EU-U.S. Privacy Shield Framework and Swiss – U.S. Privacy Shield Framework Commitment
“Personal data” and “personal information” under EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield are defined as data about an identified or identifiable individual that are within the scope of the Directive, received by an organization in the United States from the European Union, and recorded in any form.
In order to provide effective global mobility services, Aires collects a certain amount of information. Aires acknowledges that its right to use and disclose certain non-public personal information may be limited by the Gramm-Leach-Bliley Act of 1999 (Public Law 160-102, 113 Stat.1138) (the "GLB Act") and its implementing regulations and other federal and state laws and regulations regarding privacy and the confidentiality of customer records.
"Nonpublic personal information" under the GLB Act is any personally identifiable financial information that is not otherwise publicly available, and which is collected in the course of providing a financial service (referred to in this policy as "Personal Information"). Some of the services offered by Aires may be considered financial services.
Personal Information Collection, Types, and Disclosure
Aires and/or its subsidiaries, entities, third party service providers or designees on Aires’ behalf may collect Employee and/or Family Personal Information in the course of providing or coordinating global mobility services. Additionally, Aires, may disclose information to its subsidiaries, entities, third parties or designees in the course of providing global mobility services.
Liability and limitation of Damages
Aires remains responsible for the handling of personal Information by those affiliates and third parties as provided in the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework Principles, including the Supplemental Principles.
The liability of Aires for any damages suffered by a customer or his or her family shall be limited to actual, direct, out-of-pocket expenses. In no event shall Aires or its partner be liable for prospective profits, special damages, incidental damages, or indirect or consequential damages in connection herewith or with respect to operations hereto, whether in tort, contract, or otherwise. Aires shall not be liable for acts of omissions of licensed professionals who have been retained in the course of providing services. The customer shall look solely to the licensed professional in question for recourse.
“Third parties” are defined as companies who provide global mobility services to customers as directed by Aires, such as moving companies, real estate agents, customs clearance agents, temporary housing companies, destination service providers, language trainers, and cultural trainers. Only the minimum specific data required to provide a specific service is provided to individual third-party service providers. Customers have the right to limit personal data provided to third party service providers through requests to firstname.lastname@example.org or by removing key data through our website at www.aires.com.
The type of information Aires may collect and the extent to which it is used varies depending on the global mobility services being provided. Personal information Aires may collect include account balances, income, assets, insurance premiums, payment history and other such information that Aires may become privy to in the course of providing global mobility services to individuals. Aires may also collect personal information such as e-mail address, phone number, DOB, driver’s license number, social security number, passport number, EIN, etc. Individuals may limit the personal information provided to Aires, or request that personal information be removed as stated below. However, limitations may result in the inability of Aires to provide services.
Aires subsidiaries and entities as described above include American International Forwarding Ltd.
Aires may also collect personal information from its clients, lenders, appraisers and other professionals or service providers with whom Aires collaborates while providing global mobility services. Information is only collected as it is relevant to the specific service provision.
Aires may be required to disclose personal information in response to lawful requests by public, regulatory or government authorities, including to meet national security or law enforcement requirements.
A “cookie” is a small file containing information that is placed on a user’s computer by a web server. Typically, these files are used to enhance the user’s experience of the site, to help users move between pages in a database, or to customize information for a user.
Any information that Aires webservers may store in cookies is used for internal purposes only. Cookie data is not used in any way that would disclose personally identifiable information to outside parties unless Aires is legally required to do so in connection with law enforcement investigations or other legal proceedings.
Aires maintains log files of all access to its site and also monitors network traffic for the purposes of site management. This information is used to help diagnose problems with the server and to carry out other administrative tasks. Log analysis tools are also used to create summary statistics to determine which information is of most interest to users, to identify system problem areas, or to help determine technical requirements. Information such as the following is collected in these files:
Hostname: the hostname and/or IP address of the computer requesting access to the site
User-Agent: the type of browser, its version, and the operating system of the computer requesting access (e.g., Firefox for Windows, Safari for iPhone, etc.)
Referrer: the web page the user came from
System date: the date and time on the server at the time of access
Full request: the exact request the user made
Status: the status code the server returned, e.g., fulfilled request, file not found
Content length: the size, in bytes, of the file sent to the user
Method: the request method used by the browser (e.g., post, get)
Universal Resource Identifier (URI): the location of the particular resource requested. (More commonly known as a URL.)
Query string of the URI: anything after a question mark in a URI. For example, if a keyword search has been requested, the search word will appear in the query string.
Protocol: the technical protocol and version used, i.e., http, ftp, etc.
The above information is not used in any way that would reveal personally identifying information to outside parties unless Aires is legally required to do so in connection with law enforcement investigations or other legal proceedings.
If a member of the general public sends Aires an e-mail message or fills out a based form with a question or comment that contains personally identifying information, that information will only be used to respond to the request. Such information is not used in any way that would reveal personally identifying information to outside parties unless System Administration is legally required to do so in connection with law enforcement investigations or other legal proceedings.
Personal Information Protection
Aires uses industry accepted standards of technology and operational security in order to protect personal information from loss, misuse, alteration, or destruction. Despite our efforts to protect personal information, there is always some risk that an unauthorized person may illegally gain access to systems, or that transmission of personal information over the internet may be intercepted. Therefore, Aires cannot guarantee that unauthorized persons will not obtain access to personal information.
Information collected and stored by Aires is maintained at its in-house data center site within the United States. Information is retained until such time as it is no longer required to provide services or meet legal obligations.
Right to Access
Individuals may have the right to access their personal data. Individuals may utilize the Aires website at www.aires.com to log in to request access, correction, or updating of personal information. Additionally, individuals may reach out to Aires at email@example.com to request confirmation of whether or not Aires is processing personal data relating to them; have Aires communicate to them such data so that individuals may verify its accuracy and the lawfulness of the processing; and have data corrected, amended or deleted where it is inaccurate or processed in violation of the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Principles. Verified inquiries will be sent to appropriate data controllers to evaluate data subject rights.
General Data Protection Regulation
The Regulation (EU) 2016/679, otherwise known as GDPR, applies to the processing of personal data of data subjects who are in the European Union. Data subjects have certain rights including the right to access personal information, the right to rectification, the right to erasure (to be forgotten), the right to restrict processing, the right to object, and the right to data portability. Any inquiries related to these rights can be sent to firstname.lastname@example.org. Clients with active credentials may also login to www.aires.com and submit a data inquiry request. Aires primarily operates as a processor on behalf of client controllers and has certain obligations within data processing agreements with those controllers. Verified inquiries will be sent to appropriate data controllers to evaluate data subject rights.
California Residents - No Information Selling (CCPA)
Aires does not receive any PII as consideration for other services or other items that we provide to our Clients. We do not have, derive, or exercise any rights or benefits regarding PII. We acknowledge that we do not sell any PII as defined by the California Consumer Privacy Act (“CCPA”).
Aires does not process PII except as necessary to perform services for Clients and only within the direct business relationship with each Client. We represent that we understand the rules, requirements, and definitions of the CCPA and warrant that we will not take any action that would cause any transfers of PII to or from us to qualify as “selling personal information” under the CCPA.
Investigative and Enforcement Governance
With respect to personal information received or transferred pursuant to the Privacy Shield Framework, Aires is subject to the regulatory enforcement and investigative powers of the U.S. Department of Transportation.
Aires is required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Laura May Carmack
6 Penn Center West
Pittsburgh, PA 15276
Privacy Shield organizations must respond within 45 days of receiving a complaint.
Aires has further committed to refer unresolved Privacy Shield complaints to the American Arbitration Association International Centre for Dispute Resolution, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit the American Arbitration Association International Centre for Dispute Resolution for more information or to file a complaint. The services of the American Arbitration Association International Centre for Dispute Resolution are provided at no cost to you.
American Arbitration Association
International Centre for Dispute Resolution
120 Broadway, 21st Floor
New York, NY 10271
Under certain conditions, more fully described on the Privacy Shield website, individuals may invoke binding arbitration when other dispute resolution procedures have been exhausted.