This Privacy Notice applies to the DragonPass Premium + App and DragonPass-related websites (the "Service") and is operated by Assurant (Assurant is a trading name of Lifestyle Services Group Limited), with mailing address of PO Box 98, Blyth, NE24 9DL, a member of the Assurant, Inc. group of companies (hereinafter, “We”, “Us”, “Our” or “Company”). Assurant is the data controller of your Personal Information in the context of the Service.
This Privacy Notice (“Notice”) describes how We will process and protect personal information relating to an identified or identifiable individual (“Personal Information”) when you use the Service, which allows users to create an account, update your contact details and communication preferences, search for airport lounges, restaurants, and spas, view lounge usage history and number of passes, register and update payment card details, purchase additional lounge passes, pre-book lounge visits, reset your password, and contact customer support, and applies to your use of the Service. We also use the Personal Information to provide services to you, to communicate with you, and to track usage of the Service and Our products and services. Your Personal Information shall be held and used in accordance with applicable legislation relating to the protection of Personal Information (the “Applicable Law”).
This Notice applies to the Service only and does not necessarily reflect practices with respect to information gathered through other Services We offer or websites We operate or the collection of information through off-line means. To review the privacy practices of those other services, please refer to the policies provided in association with each.
1. Personal Information We Collect
We collect your Personal Information in the following situations:
1.1 Create an Account
We collect Personal Information from you when you create an account on the Services. To create an account on the Service, we may ask users to provide Us with: name, date of birth, post code, membership ID, email address, mobile phone number, and password, and agree to the Terms of Use and this Privacy Notice. We will collect your Internet Protocol (“IP”) address. We may also collect your payment information as part of the registration process, this will include your debit or credit card details, this information is optional.
1.2 When you Submit a Payment
We collect Personal Information from you when you make a payment (for example, when you purchase additional passes). We ask you to provide Us with payment details: cardholder name, payment card number, CVV, and expiry date.
1.3 When you communicate with Us or contact Us for Customer Support
When you contact Our customer support team (for example, when you enquire about the status of your account), We will collect information that you provide to Us in your communications (such as the query or issue that you have raised).
1.4 When you access the Service
We collect information about devices used to access Our Service, (including IP address, browser used, browser language preferences, screen settings). Additionally, We use cookies and similar technologies such as web beacons to collect information about how you use and navigate Our Service (for example, the pages that you view and links that you click). We use cookies to help Us recognise you, improve your experience, increase security, and measure use and effectiveness of Our services. For more information about the cookies, We utilise on the Service, please view Our Cookie Notice.
1.5 Your Device and Location
Your location is derived from the mobile device on which the Mobile App is installed (for example – GPS coordinates and/or Wi-Fi connections). This location tracking of the mobile device may occur even when the application is not actively open and running, if the user has enabled location tracking in the settings for the mobile device. You may at any time discontinue these location services by turning off location services on your device or uninstalling the Mobile App.
2. Purposes and Legal Basis for the Processing of your Personal Information
2.1 We process your Personal Information for the following purposes:
To fulfil a contract, or take steps linked to a contract: this is relevant where you have entered into a service contract with Us, where you can access airport lounges. This includes:
- providing the Service;
- verifying your identity;
- taking payment from you;
- making reimbursement payments to you; and
- communicating with you.
As required by Us to conduct Our business and pursue Our legitimate interests, in particular:
- We will use your Personal Information to provide the Service and other products and services that you have requested, and respond to any comments or complaints you may send Us;
- We monitor use of the Service, and use your Personal Information to help Us to track and analyse preferences and trends, evaluate possible new features, functionality and services, and improve Our Service.
- We use Personal Information to help Us recognise you on the Service, improve your experience, increase security of Our networks and systems, and measure use and effectiveness of Our Service.
- We use Personal Information you provide to investigate complaints received from you or from others, about the Service or our products and services. We also use this Personal Information to track potential issues (for example, issues with fulfilment of services) and trends to better serve you;
- We use Personal Information to make decisions about, and to effect, reorganisations or sales of all or part of Our business;
- We monitor customer accounts to prevent, investigate and/or report fraud, misrepresentation, or crime, in accordance with Applicable Law;
- We will use Personal Information in connection with legal claims, compliance, regulatory and investigative purposes (for example, theft and fraud investigations) as necessary (including disclosure of such information in connection with legal process or litigation);
- We use Personal Information of some individuals to invite them to take part in market research and customer surveys; and
- We use Personal Information to send you information about Assurant products and services, such as customer experience surveys (where your consent is not required).
2.2 Where you give Us consent:
2.2.1 We place cookies and use similar technologies in accordance with Our Cookie Notice and the information provided to you when those technologies are used; and
2.2.2 On other occasions where We ask you for consent, We will use the data for the purpose which We explain at that time.
2.3 For purposes which are required by law:
2.3.1 In response to requests by government or law enforcement authorities conducting an investigation; and
2.3.2 Responding to complaints where We are under a legal or regulatory obligation to adhere to a complaints handling procedure.
2.4 Withdrawing consent:
2.4.1 Wherever We rely on your consent, you will always be able to withdraw that consent, although We may have other legal grounds for processing your data for other purposes, such as those set out above. Where you have given Us your consent, you can withdraw it by using the mechanism described to you at the time that your consent was obtained, or by Contacting Us.
3. Disclosure of Personal Information
3.1 Disclosure to Our Service Providers and Partners
We employ third party companies and individuals to facilitate the Service (for example, customer support, customer communications, audit, application or database hosting, development, logistics, payment processing, and for fraud detection and prevention purposes. These third parties have limited access to your Personal Information to perform these tasks on Our behalf and are obligated to Us. The personnel of such third parties who use your Personal Information is limited to those individuals which are authorised to do so on a need-to-know basis and as necessary to provide these business services to Us. We also share your Personal Information with your bank (for example – to validate your eligibility for the product or service). To provide the Service, we may share your name, contact details (including post code, email address and mobile number), and usage information.
3.2 Disclosure to Public Authorities
We may disclose your Personal Information if required for the purposes above, if mandated by law or if required for the legal protection of Our legitimate interests in compliance with Applicable Law.
3.3 Other Categories of Recipients
We may also disclose your Personal Information, usage information, and other information about you to parties acquiring part or all of Our assets, as well as to attorneys and consultants. Also, if any bankruptcy or reorganisation proceeding is brought by or against Us, your Personal Information may be considered a company asset that may be sold or transferred to third parties.
4. Where your Data is Processed
Your Personal Information will be shared with Our service providers (e.g., airport lounges), some of which are located outside the EEA and the UK and are not subject to an adequacy decision of the European Commission. Where personal information is transferred outside the UK and the EEA to a country that is not subject to an adequacy decision regulation, we will ensure that appropriate standard contractual clauses are in place. To obtain a copy of the relevant transfer mechanism or additional information on such transfers, please address these requests to us.
5. Your Choices and Rights
You have the following rights regarding on your personal information:
- Right to access information about how we process your personal information, including the categories of personal data we process, recipients of your personal information, and purposes for our processing.
- Right to rectification of inaccurate personal information concerning you, as well as, taking into account the purposes of the processing, the right to have incomplete personal information completed.
- Right to erasure (deletion) of personal information concerning you where: (a) the personal information is no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) you withdraw your consent and there are no other legal grounds for the processing; (c) you exercise your right to object (see below) and there are no compelling legitimate grounds for the processing; (d) the personal information have been unlawfully processed; or (e) the personal information have to be erased for compliance with a legal obligation applicable to us.
- Right to restriction of processing (i.e., data will be blocked from normal processing but not erased) where: (a) you contest the accuracy of the personal information, for a period enabling us to verify the accuracy; (b) the processing is unlawful and you oppose the erasure of the personal information and requests the restriction of their use instead; (c) we no longer need the personal information for the purposes of the processing but they are required by you for the establishment, exercise or defence of legal claims; (d) you exercise your right to object (see below) pending the verification whether our legitimate grounds override those of you.
- Where processing is based on your consent, the right to withdraw consent at any time, without affecting the lawfulness of the processing prior to such withdrawal. Please note that even after you have chosen to withdraw your consent, we may be able to continue to process your personal information in some limited circumstances if we can base such processing on another valid legal basis.
- Where processing is based on your consent, or on a contract, the right to data portability, i.e. the right to obtain a copy of the data concerning you in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from us.
- Right to object to the processing of personal information based in our legitimate interests, provide that there are no compelling legitimate grounds for the processing that would override your interests, right and freedoms or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
- You always have the right to lodge a complaint with your local Data Protection Authority.
Please note that in certain situations, and subject to applicable law, we may not be able or obliged to comply with all your requests, for example comply with a deletion request relating to information we are required by law to keep or have a compelling legitimate interest in keeping.
We may charge you a reasonable fee in case you request additional copies of your personal information or make excessive requests. If we are unable to honor your request, or before we charge a fee, we will expressly inform you. In so far as practicable and required under law, we will notify third parties with whom we have shared your personal information of any request for correction, deletion, and/or restriction to the processing of your personal information. Please note that we cannot guarantee third parties will follow up on our notification and we encourage you to contact those third parties directly.
Click here to submit your privacy rights request: www.assurant.com/dataprotection/eu
You can also contact us by using the contact information set out at the bottom of this Privacy Notice.
6. Communications from Us
We communicate with you through email and SMS. We will send you service-related communications (for example – information about your usage of the service”), customer satisfaction and market research surveys.
You can change your email and contact preferences through this app, website or by contacting Customer Service or Contacting Us Please be aware that you cannot opt-out of receiving service-related messages from Us.
7. How long we store your Personal Information
We retain Personal Information you provide as needed to provide the Service. We may retain your Personal Information if retention is reasonably necessary to comply with Our legal obligations, meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce this Notice and Our Terms of Use. We may retain Personal Information for a limited period of time if requested by law enforcement. This means that, after the cancellation of your membership, only the information related to payment history will be retained for 6 years. Our customer support may also retain information for as long as is necessary to provide support-related reporting and trend analysis only, but We generally delete or de-personalise transaction-related data consistent with this Notice. Once Personal Information is anonymised, We may retain and use such information. Additionally, We typically delete logs and other backup information through the deletion process within 30 days of your last activity, except as noted in Section 5.
8. Information Security
We have implemented safeguards designed to protect your Personal Information in accordance with industry standards.
We have measures in place to restrict access to Personal Information to those individuals whom We know have a valid business purpose to have access to such data. We maintain physical, electronic and procedural safeguards. We follow generally accepted standards designed to protect the Personal Information submitted to Us, both during transmission and once We receive it. We require those who provide services for Us and to whom We provide Personal Information collected through the Service to keep such information secure and confidential. However, no method of transmission over the Internet or method of electronic storage is totally secure. Therefore, We cannot guarantee its absolute security.
9. Important Information
9.1 Minimum age
We do not knowingly collect Personal Information from anyone under the age of 18. You must be at least 18 years of age to use the Service.
9.2 Changes to this Notice
We may update this Notice from time to time. If We make any material changes to Our Notice, We will notify you by email or by means of a notice through the Service, or by other means prior to the change becoming effective, so that you may review the changes before you continue to use the Service. Please review changes carefully.
10. How to Contact Us
For customer enquiries, please contact us at: Assurant, PO Box 98, Blyth, NE24 9DL, or Call Us.
Click her to submit your privacy rights request: www.assurant.com/dataprotection/eu
If you have any questions about our privacy notice or want to lodge a privacy and data protection complaint, please contact us:
Assurant, Data Protection Officer, PO Box 98, Blyth, NE24 9DL, or send Us an email at dataprotectionofficer@assurant.com.
Effective date: 2nd May 2024