Last revised 07/28/2020
EU-U.S. Privacy Shield Framework and Swiss – U.S. Privacy Shield Framework Commitment
"Personal data" and "personal information" under EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield are defined as data about an identified or identifiable individual that are within the scope of the Directive, received by an organization in the United States from the European Union, and recorded in any form.
The European Court of Justice (ECOJ) invalidated use of the Privacy Shield as a framework to transfer PII from the EC to the US in July 2020, however Aires continues to comply with this U.S.D.O.C. program. The Privacy Shield Framework is no longer used to transfer data, however Standard Contractual Clauses (SCCs) are still largely permitted. SCCs shall be used as appropriate.
In the event a European Union Member State declares SCCs ineffective, Aires will use Derogations to transfer PII from that Member State to the U.S. Art. 49 GDPR 1(b) Derogations for specific situations.
To provide effective global mobility services, Aires collects a certain amount of information. Aires acknowledges that its right to use and disclose certain non-public personal information may be limited by the Gramm-Leach-Bliley Act of 1999 (Public Law 160-102, 113 Stat.1138) (the "GLB Act") and its implementing regulations and other federal and state laws and regulations regarding privacy and the confidentiality of customer records.
"Nonpublic personal information" under the GLB Act is any personally identifiable financial information that is not otherwise publicly available and which is collected in the course of providing a financial service (referred to in this policy as "Personal Information"). Some of the services offered by Aires may be considered financial services.
Personal Information Collection, Types, and Disclosure
Aires and/or its subsidiaries, entities, third party service providers or designees on Aires’ behalf may collect Employee and/or Family Personal Information while providing or coordinating global mobility services. Additionally, Aires, may disclose information to its subsidiaries or partners while providing global mobility services.
Partners are data processors who provide global mobility services to customers as directed by Aires, such as moving companies, real estate agents, customs clearance agents, temporary housing companies, destination service providers, language trainers, and cultural trainers. Only the minimum specific data required to provide a specific service is provided to individual service providers. Customers have the right to request limiting personal data provided to partners by emailing email@example.com or by removing key data through our website at www.aires.com.
The type of information Aires may collect and the extent to which it is used varies depending on the global mobility services being provided. Personal information Aires may collect include account balances, income, assets, insurance premiums, payment history and other such information that Aires may become privy to while providing global mobility services to individuals. Aires may also collect personal information such as e-mail address, phone number, DOB, driver’s license number, social security number, passport number, EIN, etc. Individuals may request that personal information be removed, however this this may result in the inability of Aires to provide services, or your request could be denied by the data Controller, your employer.
Aires subsidiaries as described above include American International Forwarding Ltd d/b/a Aires.
Aires may also collect personal information from its clients, lenders, appraisers, and other professionals or service providers with whom Aires collaborates while providing global mobility services. Information is only collected as it is relevant to the specific service provision.
Aires may be required to disclose personal information in response to lawful requests by public, regulatory or government authorities.
Liability and limitation of Damages
Aires remains responsible for the handling of personal Information by those affiliates and third parties as provided in the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework Principles, including the Supplemental Principles.
The liability of Aires for any damages suffered by a customer or his or her family shall be limited to actual, direct, out-of-pocket expenses. In no event shall Aires or its partner be liable for prospective profits, special damages, incidental damages, or indirect or consequential damages in connection herewith or with respect to operations hereto, whether in tort, contract, or otherwise. Aires shall not be liable for acts of omissions of licensed professionals who have been retained while providing services. The customer shall look solely to the licensed professional in question for recourse.
A "cookie" is a small file containing information that is placed on a user’s computer by a web server. Typically, these files are used to enhance the user’s experience of the site, to help users move between pages in a database, or to customize information for a user.
Any information that Aires webservers may store in cookies is used for internal purposes only. Cookie data is not used in any way that would disclose personally identifiable information to outside parties unless Aires is legally required to do so in connection with law enforcement investigations or other legal proceedings.
Aires maintains log files of all access to its site and monitors network traffic for the purposes of site management. This information is used to help diagnose problems with the server and to carry out other administrative tasks. Log analysis tools are also used to create summary statistics to determine which information is of most interest to users, to identify system problem areas, or to help determine technical requirements. Information such as the following is collected in these files:
- Hostname: the hostname and/or IP address of the computer requesting access to the site
- User-Agent: the type of browser, its version, and the operating system of the computer requesting access (e.g., Firefox for Windows, Safari for iPhone, etc.)
- Referrer: the web page the user came from
- System date: the date and time on the server at the time of access
- Full request: the exact request the user made
- Status: the status code the server returned, e.g., fulfilled request, file not found
- Content length: the size, in bytes, of the file sent to the user
- Method: the request method used by the browser (e.g., post, get)
- Universal Resource Identifier (URI): the location of the resource requested. (More commonly known as a URL.)
- Query string of the URI: anything after a question mark in a URI. For example, if a keyword search has been requested, the search word will appear in the query string.
- Protocol: the technical protocol and version used, i.e., http, ftp, etc.
The above information is not used in any way that would reveal personally identifying information to outside parties unless Aires is legally required to do so in connection with law enforcement investigations or other legal proceedings.
If a member of the public sends Aires an e-mail message or fills out a based form with a question or comment that contains personally identifying information, that information will only be used to respond to the request. Such information is not used in any way that would reveal personally identifying information to outside parties unless System Administration is legally required to do so in connection with law enforcement investigations or other legal proceedings.
Personal Information Protection
Aires uses industry accepted standards of technology and operational security to protect personal information from loss, misuse, alteration, or destruction. Despite our efforts to protect personal information, there is always some risk that an unauthorized person may illegally gain access to systems, or that transmission of personal information over the internet may be intercepted. Therefore, Aires cannot guarantee that unauthorized persons will not obtain access to personal information.
Information collected and stored by Aires is maintained at its in-house data center site within the United States. Information is retained until such time as it is no longer required to provide services or meet legal obligations.
Right to Access
Individuals have the right to access their personal data. Individuals may utilize the Aires website at www.aires.com to log in to access, correct, or update personal information. Additionally, individuals may reach out to Aires at firstname.lastname@example.org to request opting out of Aires services, obtain confirmation of whether or not Aires is processing personal data relating to them, have Aires communicate to them such data so that individuals may verify its accuracy and the lawfulness of the processing; and request to have data corrected, amended or deleted where it is inaccurate or processed in violation of applicable privacy law.
General Data Protection Regulation
The Regulation (EU) 2016/679, otherwise known as GDPR, applies to the processing of personal data of data subjects who are in the European Union. Data subjects have certain rights including the right to access personal information, the right to rectification, the right to erasure (to be forgotten), the right to restrict processing, the right to object, and the right to data portability. Any inquiries related to these rights can be sent to email@example.com. Clients with active credentials may also login to www.aires.com and submit a data inquiry request. Aires primarily operates as a processor on behalf of client controllers and has certain obligations within data processing agreements with those controllers. As such, verified inquiries will be sent to appropriate data controllers to evaluate data subject rights.
California Residents - No Information Selling (CCPA)
Aires does not receive any PII as consideration for other services or other items that we provide to our Clients. We do not have, derive, or exercise any rights or benefits regarding PII. We acknowledge that we do not sell any PII as defined by the California Consumer Privacy Act ("CCPA").
Aires does not process PII except as necessary to perform services for Clients and only within the direct business relationship with each Client. We represent that we understand the rules, requirements, and definitions of the CCPA and warrant that we will not take any action that would cause any transfers of PII to or from us to qualify as "selling personal information" under the CCPA.
Lawfulness of Processing
In order for processing to be lawful, personal data should be processed on the basis of the consent of the data subject concerned or some other legitimate basis. Aires does not use consent as a basis of Lawfulness of Processing. Processing remains lawful to the extent that processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, processing is necessary for compliance with a legal obligation to which the controller is subject, or processing is necessary for the purposes of the legitimate interests pursued by the controller.
Investigative and Enforcement Governance
With respect to personal information received or transferred pursuant to the Privacy Shield Framework, Aires is subject to the regulatory enforcement and investigative powers of the U.S. Department of Transportation.
Aires is required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
6 Penn Center West
Pittsburgh, PA 15276
Privacy Shield organizations must respond within 45 days of receiving a complaint.
Aires has further committed to refer unresolved Privacy Shield complaints to the American Arbitration Association International Centre for Dispute Resolution, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit the American Arbitration Association International Centre for Dispute Resolution for more information or to file a complaint. The services of the American Arbitration Association International Centre for Dispute Resolution are provided at no cost to you.
American Arbitration Association
International Centre for Dispute Resolution
120 Broadway, 21st Floor
New York, NY 10271
Under certain conditions, more fully described on the Privacy Shield website, individuals may invoke binding arbitration when other dispute resolution procedures have been exhausted.