Privacy Policy

Frictionless Checkout at Stadiums & Arenas Maximizes Fan Experience & Revenue

Shopping Made Better

Privacy Statement

This privacy statement applies to the processing of all personal data of website visitors during the use of the website of AiFi Inc. (hereinafter referred to as: AiFi).

The purpose of this privacy statement is to be transparent about the way AiFi collects, uses, and protects your personal data. We also explain how we comply with privacy laws, such as the GDPR. Please read this statement carefully to understand how we handle your personal data.

AiFi GDPR Whitepaper (March 2024)

AiFi Vendor Code of Conduct (March 2024)

AiFi Privacy Policy OASIS (March 2024)

AiFi Console Privacy Policy (March 2024)

What is Personal Data?

What is Personal Information?

About Us

How Do We Use Your Data?

We process your personal data solely for well-defined purposes, as outlined below. This includes the data you provide and data we collect in connection with our marketing activities and other interactions.

1. When Contacting Us

To address inquiries, complaints, or feedback, we collect personal data through our contact form. This includes your name, contact details, and any other information you share with us. This processing is grounded in our legitimate interest in effectively communicating with those who reach out to us, as stated in Article 6(1)(f) of the GDPR.

AiFi also collects the above information in your interactions with our Compliance toll-free number, including your name, email, and phone number.

2. For Website Analysis and Improvement

We indirectly collect data via cookies for functional, analytical, and marketing purposes. This includes:

(Geo)location data
IP address
Internet browser and device type
Website language

Please see AiFi cookie policy for detailed information on our use of cookies. Your consent, provided through our cookie banner, serves as the legal basis for this processing per Article 6(1)(a) GDPR. For functional cookies, our legal basis is our legitimate interest in ensuring our website functions properly, according to Article 6(1)(f) GDPR.

3. For Marketing and Demo Requests

We engage in several marketing activities, including events and demo requests, and for these purposes, we may process:

Your email address, phone number, company details, name, position, and other customer contact details for sending marketing communications and handling demo requests.
Engagement analytics, such as follower names and user profiles, though such data is not retained by AiFi.

These activities are supported by various platforms, including HubSpot, Microsoft 365, LinkedIn, and Jira. Retention periods vary from the moment the data deletion request closure to up to 7 years.

The legal foundation for processing your data for these marketing activities hinges on either your explicit consent (Article 6(1)(a) GDPR) or our legitimate interest in promoting our products and services (Article 6(1)(f) GDPR). If you no longer wish to receive our marketing emails, you can easily unsubscribe by clicking the "unsubscribe" link at the bottom of the email.

Your Rights

You have the right to be well informed about what we do with your data and why we need your data. We do this through this privacy statement. In addition to the right to be informed transparently, you have the following rights:

Right to access (if you want to know which data we collect from you);
Right to rectification (we are happy to adjust any data that is no longer correct);
Right to be forgotten (in some cases you can ask us to delete your data);
Right to restrict processing (in some cases you can ask us to restrict the processing of your data);
Right to data portability (if you want, we can pass on your data to another party or give you a copy of your data);
Right to object (in some cases you can object to the use of your data).

If you want to exercise one of your rights, you can contact us by emailing compliance @aifi.com. We always respond to your request within a month.

Who Do We Share Data With and Where Do We Store It?

AiFi does not sell or trade your personal data to a third party. In limited cases, a specific supplier (as processor) may gain access to your personal data. Before AiFi shares your data with such a third party, AiFi will ensure that this party is bound by strict security standards.

AiFi may be obliged to provide certain personal data to third parties, such as government agencies, in accordance with relevant legislation. It may also be necessary for AiFi to transfer your personal data to protect AiFi's lawful rights, again in accordance with relevant legislation.

With parties that process personal data on our behalf (the so-called 'processors'), we conclude (as far as necessary) processing agreements. We do this so that when we provide data to them, it is properly recorded, among other things, that they also secure these data well and they must notify us in time in case of a (suspicion of a) data breach.

How Long Do We Keep Your Data?

Record Retention Policy

1. Summary

AiFi will retain records and data as needed to satisfy business needs and applicable laws and regulations.

2. Applicability

This Policy applies to AiFi, Inc. (“AiFi”), its subsidiaries, and other entities controlled by AiFi.

3. Policy

Retaining necessary records and data is a routine part of business, enabling AiFi to conduct its business effectively and to respond accurately and in a timely manner to internal and external customer demands. However, retaining unnecessary records and data in any form complicates and delays the retrieval of important information and wastes limited resources such as storage capacity and filing space.

AiFi and its functional departments will ensure that records and data are retained, reviewed, stored, and disposed of systematically, as necessary to satisfy business needs and the requirements of applicable laws and regulations.

AiFi and its functional departments shall implement procedures meeting the requirements of Exhibit 1.

5. Review

This Policy shall be reviewed at least annually and following any major changes to ensure that this Policy continues to meet its organizational goals.

Exhibit 1

1. AiFi, its subsidiaries, and other entities controlled by AiFi, Inc. will ensure that records and data are retained, reviewed, stored, and disposed of systematically and in the regular course of business after considering business needs and the requirements of applicable laws and regulations.

2. "Records and data" mean:

a) Written, recorded, or graphical material of any kind in the possession or control of AiFi or its directors, officers, or employees in the course of their duties;

b) The term includes data in any medium, such as paper, recordings, or electronic files (whether stored on a network server, individual computer hard disk, or separate disk from which information can be obtained by any means)

3. AiFi will adopt procedures addressing the following minimum requirements:

a) Appointing a records and data custodian who has overall responsibility for administering this Policy. Additional custodians may be appointed when needed to respond to document requests involving litigation or investigations;

b) Creating and maintaining an index of types of records and data (“Record Retention Table”) that are in the possession or control of AiFi. This will describe generally the types of records and data to be retained. Records and data will be assigned proper periods for retention, determined in accordance with the laws, regulations, and treaties applicable to the locations where AiFi is operating;

c) Destroying records and data in the regular course of business and in accordance with the requirements of applicable laws and regulations. Destruction of records reasonably related to a matter will be stopped if AiFi knows or has a reasonable basis to believe that litigation, a government investigation, or an audit is pending or imminent.

d) Random and scheduled reviews to ensure that records and data are being disposed of in accordance with the requirements of this Policy. AiFi will review retention procedures and practices as part of its normal audit process, and

e) Providing periodic training to employees in the requirements of this Policy. Training may be provided via disseminating written policies or procedures, computer-based courses, or any combined training methods used by AiFi.

4. Questions on implementing or interpreting this Policy should be directed to the Legal Team to legal@aifi.com.

Record Retention Table

Category	Record Type	Record Description	Duration
Mail	Exchange mailboxes	Items in user, shared, and resource mailboxes: emails, calendar items with an end date, notes, and tasks with an end date. Doesn't apply to items in Microsoft 365 Group mailboxes.	1 year
SharePoint	SharePoint classic and communication sites	Files in classic sites or communication sites or team sites that aren't connected to a Microsoft 365 group, and files in all document libraries (including default ones like Site Assets).	2 years
Accounting and Finance	Annual Financial Reports and Work Papers		3 years
Accounting and Finance	Billing Records		3 years
Taxes	Income Tax Returns and Sales Tax Returns		3 years
Marketing	Customer Contact Details	Email address, phone number, Company	7 years
Marketing	Event Signup		1 year
Marketing	Demo signup	Name, email address, position, company	1 year
Marketing	Toll-free numbers	Name, address, phone number	1 year or when data request for deletion is closed.
Human Resources	Contact Details	Address, email address, phone number	Permanent and deleted 30 days after termination.
Human Resources	Emergency Contacts and Next of Kin	Names, relationship to the employee/contractor, contact numbers	Permanent and deleted 30 days after termination.
Human Resources	Employment Information	Job title, department, employee ID, work history	Permanent
Human Resources	Personal and Social Circumstances	Marital status, dependents	Permanent
Human Resources	Criminal Record Information	Details of criminal convictions and offences	No retention after audit
Human Resources	Financial Information	Bank account details, tax information	Permanent
Human Resources	National Identification Numbers	Social security number, Passport, national insurance number	Permanent and deleted 30 days after termination.
Human Resources	Health Information	Health records, disability information, sick leave records	Permanent
Human Resources	Qualifications	Educational records, resumes, certifications, training records	Permanent
Human Resources	Applications	Resumes, personal information, qualifications, contact details	1 year

How Do We Protect Your Data?

Under Article 32 GDPR, we are obliged to take appropriate technical and organisational measures to prevent loss of personal data or unlawful processing. The security of your personal data is well arranged with us through physical, administrative, organizational and technical measures.

Only employees who have been given authority by us have access to the data. They have also signed a confidentiality agreement. We therefore have an appropriate level of protection. We also adjust this level of protection periodically when necessary. Our organization is set up in such a way that we do everything we can to prevent security breaches, a so-called data breach. If there is a data breach, we will act according to our Data Breach Protocol.

Notice to California Residents

This notice to California residents is provided under the CPRA.We collect the following categories of personal information: identifiers/contact information (such as name, address, email address, and telephone number). See the description of personal data above for more information. We collect this information from the sources and for the purposes more fully described above. We do not sell your personal information to third parties.

You have the following rights under CPRA with respect to your personal information:

The right to know about the personal information that we collect about you and to know how it is used and shared;
The right to delete personal information collected from you consistent with applicable law;
We do not sell your personal information to third parties, but you have the right to opt-out of the sale or sharing of your personal information;
The right to non-discrimination in exercising your rights;
The right to correct inaccurate personal information that we have about you; and
We do not collect sensitive personal information (as that term is defined in the CPRA).
Making Access and Deletion Requests

To make an access or deletion request, please email us at dpo@aifi.com . Before completing your request, we may need to verify your identity. We may request additional documentation or information solely for the purpose of verifying your identity.

Instructions for Authorized Agents Making Access and Deletion Requests

You may also use an authorized agent to submit an access or deletion request on your behalf. Authorized agents may submit access and deletion requests by emailing us at dpo@aifi.com . Before completing requests from authorized agents, we may contact you directly to confirm you’ve given your permission and/or to verify your identity.

Contact and Complaints

If you have questions or comments about this Privacy Statement, please contact us at:

AiFi Inc.
888 Airport Boulevard
Burlingame, California
compliance@aifi.com

US Toll-free telephone number: +1 650 446 4708
EU Toll-free telephone number: +31 800-0223-304
DPO: Sara Lopes: dpo@aifi.com

If you have complaints about how we use your data or how we respond to privacy-related questions, you can file a complaint with the Data Protection Authority or the California Privacy Protection Agency.

March 11, 2024

Terms of Use

Despite our best efforts, unfortunately we can’t guarantee our website is always up to date, error-free, accessible or complete. Neither can we guarantee the continuous availability and smooth operation of the website. AiFi Inc. may suspend the availability of our website, for example in connection with modification or maintenance. In addition, we reserve the right to remove, modify or discontinue the information and services offered on the website without prior notice.

You may not use this website in any way that could hinder us, the other users of the website or other third parties and/or otherwise affect the proper functioning of the website, and/or the underlying software.

Without prejudice to our other rights, we reserve the right to (henceforth) deny you further access to the website and the services offered thereon without prior notice if you act unlawfully towards AiFi or third parties.

All intellectual property rights in this website, including the (collection of) texts, visual material, sound material, trademarks, data files, software and all other works you may access through the website, belong exclusively to AiFi or its licensors.

Our site may also have links to third-party websites. We’re not responsible for the information these websites provide and cannot be held liable for anything that comes from a third party.

What Our Customers Say

"We were impressed with the flexibility of AiFi's solution and the ability to seamlessly integrate with existing infrastructure in the store. Now, folks coming through the Knauss Center for Business Education won't be burdened by long lines or wait times, and we're excited for the future of this technology at our campus."

Andre Mallie

Assistant Vice President, Auxiliary Services & Resource Management, University of San Diego

"This technology actually supersedes some that’s been in the market for a while. It’s all by way of camera technology and AI that can calculate when something is removed."

Kevin Rettle

Vice President, Sodexo

"From now on, AiFi's technology will let passengers shop completely autonomously around the clock at Berlin's Ostbahnhof. In the future, customers will benefit from the unlimited availability of the service and a completely new and time-saving shopping experience."

Martina Köppl

Head of Franchise Management at DB Station&Service AG

"We believe AiFi is well-positioned as the leading platform in the Venues space."

Ken Gaber

President, OVG Hospitality

"By collaborating with AiFi, we aim to gain new and meaningful insights into our customers and lay the data-driven foundations for levels of operational excellence."