Privacy policy of the APP IN THE AIR INC.

related to APPINTHEAIR project

(Version 05. 15.06.2018)

General provisions

The security of your personal data is important to us.

We follow generally accepted industry standards to protect the personal data submitted, both during transmission and once we receive it. We would like to stress, that we implemented appropriate technical and organisational measures to ensure that processing and transmission is performed in accordance with the best international practices and current legislation. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while our goal to use commercially acceptable ways to protect your personal data, we cannot guarantee it is absolutely secure. Please keep it in mind before submitting any information about yourself. Please note that information that you voluntarily make public in your user profile, or which you disclose by posting comments or inserting of the Content will be publicly available and viewable by others. We do not hold any liability for any information that you voluntarily choose to be public through such and/or other explicit actions.

Basic principles related to collection and processing of personal data

We have the greatest respect to your personal data, thus during collection and processing of your personal data, we strictly adhere to the best business practices and principals, specified by applicable legislation and regulation, such as:

(a) personal data is processed fairly and in a transparent manner;

(b) personal data is collected only for specified, explicit and legitimate purposes, described herein, and not further processed in a manner that is incompatible with those purposes;

(c) collected personal data is deemed by us adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

(d) personal data shall be accurate and, where necessary, kept up to date; personal data that is inaccurate will be erased or shall be rectified without delay;

(e) personal data will be kept in a form, which permits identification of you for no longer than is necessary for the purposes for which the personal data is collected and processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest or statistical purposes;

(f) personal data will be collected and processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

What personal data we collect?

In the course of provision of the Services we collect and process the following information, including personal data:

Itinerary information

App in the Air accesses and processes email messages in any email accounts you have connected.By linking our Services to your email or other internet accounts, you authorize us to collect, process and retain itinerary-related information, including personal information, from those accounts.We use this information to provide our Services.

Loyalty points information

App in the Air accesses and processes loyalty points information in any loyalty accounts you have connected. By linking our Services to your loyalty accounts, you authorize us to collect, process and retain miles balance, status & related loyalty information, including personal information, from those accounts. We use this information to provide our Services.

Social account information

App in the Air accesses and processes basic social network information (name, email address & friends list) in any social networks accounts you have connected. By linking our Services to your social networks accounts, you authorize us to collect, process and retain this information, including personal information, from those accounts. We use this information to provide our Services.

How we collect and use your personal data?

We only use personal data collected through the APPINTHEAIR project and our Services for the purposes described in the Terms https://www.appintheair.mobi/termsofuse. For example, we may use information we collect:

• to provide our Services and to process and complete transactions;

• to provide customer service based on your emails, submissions, questions, comments, requests, and complaints;

• to monitor and analyze APPINTHEAIR project usage and trends, and to personalize and improve APPINTHEAIR project and our users’ experiences on our sites, such as providing ads, Content, Materials, or features that match their profiles or interests, and to increase APPINTHEAIR project functionality and user friendliness;

• to send you confirmations, updates, security alerts, and support and administrative messages and otherwise facilitate your use of, and our administration and operation of our site.

With whom your personal data can be shared?

We will not share the personal data we collect from you through APPINTHEAIR project or our Services with third parties, except as described in the Terms.

Your information with limited access rights (including personal data) can only be accessed by our authorized employees or consultants or the concerned group entities that need to have access to this data in order to be able to fulfill their given duties. However, we shall take appropriate organizational and technical measures to protect your personal data provided to it or collected by it with due observance of the applicable obligations and exceptions under the relevant legislation.

We could share your personal data with service providers who are working with us in connection with the operation of our site or our Services, in particular:

• In order to provide you with an engaging and personalized experience, we use Quettra’s Portrait Technology to aide our own efforts. When you download, install and use our application, you acknowledge the integration of third party services by us and agree to be bound by the privacy policies our partners. You can find Quettra’s Portrait Privacy Policy at www.quettra.com/privacy/portrait/. If you have any questions about their Privacy Policy, please contact them directly as described in the previously linked document.

• Client uses Plaid Technologies, Inc. (“Plaid”) to gather End User’s data from financial institutions. By using our service, you grant Client and Plaid the right, power, and authority to act on your behalf to access and transmit your personal and financial information from the relevant financial institution. You agree to your personal and financial information being transferred, stored, and processed by Plaid in accordance with the Plaid Privacy Policy (https://plaid.com/legal/).

• Client uses AwardWallet LLC (“Awardwallet”) to gather End User’s frequent flyer programs data from airline website. By using our service, you grant Client and Awardwallet the right, power, and authority to act on your behalf to access and transmit your personal data from the relevant frequent flyer programs from airline website. You agree to your personal data being transferred, stored, and processed by Awardwallet in accordance with the Awardwallet Privacy Policy (https://awardwallet.com/page/privacy).

• Client uses Edison Software, Inc. (“Edison”) to connect to email accounts and gather, process, and, store End User’s flight data. By using our service, you grant Client and Edison the right, power, and authority to act on your behalf to access and transmit your emails and personal data from the relevant email service. You agree to your personal and travel information being transferred, stored, processed, and used by Edison in accordance with the Edison Privacy Policy (http://www.edison.tech/privacy). Edison has the right to store this data for 7 days

You may associate your email accounts with the Service by providing us with log-in credentials for your email accounts. Once you have authorized us to do so by associating your accounts, we will use our automated technology to regularly review the contents of emails in your email accounts to look for travel related emails, including those with information about recent bookings. This information collected from your emails will be added to your App in the Air account so that you may automatically access this information on the Service and so that we may use this information for other purposes described in this Policy.

Personal data can be also shared with third parties in the following cases:

• when you give us your consent to do so, including if we notify you on APPINTHEAIR project that the information you provide will be shared with a particular third party in a particular manner and you provide such information;

• when we believe in good faith that we are lawfully authorized or required to do so or that doing so is reasonably necessary or appropriate to comply with the law or legal processes or respond to lawful requests or legal authorities, including responding to lawful subpoenas, warrants or court orders.

While using APPINTHEAIR services you might be interested in inviting random people, whom you do not know but with whom you are interested in communicating through our products. In this event, please make sure you truly wish to share any of your information or data with such a person. Once you provide the information to such a person, we will not be able to guarantee that this person will not use this information against you, trade it or misuse it in any other way. We will not be able to prevent such misuse, nor will we be liable for it. We will only be able to block the account or delete the account of any user who violate our Privacy policy. However, once any information is provided by you directly to any person which is your friend or not through our products, we are not responsible for any consequences.

Log files and cookies

Certain information about users can be gathered automatically and stored inside log files. This information might include Internet protocol (IP) addresses, the browser type, Internet service providers (ISP), referring/exit pages, operating systems, date/time stamps, and clickstream data. However, this information doesn't identify individual users and we use it exclusively to analyze trends, to administer the site, to track user movements around the site as a whole to improve the services provided. We do not link this automatically-collected data to any personally identifiable information.

For how long do we store your personal data?

We will store your personal data for the period of 5 (five) years from the date of you consent, however, in case you continue to use APPINTHEAIR project and/or our Services after the end of this period we are entitled to retain your information, including personal data, for as long as it is necessary to: fulfill any of the Services we provide or comply with applicable legislation, regulatory requests and relevant orders from competent courts, unless we receive from you the demand of rectification or erasure of your personal data.

Where we store your personal data?

If you use APPINTHEAIR project and/or any of the Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where servers are located and our central database is operated. The data protection and other laws of the United States and other countries might not be as comprehensive as those in your country, but please be assured that we take steps to ensure that your privacy is protected. By using our Services, you understand that your information may be transferred to our facilities and those third parties with whom we share it as described in this Policy.

What are your choices and rights with respect to the collection and use of your personal data?

You can access and update your personal data in certain sections of APPINTHEAIR project. We do not limit your right to transmit the personal data provided to us to any other project, company and/or any other entity or person, together called “Controller”, however, please note, that due to the technical reasons your personal data could not be transmitted directly from us to another Controller as it is not technically feasible.

You have full legal right to request from us your personal data collected, demand its rectification or erasure, make a restriction of its processing or to object to processing as well as the right for data portability.

If you have any requests regarding the matters, described above, please contact us: support@appintheair.mobi.

From the moment you have given your explicit consent to the processing of your personal data for one or more specific purposes you have full legal right to withdraw such consent at any time (without affecting the lawfulness of data processing based on a given consent before its withdrawal). However, please note, that without collection of your personal data for the purposes described herein, we would not be able to provide you with some of the Services, thus, the further usage of the APPINTHEAIR project could be partially limited.

In case you are not satisfied with our personal data protection process and/or have any other complaints please contact our Data Protection Officer. You also have full legal right to lodge a complaint with a supervisory authority.

Children's privacy

This is a general audience website and does not offer Services directed to children. Should a child whom we know to be under 16 send personal data to us, we will use that data only to respond directly to that child to inform him or her that we must have parental consent before receiving his or her personal information.

Can Privacy policy be changed and how will the Client know about it?

If we decide to change our Privacy policy, we will post any changes to this privacy statement so that you are all aware of what information we collect, how we use that information, and under what circumstances, if any, we may disclose it.

We reserve the right to modify this Privacy policy statement at any time, so please review it relatively frequently.

If we make any changes to this Privacy policy, we will notify you here: https://www.appintheair.mobi/privacypolicy.

If you have any questions or suggestions regarding our Privacy policy, please contact us at: support@appintheair.mobi.

This Privacy policy of the APPINTHEAIR project is a legal part of the Terms of Service of the APPINTHEAIR project (https://www.appintheair.mobi/termsofuse)

Legal basis for the data processing

Personal data is collected and processed in accordance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), applicable US legislation, i.e. Acts of Federal Trade Commission, Electronic Communications Privacy Act and others, and the best international practices related hereto.

Data Protection Officer

Taking into account the greatest respect to your personal data, we appointed data protection officer – Bayram Annakov bayram.annakov@appintheair.mobi.

Notification of personal data breach

In the case of a personal data breach, we will without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the competent supervisory authority of the personal data breach, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of End users. The parallel notification will be send to you.

App In The Air Inc., a Washington Company with registered office: 1411 4th Avenue, Suite 1000, Seattle, WA, 98101, USA