Effective Date: May 1, 2023
Amsterdam Software BV and its subsidiaries and affiliates (collectively, “we”, “us” or “our”), along with our parent entity, World Fuel Services Corporation (“WFS”), are committed to safeguarding the privacy and personal information of our customers and business partners. This Privacy Policy explains how we may collect, use, process, share, and store personal information about you, including through designated third-party service providers, and the choices that are available to you regarding this information. Please read this Privacy Policy carefully to understand our views and practices regarding your personal information and how we will treat it.
In addition to information kept in hardcopy, this Privacy Policy also applies to our websites, online applications that run on smartphones, tablets, mobile device applications (“apps”), and other online services that may link to this Privacy Policy and/or otherwise be governed by this Privacy Policy. Such websites, online applications, and other online services to which this Privacy Policy applies (collectively the “sites” or “websites” and each a “site” or “website”) include, but are not limited to, those found below in Covered Websites and Applications.
Please note also that our websites may contain links to other websites. If you follow a link to any of these other websites, you should read their own privacy policies. We are not responsible for the content or privacy practices of those sites, and this Privacy Policy does not apply to any information that may be collected from you or shared by you on those sites.
Our Privacy Policy Includes
➢ General disclosures
➢ What personal information do we collect about you?
➢ How do we use your personal information?
➢ How do we share your personal information?
➢ How do we store your personal information?
➢ Potential rights under country-specific data privacy laws
➢ Complaints
➢ Updates to our Privacy Policy
➢ How to contact us
➢ Covered Website and Applications
➢ Specific Jurisdiction Information
➢ European Union General Data Protection Regulation (“GDPR”)
➢ Brazil
➢ Australia
➢ California
➢ Nevada
Please note that most of our public-facing websites are hosted in the United States. If you are visiting the sites from a country outside of the U.S., please note that by providing your information it may be transferred to, stored and/or processed in the U.S. and other countries, including but not limited to the U.K., Costa Rica, Australia, Singapore and various European Economic Area (EEA) members states (such as Denmark, France, Germany, Greece, Hungary, Ireland, Norway, and Sweden) where key data centers, servers, and/or groups of employees are located and operate. If you are from outside of the U.S., please see the provisions under our Specific Jurisdiction Information for additional information. If you are outside the US and do not wish to allow the transfer of your personal information to the U.S., you should not use these sites and you should opt-out of the collection of cookies. View the Amsterdam Software Cookies Policy to learn more.
We take your privacy and the protection of your personal information seriously. To that end, we always endeavor to store, process and disclose your personal information in accordance with applicable law; we will work to make it clearer when we collect personal information and will explain what we intend to do with it; and we do our best to protect your privacy through the appropriate use of information security measures.
We collect information about you when you open an account with us, purchase our products and services and/or remit payment for services. We also collect information about you using cookies, and if you interact with us via phone, social media, websites, or apps. Where you are providing us personal information about another person, such as a family member, coworker, or third party corporate contact, you agree that you will have obtained and will maintain all necessary consents and authorizations necessary to share that information with us.
The types of information that you may give us vary depending on the specific entity with which you are doing business and/or the particular services requested. For example, you may be purchasing aviation, land or marine fuel products and/or related services, engaging with us to provide energy management services, using our trip planning services and/or related products, utilizing our software offerings, or using our payment solutions technology. The information you may give us could include categories such as, but not limited to, your name, work or personal address, e-mail address, phone number, date of birth, gender, financial and/or credit card information, passport number, driving license information, Social Security number, national ID number, personal description and/or photograph, professional licenses and/or certifications, visa/immigration information, as well as customer data, payment data, employee data and/or website user data.
We will only collect sensitive information about you with your consent and/or where necessary to comply with applicable laws. What qualifies as sensitive information may differ based on applicable law, but it is generally understood to mean personal information relating to your racial or ethnic origin, political persuasion, membership in trade or professional associations, sexual preferences, criminal record, genetics, or health. For example, we may need to collect certain categories of sensitive information regarding your health records or ethnicity to process a visa application or to assist you in gaining access to certain governmental facilities. By providing us this information, you agree that you have given us your consent to collect, store, use, and transfer it for the purposes provided and as may be permitted under applicable law. You agree further that you will not send us and will not disclose to us any sensitive categories of information unless required by us to provide the services for which you have contracted with us. Where you are providing us sensitive information about another person, you agree that you will have obtained and will maintain all necessary consents and authorizations necessary to share such information with us.
Our websites may use cookies to distinguish you from other users of our websites. This helps us to improve the functionality and content of the websites, including keeping our websites and records safe and secure, and to facilitate usage by you.
Similarly, some of our websites might use various analytics systems to help identify problems with our websites and/or to improve website usability and the overall customer experience. This may include recording of mouse clicks, movements and scrolling activity.
Depending on the Amsterdam Software or WFS entity and website, we may use performance and/or targeting cookies such as Google Analytics, Hotjar, Lucky Orange, and/or Eloqua. For more information regarding our use of cookies, please review the Amsterdam Software Cookie Policy, as well as the information contained in the banners of our various websites, which provide the ability to turn on/off various cookies.
Where we have given you a password to access certain parts of our websites, or where you have chosen one for yourself, you are responsible for keeping that password confidential and for maintaining an adequate level of complexity. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to/from our websites — any transmission is at your own risk.
We may receive information about you if you use any of the other websites we operate or the other services we provide. We also work closely with third parties (including, for example, business partners, sub-contractors, payment and delivery services, advertising networks, analytics providers, search information providers, marketing lead generation companies, corporate contact information providers, and credit reference agencies) and may receive information about you from them.
The Children’s Online Privacy and Protection Act (COPPA) regulates online collection of information from persons under the age of 13. Please note that our websites are not intended for children under 13 years of age and we do not knowingly solicit data online from, or market online to, children under 13 years of age. If you are under the age of 13, please do not supply any personal information through the sites. Instead, please have your parent or guardian contact us immediately using the information provided under How to Contact Us, so that we can remove such information from our files.
We use your information as permitted by applicable law to provide you with information, process orders for products and services that you request from us, and administer or otherwise carry out our obligations in relation to any agreement you have with us. We retain your information for the period necessary to serve a legitimate purpose or as required by law. Examples of when and how we may need to use your data, including transferring it to affiliated entities and/or selected third party service providers, includes but is not limited to the following:
➢ Responding to inquiries: We may use your contact information, purchase history, account preferences, payment details, location, etc. to help answer your sales and/or delivery-related questions, or to identify a product or service that is best suited to your needs or that is most convenient to your physical location.
➢ Contract fulfillment: We may use your contact information and billing details to execute our agreements with you and to maintain and/or assess our ongoing commercial relationship with you. Depending on the products and services requested, we may need to utilize your personal contact information, date of birth, passport details, visa/immigration information, sensitive information, payment details, health information, location, etc. to fulfill our contractual duties and provide the requested services.
➢ Product and service development and enhancement: We may use information such as your website activity, purchase history, account preferences, travel history, etc. to better understand the usage of our products and services and to help identify areas for development and enhancement.
➢ Marketing: We may also use this information to provide you with information about goods or services that we feel may be of interest to you. You may opt-out of receiving marketing and promotional messages from us, if those messages are powered by us, by following the instructions found in those messages. If you decide to opt-out you will still receive non-promotional communications relevant to your use of our goods or services.
If at any time you wish us to stop using your information for any of the above purposes, please contact us using the methods explained below. We will stop the use of your information for such purposes as soon as it is reasonably possible to do so.
We seek to store your information only for the period required to serve a legitimate purpose or as required by law. In general, storage may be for the duration of our commercial relationship, for as long as you can bring a claim against us and for us to be able to defend ourselves, and/or for any period required by tax and other applicable laws and regulations. We will take a range of reasonable measures to protect your personal information and to store it in a secure environment, whether that is in paper and/or electronic form. We will also take reasonable steps to protect any personal information from misuse, loss and/or unauthorized access, modification, or disclosure.
Potential rights under country-specific data privacy laws
Multiple countries have instituted their own data privacy laws that mandate certain rights. The rights that you may exercise under certain key jurisdictions are found below.
If you are eligible and wish to exercise the rights granted under any other applicable data privacy law (e.g. a subject access request), you may contact us using the details found below. Please note that we may not always be able to fulfill your request as there may be legitimate purposes, such as certain legal or statutory obligations, that require us to retain your information as stored or if we believe the change would cause the information to be incorrect.
Please be aware that when we receive a formal written complaint regarding the processing of personal data, we try to resolve it directly with the person who has made the complaint. However, as necessary, we will work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding our processing of personal data that we cannot resolve with a complainant directly.
If you are dissatisfied with how we have dealt with your personal information, or you have an issue with our compliance with applicable privacy laws, you may contact us using the contact details below. We will acknowledge your complaint and aim to resolve it as quickly as possible and within applicable statutory deadlines.
You may ultimately choose to raise your concern with the applicable data privacy regulator. Information on which agencies to contact in certain key jurisdictions are highlighted below.
As appropriate, we may make changes to this Privacy Policy that will be posted online and, where appropriate, be sent to you by email. Please check back frequently to remain aware of any updates or changes to this Privacy Policy. We display an effective date on this Privacy Policy so that it will be easier for you to know when there has been a change. Your use of our sites and our services constitutes acceptance of the provisions of this Privacy Policy and your continued usage after such changes are posted constitutes acceptance of each revised Privacy Policy. If you do not agree to the terms of this Privacy Policy or any revised Privacy Policy, please exit the sites immediately. If you have any questions about this Privacy Policy, the practices of the sites or your dealings with the sites, you can contact us by using the information provided below.
If you have questions, or believe you are eligible to submit a subject access request or exercise a right available to you under specific national, provincial or state laws, you can reach us by email at privacy@amsterdamsoftware.com or contacting us by post at:
Amsterdam Software
Attn: Privacy Administrator, Legal Department
Amsterdam Software BV
Delflandlaan 1
1062 EA
Amsterdam
The Netherlands
Covered Websites and Applications
As noted above, this Privacy Policy also applies to our websites, apps, and other online services that we offer which may link to this Privacy Policy and/or otherwise be governed by this Privacy Policy. Such websites, apps, and other online services to which this Privacy Policy applies (collectively the “sites” or “websites” and each a “site” or “website”) include, but are not limited to: avinodegroup.com, avinode.com, schedaero.com, and paynode.com.
European Union General Data Protection Regulation (“GDPR”)
Under the EU General Data Protection Regulation (“GDPR”), if you are a citizen or resident of a European Economic Area (“EEA”) country or Switzerland, you may have certain rights regarding your personal information, including:
➢ Right to access information maintained about you;
➢ Right to ensure your data is accurate and complete;
➢ Right to erasure, or the right to be forgotten;
➢ Right to restriction or suppression of personal data;
➢ Right to data portability;
➢ Right to withdraw consent if consent was previously provided; and
➢ Right to raise a complaint to the Information Commissioner’s Office.
If you make a request of us under the above rights, we expect to be able to respond to your request without charge as a general matter. However, we reserve the right to collect a reasonable charge when you request the transcription, reproduction or transmission of such information. We will notify you, following your request for transcription, reproduction or transmission of the appropriate amount that will be charged. You will then have the opportunity to withdraw your request after notification of the charge.
We rely on the following legal grounds to process your personal information, namely:
➢ Performance of a contract — We may need to collect and use your personal information, including sensitive information, to enter into a contract or to perform a contract that you, your company, or some other intermediary acting on your behalf has with us.
➢ Legitimate interests — We may use your personal information for our legitimate interests to improve our products and services. Consistent with our legitimate interests and any choices that we offer or consents that may be required under applicable laws, we may use technical information as described in this Privacy Policy and use personal information for our marketing purposes.
➢ Consent — Where required by applicable laws, we will rely on your consent for collecting your personal information. Except when otherwise permitted by law, we obtain the requisite consent prior to collecting and prior to using or disclosing your personal information. You may provide your consent to us orally, in writing, by electronic communication or any other means reasonably capable of conveying your consent. If necessary, we will obtain your express consent if we collect, use or disclose sensitive personal information in our capacity as a data controller. We may also share your data with third-party partners for whom you have given us consent. Your consent may be intrinsic to the circumstances such as in the case where you have already provided personal information to us and you maintain your relationship with us or where you provide our representatives with your phone number so that we can contact you. Except when otherwise permitted by law we will only use the data for the purpose for which it was given. From time to time, we may collect, utilize or disclose your personal information based on your consent and as otherwise permitted by law. When your consent is required, you may withdraw your consent at any time (unless withdrawing the consent would frustrate the performance of legal obligations) upon providing to us a 30-day notice. However, the withdrawal of your consent may adversely affect our ability to provide our products and services to you and to maintain our relationship.
We will only process personal information for a specific purpose or for any other purposes specifically permitted by applicable data protection legislation.
If you are dissatisfied with how we have dealt with your personal information, please contact us at the details above so that we can try to find a solution. You may ultimately choose to raise your concern with the applicable data privacy regulator. For EEA countries and Switzerland, Data Protection Authority (DPA) contact details can be found here. To contact the U.K. Information Commissioner’s Office (ICO), please visit their website here.
Australia
Under the Australian Privacy Act 1988 (Cth), if you are an Australian resident, you may have certain additional rights regarding your personal information, including, for example, the right to access and correct the information that we hold about you, and a general requirement to ensure the quality and accuracy of the personal information collected. You may request access to any of the personal information we hold about you at any time, but we may charge a fee for our costs of retrieving and supplying the information to you. If any of the personal information we hold about you is incorrect, inaccurate, or out of date, you may request that we correct it. We will generally rely on you to ensure the information that we hold about you is accurate and/or complete.
Access and correction requirements in the Australia Privacy Act 1988 (Cth) operate alongside and do not replace other informal or legal procedures by which an Australian resident can be provided access to or correction of his or her personal information, such as Australia’s Freedom of Information Act 1982.
If you are dissatisfied with how we have dealt with your personal information, please contact us at the details above so that we can try to find a solution. You may ultimately choose to raise your concern with the applicable data privacy regulator. For Australia, the Office of the Information Commissioner may be contacted either via www.oaic.gov.au, by phone at 1300 363 992, or at GPO Box 5218 Sydney NSW 2001.
California
If you are a California resident, you may have additional rights regarding your personal information under the California Consumer Privacy Act of 2018 (CCPA).
The types of personal information that we may collect from you will vary depending on the WFS entity and/or the services you may engage us to provide. The different categories of personal information we might collect include, but are not limited to: identifiers (e.g. contact information, government IDs, cookies); information protected against security breaches (e.g. name and financial account, social security number, username and password, or medical information); protected classification information (e.g. race, gender); commercial information; internet/electronic activity; geolocation; audio/video data; professional or employment-related information; education information; biometrics; and inferences from the foregoing categories. WFS does not sell your personal information to third parties.
California residents who have provided their personal information to us have certain rights and may make various requests to exercise those rights under the CCPA. Qualifying individuals have the right to request: (i) information regarding the collection or disclosures and/or sale, if any, of their personal information to third parties; (ii) no more than twice every 12 month period, copies of personal information or the categories of personal information collected about them over the last 12 months; (iii) that we not sell their personal information to third parties, which we already do not do; and (iv) that such personal information be deleted under certain circumstances. Qualifying individuals also have the right not to be discriminated against because they exercised any of the rights provided for under the CCPA.
As a California resident, you have the right to designate an authorized agent to make a request under the CCPA on your behalf. By submitting sufficient and verifiable documentation (e.g. an agency form) along with your request, you can designate an authorized agent to make requests under the CCPA related to your personal information. To help better protect your personal data we can deny any request by an agent who does not submit sufficient proof that he or she has been authorized by you to act on your behalf.
If you are a California resident and otherwise qualify, you or your authorized agent can seek to exercise one of your CCPA consumer rights by sending your request through one of the mechanisms described above in this Policy (see How to Contact Us).
Do Not Track (“DNT”) is an optional browser setting that allows you to express your preferences regarding tracking across websites. Most modern web browsers give you the option to send a Do Not Track signal to the websites you visit, indicating that you do not wish to be tracked. However, there is no accepted standard for how a website should respond to this signal, so we do not take any action in response to this signal. We do not have a mechanism in place to respond to DNT signals. Instead, in addition to publicly available third-party tools, we offer you the choices described in this Privacy Policy to manage the collection and use of information about you.
We do track some activity across websites (e.g. your search terms, the website you visited before you visited or used the services and other clickstream data) and we may continue to collect information in the manner described in this Privacy Policy from web browsers that have enabled DNT signals or similar mechanisms.
We may need to collect additional information to verify the identity and legitimacy of the requesting party, and we will respond within 45 days of receiving such requests as required under the law. Such requests may be submitted to us using the contact details and methods described above.
If you are dissatisfied with how we have dealt with your personal information, please contact us at the details above so that we can try to find a solution. You may ultimately choose to raise your concern with the applicable data privacy regulator. For California, the Attorney General’s office may be contacted via the details provided here.
Nevada
Nevada law provides Nevada residents the ability to opt-out of the sale of their personally identifiable information that we collect. For your protection, we are required to collect certain information from you to verify your identity before we respond to any request submitted by you. The information you provide to verify your identity will only be used for verification purposes, and a record of your request, including certain information contained within it, will be maintained by us for our files.
If you are a Nevada resident and otherwise qualify, you can seek to exercise one of your consumer rights by sending your request through one of the mechanisms described in this Policy (see How to Contact Us).
Data Protection and Privacy Principles
Amsterdam Software BV is committed to safeguarding the personal information of our customers, business partners, and employees. The following Data Protection and Privacy Principles (the “Privacy Principles”) outline how we may collect, use, share, transmit, maintain, and store (collectively, “process”) information that relates to an identified or identifiable individual (“personal information”), and the choices that may be available to you regarding your personal information. Under these Privacy Principles, “you” and “your” means any individual customer, business partner, or employee of Amsterdam Software and any other individual whose personal information we process, and “we”, “us”, and “our” refer to Amsterdam Software.
Please read the following carefully to understand our views and practices regarding your personal information and how we may treat it. For more information, or if you have any questions and/or are eligible to submit a subject access request, please reach out to us using the contact details found below, or visit our Privacy Policy
Collection, Notice, and Processing of Personal Information
We will only collect personal information as appropriate and using only fair and lawful methods. We will process your personal information fairly and for purposes permitted by you and/or as permitted by applicable law. If requested, and/or where it is not clear from the Amsterdam Software product or service that you utilize or from your relationship with us, we may inform you about how your personal information is processed and the rights and remedies you have under our Privacy Principles. In addition, where permitted under applicable law, you may object to certain types of processing. The Amsterdam Software business(es) with which you transact provide notifications regarding the collection and processing of personal data and such notices may be found in the Privacy Policy.
Data Security and Confidentiality
We will keep your personal information confidential and limit access to your personal information to those who specifically need it to conduct their business activities, except as otherwise permitted by applicable law. We have implemented industry standard measures to secure your personal information from accidental loss and from unauthorized access, use, alteration and disclosure. We require industry standard data security measures from those third parties who are authorized by us to process your personal information on our behalf.
Choices Regarding How We May Use and/or Disclose Personal Information
We strive to provide you with choices regarding the personal information you provide to us, including giving you the option of having your personal information included or removed from lists used by Amsterdam Software for marketing purposes, as may be required by applicable law. Each of our businesses may continue to send its customers information about the products or services that they receive from that business.
Accessing and Maintaining Personal Information
Depending on your country or residence and/or citizenship, under applicable laws such as the EU General Data Protection Regulation (“GDPR”), you may also have the right to demand access to, review and change, and request deletion of the personal information that you have provided to us. Please note, however, that we may not always be able to accommodate your request to change or delete information if we believe doing so would cause the information to be incorrect, if we have a legitimate business purpose to retain that information, and/or if doing so might violate other legal obligations.
Transferring Personal Information
As a global group of companies, we may transfer the Personal Information we collect about you to countries other than the country in which the information was originally collected. When we transfer your information to other countries, we will take appropriate steps to protect that information. Where it is not clear from the Amsterdam Software product or service or from your relationship with us, we will tell you if your personal information may be transferred outside of your country. We will ensure any transfers are conducted in accordance with applicable law.
If you are located in a country subject to the GDPR, please note that we will comply with applicable legal requirements and have adequate measures in place to provide protection for the international transfer of Personal Information. These measures include, among others, contractual obligations for recipients to handle and protect the personal information in accordance with standard contractual clauses developed by the European Commission.
Accountability
Amsterdam Software takes its data privacy obligations very seriously, and its employees may only process your personal information in accordance with these Privacy Principles, for which we conduct training and review compliance. Employees who violate these Privacy Principles may be subject to disciplinary action, up to and including termination.
For more detailed information regarding the collection and/or processing of your personal information, please visit our Privacy Policy.
If you have questions about this, please contact us at privacy@amsterdamsoftware.com or write to us at:
Amsterdam Software
Attn: Privacy Administrator, Legal Department
Amsterdam Software BV
Delflandlaan 1
1062 EA, Amsterdam
The Netherlands
| Subprocessor’s Name | Nature and Subject Matter of the Processing | Location of Processing (Country) |
| Amazon AWS | FBO One uses AWS for Cloud Hosting and storage.
· Full Name & address |
Ireland |
| Basecamp | FBO One uses Basecamp for customer onboarding
· Full name |
United States of America |
| FBO One uses Google Analytics for understanding product usage.
· FBO One visitor behavior |
United States of America | Mailchimp | FBO One uses MailChimp for some email functionality.
· Full Name & address |
United States of America |
| Microsoft | FBO One uses Microsoft Azure for Cloud Hosting and storage.
· Full Name |
United States of America |
| New Relic | FBO One uses New Relic as a managed service for application performance monitoring (APM) | United States of America |
| Pendo | FBO One uses Pendo as a managed service for understanding product usage.
· Full Name |
United States of America |
| Salesforce | FBO One uses Salesforce as a managed service for CRM
· Full Name |
United States of America |
| Zendesk | FBO One uses Zendesk as a managed service for support ticketing and knowledge base tools
· Full Name |
United States of America |