Privacy Policy

Types of data collected and types of usage

There are four main reasons Propeller Aero uses your personal data. More details about how we use each type of data are below.

1. You use our product.

Information we collect

If you are an end user of our platform, we’ll ask for information about you, including your name, email, job title, contact details and a password. As you use the platform, we’ll track the basics about your computer, like your IP address, device and browser type, and we’ll have a record of your activities and usage of the platform. This may include a visual recording of your activity in the platform and the requests and console logs made by your browser while using the platform. We only collect your personal information directly from you.

How we use the information

We’ll use this information primarily to deliver and improve our essential services to you, including sending you core notifications about the service and providing technical customer support. In the normal course of using the services, your personal data, such as your name and contact details, may also be disclosed to other users of the platform. The processing of this data is necessary for us to fulfill our contract with you as the customer.

We have a legitimate interest in using this data to provide you with relevant information about using the platform, including updates about new features. As such we’ll send you help information, product updates and marketing based on automated analysis of your usage of the Website. We offer you the ability to unsubscribe from these notifications.

The applied legal basis for this is the performance of the contract between you and us (GDPR Art. 6.1.b), our legitimate interest in improving the Website (GDPR Art. 6.1.f) and your consent to marketing (GDPR Art. 6.1.a).

Data Sharing

This data is processed by a number of external data processors that help us deliver these services – for example, our cloud services are hosted by Amazon Web Services. 

We may also engage other cloud infrastructure & data services providers, analytics & monitoring services providers, customer communication & engagement services providers, error tracking & quality assurance services providers, and customer data & integration services providers.

All of these providers have signed GDPR-compliant data processing agreements with us.

If you provide us with your credit card details in the platform, we do not store it on systems we directly control for any period of time; it is processed and stored with our PCI-compliant data processing suppliers.

Data retention

When, as a user of the platform, you access a survey that is created under a contract with a customer, we will retain this data about your usage for the period permitted under the data retention framework for your jurisdiction. For instance, record keeping in Australia may require up to 7 years of retention according to statutory requirements. This is necessary to ensure we can provide core functionality in the platform, including an auditable trail of usage.

This data is necessary for the functioning of our platform. By using the service, you acknowledge that you have read and understood our data processing practices. We cannot delete platform usage information until this retention period expires.

2. You visit our Website.

Information we collect

If you visit our Website, we’ll track the basics about your computer like your IP address, device and browser type, and we’ll have a record of your activities and usage of the Website. We’ll also put cookies on your browser that will identify you so we know if you come back again. 

We also engage a third party, Albacross Nordic AB (Albacross), in our cookie tracking. Information collected from cookies set in your device that qualify as personal data will be processed by Albacross, a platform offering visitor identification and ad targeting services with offices in Stockholm and Krakow. Please see below for the full contact details.

The purpose for the processing of the personal data is that it enables Albacross to improve a service rendered to us and our website (e.g “Intent” service) by adding data to their database about companies. The Albacross database will, in addition to “Intent Data”, be used for targeted advertising purposes towards companies, and for this purpose, data will be transferred to third-party data service providers. For the purpose of clarity, targeted advertising regards companies, not towards individuals. 

The data that is collected and used by Albacross to achieve this purpose is information about the IP address from which you visited our website and technical information that enables Albacross to tell apart different visitors from the same IP address. Albacross stores the domain from form input in order to correlate the IP address with your employer. For full information about our processing of personal data, please see Albacross’ Privacy Policy.

We may also collect publicly available information about you from third parties such as social media platforms or public databases. 

How we use the information

We process your device data and cookies to guess your geographic location and demographic information like age and interests. 

The publicly available information about you is used to understand our Website performance and to ensure that we are delivering relevant and useful information to you.

The applied legal basis for this is our legitimate interest in improving the Website (GDPR Art. 6.1.f) and your consent to cookies (GDPR Art. 6.1.a).

Data Sharing

If you purchase products from us online, you’ll be redirected to our e-commerce provider, Shopify. We’ll use your name and email as above to fulfil the order and communicate with you, but we will not ever handle your credit card information. Please refer to the Shopify privacy policy for more information on how they will handle your personal data.

3. You meet us and give us your card

Information we collect

As a Website visitor or as someone who meets us in real life, you may also choose to provide us with your personal information like your name and contact details.

How we use the information

We’ll use this information to optimize the content we show you on the Website, to send you product updates, marketing, and to advertise to you. Emails sent to you will include web beacons, which allow us to understand the performance of our email campaigns by tracking open and click rates. When you access the Website, we notify you about this, and you provide your consent to us to do this. We offer you the ability to unsubscribe from any notifications and the ability to opt out of any third-party tracking.

The applied legal basis for this is our legitimate interest in improving the Website (GDPR Art. 6.1.f) and your consent (GDPR Art. 6.1.a).

Data Sharing

This data is processed by a number of external data processors that help us deliver these services – for example, we use Hubspot to send you marketing emails. All of these providers have signed GDPR-compliant data processing agreements with us.

Data retention

We will retain this data about your usage for up to 2 years. You can contact us to request deletion of this data.

4. You apply for a job at Propeller.

Information we collect

If you apply for a job at Propeller, you’ll be providing us with a lot of personal information, such as name, date of birth, address/email address, and social media, i.e. LinkedIn. Also, if you’re reading this, why not check for openings in our legal team right now?

How we use the information

We’ll use this information to evaluate your application. We may also use this information to contact you later if you aren’t successful but a new opportunity arises.

The applied legal basis for this is the performance of the contract between you and us (GDPR Art. 6.1.b) and our legitimate interest in evaluation of your application (GDPR Art. 6.1.f).

Data Sharing

This data will be stored by external data processors that help us do this – for example, our job applications platform is called Breezy. All of these providers have signed GDPR-compliant data processing agreements with us.

Data retention

If you aren’t successful in your application, we will retain information you submit as an applicant for up to two years. You can contact us to request deletion of this data.

Where data is stored and used

Personal data is stored at rest in the USA, but may be transferred between Propeller companies locations in the USA and Australia when it is used or analysed, as well as other locations around the world where Propeller’s team is based. Employees of both of the Australian and USA entities may use the information we collect under the conditions we explain below, and both comply with the data protection laws that apply in both locations, as well as the rules that apply to processing the personal data of EU citizens under the GDPR. We also sign GDPR-compliant data processing agreements with all of our processors in order to ensure appropriate safeguards are taken when transferring internationally.

Third-party access to information

Your personal information may be shared with the following third-party service providers specified in this Policy.

The providers listed in this Policy process your information based on our instructions only. 

In case your personal data is provided to third parties outside the European Economic Area (EEA), we will implement appropriate safeguards to protect your personal data, including Standard Contractual Clauses as adopted by the European Commission. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

Other disclosures

In addition to the disclosures for the purposes identified before, we may disclose information about you for the following purposes:

• law enforcement, legal process and compliance: if we are required to do so by law, in connection with any legal proceedings or to establish, exercise or defend our legal rights, or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a facially valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies. We also reserve the right to disclose personal data or other information that we believe, in good faith, is appropriate or necessary to: (i) take precautions against liability; (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity; (iii) investigate and defend ourselves against any third-party claims or allegations; (iv) protect the security or integrity of our services and any facilities or equipment used to make our services available; or (v) protect our property or other legal rights, enforce our contracts, or protect the rights, property, or safety of others;
• change of ownership or other business needs: (i) in case we sell, licence or otherwise assign our company, corporate rights, the Website or its separate parts or features to third parties; (ii) as part of a transaction, financing, or for other business needs (e.g., if we need to disclose your personal data to the prospective lender or bank, investor or prospective investor, and/or their professional advisers as part of certain due diligence processes, as the case may be); (iii) we may also disclose and otherwise transfer your personal data to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets and only if the recipient of the information commits to a privacy policy that has terms substantially consistent with this Policy.

GDPR rights 

If you are a resident of the EU/EEA, you as a data subject have the following rights regarding your personal data Propeller processes:

• The right to access your information. 

You have the right to know what personal data we process. As such you can obtain the disclosure of the personal data involved in the processing and you can obtain a copy of the information undergoing processing.

• The right to verify your information and seek its rectification. 

If you find that we process inaccurate or out-of-date information, you can verify the accuracy of your information and/or ask for it to be updated or corrected;

• The right to have your personal data deleted.

If we are not under the obligation to keep your personal data for legal compliance and it is not needed in the scope of an active contract or claim, we will remove your information upon your request.

• The right to restrict the processing of your information. 

When you contest the accuracy of your information, believe we process it unlawfully or want to object to the processing, you have the right to temporarily stop the processing of your information to check if the processing was consistent. In this case, we will stop processing your personal data (other than storing it) until we are able to provide you with evidence of its lawful processing.

• The right to have your personal data transferred to another organisation.

Where we process your personal data on the legal basis of consent you provided us or on the necessity to perform a contract, we can make, at your request, your personal data available to you or to an organisation of your choosing. 

• The right to object against the processing of your information.

If we process your information for our legitimate interests (e.g., for direct marketing emails or for our marketing research purposes), you can object to it. Let us know what you object against and we will consider your request. If there are no compelling interests for us to refuse to perform your request, we will stop the processing for such purposes. If we believe our compelling interests outweigh your right to privacy, we will clarify this to you. 

You can formulate such requests or channel further questions on data protection by contacting us directly at privacy@propelleraero.com.

If you believe that our use of personal information violates your rights, or if you are dissatisfied with a response you received to a request you formulated to us, you have the right to lodge a complaint with the competent data protection authority of your choice.

Security

Propeller takes the security of all data very seriously. We use technical and organizational measures to prevent unauthorized access to your data. These include using encryption both when transferring and storing data, enforcing the use of multi-factor authentication where possible, intrusion detection software and having access controls to ensure that access to data can be assigned based on the principle of least privilege.

In the event of unauthorized access to your data we will notify you as soon as possible after becoming aware of the access.

Contacting us about this Policy

Because we don’t conduct large scale personal data processing, we don’t have a full time Data Protection Officer, but you can contact our team with any questions about data protection at privacy@propelleraero.com.

You may also contact us at this address to request access to any of your personal data which we will provide within 30 days.

If you have a complaint, please contact us first at privacy@propelleraero.com. If you can’t resolve your complaint working with us, you can make a complaint to the relevant supervisory authority.

Changes to this Policy

We may update this Policy from time to time by posting a new version on our Website. We advise you to check this page occasionally to ensure you are happy with any changes. However, we will endeavour to provide you with an announcement about any significant changes.

Data Privacy Framework Program

1) Participation in the Data Privacy Framework Program

For personal data processed in the scope of this Privacy Policy, Propeller Aero Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Propeller Aero Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. DPF Principles with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles, the Principles shall govern.

To learn more about the Data Privacy Framework (DPF) program, please visit https://www.dataprivacyframework.gov/.

To view our certification, please search for ‘Propeller Aero Inc.’ at https://www.dataprivacyframework.gov/list. 

2) DPF Principles-Related Complaints

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Propeller Aero Inc. commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals with complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF should first contact Propeller Aero Inc. at: privacy@propelleraero.com.

3) Dispute Resolution

Where a privacy complaint or dispute cannot be resolved through Propeller Aero Inc.’s internal process, in compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Propeller Aero Inc. commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.

4) Binding Arbitration

You have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms (see DPF Principles-Related Complaints section and Dispute Resolution section).

For additional information, please visit Data Privacy Framework Annex I: Arbitral Model available at: https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.

5) US Oversight

The Federal Trade Commission (FTC) has jurisdiction over Propeller Aero Inc.’s compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Propeller Aero Inc. is subject to the investigatory and enforcement powers of the FTC.

6) Disclosure of Personal Information to Law Enforcement Officials

Propeller Aero Inc. may disclose your personal information to the extent required by law or if we have a good-faith belief that we need to disclose it in order to comply with official investigations or legal proceedings (whether initiated by government or law enforcement officials or private parties, including to meet national security or law enforcement requirements).

7) Liability in Cases of Onward Transfers to Third Parties

In the context of an onward transfer, Propeller Aero Inc. has responsibility for the processing of personal information we receive under the DPF Principles and subsequently transfer to a third party acting as an agent on our behalf. Propeller Aero Inc. shall remain liable under the DPF Principles if our agent processes such personal information in a manner inconsistent with the DPF Principles, unless we prove that we are not responsible for the event giving rise to the damage.