ScentAir’s Privacy Notice

Scent Air is committed to protecting and respecting your personal data and your privacy. 

We work hard to ensure that any personal data we collect about you (your Data) is used fairly and transparently and strictly in accordance with the data protection laws that protect it. This policy sets out how we collect, store, process, transfer, share or use your Data. 

We have created this Privacy Notice to explain:

  • how and why we collect your Data,
  • what data we collect about you,
  • when and why we may disclose or transfer your Data,
  • how long we store your Data for,
  • explain the rights and choice you have when it comes to your Data. 

If you are a resident of the EU, this Privacy Notice also provides you with certain information that must be provided to you under the European General Data Protection Regulation (GDPR). You can find more information about your rights and additional disclosures under GDPR in the section titled Your Privacy Rights & Additional Disclosures (GDPR)

If you are a resident of California the California Consumer Privacy Act (CCPA) requires businesses, to give consumers certain notices explaining their privacy practices. This Privacy Notice also serves as a Notice of Collection relating to CCPA. You can find more information about your rights and additional disclosures under CCPA in the section titled Your Privacy Rights & Additional Disclosures (CCPA).

When we refer to “Personal Data” or "your Data" in this Privacy Notice, we mean any information about you from which you can be identified. It does not include data where your identity has been removed (anonymous data). 

How To Read This Privacy Notice

This notice is layered to allow you to find the information that is most relevant to your situation. 

It is split into 3 sections:

  1. General Information – this contains the information that applies to all of our data handling practices such as who we are and how to contact us.
  2. Data practices depending on how you interact with us – at ScentAir Technologies LLC, we collect Personal Data in different ways depending on how and why you are interacting with us. Section 2 sets out further details specific to our interaction with you and information that will only be relevant in those circumstances.
  3. Privacy Rights & Additional Disclosures - the final section of the Privacy Notice sets out the rights you have in relation to your Data [depending on where you are resident] and provides any additional information we are required to disclose under the law that applies to your Data.

1. GENERAL INFORMATION

1.1. Who we are

When we refer to ‘we’, ‘us’ or ‘ScentAir’ in this Privacy Notice, we are referring to ScentAir Holdings, Inc, d/b/a ScentAir Technologies, LLC and its subsidiaries: Escential Limited (UK); ScentAir Switzerland SA; ScentAir Spain, SL; ScentAir Germany GmbH; ScentAir De Mexico; ScentAir Technologies Limited (HK);  BA Holdings Limited; ScentAir Fragrance Technologies (Shanghai) Co., Ltd.; and ScentAir Japan Ltd.

ScentAir Technologies, LLC is responsible for deciding how and why your Data is used in the situations covered by this Privacy Notice (referred to as the Data Controller for the purposes of the GDPR [and Business under the CCPA]). 

Our privacy notice applies to all users of ScentAir Technologies, LLC and its affiliated entities websites, mobile applications or apps, and services provided by ScentAir Technologies, LLC.

1.2. How to contact us

If you have any queries regarding this Notice or have any concerns about our use of your Data, please contact us using one of the methods below and we will do our best to deal with your concern or query as soon as possible.

Email: privacy@scentair.com 

Mail:   ScentAir Technologies, LLC 

           3810 Shutterfly Road; Suite 900

           Charlotte, NC 2817

1.3. General Recipients of your Data

In certain circumstances, we may need to share your Data with other companies or individuals. We are very careful about the third parties with whom we share your Data, and we ensure that we only share the minimum amount of information that is necessary. We also ensure that we have appropriate contracts in place to ensure third parties continue to protect your Data, when they are processing it on our behalf.

Service Providers

We sometimes need to share your Data with certain third parties who provide services to us, so that they can provide those services. These third parties process your Data on our behalf, and we have strict contracts with them to ensure they process your Data only on our instructions and with appropriate security in place.

We use the following types of service providers for your Data:

  • Email and data storage providers such as Microsoft,
  • Document storage providers such as Dropbox,
  • Cloud providers such as AWS and Google Cloud

In some circumstances, we may use additional Service Providers depending on how we are interacting with you. You can find further details of the exact types of service providers who may receive your Data from us under the relevant section of Part 2 of this Privacy Notice. 

Consultants / Advisors

We occasionally make use of consultants and advisors who may receive your Data in order to provide us with their services. These third parties will decide how and why they use your Data. The types of consultants / advisors that we use are:

  • Legal Advisors such as law firms,
  • Financial Advisors such as accountants,
  • Data Protection Advisors such as Calligo.

Other

We will share your Data with third parties if we have a belief in good faith that it is reasonably necessary:

  • To comply with the law or a public authority, permitted to receive your Data or for the administration of justice,
  • To establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud),
  • Where we refinance, restructure, sell or transfer our business (or a part of it). For example, in connection with a takeover or merger.

1.4. ScentAir Technologies, LLC as a Service Provider / Data Processor

This Privacy Policy does not apply to the Personal Data we process as a Service Provider or Data Processor on behalf of our customers, who, in this instance, are the Data Controllers of your Personal Data. ScentAir Technologies, LLC Customers are organisations who use our services to enhance brands and experiences through the power of scent and air purification. For us to provide our services, ScentAir Technologies, LLC processes Personal Data in accordance with the instructions defined in the agreements we have in place with our customers. If you have questions about the Personal Data you have provided to one of our customers or wish to exercise any of your rights regarding your Personal Data, please contact the Customer directly. 

1.5. Updates to this Privacy Notice

We keep our Privacy Notice under regular review. This version was last updated on August 1, 2023. Historic versions are archived here: Historic Privacy Notice.

If material changes are made to the Privacy Notice, relating to how we use your Data, we will provide an updated Privacy Notice. In certain circumstances where consideration is being given to changes in the uses of your Data, we may need to contact you to gain your consent where necessary or provide a legal basis for the use of your Data in a different way from that for which it was originally provided.

1.6. Other Privacy Notices

This Privacy Notice is intended for people who are our customers or who use our website.

  • Please note that the Privacy Notice does not cover:
  • The Personal Data we collect if you apply for a job with ScentAir Technologies, LLC. This is covered in our Job Candidate Privacy Notice.
  • The Personal Data we collect if you work for us. This is set out in our Employee Privacy Notice available from your manager.

2. How we use your Data depending on how you interact with us

At ScentAir, we collect Personal Data in different ways depending on how and why you are interacting with us. In the sections below, you can find out how we use your Data in the following ways. Please click on the section that is most relevant to you:

  1. When you visit our website(s),
  2. When you become a customer of ScentAir,
  3. When we believe you may be interested in our product or services.
  4. When you provide services to ScentAir,
  5. When you contact us,

2.1. When you visit our Website(s)

How we collect your Data

Marketing Material

When you download a whitepaper or read one of our blogs or sign up to our newsletter, we collect some information directly from you about who you are, your contact details and why you are interested in our services (Marketing Information).

Contact Us

If you use the ‘contact us’ or ‘request a quote/demo/info’ facilities on our website, we will collect information directly from you that we need to be able to respond appropriately. This includes your name, contact details and details of the organisation you work for (Enquiry Information).

You may also volunteer certain other Personal Data such as your phone number and postal address as well as anything else you include in the ‘message’ box.

Cookies

We use cookies and similar technologies to personalise and improve your experience as you use our website. Some of these cookies collect Personal Data in the form of IP addresses (Cookie Data). Please see our cookie policy HERE for details of the cookies that are set on our website.

How we use your Data

The table below sets out our business or commercial purpose for using your Data and the legal basis we rely on in each case.

Type of Data Business/Commercial Purpose Legal basis
Marketing Information Send you the content that you request Necessary for our legitimate interest of following up on interest in our products and services
Analyse the effectiveness of our marketing materials Necessary for our legitimate interest of assessing our marketing
Send you marketing communications (where requested) Consent
Enquiry Information Contact you in response to your enquiry Necessary for our legitimate interest of responding to queries. 
Investigate your enquiry Necessary for our legitimate interest of responding to queries.
Send you marketing communications (where requested) Consent
Cookie Data Personalise your browsing experience Consent
Provide you with targeted advertising Consent
Make sure our website is working properly Consent

Consent to cookies can be provided or withdrawn by clicking on the Cookie Bot links on any of our webpages.  

Recipients of your Data

We use the following service providers (subject to change) to store Enquiry Information on our behalf:

  • Our Customer Relationship Management (CRM) services for email deployment and communications
  • User analytics services for transactional data tracking and measurement
  • Social/Ad Network services to display relevant ad communications
  • Website (Magento) technology services for customer account management and daily site functionality 

How long we keep your Data

We keep Enquiry Information for the duration of our interaction with you plus a period of 24 months. This is so that we can refer to our previous correspondence should you contact us again during this time. After 24 months we will delete your Data from our systems unless we identify a legitimate need to retain it for longer, such as in order to defend a legal claim or where we are required by law to do so.

If you signed up to receive marketing materials but indicate that you no longer wish to receive them, we will retain your name and email address on a suppressed list to keep a record that you have opted out of receiving direct marketing (so that we don’t accidentally send them to you again) but we will no longer use it to contact you with marketing.

The retention period for Cookie Data is set out in our Cookie Notice.

2.2. When you become a customer of ScentAir

How we collect your Data

When you (or the company you work for) purchase a product or service from ScentAir or one of our distributors, we collect your business contact details from either you or your company. We will also collect information about you throughout the lifecycle of our relationship with you such as your purchase history, payment details, correspondence with you, information required to provide you with support and contract information (such as your signature) (Customer Information). This information will be collected directly from you through our website/app/portal.

We may also run an OFAC / FCPA compliance screen using LexisNexis (Background Check Data).  

How we use your Data

The table below sets out our business or commercial purpose for using your Data and the legal basis we rely on in each case.

Type of Data Business/Commercial Purpose Legal basis
Customer Information Provide our customers with products or services they have requested Necessary for the performance of our contract with you or the organisation you work for
Provide support Necessary for the performance of our contract with you or the organisation you work for
Maintain our customer relationship Necessary for the performance of our contract with you or the organisation you work for
Send you information about the product or service you have purchased  Necessary for the performance of our contract with you or the organisation you work for
Send you information about other similar products or services you may be interested in Necessary for our legitimate interest of marketing our products and services to organisations
Legal reporting purposes (e.g., tax reporting) Necessary to comply with a legal obligation that applies to us
Notify you of safety issues or product recalls Necessary to comply with a legal obligation that applies to us
Background Check Data Prevent fraud Necessary for our legitimate interest of protecting our business
Prevent Money Laundering Necessary to comply with a legal obligation that applies to us

Recipients of your Data

We use the following types of service providers for Customer Information:

  • Our Customer Relationship Manager system and marketing automation services provider, Salesforce, Inc.
  • Our email automation providers, Dot Digital and Pardot
  • Our fraud prevention screening through LexisNexis.

How long we keep your Data

We keep Customer Information for a 7-year period following the date we last provided you or your organisation with a service. This is so that we can support you with any issues you might encounter. After 7 years, we will delete Customer Information from our systems unless we identify a legitimate need to retain it for longer, such as in order to defend a legal claim or where we are required by law to do so.

If you indicate that you no longer wish to receive marketing materials, we will retain your name and email address on a suppressed list to keep a record that you have opted out of receiving direct marketing (so that we don’t accidentally send them to you again) but we will no longer use it to contact you with marketing.

We keep Background Check Data for a period of 10 years from the date we last provided you or your organisation with a service. This is so that we can comply with our legal obligations under Anti-Money Laundering legislation.

2.3. When we believe you may be interested in our product or services

How we collect your Data

Marketing Prospects

We may obtain data from third parties (e.g., data brokers) or buy in list of marketing prospects (Prospect Data), from sources such as with ZoomInfo.


Public Platforms

When you mention us or interact with us on public platforms, such as Facebook, Instagram, Twitter, LinkedIn or Public forums, we may collect some of the information that is publicly available on these platforms, such as your Twitter handle or information from your Facebook profile (Platform Information).  

How we use your Data

The table below sets out our business or commercial purpose for using your Data and the legal basis we rely on in each case.

Type of Data Business/Commercial Purpose Legal basis
Prospect Data Identify organisations and people at those organisations who may be interested in receiving our products and services Necessary for our legitimate interest of marketing our products and services
Send you marketing communications  Necessary for our legitimate interest of marketing our products and services to organisations]
Platform Information monitor customer feedback Necessary for our legitimate interest in improving our services promoting them to those who may be interested
analyse the success of our marketing campaigns Necessary for our legitimate interest of marketing our product/services.

Note that you can opt out of receiving marketing communications at any time by clicking the unsubscribe button at the bottom of the email or by contacting us using the details set out in section 1.2 above.

Recipients of your Data

We use the following types of service providers for Marketing and Event Information and Prospect Data:

  • Our Customer Relationship Manager system and marketing automation services provider, Salesforce, Inc.
  • Our email automation provider, Dot Digital and Pardot

How long we keep your Data

We keep your Data for the duration of our interaction with you plus a period of 24 months. This is so that we can refer to our previous correspondence should you contact us again during this time. After 24 months we will delete your Data from our systems unless we identify a legitimate need to retain it for longer, such as in order to defend a legal claim or where we are required by law to do so.

If you signed up to receive marketing materials but indicate that you no longer wish to receive them, we will retain your name and email address on a suppressed list to keep a record that you have opted out of receiving direct marketing (so that we don’t accidentally send them to you again) but we will no longer use it to contact you with marketing.

We keep Platform Information for 24 months from your last interaction with us. After 24 months we will delete your Data from our systems unless we identify a legitimate need to retain it for longer, such as in order to defend a legal claim or where we are required by law to do so.

2.4. When you provide services to ScentAir

How we collect your Data

When you (or the company you work for) provides services to ScentAir, we collect the information we need in order to ensure you are able to provide the services effectively (such as due diligence), to ensure that we can pay you (such as your bank details) and your business contact details (Supplier Information).


We may also run an OFAC / FCPA compliance screen using LexisNexis (Background Check Data).

How we use your Data

The table below sets out our business or commercial purpose for using your Data and the legal basis we rely on in each case.

Type of Data Business/Commercial Purpose Legal basis
Supplier Information Contact you about the product or services you (or your organisation) are providing Necessary for the performance of our contract with you or the organisation you work for
Pay you for the product or services you (or your organisation) are providing Necessary for the performance of our contract with you or the organisation you work for
Maintain our supplier relationship Necessary for the performance of our contract with you or the organisation you work for
Legal reporting purposes (e.g., tax reporting) Necessary to comply with a legal obligation that applies to us

Recipients of your Data

We use the following service providers for Supplier Information:

  • Supplier Management and ERP system providers, X3 and Infor

How long we keep your Data

We keep your Data for the duration of our contract with you plus a period of 10 years. This is so that we can comply with our obligation to keep records for tax purposes. After 10 years we will delete your Data from our systems unless we identify a legitimate need to retain it for longer, such as in order to defend a legal claim or where we are required by law to do so.

2.5. When You Contact Us directly

How we collect your Data

When you contact us other than via our website form (which is covered under section 2.1 above), for example by phone, email, post or in person, we will retain any personal data that you voluntarily provide to us during that contact, including copies of the correspondence (Unsolicited Contact Information).

Note that we may record telephone calls for training purposes.

How we use your Data

The table below sets out our business or commercial purpose for using your Data and the legal basis we rely on in each case.

Type of Data Business/Commercial Purpose Legal basis
Unsolicited Contact Information Contact you to respond to your request, query or complaint Necessary for our legitimate interest of running a business
Keep a record of our correspondence. Necessary for our legitimate interest of managing correspondence
training purposes Necessary for our legitimate interest of training staff 
Legal reporting purposes (e.g., tax reporting) Necessary to comply with a legal obligation that applies to us

Recipients of your Data

We may use the following service provider to store your contact details:

  • Our Customer Relationship Manager system and marketing automation services provider, Salesforce, Inc.

How long we keep your Data

We keep your Data for the duration of our interaction with you plus a period of 24 months. This is so that we can refer to our previous correspondence should you contact us again during this time. After 24 months we will delete your Data from our systems unless we identify a legitimate need to retain it for longer, such as in order to defend a legal claim or where we are required by law to do so.

3. Your Privacy Rights & Additional Disclosures

3.1. European Residents (GDPR)

If you are resident in Europe (or a country that has adopted GDPR into their local legislation, such as the UK), you will have certain rights and we are obliged to provide you with specific information about how we use your Data.

          3.1.1. Privacy Rights

You have certain rights with respect to your Data. These are:  

  • Right to request access – you may ask to see the personal data we hold about you. This right always applies but there are some exemptions, which means you may not always receive all the information we process. You can read more about this right here.
  • Right to rectification – if you believe the information that we hold about you is inaccurate, you can ask us to correct it.
  • Right to erasure – you can ask us to delete the information we hold about you in certain circumstances. You can read more about this right here.
  • Right to restriction of processing – you can ask us to stop using your Data in a certain way in certain circumstances. You can read more about this right here.
  • Right to object – you can object to our use of your personal data if we are processing it on the basis of our legitimate interest. You can read more about this right here.
  • Right to data portability –. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated. This only applies to information you have given us. You can read more about this right here.
  • Right to withdraw consent – where you have provided your consent to us processing your Data, you have the right to withdraw your consent at any time,
  • Right to lodge a complaint – if you are resident in the EU, you may lodge a complaint with the supervisory authority in the EU Member State where you are resident or where you work.  For further information on your rights, please see the website of the supervisory authority of your EU Member State. 

          3.1.2. Additional Disclosures

              3.1.2.1 Transfers outside the EEA

Personal Data collected by one of our group companies may be shared with other group entities in order to achieve the purpose for which it was collected. We are a global company and some of our entities are based outside of the EEA including in the United States. We have agreements in place with all of our group entities to ensure that Personal Data is handled in compliance with applicable data protection requirements, including Standard Contractual Clauses where necessary. Where ScentAir uses service providers based outside the EEA, we comply with applicable laws, such as the GDPR requirements relating to the transfer of Personal Data from the EEA to third countries.  If you would like details of which transfer mechanism we rely on, please contact us using the details set out in 1.2 above.

              3.1.2.2. Statutory or Contractual Obligations to Provide Personal Data

You are not obliged by any law or contract to provide us with your Personal Data. However, if you choose not to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing you with the information you have requested), or we may be prevented from complying with our legal obligations (such as to notify you of safety notices).

3.2. Californian Residents (CCPA)

If you a resident in California, the California Consumer Privacy Act of 2018 requires us to provide you with information about your rights and how we have used your Data in the past 12 months. Defined terms used in this section have the meaning given to them in the CCPA, which is available here.

          3.2.1. Privacy Rights

You have certain rights with respect to your Data:  

  • Request for Information. You have the right to know whether we are processing your Personal Information, and in some instances, you have the right to request that we disclose to you the categories listed below for the preceding 12 months. In responding to this right, we shall provide to you:
    • The categories of Personal Information we Collect about you.
    • The categories of sources from which your Personal Information is Collected.
    • The Business or Commercial Purpose(s) for Collecting, Selling or Sharing your Personal Information, and the categories of Personal Information disclosed for such purpose(s).
    • The categories of third parties to whom we disclose your Personal Information.
    • The categories of Personal Information we have Sold or Shared, if any, about you and the categories of third parties to whom your personal information was Sold or Shared.
    • The categories of Personal Information we have disclosed for a Business Purpose, if any, about you and the categories of persons to who it was disclosed for a Business Purpose.
    • The specific pieces of Personal Information we have Collected about you.
  • Request for Deletion You may have the right to request we delete your Personal Information.
  • Request for Correction. You have the right to request the correction or rectification of inaccurate information in your Personal Information
  • Request for Portable Data. You have the right to receive, in certain circumstances, a portable format of your Personal Information that allows the data to be transmitted to another entity.
  • Do Not Sell or Share My Personal Information. You the right to opt out of the Sale or Sharing of your Personal Information. Please see below for details of whether we Sell or Share your Personal Information.
  • Limiting the Use of Sensitive Personal Information. You have the right to direct us to use or disclose Sensitive Personal Information only for providing goods or services, or as otherwise minimally permitted under applicable law. Note that we do not use or disclose Sensitive Personal Information for any purpose other than providing our goods and services to you, or as otherwise permitted under applicable law.
  • Third Party Marketing. If you are one of our customers, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information to third parties for the third parties’ direct marketing purposes. We do not disclose your personal information to third parties for the third parties’ direct marketing purposes.
  • Right to Equal Service & Price. You have the right to receive equal service and price, even if you exercise a privacy right. 

           3.2.2. Additional Disclosures

The CCPA defines a specific list of categories of Personal Information and requires that we indicate each category of personal information we collect, why we collect it, where we get it from, and to whom we disclose it for a business purpose. Each of these is addressed below.

               3.2.2.1. Categories of Personal Information Collected and disclosed in the previous 12 months

The categories of Personal Information we have Collected about Consumers in the previous 12 months is set out below as well as those we have disclosed for a Business Purpose. 

CCPA Category Collected Disclosed
(A) Identifiers such as real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers. Yes Yes
(B) Consumer Records (Personal Information described in subdivision (e) of s. 1798.80 of the Californian Civil Code) including name, signature, social security number, physical characteristics or description, telephone number, state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Yes Yes
(C) Protected characteristics (as set out under California or federal law)  Yes Yes
(D) Commercial information including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Yes Yes
(E) Biometric information. No No
(F) Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement. Yes Yes
(G) Geolocation data. Yes Yes
(H) Audio, electronic, visual, thermal, olfactory, or similar information. No No
(I) Professional or employment-related information. No No
(J) Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, Sec. 1232g; 34 C.F.R. Part 99)  No No
(K) Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behaviour, attitudes, intelligence, abilities, and aptitudes. Yes Yes
(L) Sensitive Personal Information Yes Yes

Note that we do not use or disclose Sensitive Personal Information for any purpose other than providing our goods and services to you, or as otherwise permitted under applicable law.

               3.2.2.2. Categories of Personal Information Sold or Shared in the previous 12 months

We have not Sold or Shared any Personal Information of Consumers in the previous 12 months.

               3.2.2.3. Sources from which Personal Information is Collected

Information about the sources from which Personal Information is Collected is set out in the ‘How we collect your Data’ section of the part of this Privacy Notice that relates to how you are interacting with us.

               3.2.2.4. Business or Commercial Purpose for Collecting, Selling or Sharing Personal Information

Information about our Business or Commercial Purposes is set out in the ‘How we use your Data’ section of the part of this Privacy Notice that relates to how you are interacting with us.

               3.2.2.5. Categories of third parties to whom we disclose Personal Information

Information about the categories of third parties to whom we disclose Personal Information is set out in the ‘Recipients of your Data’ section of the part of this Privacy Notice that relates to how you are interacting with us.

3.3. How to Exercise Your Rights

If you wish to exercise any of your rights, please contact us the details set out in 1.2 above

Alternatively, if you wish to object to our use of your email address for direct marketing, please click on the ‘unsubscribe’ link at the bottom of any of our marketing emails.

3.4. No Fee Usually Required

You will not have to pay a fee to access your Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

3.5. What We May Need From You

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

3.6. Time Limit to Respond

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.