Visit T4 website

Privacy PolicyOperated by

1. Purpose and scope

This Privacy Policy applies to the use of the marketplace e-commerce website of JFK International Air Terminal LLC (“JFKIAT”), operator of Terminal 4 at John F. Kennedy International Airport, New York, USA (“T4”).
The JFKIAT T4 marketplace e-commerce website www.jfkt4.inflyter.com (the “website”) is provided and operated by Inflyter SAS, a company registered in France under SIREN number 811 169 812 RCS Nanterre, whose registered office is located at 191-195 Avenue Charles de Gaulle, 92200 Neuilly-sur-Seine, France (“Inflyter”).
Inflyter takes the privacy of users seriously. We are committed to protecting and respecting your privacy.
This Privacy Policy informs you about the way we, Inflyter, process your personal data when you visit and use this website and are provided with our services.
This Privacy Policy can be printed for reference by using the print command in the settings of any browser.

2. Types of data processed

Among the types of personal data we process, by ourselves or through third-parties, there are your:

Complete details on each type of personal data processed are provided in the “Purposes of processing” section below or by specific explanation texts displayed prior to the personal data processing.
Personal data may be freely provided by you, or, in case of usage data, obtained automatically when using this website.
Unless specified otherwise, all personal data requested by this website is mandatory and failure to provide such personal data may make it impossible to provide our services. In cases where this website specifically states that some personal data is not mandatory, you are free not to communicate this personal data without consequences to the availability or the functioning of this website and services. If you are uncertain about which personal data is mandatory, you are welcome to contact us.
Any use of Cookies or of other tracking tools by our website or by suppliers of third-party services used by our website serves the purpose of providing our services as required by you, in addition to any other purposes described in the present Privacy Policy and in our Cookie Policy.
You are responsible for any third-party personal data obtained, published or shared by you through this website and confirm that you have the third-party’s consent to provide such personal data to us.

3. Legal basis of processing

We may process your personal data if one of the following applies:

In any case, we will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of your personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

4. Method of processing

We take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of your personal data.
Personal data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the indicated purposes.
In addition to us, in some cases, your personal data may be accessible to certain types of persons in charge of or involved with the operation of our systems (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as data processors by us.

5. Place of processing

Your personal data is processed at our operating offices and in any other places where the parties involved in the processing are located.
Depending on your location, data transfers may involve transferring your personal data to a country other than yours, including outside the European Union and the European Economic Area.
To find out more about the place of processing of such transferred personal data, you can check the “Purposes of processing” section below.

6. Purposes of processing

Your personal data is processed by us and other third-parties (including, but not limited to, JFKIAT and sellers from whom you may purchase goods via the website) in order to allow us to:

For specific information about the personal data used for the listed purposes, please see below:

Facebook permissions 

Our systems may ask for some Facebook permissions allowing it to connect and perform actions with your Facebook account provided by Facebook Inc. and to retrieve information, including personal data, from it. For more information about the following permissions, refer to the Facebook permissions documentation and to the Facebook Privacy Policy.

  • Basic information

By default, this includes certain personal data such as id, name, picture, gender, and your locale. Certain of your connections, such as Friends, are also available. If you have made more of your personal data public, more information will be available.

  • Contact email

Provides access your contact email address.

  • Email

Provides access to your primary email address.

  • Hometown

Provides access to your hometown.

  • Upload photos

Allows to add or modify your photos.

Device permissions for personal data access

Depending on your specific device, our systems may request certain permissions that allow them to access your device data as described below. By default, these permissions must be granted by you before the respective information can be accessed. Once the permission has been given, it can be revoked by you at any time. In order to revoke these permissions, you may refer to your device settings or contact us for support. The exact procedure for controlling app permissions may be dependent on your device and software. Please note that the revoking of such permissions might impact the proper functioning of our systems.

  • Approximate location permission (non-continuous)

Used for accessing your approximate device location. Our systems may collect, use, and share your location data in order to provide location-based services. Your geographic location is determined in a manner that is not continuous. This means that it is impossible for our systems to derive your approximate position on a continuous basis.

Access to third-party accounts

This type of service allows our systems to access personal data from your account on a third-party service and perform actions with it. These services are not activated automatically but require explicit authorization by you.

  • Facebook account access 

Allows our systems to connect with your Facebook account provided by Facebook, Inc. Permissions asked: contact email, email, hometown, upload photos. Place of processing: United States – Privacy Policy. Privacy Shield participant.

Advertising

This type of service allows your personal data to be utilized for advertising communication purposes displayed in the form of banners and other advertisements on our systems, possibly based on your interests. This does not mean that all personal data is used for this purpose. For information and conditions of use please see our Cookie Policy.

Analytics

This type of services enables us to monitor and analyse web traffic and can be used to keep track your behaviour. For information and conditions of use please see our Cookie Policy.

Backup saving and management

This type of service allows us to save and manage backups of our systems on external servers managed by service providers. The backups may include the source code and content as well as the personal data that you provide to our systems.

  • Amazon Glacier 

A service to save and manage backups provided by Amazon Web Services Inc. Personal data processed: various types of personal data as specified in the privacy policy of the service. Place of processing: United States – Privacy Policy.

Contacting you

  • Mailing list or newsletter 

By registering on the mailing list or for the newsletter, your email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning our systems and services. Your email address might also be added to this list as a result of signing up to our systems or after making a purchase. Personal data processed: email address, first name, last name, phone number.

  • Phone contact 

If you provide your phone number you might be contacted for commercial or promotional purposes related to our systems and services, as well as for fulfilling support requests. Personal data processed: phone number.

Handling payments

Unless otherwise specified, our systems process any payments by credit card, bank transfer or other means via external payment service providers. In general and unless otherwise stated, you are requested to provide your payment details and personal information directly to such payment service providers. Our systems are not involved in the processing of such information: instead, they will only receive a notification by the relevant payment service provider as to whether payment has been successfully completed.

  • Stripe 

A payment service provided by Stripe Inc. Personal data processed: various types as specified in the privacy policy of the service. Place of processing: United States – Privacy Policy. Privacy Shield participant.

Hosting and backend infrastructure

This type of service has the purpose of hosting personal data and files that enable our systems to run and be distributed, as well as to provide a ready-made infrastructure to run specific features or parts of our systems. Some services among those listed below, if any, may work through geographically distributed servers, making it difficult to determine the actual location where the personal data is stored.

  • Amazon Web Services (AWS) 

A hosting and backend service provided by Amazon Web Services, Inc. Personal data processed: various types as specified in the privacy policy of the service. Place of processing: Ireland – Privacy Policy. Privacy Shield participant.

  • GitHub Pages 

A hosting service provided by GitHub, Inc. Personal data processed: various types as specified in the privacy policy of the service. Place of processing: United States – Privacy Policy. Privacy Shield participant.

Location-based interactions

  • Geolocation

Our systems may collect, use, and share your location data in order to provide location-based services. Most browsers and devices provide tools to opt-out from this feature by default. If explicit authorization has been provided, your location data may be tracked by our systems.  

  • Non-continuous geolocation 

Our systems may collect, use, and share your location data in order to provide location-based services. Most browsers and devices provide tools to opt out from this feature by default. If explicit authorization has been provided, your location data may be tracked by this our systems. Your geographic location is determined in a manner that is not continuous, either at your specific request or when you do not point out your current location in the appropriate field and allows our systems to detect the position automatically.

Managing contacts and sending messages

This type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with you. The service may also collect data concerning the date and time when the message was viewed by you, as well as when you interacted with it, such as by clicking on links included in the message.

  • Amazon Simple Email Service

An email address management and message sending service provided by Amazon.com Inc. Personal Data processed: email address. Place of processing: United States – Privacy Policy. Privacy Shield participant.

Registration and authentication

By registering or authenticating, you allow our systems to identify you and give you access to dedicated services. Depending on what is described below, personal data may be collected and stored for registration or identification purposes only. The personal data collected is therefore only that necessary for the provision of the service requested by you. Third-parties may also provide registration and authentication services. In this case, our systems will be able to access some personal data, stored by these third-party services, for registration or identification purposes.

  • Direct registration 

You register by filling out the registration form and providing your personal data directly to our systems. Personal data processed: first name, last name, date of birth, profession, company name, email address, profile picture and other types of personal data.

  • Linkedin OAuth

A registration and authentication service provided by Linkedin Corporation and connected to the Linkedin social network. Personal data processed: various types as specified in the privacy policy of the service. Place of processing: United States – Privacy Policy. Privacy Shield participant.

  • Facebook Authentication

A registration and authentication service provided by Facebook, Inc. and connected to the Facebook social network. Personal data processed: various types as specified in the privacy policy of the service. Place of processing: United States – Privacy Policy. Privacy Shield participant.

  • Auth0 

A registration and authentication service provided by Auth0, Inc. To simplify the registration and authentication process, Auth0 can make use of third-party identity providers and save the information on its platform. Personal data processed: Cookies, email address, first name, last name, password, picture, various types as specified in the privacy policy of the service. Place of processing: United States – Privacy Policy; European Union – Privacy Policy. Privacy Shield participant.

Remarketing and behavioural targeting

This type of service allows our systems and their partners to inform, optimize and serve advertising based on past use of our systems by you. This activity is performed by tracking usage data and by using Cookies, information that is transferred to the partners that manage the remarketing and behavioural targeting activity. For information and conditions of use please see our Cookie Policy.

Selling goods and services online

  • Restricted Sales (Duty Free Price, Sensitive Products)

In order to be purchased, some products available for sale may require extra verification steps to comply with merchant’s local sales regulations and/or local applicable governmental laws. To do so, we reserve the right to ask for an official identity documentation and/or a boarding pass scan to complete the order process. All collected information is used with the sole purpose of local sales regulation compliance and/or local applicable governmental laws and are only kept for the time necessary to fulfil this purpose.

Social features

  • Public profile 

You may have public profiles that other users can display. In addition to the personal data provided, this profile may contain your interactions with our systems. Personal data processed: first name, last name, company name, geographic position, picture.

7. Retention time

Your personal data shall be processed and stored for as long as required by the purpose they have been collected for:

Once the retention period expires, your personal data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

8. Your rights

You may exercise certain rights regarding your personal data processed by us. In particular, you have the right to do the following:

Where personal data is processed for a public interest, in the exercise of an official authority vested in us or for the purposes of the legitimate interests pursued by us, you may object to such processing by providing a ground related to your particular situation to justify the objection.

Should your personal data be processed for direct marketing purposes, you can object to that processing at any time without providing any justification. To learn whether we are processing your personal data for direct marketing purposes, you may refer to the “Purposes of processing” section above.

Any requests to exercise your rights can be directed to us through the contact details provided in this Privacy Policy. These requests can be exercised free of charge and will be addressed by us as early as possible and always within one month.

9. Cookie Policy and “Do Not Track” requests

Our systems use Cookies and other technologies named Trackers. To learn more, you may consult our Cookie Policy.

Our systems do not support “Do Not Track” requests. To determine whether any of the third-party services this website uses honour the “Do Not Track” requests, please read their respective privacy policies.

10. Legal action

Your personal data may be used for legal purposes by us in court or in the stages leading to possible legal action arising from improper use of this website or our related services.

You declare to be aware that we may be required to reveal personal data upon request of public authorities.

11. System logs and maintenance

For operation and maintenance purposes, this website and any third-party services may collect files that record interaction with this website (System logs) and personal data (such as the IP address) for this purpose.

12. Information pertaining to children

We do not knowingly collect or solicit personal data from anyone under the age of 18. If you are under 18, please do not attempt to register for our services or send any personal data about yourself to us.

If we learn that we have collected personal data from a child under age 18, we will delete that information as quickly as possible. If you believe that a child under 18 may have provided us personal data, please contact us a soon as possible.

13. Additional information

In addition to the information contained in this Privacy Policy, this website may provide you with additional and contextual information concerning particular services or the processing of personal data upon request.

More details concerning the processing of personal data may be requested from us at any time. Please see the contact information below.

14. Contact information

Data controller:

Inflyter SAS
191-195 Avenue Charles de Gaulle
92200 Neuilly-sur-Seine
FRANCE

Registered in France under SIREN 811169812

Data Protection Officer:
To exercise any of your rights or if you have any questions about our Privacy Policy please contact [email protected]

15. Changes to this Privacy Policy

We reserve the right to make changes to this Privacy Policy at any time by notifying you on this section of the website page and possibly within our systems and/or – as far as technically and legally feasible – sending a notice to you via any contact information available to us. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.

Should the changes affect processing activities performed on the basis of your consent, we shall collect new consent from you, where required.

This Privacy Policy relates solely to this website, if not stated otherwise herein.

Latest update: May 10, 2021

SHOPPING BAG (0)
Your bag is empty