Individual Data Privacy Rights Under Data Privacy Laws

How Airship supports individual data privacy rights under applicable data privacy laws, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA)

In the course of Airship’s customers use of the Airship platform (Service), Airship may process Personal Data on behalf of our customers. In that capacity, Airship is the Data Processor and our customer is the Data Controller. The Service provides Customer with a number of controls that Customer may use to retrieve, correct, delete, or restrict personal data, which Customer may use to assist it in connection with its obligations under the applicable data privacy laws including, for example, its obligations relating to responding to requests from data subjects or applicable data protection authorities. To the extent Customer is unable to independently access the relevant personal data within the Service, Airship will provide reasonable cooperation to assist Customer (at Customer’s cost to the extent legally permissible) to respond to any requests from data subjects or applicable data protection authorities relating to the processing of personal data via the Service.

 Note

While this documentation corresponds to the relevant articles under the GDPR, these APIs may be used to respond to similar requests from individuals under other applicable data privacy laws.

Article 15: Right of access

Airship makes available the following APIs to support Customer’s extraction of a data subject’s personal data from Customer’s account on Airship:

Article 16: Right to rectification

Airship makes available the following APIs for Customer to use to rectify inaccurate information for a data subject:

Article 17: Right to erasure

Airship supports Customers to comply with the data subject’s right to erasure in accordance with the following process:

  • Channel Uninstall API can be used to remove all data associated with a channel id from the UAservice. See the Channel Uninstall API for instructions and examples.
  • Named User Uninstall API removes the Named User and all channel data associated with the Named user from the UA service. See the Named User Uninstall API for instructions and examples.
  • Customer must provide the specific ID associated with the specific data subject.,Ex:,the hashed ID used as the “Named User” value, the device token or the channel ID.
  • Customer is responsible for updating its own configuration and use of the Airship Service so that the information regarding the same data subject is no longer provided to Airship.

Article 18: Right to restrict processing

Airship supports opt-in and opt-out or subscribe and unsubscribe controls included as part of the consent process implemented by Customer for its digital assets being used with the Service.

In addition, Airship provides the following additional opt-out mechanisms that customers can implement to support this right to restrict processing:

Article 19: Notification obligation regarding rectification or erasure of personal data or restriction of processing

If Customer has configured its account on the Service to transmit data to its own servers or to third party applications, Customer has access to that information within the user interface of the Service for purposes of Customer providing notice to data subjects.

Article 20: Right to data portability

Airship makes available the following APIs to support Customer’s extraction of a data subject’s personal data from Customer’s account on Airship:

Once extracted, Customer can provide a copy to the applicable data subject.

Article 21: Right to object

Airship supports opt-in and opt-out or subscribe and unsubscribe controls included as part of the consent process implemented by Customer for its digital assets being used with the Service. In addition, Airship provides the following additional opt-out mechanisms that customers can implement to support data subject’s right to restrict processing:

Article 22: Automated individual decision-making, including profiling

Customer is responsible for ensuring that its use of the Service does not result in a data subject being subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.