) the publicly available website located at https://www.ALFAaero.com/ ; and (ii) the website through which the Services are provided which shall be provided to Customers upon execution of an applicable Proposal, and their related sub-pages.

WHAT IS PERSONAL INFORMATION

Within this policy, Personal Information is defined as any factual or subjective information, recorded or not, about an identifiable individual or which may allow an individual to be identified.  For instance, personal information includes age, name, ID numbers, income, ethnic origin, blood type, opinions, evaluations, comments, social status, disciplinary actions, employee files, credit records, loan records, and medical records.

We are responsible for the personal information that we possess or control. We maintain internal practices to protect personal information and have appointed a Privacy Officer to oversee privacy matters.

WHY WE COLLECT, USE AND DISCLOSE PERSONAL INFORMATION

We collect, use, and disclose necessary personal information for the primary purpose of providing our Website and the Services. To provide the Website and Services, we use personal information:

• to maintain our relationship with you, our suppliers and other third parties;

• to provide and enhance the Website and Services;

• to provide you with suggestions based on your use of the Services;

• to understand our Customers’ and prospective customers’ needs;

• to offer products and services to meet Customers’ and prospective customers’ needs;

• to conduct credit checks on Customers and prospective customers;

• to answer your inquiries or questions;

• to collect and process payments;

• to update you on changes to our practices and procedures;

• to develop and manage our operations;

• to detect and protect against error, fraud, theft and other illegal activity;

• to authenticate you when you contact us;

• to fulfill our contractual obligations; and

• as permitted by, and to comply with, applicable laws.

If you have reached out to us for employment opportunities, we collect personal information including your name, address, telephone number, date of birth, social insurance number, banking information, benefit information, emergency contact information, resume, reference letters, and/or police record or RCMP record checks and the information required to facilitate those checks.

Unless required by law, we will not use personal information for a new purpose without the knowledge and consent of the individual to whom the information relates.

WHAT PERSONAL INFORMATION DO WE COLLECT

When you visit our website, purchase a Subscription, or access our Services, the types of personal information we collect about you or have access to include:

• your name;

• your business name (if applicable):

• your phone number;

• your e-mail address;

• your log-in details;

• your IP Address;

• your activities within the Services for the purposes of maintaining our audit trail for regulatory purposes;

• your Internet Service Provider (ISP) information;

• browser and referring website address;

• the approximate geolocation of your device; and

• your payment information (or that of the organization you represent).

We also collect information through e-mail communications and your use of our Websites. We collect this information to adjust our content, verify your credentials or authenticate you, and understand your preferences and online activities when interacting with our Website and Services.

We may also collect information about you, or use information that has been collected about you, that you have posted publicly on third party sites such as:

• Instagram;

• Facebook;

• LinkedIn; and

• YouTube.

Personal Information We DO NOT Collect

We do not collect any personal data related to:

• Children, minors, or anyone under the age of 18;

• Financial information except as necessary to process payments; or

• Medical or personal health information.

If we determine that you or another Customer has provided the above information to our Services, we will take immediate steps to delete or otherwise destroy that information.

How do we store your Personal Information?

The Services:

Storage

The Services are hosted by Amazon Web Services (Amazon AWS), and all information uploaded to the Services or sent to AASI in connection with the Services is held on Amazon AWS’ servers located in Canada. We do not generally keep any hard copies of personal information, and in the event that we have or have received hard copy documents containing personal information, we will destroy hard copies as soon as is feasible, subject to our legal obligations.  

Public Website:

Storage

Our publicly available Website located at https://www.ALFAaero.com/ is hosted by WIX.com, and all information sent to us in connection with your use of the public Website is held on WIX’s servers. We do not keep any hard copies of such personal information, and if we determine that we have received such copies we will destroy them as soon as is feasible, subject to our legal obligations.

Internal Management:

In the course of providing, maintaining, and supporting the Services, we may access and process data that may be considered Personal Information, including your name, e-mail, and business contact information. All such information is accessed and processed on Microsoft Azure servers located in Canada.

How and for how long do we retain your Personal Information?

Retention

We retain personal information only for as long as we need to for the purposes outlined in this Policy, unless otherwise required by law or you request that we delete your personal information.  For instance, under Canadian law, we must retain financial information for at least 6 years.  Once we no longer need the information for the purpose for which it was collected, we securely dispose of or de-identify any Personal Information, subject to our legal requirements and any written requests from you. We do not sell your personal information.

Types of Data We Collect

The data we collect from you consists of:

• Text (i.e. your e-mail address);

• Metadata (i.e. the date you visited the Services);

• Raw data (i.e. transaction data our bank to facilitate EFT payments); and

• Aggregate data (i.e. data related to the use of our Services).

Location of your Personal Information

Personal Information collected from you through the Services will be transferred to, stored, and processed at the Amazon AWS servers located in Canada.

Personal Information collected about you through our public Website will be transferred to, stored, and processed at the WIX.com servers.

Personal Information related to you that is collected and stored on the above servers may processed by AASI internally when providing the Services or managing our relationship with you, and such information will be transferred to, stored, and processed on Microsoft Azure servers located in Canada.

Our Websites

Cookies

We collect personal information using cookies on our Website and Services. Cookies are small files placed on your devices to track how you use our website. This helps us improve your user experience and save your preferences.  We use essential, functionality, analytics and performance cookies.

​

Essential Cookies. These Cookies are essential to provide you with services available through our Services and to enable you to use some of its features. For example, they allow you to log in to secure areas of our Services and help the content of the pages you request load quickly. Without these Cookies, the services that you have asked for cannot be provided, and we only use these Cookies to provide you with those services.

​

Functionality Cookies. These Cookies allow our Services to remember choices you make when you use our Services, such as remembering your language preferences, remembering your login details and remembering the changes you make to other parts of Services which you can customize. The purpose of these Cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our Services.  

We use functional cookies that are required for you to use the Services including, but not limited to:

• third-party cookies to ensure safety and security;

Analytics and Performance Cookies. These Cookies are used to collect information about traffic to Services and how users use our Services. The information gathered does not identify any individual visitor. The information is aggregated and anonymous. It includes the number of visitors to our Services, the websites that referred them to our Services, the pages they visited on our Services, what time of day they visited our Services, whether they have visited our Services before, and other similar information. We use this information to help operate our Services more efficiently, to gather broad demographic information and to monitor the level of activity on our Services.

We also use optional cookies activated upon consent like Google Analytics (see our Third-Party Service Providers).

Some browsers can block cookies through your browser settings. Blocking cookies may affect the way our Websites and Services works on your device. You can set up your browser to disable cookies at any time. For instructions on how to disable cookies, please visit the links below:

• Internet Explorer

• Mozilla Firefox

• Microsoft Edge

• Google Chrome

Online Communications

Our Website allows you to submit information to us through a form. We use the personal information you provide only to address your question or inquiry.

We also send e-mails to the people in our contact database regarding updates to our services or practices.  Our e-mails contain opt-out features and instructions on how to unsubscribe.  You can also send us an email to accounts@ALFAaero.com to be removed from our contact list.  You acknowledge that in some cases, we will need to authenticate you before processing the request.

Electronic Marketing Communications

We may send you information about our Services or other promotions that we think might interest you. Unless we already have a business relationship with you, or you have offered your contact information to us (i.e. your business card), we will always obtain your consent to receive sales and marketing information before sending you any  commercial electronic communications.

You have the ability to withdraw your consent and opt-out of our sales and marketing communications at any time. If you wish to do so, please contact our Privacy Officer at accounts@ALFAaero.com or select the unsubscribe link in an e-mail that you receive. If you choose to unsubscribe and request that you be placed on a “do not contact” list, you acknowledge and agree that we will retain your information on our “do not contact” list, and we will retain your personal information to ensure that we do not send you unsolicited communications.

Third Party Links

Our Websites may contain links to other websites. Those other websites may also collect your personal information. We are not responsible for how those other websites collect, use or disclose your personal information. We strongly encourage you to review their privacy policies before providing them with your personal information.

Do Not Track Signals

As there is not yet a common understanding of how to interpret Do Not Track (“DNT”) signals, we do not currently respond to such browser DNT signals.

Our Third-Party Service Providers

To the extent we engage third-party service providers, we try to ensure that those providers maintain comparable privacy protections and practices if they process your personal information. Some of our third-party service providers include:

• Wix (for public website hosting services)

• Amazon AWS (for Service hosting services);

• Google Analytics (for analytical purposes);

• Microsoft Office 365;

• Microsoft Teams;   

• Quickbooks; and

• Logmein (gotoassist);

We encourage you to read and review all of our third-party service providers’ privacy policies available through the links above.  For more information on the service providers we engage, please contact our Privacy Officer at privacy@ALFAaero.com.

AUTOMATED DECISION MAKING

We do not use systems that make autonomous decisions with your Personal Information.

YOUR CONSENT

We will obtain your express consent to collect, use and disclose your personal information wherever possible and where required by law. If you provide personal information directly to us, we assume you consented to the processing of your information for the reason you provided your information. This applies where you have signed up as a Customer, agreed to our Terms, purchased a Subscription and/or accessed our Services, visited our Website, or an authorized representative has done so on your behalf. 

We do not collect, use or disclose personal information without consent unless authorized or required by law to do so, such as in the following circumstances:

• when the information is publicly available, such as in public directories, registries or published information;

• if we are required to disclose personal information to a lawful authority;

• in an emergency that threatens someone’s life, health or personal security;

• for security reasons; or

• as otherwise authorized by law.

We obtain electronic or oral consent from those who subscribe to our mailing list for updates related to the Services or who express an interest in receiving communications from us.

PROVIDING YOUR PERSONAL DATA TO OTHERS OR RECEIPT FROM OTHERS

From time to time we may need to provide your personal information to other parties (such as our third-party service providers or our affiliates) to provide the Services and process your transactions, or as required by applicable law. We provide only what is necessary to complete the service and/or fulfil our obligations. We may also receive information about you from another party. When we receive information from another we do so because it is for a legitimate business purpose, such as to contact potential customers who have expressed an interest in our Services, or it is necessary to complete the service or would negatively impact you to be required to obtain the information from you first. For example, we may be required to provide or receive information to facilitate any payments that you may make via EFT.

YOUR RIGHTS TO THE PERSONAL INFORMATION WE POSSES ABOUT YOU

Our Company would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to access - You have the right to request AASI for copies of your personal data. We may charge you a small fee for this service.

The right to rectification - You have the right to request that AASI correct any information you believe is inaccurate. You also have the right to request AASI to complete information you believe is incomplete.

The right to erasure - You have the right to request that AASI erase your personal data, under certain conditions.

The right to restrict processing - You have the right to request that AASI restrict the processing of your personal data, under certain conditions.

The right to object to processing - You have the right to object to AASI’s processing of your personal data, under certain conditions.

The right to data portability - You have the right to request that AASI transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at the address located below. You acknowledge and agree that by contacting AASI to exercise any of these rights, you consent to the collection by AASI of certain Personal Information for the purposes of verifying your identity.

SECURITY AND ACCURACY

We protect personal information in our files from loss, misuse, unauthorized access, and alteration using technical, physical and administrative methods.  We frequently monitor our systems to ensure we have implemented up-to-date and effective security measures. Only senior employees with a need-to-know and authorized back-end access to the website have access to your Personal Information. Access is only provided upon an employee or sub-contractor obtaining approval from a director of AASI. We ensure that all our employees and/or sub-contractors have entered into agreements related to the protection and security of your Personal Information containing terms no less restrictive than the terms outlined in this Privacy Policy.

The Services:

We have implemented the following security measures in the Services:

• Encryption of data both in transit and at rest;

• SSL encrypted secure communications using https;

• DDOS protection;

• Security monitoring;

• High complexity passwords and regular password changes;

• Server-side best practices for protecting against common hacks and attacks; and

• Server-side secured end points preventing unauthorized user access.

• Access to all data and source code is controlled and secure

Public Website:

We have implemented the following security measures on our publicly available Website, including the standard security measures offered on all WIX.com websites, including:

• Encryption of data both in transit and at rest;

• SSL encrypted secure communications using https;

• DDoS Protection;

• Website security monitoring;

• High complexity passwords and regular password changes;

• Server-side best practices for protecting against common hacks and attacks; and

• Server-side secured end points preventing unauthorized user access.

• Access to all data and source code is controlled and secure.

However, you acknowledge that no one security system is impenetrable.  By sharing your personal information with us, your personal information may be at risk if someone breaches our systems or the systems of our third-party service providers.  In such cases, we will notify you as soon as is feasible if it is reasonable to believe that the breach created a real risk of significant harm to you.

We try to ensure that personal information we have on file is accurate.  We encourage you to contact us to update your personal information where you are aware our records are incorrect.

For more information on our security measures or records, please contact us at accounts@ALFAaero.com.

CONTACT US

If you would like to review or correct your personal information we have on file, or have any other concerns regarding your privacy rights, please send a written request to:

Privacy Officer
727 Courtenay Ave
Ottawa, ON
Canada  K2A 3B9

We will respond within 30 days. If more time is required we will advise you, and provide the reasons.

You acknowledge that when you request to exercise your privacy rights, you are consenting to our collection of your basic contact information so that we can authenticate you and communicate with you regarding your request.

CHALLENGING COMPLIANCE

AASI will respond to questions we receive about this Policy and our legal compliance. We will investigate all challenges and attempt to resolve all complaints. If you feel we have not met our legal obligations under this Policy or applicable laws, please contact our Privacy Officer at privacy@ALFAaero.com .Following our investigation, we will decide whether to update our policies and practices as necessary.

If you are unsatisfied with our responses, you may at anytime consult the relevant government privacy office based in your province, state or country.

In Canada you may contact:

• If you are in Ontario: https://www.priv.gc.ca/

• If you are in Quebec: https://www.cai.gouv.qc.ca

UPDATES

We review and revise this Policy regularly.  We reserve the right to change our Policy at any time by posting a new Policy on our Websites.

This Policy was last updated November 2021.