Flyability
Privacy Notice

1. Introduction

We recognize the importance of your privacy and of transparency in our processing of your personal data.

Flyability SA and its affiliates (we, our or Flyability) recognize the importance of your privacy and of transparency in our processing of your personal data. This privacy notice (Privacy Notice) informs you on the personal data we collect when you access and use our website and webshop and/or our products, software and services (altogether our products and services), and how we process it.

By accessing and using our products and services, you expressly acknowledge that we may collect and process your personal data in accordance with this Privacy Notice.

We may also have additional privacy notices that apply in specific circumstances.

2. Who is responsible for the processing of your personal data

Flyability SA, EPFL Innovation Park Bldg C, 1015 Lausanne, Switzerland, is responsible for the processing of your personal data. You will find our contact details below in Section 14.

This Privacy Notice only applies to processing undertaken by or on behalf of us. Whilst we may provide links to third-party websites or services, we are not responsible for their policies in relation to personal data. In such circumstances, the collection and use of your personal data are governed by the privacy policy of those third-party websites or services, which you should carefully review to learn more about their personal data processing practices.

As further detailed in this Privacy Notice, we may process your personal data in connection with the cloud services we provide to your employer, respectively the organization to which you are affiliated in any other way (each an Organization). This Privacy Notice does not govern how your Organization processes your personal data through the Services. You must refer to your Organization's policies.

Please see section 7 below for additional information in this respect.

3. How we collect your personal data

We collect the personal data that you provide to us.

We collect the personal data that you provide to us when you use our products and services, for example when you visit our website, place an order or communicate with us, request information on our products, register to our newsletter, create and/or manage your account, or use certain of our products and software (e.g. our Cockpit and Inspector software).

Some information is mandatory and some is optional.

It is mandatory that you complete the data fields identified as mandatory, usually by an asterisk. If one or more mandatory data fields are not completed, we will not be able to provide access to our products and/or services. You are not required to complete the optional data fields in order to access our products and services.

We also collect and send personal data from and to our resellers.

We collaborate with partners distributing our products and services (our Resellers), which may send us information about their customers such as name, company, industry, contact information, product or service purchased. We also send such information to Resellers for the purpose of them giving information on our products and services to you locally.

This Privacy Notice does not address how our Resellers collect and use your personal data. If you would like to make any requests or queries regarding your personal data, please contact such Reseller(s) directly. For example, if you wish to request to access, correct, amend, or delete inaccurate personal data that was originally collected by one of our Resellers, please direct your query to the relevant Reseller.

Certain personal data are also collected in an automated manner.

We also automatically collect personal data, including by means of tools, forms, cookies, and other active elements, as further described in this Privacy Notice.

You may define certain authorizations relating to the automatic collection of your personal data when you configure your device or product according to available functionalities. You may also define certain settings for the automated collection of your personal data through the cookies setting plugin available on our website. For more detailed information, please see the cookie section below (section 12).

4. How we process your personal data

We process your personal data by automated means for the purposes indicated in this Privacy Notice and in accordance with applicable law.

We process your personal data in accordance with applicable law, in particular Swiss data protection law and, to the extent they apply to us, other data protection legislations, such as the EU General Data Protection Regulation (GDPR) or its equivalent in the United Kingdom, using computers or computer tools, in line with the purposes set out in this Privacy Notice.

We do not make decisions exclusively on the basis of an automated processing which have legal effects on the data subjects or affect them significantly (automated individual decision) and also do not process your personal data to create a profile about you (profiling).

We may combine your personal data with other information (aggregate) or erase any information that allows us to identify you (anonymize), so that it is no longer considered personal data under applicable data protection law, in which case this Privacy Notice will no longer apply and we may use such data for purposes not contemplated by this Privacy Notice (e.g. for benchmarking or analytics purposes, or to develop and market new services). You may object to the anonymization or aggregation of your personal data for this purpose at any time (see section 13 below for additional information on your rights).

We take the technical and organizational appropriate security measures to prevent unauthorized access, disclosure, modification, alteration or destruction of your personal data, as specified in Section 11 below.

5. On which legal ground do we process your personal data

We process your personal data only if we have a valid legal ground to do so.

We will only process your personal data if we have a valid legal ground for doing so. Depending on the processing activity carried out, we will only process your personal data if:

  • The processing is necessary to fulfil our contractual obligations to you or to take pre-contractual steps at your request (Contractual Necessity);

    This is the case in particular when processing your personal data is strictly required to provide you with our products and services, as further specified in section 6 below. When the GDPR applies, Contractual Necessity is based on Article 6(1)(b) GDPR;

  • The processing is necessary for the fulfilment of our legitimate interests, and only to the extent that your interests or fundamental rights and freedoms do not require us to refrain from processing (Legitimate Interest);

    Our Legitimate Interests include in particular (i) ensuring that our products and services are provided in an efficient and secure way (e.g. through internal analysis of the products’ and services’ stability and security, updates andd troubleshooting, as well as support services); (ii) improving and developing our products and services (including monitoring the use of our products and services, and for statistical purposes); (iii) benefiting from cost-effectivee services (e.g. we may opt to use certain services offered by suppliers rather than undertaking the activity ourselves); and (iv) achieving our corporate goals. When the GDPR applies, Legitimate Interest is based on Article 6(1)(f) GDPR;

  • We have obtained your prior consent in a clear and unambiguous manner (Consent);

  • When the GDPR applies, Consent is based on Article 6(1)(a) GDPR;

  • The processing is necessary to comply with our legal or regulatory obligations (Legal Obligation);

    Finally, we will process your personal data if we are required by law to do so, as further specified in section 6 below. When the GDPR applies, Legal Obligation is based on Article 6(1)(c) GDPR.

6. Purposes for which we process your personal data?

We process your personal data for legitimate and clearly identified purposes:

Your personal data is collected for the following purposes and is not further processed in a manner that is incompatible with them.

To process orders and payments for our products and services.

To place an order, you must provide the information requested from you (e.g. contact information, billing and delivery addresses, payment method and related information. When you purchase a product or service using our website, we also automatically collect data related to your use of the website in accordance with our Cookie Policy (see section 12 below).

We use third-party services for payments and the dispatch of orders. For example, depending on the payment method selected, you will be redirected to the website of an online payment provider which is responsible for processing the payment. We transmit to these third parties only the data necessary for the operations they perform.

The processing of order, inventory and billing data is based on our Contractual Necessity to provide you with the requested products and services. We are also required by law to store certain information such as invoices, contracts and other information relevant to accounting for a certain period of time (generally for 10 years). Shorter retention periods apply for uncompleted orders.

To provide our professional services and for customer management purposes

We process the personal data that is necessary for the provision of our professional services. We collect the contact details of the individuals with whom we interact and the personal data that they provide us with. Processing personal data as just described above is necessary for us in order to provide our professional services and for related customer management purposes (such as invoicing).

If you are our direct customer, our basis for processing the data is our Contractual Necessity. In other cases (e.g. if you are a representative of one of our customers), it is our Legitimate Interests in delivering our services to our customers.

The personal data which we must retain for record-keeping, tax or another legal obligation will, as a rule, be kept for the duration of the contractual relationship and thereafter for a period of 10 years (or such other retention period as applicable). Shorter retention periods apply for personal data which must not be retained for the above reasons.

To contact you and respond to your queries.

You have the option of contacting using the contact form available on our website. In this context, we process the data which you provide to us (including your contact information and the subject-matter of the request). This data is used for the purpose of providing you with the requested information and services, based on our Contractual Necessity.

The retention period depends on the reason for your request and its context. Requests relating to orders will be retained for the period specified for orders. Other requests are, as a rule, retained for shorter periods.

To send you our newsletter and other advertising information.

If you subscribe to our newsletter, we will collect your contact details (name and email address) and use it to provide you with our newsletter, based on your Consent. You may unsubscribe from the newsletter service at any time, in which case your contact details will be deleted.

We also process the time of registration and your opt-in confirmation based on our Legal Obligation to demonstrate compliance and analyze your use of our newsletter, e.g. whether you have opened it or clicked on certain links, and process this data to optimize and improve our newsletter, based on our Legitimate Interest.

We use the third party services of Hubspot and Woodpecker to provide our newsletter service. Hubspot and Woodpecker will have access to your email in order to provide you with the service. Their privacy statements are applicable in this regard, which you will find by clicking the above links.

Independently from your subscription to our newsletter, we may also contact you by email to inform you about our activities if you have previously purchased a similar product or service from us, if you have not objected to the corresponding use of your email address. You can object to the use of your email address for this purpose at any time by contacting us (see contact detail in section 14). The legal basis for the corresponding processing of your data is our Legitimate Interest to advertise certain sales offers and activities relating to our previous interactions with you.

To provide you with job opportunities within Flyability.

We may process your personal data to allow you to consult and apply for job opportunities within Flyability. We will process the personal data you provide. In addition, if you provide us with links to your profile on social media platforms (such as LinkedIn) or with contact information for references, we will assume that we may gather information from these sources.

Any information you submit must be true, complete and not misleading. Should the information provided be inaccurate, incomplete, or misleading, subject to applicable law, this may lead to a rejection of your application during the application process or disciplinary action including immediate dismissal if you have been employed.

We will process your personal data exclusively for assessing your application, based on our Contractual Necessity (to take pre-contractual steps at your request). Your personal data is retained no longer than the duration of the recruitment process unless required otherwise by applicable laws and regulations or our Legitimate Interests.

For internal analysis and statistical purposes in order to improve our products and services.

Unless you object to such processing, we may process your personal data relating to your use of our products and services and your preferences (e.g. the content you accessed, date and time of access and your preferences), as well as technical data relating to the performance or functioning of the products and services you use (e.g. drone ID, flight hours, mapping success rate, OS version, mission names, or drone telemetry data [altitude, battery information and motor status, etc.], but not the content you make, such as images, videos or thermal footages), for internal analysis and statistical purposes based on usage patterns, for debugging and maintenance purposes, and in general to improve our products and services. You may object to such processing activities at any time (see section 13 below for additional information on your rights). As further specified in section 4 above, we may also anoymize your personal data and content (e.g. by removing account names, contact details, and any location data) for the purpose of improving our product and services.

In connection with our website, we use analytics tools provided by known market providers, such as Google Analytics, Hotjar, Mixpanel, Facebook, Linkedin, Hubspot, ADDThis, Sumo, Typeform, and Leadfeeder(e.g. how much time users spend on which pages, which links they choose to click, what users do and don’t like, etc.). The privacy policy of those service providers is applicable in this context. You will find information on their privacy practices and how to opt out of their analytics cookies by clicking on the above links. For more detailed information, please see the cookie section below (section 12).

To operate our website and provide you with the requested functionalities as well as targeted information or advertisements based on your interactions with the website

When you visit our website, we mainly process your personal data to operate our website and provide you with the requested functionalities, based on our Contractual Necessity, including for any the purposes described above (e.g. for processing orders you made through the website, interacting with you or providing you with job opportunities), to register for events we organize, as well as for user management purposes.

In addition, we automatically collect technical information about your interactions with the website, such as IP address, the content that was accessed, date and time of access, information about your web browser, your preferences, or other information related to your interaction with the website, including your navigation details on the website. We process this data to establish a connection with your device over the internet, to identify you when you use the website, control the use of the website and for internal analysis and statistical purposes (as detailed immediately above in this Privacy Notice), based on our Legitimate Interest to do so.

Moreover, we use as part of our operation of the website the services of third parties, such as Hubspot, Woodpecker, LinkedIn or Facebook, which may place cookies on your device in order to provide you with personalized advertisements based on your interaction with our website. The privacy policies of those providers are applicable in relation to their activities. You may withdraw your Consent at any time (see section 13 below for additional information on your rights).

You will find additional information in section 12 in relation to the use of cookies in connection with the operation of our website, including on the duration for which data collected this way are stored.

Your account information is retained for as long as your account is active. If you suppress your user account, your account information will be deleted or anonymized within 30 days after such event, unless data must be retained for a valid reason (such as evidentiary or tax purposes).

To comply with our other Legal Obligations or for other Legitimate Interests.

We may further process your personal data if we have a Legal Obligation to do so or for other Legitimate Interests. This will for instance be the case if we need to disclose certain information to public authorities or retain such information for tax or accounting purposes, or for the establishment, exercise or defense of legal claims.

The personal data that we process for this purpose are those that we collected for one of the purposes indicated elsewhere in this section 6. We retain the personal data for the duration of the legal obligation imposed on us.

If we have obtained your consent.

In addition to the above, we may process your personal data if we have obtained your prior unambiguous consent for specific purposes. Consent given can be withdrawn at any time, but this does not affect data processed prior to withdrawal.

7. Our Cloud Services Operations with Your Organization

If you are an end user of cloud services we provide to your Organization, or if we process for any other reason your personal data on behalf of your Organization (for instance, if you are not a user, but your personal data is included in the data uploaded by our users), please read the following:

  • In the situations described above, our processing of your personal data is governed by a contract between us and your Organization. We will process your personal data as data processor for the providing of our services to the Organization which is our customer, or in some cases, as a controller for our legitimate business operations related to providing our services, as detailed in this Privacy Notice.

  • This Privacy Notice does not address how your Organization collects and uses your personal data or how we process your data when we act as processor for your Organization. Please refer to your Organization’s privacy policy for information about its processing activities.

  • If you would like to make any requests or queries regarding our processing of your personal data on behalf of your Organization, please contact your Organization directly. For example, if you wish to request to access, correct, amend, or delete inaccurate personal data that was originally transmitted by your Organization, please direct your query to your Organization. If we are requested by your Organization to remove your personal data, we will respond to such request in a timely manner upon verification and in accordance with applicable law (for example, 30 days under Swiss law).

    If you have questions about our legitimate business operations in connection with providing Services to your Organization, please contact us as described in section 14.

8. The circumstances in which we disclose your personal data to third parties

We only disclose your personal data to third parties if this is necessary for the operation of our services, if there is a legal obligation or permission to do so, or if there is another valid reason to do so.

We may disclose your personal data to our subsidiaries or to third parties in connection with the operation of our services or business activities, and to subcontractors such as IT service providers, cloud service providers, database providers, automated marketing solutions providers and consultants, including Amazon Web Services and Google Cloud (cloud/storage provider), Hubspot (CRM), and the other providers mentioned in the previous section.

If you signup to events we organize, the providers we use to organize them will have access to the information required to provide their services. We currently use the services of Hubspot, Eventbrite or GoToWebinar in this context. Their privacy statement is applicable and may be found: for Hubspot: here; for Eventbrite: here; for GoToWebinar: here.

We may enable you to use third-party services directly from our website, in particular through the social plug-ins of YouTube, in which case you acknowledge that third-party operators of such services may access some of your personal data related to the website, in accordance with their own privacy practices.

If you use a Service on behalf of an Organization you are affiliated with, we share your data, including telemetry and interaction data, to enable your Organization to manage the products and services.

In addition, if you purchased our products or services through one of our Resellers, we may share information about you with such Reseller for customer management purpose (in line with the purposes described in section 6 above).

We may also disclose your personal data where we have a legitimate interest in doing so, for example (i) to respond to a request from a judicial authority or in accordance with a legal obligation; (ii) to bring or defend against a claim or lawsuit; or (iii) in the context of restructuring, in particular if we transfer our assets to another company.

9. International Transfers

Your personal data may be made available outside of your geographic location.

We store your personal data on servers that may be located in Europe or in the U.S. In addition, in certain circumstances, in particular in connection with the operations of our subcontractors, your personal data may be made available to recipients located outside of your geographic location (e.g. Amazon Web Services, Google, and Hubspot are all headquartered in the U.S, where some data may be available). In such cases, we will ensure that suitable safeguards are in place, in accordance with applicable data protection laws, for instance by relying on standard contractual clauses adopted by the European Commission.

If you transmit information and data to us, you are expressly deemed to consent to such data transfers. You may request additional information in this regard and obtain a copy of the relevant safeguards upon request by sending a request to the contact address indicated in section 14 below.

10. How long we store your personal data?

Your personal data will not be stored longer than necessary.

We will erase or anonymize personal data as soon as it is no longer necessary for us to fulfil the purposes set out in section 6 of this Privacy Notice. This period varies, depending on the type of data concerned and the applicable legal requirements. More information on each type of processing can be found in section 6 above.

In view of the legal obligations incumbent upon us, certain information relating in particular to the contractual relationship must be retained for at least 10 years.

11. Security

We maintain physical, technical and procedural safeguards to keep secure your personal data.

We are committed to the security of your personal data, and have in place physical, administrative and technical measures designed to keep secure your personal data and to prevent unauthorized access to it. We restrict access to your personal data to those persons who need to know it for the purpose described in this Privacy Notice.

Although we take appropriate steps to protect your personal data, no IT infrastructure is completely secure. Therefore, we cannot guarantee that data you provide to us is safe and protected from all unauthorized third-party access and theft. We waive any liability in this respect.

The internet is a global environment. As a result, by sending information to us electronically, such data may be transferred internationally over the internet depending upon your location. Internet is not a secure environment and this Privacy Notice applies to our use of your personal data once it is under our control only. Given the inherent nature of the internet, all internet transmissions are done at your own risk.

If we have reasonable reasons to believe that your personal data have been acquired by an unauthorized person, and applicable law requires notification, we will promptly notify you of the breach by email (if we have it) and/or by any other channel of communication (including by posting a notice on our website).

12. How we use cookies or other analytical tools

We use Cookies, other analytical tools and similar technologies in connection with the website.

We use various types of cookies, other analytical tools or similar technologies (collectively, Cookies) in connection with our website, some of which are capable of automatically processing data on your electronic device and/or of transferring personal data about you to us or third parties.

These technologies are generally used to monitor and analyze your interactions with the website and/or to enable us to improve the website and its functionalities, including customizing the website and related services, depending on your interactions. We may also use Cookies to measure and monitor the traffic and use of the website and its performance. Cookies are generally divided in four categories:

A. Essential Cookies. Some cookies are placed on your electronic devices to make the website capable of being used, by providing basic features such as page browsing and accessing secure areas. The website cannot function properly without this type of Cookies.

B. Functionality Cookies. Some Cookies enable the website to remember choices persons make, for example, user name, and language or text size. These cookies are known as “functionality cookies” and help to improve a person's experience of the website by providing a more personalized service.

C. Advertising Cookies. These cookies are used to better understand user interests and to display more relevant advertisements.

D. Analytics/productivity Cookies. Analytics/productivity Cookies, such as those linked to Google Analytics, help understand how users interact with the website by anonymously collecting and reporting information.

Our use of cookies may vary depending on the section or functionalities of the website you access.

You can manage Cookies through the settings of your web browser and/or electronic device

If you do not want Cookies to be stored on your electronic device, you can configure your internet browser or electronic device to refuse and/or restrict them. However, some Cookies are essential to the functioning of the website, and they may operate differently if you refuse or completely restrict Cookies.

For more information, please visit the website http://www.allaboutcookies.org. You can also see the help section of your internet browser or electronic device for more specific instructions on how to manage Cookies.

13. Your rights with regard to the processing of your personal data

You have the right to access your personal data we process and may request without limitation that they be removed, updated, or rectified.

Unless otherwise provided by law, you have the right to know whether we are processing your personal data. You may contact us to know the content of such personal data, to verify its accuracy, and to the extent permitted by law, to request that it be supplemented, updated, rectified or erased. You also have the right to ask us to cease any specific processing of personal data that may have been obtained or processed in breach of applicable law, and you have the right to object to any processing of personal data for legitimate reasons.

If you request us to delete your personal data from our systems, we will do so unless we need to retain your data for legal or other legitimate reasons. Please note that any information that we have copied may remain in back-up storage for some period of time after your deletion request.

Where we rely on your consent to process your personal data, we will seek your freely given and specific consent by providing you with informed and unambiguous indications relating to your personal data. You may revoke at any time such consent (without such withdrawal affecting the lawfulness of processing made prior to).

You will find further details of your rights in sections 4 and 5 of this Privacy Notice in connection with each processing activity we perform.

The above does not restrict any other rights you might have pursuant to applicable data protection legislation under certain circumstances such as the rights to ask for the restriction of the processing of your personal data or to request the portability of your personal data (i.e. to obtain the personal data you have provided us in a structured, commonly used and machine-readable format and/or to request the transmission of such personal data to a third party).

If you want to exercise any of your rights, or want additional information about them, please contact us using the contact detailed listed below (see section 14). However, you should direct your privacy inquiries relating to our use of your personal data on behalf of your Organization, including any requests to exercise your data protection rights, directly to your Organization’s contact person.

You have the right to lodge a complaint with the competent authority.

If you are not satisfied with the way in which we process your personal data, you may lodge a complaint with the competent data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, in addition to the rights described above.

Although this is not required, we recommend that you contact us first as we might be able to respond to your request directly.

Text Messaging Policy

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

14. Contact Us

If you believe your personal data has been used in a way that is not consistent with this Privacy Notice, or if you have any questions or queries regarding the collection or processing of your personal data, please contact us at legal@flyability.com.

15. Updates to this Privacy Notice

This Privacy Notice may be subject to amendments. Any changes or additions to the processing of personal data as described in this Privacy Notice affecting you will be communicated to you through an appropriate channel, depending on how we normally communicate with you (including by email and/or via our website (e.g. banners, pop-ups or other notification mechanisms). If you do not agree to the changes made, you must stop accessing and/or using the impacted products and services.

____________________________________________

Last updated: 19.04.2024