Contact details of the Data Controller: AVIA SOLUTIONS GROUP (ASG) PLC, Legal entity code: 727348, address: Building 9, Vantage West, Central Park, Dublin, D18 FT0C, Ireland (hereinafter “We”, “Ours”, “Company”) process the personal data of its’ customers, potential customer, employees, candidates to employees, suppliers, partners etc. (hereinafter - you, your) personal data in accordance with the provisions of the legal acts regulating the legal protection of personal data and applying the highest technical and legal standards of protection and taking all necessary measures to prevent possible breaches of personal data protection. This Privacy Policy (hereinafter referred to as the "Privacy Policy") sets out the basic rules for the collection, processing and storage of your personal data and other information related to you, the scope, purposes, sources, recipients of your personal data and your rights as a personal data subject and other important aspects of your use of the Company’s services. This information is important, so we hope you will read it carefully.
As used in this Privacy Policy, the term “personal data” (the “Personal Data”) means any information about you relating to you as a natural person, a data subject whose identity is known or can be directly or indirectly identified through the use of certain data (e.g. name, surname, personal identification number, address, telephone number, etc.).
In processing the personal data, we responsibly comply to the regulation No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”), and other directly applicable legal acts regulating the protection of personal data, as well as instructions from competent authorities.
In the event that you provide us with personal information other than your own (for example, identifying another person as a beneficiary), please inform them of this Privacy Policy and its contents.
If the user of the services is a legal entity, this Privacy Policy applies to natural persons whose personal data is transferred to us by a legal entity. The user must duly comply with Art. 14 of the GDPR. to inform data subjects (managers, beneficiaries, representatives, etc.) about the transfer of their personal data to the Company.
If you have any questions regarding this Privacy Policy or requests regarding the processing of your personal data, please contact our Data Protection Officer by email: [email protected].
By visiting the Company's websites and / or using the information contained therein and / or our services, you acknowledge and confirm that you have read and understood this Privacy Policy.
TO WHOM THE PRIVACY POLICY APPLIES
This Privacy Policy applies to our website https://aviasg.com/ (regardless of which device you are using) and any service provided by the Company or other activities of the Company where personal data is being process.
This Privacy Policy does not apply to links to other entities websites provided on our websites; therefore, we recommend that you read the personal data processing rules applied on such websites.
When processing your personal data, we:
The purpose of the processing of personal data. Why we process personal data? |
The categories of processed personal data. What kind of categories of personal data we process? |
On what legal basis do we process personal data? |
The period of processing |
Administration of our website |
When you visit our website, data about your browsing on the Website is collected using cookies. We use necessary / technical cookies to ensure the proper functioning of the Website and / or other third-party cookies to improve your browsing experience (i.e., to consider your needs, to continuously improve the website and to make offers that suit your interests). |
Data using cookies and similar technologies related to Internet browsing, etc. are collected (processed) in accordance with Article 6 Part 1. a) of the GDPR, i.e., with your consent (except for necessary cookies). |
You can find more information about cookies and their storage terms on our website https://aviasg.com/en/policies/cookie-policy
|
Responding to your general enquiries or requests of information |
Our website or other public business channels provide com contacts where you can contact us to consult us on issues that concern you. We will accept, review, and respond to all your messages. If you contact us by e-mail, regular mail, or phone, we may process the following personal data of yours: name, surname, e-mail, postal address, and the text of the correspondence and / or attached documents. This data will be processed for the administration of your enquiry. Please note that we may need to contact you to provide with a reply to your enquiry so be sure to share accurate contact data of yours. |
All personal data you provide when communicating with us is used only for the purposes of reviewing, and responding messages, administering (managing) communication flows and providing you with a response. We will process the said personal data in accordance with Article 6 Part 1. a) of the GDPR, i.e., with your consent, which you express by contacting us by e-mail, mail, or phone. |
Communication with you will be handled until the enquiry is fully processed and stored for one year from the date of the last communication with you unless there is another legitimate purpose for storing it longer (e. g. business contract with you has been concluded and communication material can be considered as the proof of negotiation). |
Drawing up and executing contracts for the purchase and sale of services |
We may process name, surname, contact information, position in the company you represent, signature, other information required for negotiations, concluding, and performing of contracts. |
We will process in accordance with Article 6 Part 1. b) of the GDPR, i. e. to conclude a contract with you and perform it, as well as Article 6 Part 1. c) of the GDPR., i.e., we are subject to a legal obligation to keep contracts and accounting documents and Article 6 Part 1. f) of the GDPR, i.e., our legitimate interest in asserting and / or defending our legal claims (where applicable). |
Contracts and accounting documents (in physical and electronic form) are kept for 10 years from the date of full performance of the contract. |
Onboarding and due diligence procedure for counterparties |
Depending on whether a counterparty is a natural person or legal entity and if the latter depending on your status in the company, we may process the following personal data: Name, surname, date of birth, nationality, occupation, valid ID/passport number, data on whether the client is a politically exposed person, residential and registered address details, phone number, e-mail address, bank information (account number), relationship with the third party (if payment will be made by the third party), source of funds/wealth (if payment will be made in cash), signature, role/position in the company, occupation, information about reputation from public sources. We also process personal data collected within provided copies of documents: Identity Card or Passport; Official documents of authorities verifying the identity and the place of residence; Documentation proving the source of funds/wealth; Articles of Association authorizing the representative of a legal entity; Certificate of Incorporation or its equivalent; Certificate of Directors or copy of CEO (or other principal management body) appointment document. |
Personal data for onboarding and due diligence is processed in accordance with: - Article 6 Part 1. c) of the GDPR, i.e., our legal obligation to monitor and implement the international and/or national sanctions. - Article 6 Part 1. f) of the GDPR, i.e., our legitimate interest to fulfil the requirements for money laundering and financing terrorism prevention, prevention of corruption, bribery, and fraud to be legitimate, reliable, and reputable business to our counterparties and authorities. |
We will process for no longer than 5 years unless longer storage of personal data and related documents will be required by applicable laws, legal regulations, or institutional/state authorities, or will be necessary for the defence in the judicial process.
For more details of personal data processing for onboarding and due diligence please check the Privacy notice https://aviasg.com/upload/policies/Onboarding-and-Due-Diligence-Privacy-Notice.pdf?v=1.0.1 |
Whistleblowing Policy – prevention of adverse effects to whistle-blower, investigation of disclosure and perpetrated or suspected infringement. |
We may process name, surname, contact information, position in the company, other information provided voluntarily by a whistle-blower or processed by ASG or any of its subsidiaries – for the purpose of investigation of the perpetrated or suspected infringement. In principle, we do not request or process any special categories of personal data (e.g., information about health, racial and/or ethnic origin, religious and/or ideological convictions, trade union membership or sexual orientation), unless such special categories of personal data are voluntarily disclosed by the whistle-blower or other concerned persons. |
Your personal data shall be processed in accordance with: - Article 6 Part 1. c) of the GDPR, i.e., legal obligation to establish an internal reporting channel to which we are subject. - Article 6 Part 1. f) of the GDPR, i.e., our legitimate interest to handle fraud, corruption or other wrongdoings in the Company and to defend against requirements and/or claims and investigations of the competent authorities, litigations (if any) or, if necessary, to keep such data regarding possible investigations on allegedly illegal or criminal acts. |
We will process your personal data collected during the whistleblowing procedure no longer than 5 years unless longer storage of personal data and related documents will be required by applicable laws, legal regulations, or authorities, or will be necessary for the judicial process. For more details of personal data processing for whistleblowing procedure please check the Privacy notice (https://trust-line.aviasg.com/files/privacy_notice.pdf?v=1.0.4 ). |
Selection of candidates for employees (recruiting) |
Considering the requirements of the position applied we may collect, assess, and store the following personal data about you: name, surname, age or date of birth, your e-mail address, phone number, address of the place of residence, information on language proficiency, computer skills, information about expected salary, educational background, profession, working experience and projects you have been involved with, attended courses, training sessions, seminars, development of qualification, licenses held, accumulated hours on A/C and other information regarding flights (for pilots and cabin crew), social media accounts, pictures and other information that you may wish to provide in your CV, motivation letter, interviews, also our remarks and assessment of your suitability to perform the duties of a particular position. |
We will process the said personal data in accordance with: - Article 6 Part 1. a) of the GDPR, i.e., with your consent, which we presume when you proactively apply for a job or when we get information about your candidacy data from job search portals, recruiting agencies or from publicly accessible sources, business-related social media or platforms we presume that you are aware and consented or there is an assessed legitimate interest where you had the right to object. - Article 6 Part 1. f) of the GDPR, i.e., our legitimate interest to have a common and coordinated policy on the selection of personnel and human resources management and to share the information about your candidacy within other Avia Solutions Group companies. |
We will process the personal information for the recruiting process for 6 (six) months from getting your application unless the selection process continues longer than the indicated period.
When you are unsuccessful in your application for a concrete position and you do not object for further sharing your data within all Avia Solutions Group companies or you provide your candidacy information to dispose to Avia Solutions Group companies by your consent the personal data will be stored for 3 years from the end of selection process for the position you applied or from receiving the data.
For more details of personal data processing for selection of candidates please check the Privacy notice (https://careers.aviasg.com/en/candidate-privacy-policy ).
|
Video surveillance (for the safety of individuals and property) |
Image and other objects relating to personal data (e.g. vehicle registration plates) |
Video recording and storing is processed in accordance with Article 6 Part 1. f) of the GDPR, i.e., our legitimate interest to protect the safety of property and individuals and to have evidential material for incident or fraud investigation. |
Video records stored for up to 30 days. |
Providing with news, promotions, newsletters, information about products and invitations to events (direct marketing) |
When we obtain your explicit consent, we will use your e-mail address and (or) telephone number for direct marketing.
When you are our customer and have not objected to direct marketing of similar services or products, we will process your e-mail address.
|
Personal Data for direct marketing is processed in accordance with Article 6 Part 1. a) of the GDPR, i.e., with your consent or Article 6 Part 1. f) of the GDPR, i.e., our legitimate interest to offer you a similar goods/services to ones you have purchased from us and to get your feedback about purchased goods/services. |
Your data will be used for direct marketing purposes for 3 years after your consent is obtained or until you withdraw your consent. We consider you to be our customer: |
Management of shareholders’ and UBO’s rights and the Company’s responsibilities to authorities regarding corporate regulation |
We may collect your name, surname, home address, email address, telephone number, bank account details, date of birth, number shares, structure of shareholding, communication with the Company (including your voice and / or image captured during general meetings, organized online) , data used for registration to meetings, drawing up of voting lists and, where applicable, minutes of the general meeting. |
We process in accordance with: - Article 6 Part 1. c) of the GDPR, i.e., our legal obligation to communicate and implement the rights of shareholders, to meet responsibilities to tax authorities or other law enforcement. - Article 6 Part 1. f) of the GDPR, i.e., our legitimate interest to administer shareholders’ and UBO’s rights.
|
Personal data is only processed for as long as it is necessary to fulfil the purpose of the processing, or as long as the Company is required to store such data by law. For more details of personal data processing please check the Privacy notice https://aviasg.com/en/policies/shareholder-and-ubo-data-privacy-notice |
Please be additionally advised that if you do not provide personal data, the provision of which to the Company is necessary to ensure compliance with the requirements of legal acts and / or the conclusion and / or performance of the contract, we will not be able to provide you with services or conclude another transaction.
We also particularly note that when you contact details are processed for direct marketing you may at any time refuse our newsletters or other promotional messages by clicking on a link in our outgoing newsletters and/or messages or write [email protected].
Please know that “Legitimate interest” means our interest to enhance our services, products, to manage the processes of businesses and activities. We consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests.
Be informed as well that we will retain your personal data for as long as necessary to achieve and fulfil the purposes following the terms set out in this Privacy Policy, unless longer storage of personal data and related documents is required by applicable laws and regulations or is required for the defense of the Company’s legitimate interests in judicial, other public institutions etc. We ensure and take all necessary measures to avoid storing outdated or unnecessary personal data about you.
We responsibly implement appropriate organisational and technical personal data security measures intended for the protection of personal data against accidental or unlawful destruction, alteration and disclosure as well as against any other unlawful processing. The security measures we implement include the protection of personnel, information, IT infrastructure, internal and public networks as well as office buildings and technical equipment.
In the event of personal data breach of security that could seriously jeopardise your rights or freedoms and determine the circumstances with which unauthorised access to personal data has been obtained, we will immediately inform you about it.
We may share some of your personal data with the following categories of third parties:
As a general rule, your personal data will be processed in the countries of the European Economic Area (hereinafter - EEA). However, in certain cases, your personal data may be transferred to non-EEA countries. Please note that in non-EEA states, personal data may be subject to less protection than within the EEA, but we carefully evaluate the conditions under which such data will be processed and stored after being transferred to the above-mentioned entities.
Please note that if the European Commission has determined that the third country, territory or one or more specified sectors in that third country or international organization concerned provides an adequate level of personal data protection, the transfer must take place in the same manner as in the EEA. Please be informed that you can have access to the information as to the states in respect of which the decision of the European Commission has been taken, here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
In other cases, we take all necessary measures to ensure that your personal data is transferred to the recipient safely processing the data. The tools we use: a contract with a non-European recipient of personal data includes specific clauses for the secure processing of the data. In certain cases, we ask for your consent to transfer your data outside the Republic of Lithuania or the EEA.
We do not normally use automated decision-making under Article 22 of the GDPR to initiate and execute contractual relationships. Should we apply this procedure in individual cases, we will inform you separately, if required by law.
We process your personal data in a partially automated way in order to assess certain personal aspects (hereinafter - Profiling). We use profiling, for example, when we are required by law to prevent money laundering or manage financial risk.
We guarantee the implementation of these rights and the provision of any related information at your request or in case of your query:
In order to exercise your rights, please send us the request by e-mail [email protected].
Upon receipt of your request, we may ask you to provide proof of your identity or other identifying information to ensure that we are exercising your rights as a data subject and to prevent unauthorized disclosure of personal data or information to others who are not entitled to it. If we are unable to identify you, we will not be able to exercise your rights as a data subject.
We provide information about the processing of your personal data free of charge. If your request is unfounded, repetitive or disproportionate, we may charge a fee commensurate with our administrative costs.
Upon receipt of your request, we will respond to you within 30 calendar days of receipt of your claim and the due date for submission of all documents necessary to prepare the answer.
In exceptional circumstances, which may require us to have additional time, the deadline for replying may be extended for a further two months, depending on the complexity of the situation. In this case, it is mandatory to inform the Data Subject in writing about such extension within 1 (one) month from the receipt of the request and indicate the reasons for the delay. If we think we need to, we will stop the processing your personal data, except for storage, until your application is resolved. If you have legally waived your consent, we will immediately terminate the processing of your personal data and within no more than 30 calendar days, except in the cases provided for in this Privacy Policy and in the cases provided for by law when further processing of yourpersonal data is binding on us by the legislation in force, the legal obligations we are facing, court judgements or binding instructions from the authorities. The responce will be provided in the same way as your request was received.
By refusing to comply with your requirement, we will clearly indicate the grounds for such refusal.
If you disagree with our actions or the response to your request, you can complain to the competent state authority (the list of supervisory authorities by each EU countries: https://edpb.europa.eu/about-edpb/board/members_en). In all cases, we recommend that you contact us before making a formal complaint so that we can find the right solution.
We may, from time to time, expand or reduce the scope of our business operations and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this notice, be permitted to use that data only for the same purposes for which it was originally collected by us.
Our website may contain links to other websites, which are not operated by us. We have no control over how your data is collected, stored, or used by such other websites and we advise you to check the privacy policies of any such websites before providing any data to them.
When you visit social networks, your personal data is processed by a specific social network, and we start processing your personal data when you visit Avia Solutions Group on social networks. Through various social media channels, we want to introduce you to our wide range of services / products and exchange ideas and opinions with you on important topics.
Your personal data provided on the social network is processed for the following purposes:
Unless explicitly stated otherwise, the legal basis for data processing is Article 6 part 1 point (f) of the GDPR. Our legitimate interests are to be able to answer your messages or questions and analyze our availability on social networks, to present our products and services. To the extent that you wish to enter into a contractual relationship with us with your request, the legal basis for such processing is Article 6 part 1 point (b) of the GDPR.
If we intend to process your personal data for any other purpose not mentioned above, we will notify you prior to such processing.
Our pages on social networks are managed by specific social networks, so when you visit them, the processing of personal data is based on the social network privacy policies. With some social networks, depending on the social network policy, the purposes and scope of the processing, we are considered as joint data controllers.
Currently we use these social networks:
FB: https://www.facebook.com/AviaSolutionsGroup
Linkedin: https://www.linkedin.com/company/avia-solutions-group/
Instagram: https://www.instagram.com/aviasolutionsgroup/
Youtube: https://www.youtube.com/user/AviaSG
Twitter: https://twitter.com/AviaSG
Tiktok: https://www.tiktok.com/@aviasolutionsgroup
Name of the social network and its Privacy Policy |
Personal Data we process |
Personal Data we process as joint data controllers |
You can read their privacy policy by clicking here: https://www.facebook.com/policy.php |
Your Facebook username, when you comment, react to the publication, share posts, write us messages, Your activities on our site, e.g. Your page views, duration statistics, query, comment information, and more. |
We use statistical information (visits to our website, range of contributions, visits and average video transmission times, information about the countries and cities from which our visitors come, age range, gender). We receive anonymous statistics from Facebook through their service. The data controllers’ agreement can be found here: https://www.facebook.com/legal/terms/page_controller_addendum] |
You can read their privacy policy by clicking here: https://help.instagram.com/519522125107875/?helpref=uf_share |
Your Instagram username, when you comment, react to the publication, share posts, share content in stories section, write us messages, Your activities on our site, e.g. Your page views, duration statistics, query, comment information, and more. |
We use statistical information (visits to our website, range of contributions, visits and average video transmission times, information about the countries and cities from which our visitors come, age range, gender). We receive anonymous statistics from Instagram through their service. The data controllers’ agreement can be found here: https://help.instagram.com/494561080557017/?helpref=hc_fnav |
You can read their privacy policy by clicking here: https://www.linkedin.com/legal/privacy-policy |
Your LinkedIn username, when you comment, react to the publication, share posts, write us messages, Your location indicated on the personal account, Your activities on our site, e.g. Your page views, duration statistics, query, comment information, and more. |
We use statistical information (visits to our website, range of contributions, visits and average video transmission times, information about the countries and cities from which our visitors come, age range, gender). We receive anonymous statistics from LinkedIn through their service. The data controllers’ agreement can be found here: https://www.linkedin.com/legal/l/dpa |
You can read their privacy policy by clicking here: https://twitter.com/en/privacy |
Your Twitter username, when you tweet, retweet (share) the tweet, quote, mention, write us messages, Your activities on our site, e.g. Your page views, duration statistics, query, comment information, and more. |
We use statistical information (visits to our website, range of contributions, visits and average video transmission times, information about the countries and cities from which our visitors come, age range, gender). We receive anonymous statistics from Twitter through their service. The data controllers’ agreement can be found here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html |
YouTube You can read their privacy policy by clicking here: https://www.youtube.com/howyoutubeworks/our-commitments/protecting-user-data/
|
Your YouTube username, when you comment, interact with content. |
If you are logged in with YouTube, you agree to YouTubes terms of use, privacy and cookie policies and to YouTubes processing of your personal data, at which we have no control over. If you are not registered with YouTube, YouTube may still perform statistical analysis of your personal data when you access our YouTube channel and provide us with anonymized statistics on this. We use statistical information. Processed data types: - Inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers); - Content data (videos etc.); - Usage data (e.g. websites visited, interest in content, access times, video views, video likes, comments, purchases etc.), meta/communication data (e.g. device information, IP addresses). Video Statistics: - Number of subscribers and changes - Watch time data (duration, stoppage time, retention rate) - Demographics (gender distribution, age, places of origin, use of devices etc.)
We receive anonymous statistics from Youtube through their service. The data controllers’ agreement can be found here: https://business.safety.google/controllerterms/ |
Tiktok You can read their privacy policy by clicking here: https://www.tiktok.com/legal/page/row/privacy-policy/en
|
You
Your TikTok username, when you comment, interact with content. |
We use statistical information. We receive anonymous statistics from Tiktok through their service. TikTok collects this data: - The videos you watch and rewatch - The videos you comment on - The keyboard rhythms you have when you type - Your phone and location data - Clipboard data - Private messages and contacts - Any information you share while creating your account - Information from linked social media accounts. The data controllers’ agreement can be found here: https://ads.tiktok.com/i18n/official/article?aid=998850064133680764 |
We reserve a right to change this Privacy Policy unilaterally from time to time (for example, if the law changes). Any changes will be immediately posted on our websites. We recommend that you check this page regularly to keep up-to-date.
This Privacy Policy applies from the date it is posted on the Websites. Last review of the Privacy Policy: 01.03.2023.