Airangel & The General Data
Protection Act

1) Overview

Airangel is committed to ensuring the protection of Personal Data, and the rights and freedoms of all Data Subjects, whether acting as the Data Controller, or when processing Personal Data on behalf of our Clients, and their end users. This commitment is not limited to GDPR, and extends outside of the boundaries of the European Economic Area. As such, our approach takes into account the varying Privacy Laws and legislative requirements on a global scale.

Whilst the forthcoming General Data Protection Regulations add a number of key improvements and a harmonisation of standards, the core principles relating to the processing of personal data largely remain the same, and as such Airangel are building on our existing foundation of privacy protection, to ensure we continue to improve and embrace the requirement to demonstrate accountability. As such, Airangel are taking a multi-dimensional approach, focusing on not just technical features, but technical and organisational controls.

2) Our Approach

  • As part of over 5 years of commitment to our IEC/ISO 9001-certified Quality Management and EIC/ ISO27001-certified Information Security Management Systems, Airangel continues to refine existing policies and processes to include GDPR-specific controls & processes, in order to provide ongoing assurance
  • We have invested in compliance requirements & associated skills and experience, including qualified internal ISO Lead Implementer, Lead Auditor and GDPR Practitioner, to ensure we can best advise our clients on how to present the guest with a tailored onboarding experience, whilst ensuring terms & conditions, privacy policies and marketing opt-ins all follow GDPR best practice
  • Our organisation-wide Data Audit & data-flow mappings are complete & documented, so we know where data is stored and how it is used and transported
  • Data Protection Impact Assessments & Risk Treatment plans now fully integrated into System Development & Product Roadmap processes, making sure any new features are first assessed to protect the privacy of a data subject
  • Our Platform Roadmap builds on existing features and GDPR-specific requirements (including but not limited to T&Cs acceptance, subject access request response & export, data amendment facility, and estate-specific data management & reporting)
  • Airangel are involved in industry-specific GDPR Workgroups providing best-practice guidance on privacy management, GDPR, and the handling of personal data
  • We operate a programme of auditable and ongoing Staff Training, Awareness and Testing, specifically focused on Data Privacy & Information Security

3) Platform Functionality to Support GDPR & Data Privacy Principles

3.1) Terms & Conditions of Use & Privacy Policies
  • Each distinct venue operator can present their end users & guests with customised terms & conditions of use and privacy notices to ensure that these meet the individual requirements of each venue, and the regionalised requirements for data retention and cross-border data transport
3.2) Multi-Purpose Consent & Marketing Opt-In
  • Additional Questions can be added to ensure that transparent and explicit consent can be given for multiple specific purposes (e.g. marketing, support, statistical analysis, 3rd party distribution)
  • Consent questions can be added on a per-venue, per sub-location basis to provide a differentiation of purpose within separate areas of a venue (e.g. where data captured within a public area will be used for different purposes for those in conference or accommodation areas)
3.3) Subject Access Requests & Personal Data Export
  • All stored data for a specific guest or device can be easily exported into a machine-readable format, using the Export Reporting functionality

4) Credibility & Commitment

As a demonstration of our commitment and to underpin accountability, Airangel retains the following organisational qualifications & certifications:

Organisational Qualifications & Certification

Summary

IEC/ISO 9001:2015Quality Management System
IEC/ISO 27001:2016Information Security Management System
ISO27001 Lead Implementer (GASQ Accredited)Certified ISO27001 Lead Implementation
ISO27001 Lead Auditor (GASQ Accredited)Certified ISO27001 Lead Auditor
GDPR Foundation (GASQ Accredited)Fundamental Principles of GDPR
GDPR Practitioner (GASQ Accredited)