Last revised: February 2023
At the Cayman Islands Airports Authority (“CIAA”), we are committed to protecting your privacy and safeguarding your personal, business and financial data. This Privacy Statement applies to the CIAA.
The purpose of this Privacy Statement is to inform you about the types of Personal Data, as defined below, that the CIAA processes. It explains how we use and disclose that data, the choices you have regarding such use and disclosure, and how you may correct that data.
This Privacy Statement is designed to meet the standards prescribed by Cayman Islands Data Protection Act (“DPA”) and best practice.
From time to time, we may make changes to this Privacy Statement. The Privacy Statement is current as of the “Last revised" date which appears at the top of this page.
We will treat Personal Data in a manner consistent with the Privacy Statement under which it was collected and our Data Protection Policy, unless we have your consent to treat it differently. This Privacy Statement applies to any information we collect or receive about you, from any source.
"Personal Data" is any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that natural person. This data may include, but is not limited to, your mailing address, telephone number, email address, Internet Protocol (“IP”) address, age, gender, marital status, health information, financial status, credit card information and credit history.
We will always collect your Personal Data by fair and lawful means (for example, when you engage us to provide services, use the CIAA website or speak to a CIAA representative). We collect Personal Data directly from you, or indirectly from third party sources as otherwise permitted by applicable law.
From time to time, you may voluntarily provide the CIAA with unsolicited Personal Data (e.g. by providing information through the CIAA website). When providing the CIAA with unsolicited information, we ask that you do not provide any sensitive information (e.g. Personal Information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health information) unless you provide us with explicit consent to collect this information from you.
Log files: In order to properly manage the CIAA website, we may anonymously log information on our operational systems, and identify categories of visitors by items such as domains and browser types. These statistics are reported in the aggregate to our webmasters and are generally non-identifiable.
Web beacons: To gather visitor statistics and manage cookies, we use electronic images called a "single-pixel GIF" or "web beacon." Web beacons allow our third-party tracking tools, to gather information such as the IP address of your computer, the time the material was viewed, and the type of Internet browser used to access the page. If you are concerned about the use of Web beacons you can turn off your browser’s cookies. This action will prevent Web beacons from tracking your specific activity; however, the Web beacon may still record a visit from your IP address.
Personal Data provided to us by our clients is primarily stored on servers maintained by the CIAA. However, except where restricted by contractual arrangements or legal requirements applicable to specific clients, the CIAA may also leverage the services of select third party service providers. Personal Data that is "in the cloud" may be stored on multiple servers in a number of locations around the world. However, data transmitted to other countries may be subject to the laws and lawful disclosure requirements of the jurisdiction(s) where the information is stored.
We generally use your Personal Data for the following purposes (the "Purposes"):
We identify the purposes for which we use your Personal Information at the time we collect such information from you. We will also identify relevant conditions of processing to ensure our activities are lawful under the Data Protection Act. When you provide us with consent to use your Personal Data, your consent covers all processing activities carried out for the same purpose or purposes. When the use of your Personal Data has multiple purposes, the CIAA will seek your consent for each separate purpose for which the Personal Data will be used.
We identify to whom, and for what purposes, we will or may disclose your Personal Data, at the time we collect such data from you.
For example, we may transfer your Personal Data to third party service providers with whom we have a contractual agreement that includes appropriate privacy standards, where such third parties are assisting us with the Purposes — such as service providers that provide data storage or processing.
In addition, we may send Personal Data outside of the Cayman Islands for the purposes set out above, including for process and storage by service providers in connection with such purposes. These service providers will be required to have equal, adequate protection in line with Cayman Data Protection Act requirements.
To the extent that any Personal Data is out of the jurisdiction of the CIAA that you are dealing with, it is subject to the laws of the country in which it is held, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country.
We generally obtain your consent prior to collecting, and in any case, prior to using or disclosing your Personal Data for any purpose. You may provide your express consent to us either orally, electronically or in writing. You may also consent to the CIAA collection, use and disclosure of Personal Information by voluntarily providing us with Personal Information through a clear, affirmative action (e.g. by submitting an information request, participating in a survey, etc.).
We will not, as a condition of the supply of our services or products, require you to consent to the collection, use, disclosure or protection of information beyond that which is required to fulfill the specified and legitimate purposes for which the information is being collected.
With respect to the CIAA website, should visitors subsequently choose to unsubscribe from mailing lists or any registrations, visitors may send us an email using the Contact Us page.
We ensure that all affiliates and other third parties, which are retained to perform services on our behalf and are therefore provided with Personal Data, are contractually required to observe the intent of this Privacy Statement and the CIAA privacy and data security policies and practices. When providing information to affiliates and/or third parties, the CIAA complies with the requirements of the Cayman Data Protection Act.
We may keep a record of your Personal Data, correspondence or comments in a file specific to you. We will use, disclose or retain your Personal Data for as long as necessary to fulfill the purposes for which that Personal Data was collected, or as permitted or required by law.
If you make a written request to review any Personal Data about you that we have collected, utilised or disclosed, we will provide you with any such Personal Data as permitted or required by law. We will make such Personal Data available to you in a form that is generally understandable and will explain any abbreviations or codes. To submit a written access request, or to obtain further information with respect to your access rights, you may contact us as indicated in the “Contact Us” section below.
We will ensure that your Personal Data is kept as accurate, complete and up-to-date as possible. We will not routinely update your Personal Data, unless such a process is necessary. We may request, from time to time, that you supply us with written updates to your Personal Data, as required.
At any time, you can challenge the accuracy or completeness of your Personal Data in our records. If you successfully demonstrate that your Personal Data in our records is inaccurate or incomplete, we will amend the Personal Data as required. Where appropriate, we will transmit the amended information to third parties having access to your Personal Data.
Unless we advise you to the contrary, we will respond to each of your written requests not later than 21 days after receipt of such requests. We will advise you in writing if we cannot meet your requests within this time limit. As prescribed in Cayman Data Protection Act, you have the right to make a complaint to the appropriate authority in respect of this time limit.
In many circumstances we will be able to provide you with the requested information free of charge. However, in certain circumstances in which we may lawfully charge a fee covering the cost or providing the requested data and information or even may lawfully refuse to act on the request. If a fee is payable, then we will generally need to receive it before we can disclose the requested information. However, we will not charge any costs for you to access your Personal Data in our records or to access our Data Protection Policy or practices without first providing you with an estimate of the approximate costs (if applicable and as permitted under relevant law). You may withdraw your requests for access to information by notifying us within the notice period disclosed on the estimate.
We may request that you provide sufficient identification to permit access to the existence, use or disclosure of your Personal Data. Any such identifying information shall be used only for this purpose.
We have implemented physical, organisational, contractual and technological security measures to protect your Personal Data from loss or theft, unauthorised access, disclosure, copying, use or modification. The only employees who are granted access to your Personal Data are those with a business 'need-to-know' or whose duties reasonably require such information.
For all comments, questions, concerns or complaints regarding your Personal Data or our Data Protection policy, contact us using the details below:
Cayman Islands Airports Authority
298 Owen Roberts Drive
P.O. Box 10098
Grand Cayman KY1-1001
Tel: +1 345 943 7070