Sleeping in Airports

Privacy Policy

Thank you for visiting Sleeping in Airports (www.sleepinginairports.net / www.sleepinginairports.com), a web site presented by Airport Savvy Inc. Sleeping in Airports provides visitors with information about airports, lounges and hotels and a platform for users to share their airport experiences through reviews, photos, ratings and surveys. In order for us to offer our services we need to process some of your personal and non-personal data.

We care about your privacy and the protection of your personal data that is why we have created this Privacy Policy, which is compliant to the EU’s General Data Protection Regulation (GDPR).

The following document explains what we do with your personal data, why we collect it, how we collect it, how we guarantee their protection and how you can manage your information.

By using our website you consent that you understand and agree to the terms laid down in this privacy policy.

We apologize in advance for making you read this, but our lawyers and the EU made us do it! 

Contents of this Policy

What Personal Data do we collect and how?

In order for us to provide our service to you, we collect and process your personal data. Our Services include, but are not limited to: registering your account; sending you the annual newsletter through Mailchimp which announces our annual survey results; communicating and interacting with you in relation our services; notifying you of changes to any services; enhance your visitor experience; and in order to fulfil an obligation under law or contract from public authorities.

We collect the following categories of data:

(a) Non-identifying information, such as the date and duration of your visit and
(b) Personally-identifying information, such as your name.

We collect information in these three forms:

a) Information you have provided us with: are data you have willingly given to us, such as;

– Your username, password and email address when you register for an account.
– Profile information that you provide (biography, location, profile photo, personal website and social networks).

b) Information automatically collected about you: this includes information that is automatically stored by cookies and other session tools. and

(c) Information collected from our partners: we gather non-personal information from our trusted partners with confirmation that they have legal grounds to share that information with us. This information is aggregated data which cannot be used to identify you. This is aggregated data is used for statistical purposes to improve our services. This is information that you have provided willingly.

Aggregated Data:

Aggregated data is information gathered and expressed in a summary form for purposes such as statistical analysis, and so is not personal data for the purposes of data protection law. Aggregated data are data such as: total number of visitors in a given month; the date and duration of the visit etc. This data is evaluated anonymously for statistical purposes in order to optimize our services. This data is not used to identify you, thus it does not violate any privacy laws.

Cookies:

Internet Cookies are small pieces of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing. The aim of the Cookie is to remember the user and record their activity so that the website can offer tailored services to its users, making for a better browsing experience. These cookies will last for one year.

If you wish you can configure your browser to refuse cookies or to ask for confirmation beforehand. However, refusing cookies means that your browsing experience will not be as smooth and tailored to you anymore.

Data Gathered when you leave a Blog Comment:

The data we collect from you if you post a comment on our blog.

  • IP address
  • User Name
  • Email address
  • Website (optional)
  • Browser user agent string

After approval of your comment, your Gravatar profile picture is visible to the public in the context of your comment. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. Comments can be removed at any time, by sending an email to [email protected] the email address you used on the system.

Data Gathered as a “Guest”:

The data we collect from you if you are posting a review only as a “guest” are as following;

  • IP Address
  • Content, such as a Comment; Photo of the Airport and Review;
  • Browser user agent string

In case you change your mind and want to delete the comment within 48 hrs of posting it or before it has been approved, you can contact us at [email protected] and request that we remove your review.

Data Gathered as a “Member”:

The data we collect from you if you create an account and become a “member” are:

  • IP Address
  • Content, such as a Comment; Photo of the Airport and Review;
  • Browser user agent string
  • User name,
  • Password,
  • Email address
  • Optional profile photo

As a member, you have the option to submit additional voluntary information about yourself, such as a detailed biography, your city, country, a profile photo, your web site and social media networks. Member profiles and their content (reviews and photos) can be removed at any time, by sending an email to [email protected] with the user name and email address.

Data Gathered as a “Survey Respondent”:

The data we collect from you if you participate in our airport survey are:

  • IP address, browser information, OS information, time and date of event, and any text or choices entered by the survey respondent.
Mailing List:

If a you are interested in subscribing to our mailing list you must opt-in through Mailchimp, this is done willingly. If you subscribe to our mailing list, you will be sent only one email per year where we inform you about the publication of best and worst airports of the year.

You do not have to register to be a member on our website to subscribe to our mailing list. You can opt-out at any time.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

What do we do with your information?

To provide, support and improve our Services: this may include sharing your or your information with third parties in order to provide and support our Services, to make certain features of the Services available to you, thus improving your overall user experience.

To send you notifications: in case there has been a change to our services such as updating our terms and conditions; notify you in case of a data breach etc.

To provide customer support: reply to your questions, send you our mailing list sign-up and/or opt-out confirmation notifications, inform you about our annual Best & Worst Airports announcement, etc.

Analyse statistical data: we analyse this data so that we can improve our services, this data is non-identifiable data.

To meet legal requirement: this includes complying with court orders, valid discovery requests, valid subpoenas, to prosecute and defend a court, arbitration, or similar legal proceeding, to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements and other appropriate legal mechanisms.

How is your data protected?

We will take necessary technical and organizational measures to adequately protect the data of the Data Controller by meeting the requirements of Art. 32 of the GDPR.

We use safe protocols for communication and transferring data (such as HTTPS). We use anonymising, pseudonymising and encryption where suitable. We monitor our systems for possible vulnerabilities and attacks. No unauthorized access to Processing systems is provided. Data is stored in highly secure data centres.

Even though we try our best we cannot guarantee the security of information. However, we promise to notify suitable authorities of data breaches. We will also notify you if there is a threat to your rights or interests. We will do everything we reasonably can to prevent security breaches and to assist authorities should any breaches occur.

Tools used to process your data

We use the following to tools so that we can offer our services to you:

MailChimp

Mailchimp is an online marketing platform. They provide services such as mailing list management and real-time data analytics. We use them to send our users a once a year notification of our survey results publication. Users voluntarily sign-in to this, if you chose you can refuse to register. For more information please visit their privacy policy at: https://mailchimp.com/legal/privacy/

PollDaddy

PollDaddy is a tool offered by Automattic, Inc. which is a web development corporation. Polldaddy allows us to create polls, for our users where they can submit their vote. This software records the following data when a user casts his/her vote on the poll: IP address, browser information, OS information, time and date of event, and any text or choices entered by the recipient. For more information please visit their privacy policy at: https://polldaddy.com/privacy/

Bitly

Bitly is a URL shortening service and a link management platform. We use Bitly to shorten URL, addresses and track link clicks. The data Bitly collects is: 1. IP address and physical location of the device; 2. the referring websites or services; 3. the time and date of each access; and 4. data where you shared the bitly link to another website. For more information please check Bitly’s Privacy Policy at: https://bitly.com/pages/privacy

Google Analytics

We use Google Analytics to analyse our websites viewers and users online behaviour, so that we can use for statistical purposes in order to optimize our services. This is done anonymously. For more information please check Google’s privacy policy at: https://policies.google.com/privacy

Lounge Pass

Sleeping in Airports has partnered with Lounge Pass (Priority Pass Limited) to provide its users with the ability to purchase airport lounge passes while they are on our site. This service is made possible through the use of an i-frame link, which is an HTML document of the Lounge Pass website embedded inside the Sleeping in Airports website. When you make a purchase, your transaction is securely being performed on the Lounge Pass site. Your personal information (name, credit card info, booking details) are sent directly to the Lounge Pass servers. Sleeping in Airports does not receive or have access to your personal details. For more information please check Lounge Pass’ Privacy Policy at: https://www.loungepass.com (Click “Information” from the top menu and then select Privacy Policy from the list on the right)

Google DoubleClick

Google, as a third party vendor, uses cookies to serve ads on www.sleepinginairports.net. Google’s use of the DART cookie enables it to serve ads to users based on their visit to www.sleepinginairports.net and other sites on the Internet. If you prefer not to receive interest-based advertising, you can disable the “Personalized Advertising” button in Google Advertising Settings: https://www.google.com/settings/ads

Transfer to third parties

We do not share your Personal Data with strangers. Personal Data about you is in some cases provided to our trusted partners (as mentioned in the section above) in order to either make providing the service to you possible or to enhance your visitor experience.
We only work with Processing partners who are able to ensure adequate level of protection to your Personal Data or whom we have contractually obliged through a Data Protection Agreement to guarantee that they will provide high data protection safeguards. If necessary we will disclose your Personal Data to third parties or public officials when we are legally obliged to do so. We might disclose your Personal Data to third parties if you have consented to it or if there are other legal grounds for it.

Lawful basis of processing your data

We process your data on the basis of Article 6(a) of the GDPR, which states:
“(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;”

If we use personal information for a purpose, which by provisions of law requires your consent, we will always ask for your explicit agreement and record your consent.

Data Subject Rights

As a data subject you have the following rights:

  • Right to information – meaning you have to right to know whether your Personal Data is being processed; what data is gathered, from where it is obtained and why and by whom it is processed.
  • Right to access – meaning you have the right to access the data collected from/about you. This includes your right to request and obtain a copy of your Personal Data gathered.
  • Right to rectification – meaning you have the right to request rectification or erasure of your Personal Data that is inaccurate or incomplete.
  • Right to erasure – meaning in certain circumstances you can request for your Personal Data to be erased from our records.
  • Right to restrict processing – meaning where certain conditions apply, you have the right to restrict the Processing of your Personal Data.
  • Right to object to processing – meaning in certain cases you have the right to object to Processing of your Personal Data, for example in the case of direct marketing.
  • Right to object to automated Processing – meaning you have the right to object to automated Processing, including profiling; and not to be subject to a decision based solely on automated Processing. This right you can exercise whenever there is an outcome of the profiling that produces legal effects concerning or significantly affecting you.
  • Right to data portability – you have the right to obtain your Personal Data in a machine-readable format or if it is feasible, as a direct transfer from one Processor to another.
  • Right to lodge a complaint – in the event that we refuse your request under the Rights of Access, we will provide you with a reason as to why. If you are not satisfied with the way your request has been handled please contact us.
  • Right for the help of supervisory authority – meaning you have the right for the help of a supervisory authority and the right for other legal remedies such as claiming damages.
  • Right to withdraw consent – you have the right withdraw any given consent for Processing of your Personal Data.

How long we retain your data

Aggregated Data: Indefinitely
Cookies: 1 month
Data Gathered as a “Guest”: indefinitely
Data Gathered as a “Member”: indefinitely or until you delete your account
Mailing List: indefinitely or until you opt out
From our Partners:
– Google Analytics – 14 months

Children

Our services are not aimed at children, we do not collect data of children. In case we identify that data we have collected belong to children, we will automatically delete such data.

Further Information

If you require any more information or have any questions about our privacy policy, please feel free to contact us by email at [email protected]

Please note that this Privacy Policy may change from time to time. If any major changes should happen to this Privacy Policy we will inform our registered members.

Last Updated: 27-May-2017