WHO WE ARE AND HOW TO CONTACT US
As used herein, the term “personal data” (hereinafter referred to as “Personal Data”) means any information about you that relates to you as a natural person, the data subject, who is known or identifiable, directly or indirectly, by reference to certain data (e.g. name, surname, personal identification number, address, telephone number, etc.).
When processing the Personal Data, we responsibly comply with the Regulation No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”) and the Act 18/2018 Coll. on the Protection of Personal Data, and on amending and supplementing certain acts, and other directly applicable legislation governing the protection of Personal Data, as well as the instructions of the competent authorities.
WHAT PRINCIPLES DO WE FOLLOW?
When processing your Personal Data, we:
- comply with the applicable and effective legislation, including GDPR;
- process your Personal Data in a lawful, fair and transparent manner;
- collect your Personal Data for the specific, clearly defined and legitimate purposes and will not further process it in a way that is inconsistent with those purposes, except to the extent permitted by law;
- take all reasonable steps to ensure that Personal Data, which are inaccurate or incomplete in relation to the purposes, for which they are processed, are rectified, completed, suspended or destroyed without delay;
- keep them in such a form that your identity can be established for no longer than is necessary for the purposes, for which the Personal Data is processed;
- ensure that your Personal Data is processed in a manner that ensures adequate security of Personal Data through appropriate technical or organizational measures, including protection against unauthorized or unlawful processing of Personal Data, and against accidental loss, destruction, or damage. Contact details of our Data Protection Officer: [email protected].
WHAT PERSONAL DATA WE PROCESS, FOR WHAT PURPOSE AND ON WHAT BASIS
|The purpose of the processing of personal data. Why we process personal data?
|The categories of processed personal data. What kind of categories of personal data we process?
|On what legal basis do we process personal data?
|The period of processing
|Administration of our website
|When you visit our website, data about your browsing on the Website is collected using cookies. We use necessary / technical cookies to ensure the proper functioning of the Website and / or other third-party cookies to improve your browsing experience (i.e., to consider your needs, to continuously improve the website and to make offers that suit your interests).
|Data using cookies and similar technologies related to Internet browsing, etc. are collected (processed) in accordance with Article 6 Part 1. a) of the GDPR, i.e., with your consent (except for necessary cookies).
You can find more information about cookies and their storage terms on our website
|Responding to your general enquiries or requests of information
|Our website or other public business channels provide contacts where you can contact us to consult us on issues that concern you. We will accept, review, and respond to all your messages. If you contact us by e-mail, regular mail, or phone, we may process the following personal data of yours: name, surname, e-mail, postal address, and the text of the correspondence and / or attached documents. This data will be processed for the administration of your enquiry. Please note that we may need to contact you to provide with a reply to your enquiry so be sure to share accurate contact data of yours.
|All personal data you provide when communicating with us is used only for the purposes of reviewing, and responding messages, administering (managing) communication flows and providing you with a response. We will process the said personal data in accordance with Article 6 Part 1. a) of the GDPR, i.e., with your consent, which you express by contacting us by e-mail, mail, or phone.
|Communication with you will be handled until the enquiry is fully processed and stored for one year from the date of the last communication with you unless there is another legitimate purpose for storing it longer (e. g. business contract with you has been concluded and communication material can be considered as the proof of negotiation).
|Video surveillance (for the safety of individuals and property)
|Image and other objects relating to personal data (e.g. vehicle registration plates)
|Video recording and storing is processed in accordance with Article 6 Part 1. f) of the GDPR, i.e., our legitimate interest to protect the safety of property and individuals and to have evidential material for incident or fraud investigation.
|Video records stored for up to 30 days.
HOW WE PROCESS YOUR PERSONAL DATA
Please know that “Legitimate interest” means our interest to enhance our services, products, to manage the processes of businesses and activities. We consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests.
HOW LONG WE WILL KEEP YOUR PERSONAL DATA.
We ensure/take all necessary measures to prevent the storage of any outdated or unnecessary Personal Data about you and to keep your Personal Data up-to-date and accurate.
HOW DO WE PROTECT YOUR DATA?
We responsibly implement the appropriate organizational and technical data security measures designed to protect Personal Data against accidental or unlawful destruction, alteration, and disclosure, as well as against any other unlawful processing. The security measures we put in place include the protection of employees, information, IT infrastructure, internal and public networks, as well as office buildings and technical equipment.
In the event of a Personal Data breach that could seriously jeopardize your rights or freedoms, and after becoming aware of the circumstances, under which the unauthorized access to Personal Data was obtained, we will inform you without delay.
TO WHOM YOUR DATA IS DISCLOSED
We may share some of your Personal Data with the following categories of third parties:
- any Avia Solutions Group company (listed at https://aviasg.com/en/the-group/general-contacts) for the purposes set out herein (for example, for the purposes of contract performance and customer relationship management, onboarding and due diligence of the counterparty, whistleblowing policy, recruitment);
- agents acting on our behalf in connection with the promotion of our services in specific territories;
- companies providing the data centers, hosting, cloud, site management and related services; companies developing, providing, maintaining and developing software; companies providing the information technology infrastructure services; companies providing communication services;
- companies issuing the credit and debit cards that are used to process payment transactions related to the provision of our services, banks and other credit and/or payment companies;
- our professional advisors, auditors, lawyers and/or financial advisors;
- our other service providers (data processors) or our subcontractors;
- notaries, if the contract concluded with you requires a notarial form;
- court officials; entities providing legal and/or debt recovery services; subrogator of the right to claim;
- companies providing the advertising and marketing services;
- companies providing archiving, physical and/or electronic security, asset management and/or other business services;
- pursuant to the law, the state institutions, facilities, etc.;
- law enforcement authorities, at their request or on their own initiative, if suspecting that a criminal offence has been committed, as well as courts and other dispute resolution bodies; tax administrators;
- in the event of a corporate restructuring, transfer/acquisition and/or transfer/acquisition of the business to a third party that obtains and processes Personal Data for the same purposes as set out herein, and/or performs due diligence by our and/or their legal and/or financial advisors, etc.
TRANSFER OF DATA OUTSIDE THE EUROPEAN ECONOMIC AREA
Your Personal Data are generally processed in countries of the European Economic Area (hereinafter referred to as “EEA”). However, in certain cases, your Personal Data may be transferred to the countries outside the EEA. Please, note that the Personal Data may be subject to less protection in the countries outside than within the EEA, but we carefully evaluate the conditions, under which this data will be processed and stored when transferred to the above entities.
Please, note that if the European Commission has determined that a third country, territory or one or more designated sectors in that third country or international organization provides an adequate level of protection for Personal Data, the transfer must take place in the same way as in the EEA. Please, be informed that the information on the countries, in respect of which the European Commission decision has been adopted, can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
In other cases, we take all necessary measures to ensure the secure transfer of your Personal Data to the recipient, who processes it. Tools we use: the contract with the non-European recipient of the Personal Data contains specific provisions on secure data processing. In certain cases, we ask for your consent to the transfer of your data outside the Slovak Republic or the EEA.
DO WE USE AUTOMATED DECISION-MAKING OR PROFILING?
We do not usually use any automated decision-making under Article 22 of the GDPR to initiate and implement the contractual relationships. If we apply this procedure on a case-by-case basis, we will inform you separately if required by law.
We process your Personal Data in a partially automated manner in order to assess certain personal aspects (hereinafter referred to as “Profiling”). For example, we use Profiling when we are required to do so by law, to prevent money laundering or to manage financial risk.
We guarantee the exercise of the following rights and the provision of all related information at your request or in case of your questions:
- to know (be informed) about the processing of your Personal Data;
- to gain access to your Personal Data processed by the data controller;
- to request the rectification or completion, modification of your inaccurate/incomplete Personal Data;
- to request the destruction of Personal Data when they are no longer necessary for the purposes, for which they were collected;
- to request the destruction of Personal Data if it was processed unlawfully, or if you withdraw your consent to the processing of Personal Data or do not provide such consent, if necessary;
- not to consent to the processing of Personal Data, or to withdraw the consent previously given;
- to request the provision of your Personal Data in an easy-to-read format as agreed by you or for the performance of a contract, if technically feasible, or to request the transfer of the data to another controller.
If you wish to exercise your rights, please, send us a request by email at [email protected] or come directly to the Company at The Victoria Barn, Wickham Hall Hadham Road Bishop’s Stortford CM23 1JG United Kindgdom.
Upon receipt of your request, we may ask you to provide proof of your identity or other identifying information to ensure that we are exercising your rights as a data subject, and to prevent the unauthorized disclosure of Personal Data or information to others, who are not entitled to it. If we cannot identify you, we will not be able to exercise your rights as a data subject.
We provide information about the processing of your Personal Data free of charge. If your request is unfounded, repetitive or excessive, we may charge a fee equivalent to our administrative costs.
Upon receipt of your request, we will respond to you within thirty (30) calendar days of receipt of your request, and from the due date for submission of all documents necessary to prepare a response.
In exceptional circumstances, which may require additional time, the deadline for responding may be extended by a further two (2) months depending on the complexity of the situation. In such case, the data subject shall be informed in writing of such extension within one (1) month of receipt of the request, along with reasons for the delay. If we believe it is necessary, we will stop processing your Personal Data, except for storing it, until we have resolved your request. If you have lawfully withdrawn your consent, we will immediately cease processing your Personal Data within thirty (30) calendar days at the latest, except as set out herein, and unless we are required by law to continue to process your Personal Data under applicable law, legal obligations we face, court decisions, or binding instructions from the authorities. The response will be given in the same way as your request was received.
If we refuse to comply with your request, we will clearly state the reasons for such refusal.
If you disagree with our action or the response to your request, you can lodge a complaint with the relevant national authority (list of supervisory authorities by EU country: https://edpb.europa.eu/about-edpb/board/members_en). In all cases, we recommend that you contact us before making a formal complaint so that we can find the right solution.
WHAT HAPPENS IF OUR COMPANY CHANGES ITS OWNER?
From time to time, we may expand or limit the scope of our business activities, which may include the sale and/or transfer of control of all or part of our business. Where relevant to any part of our business that is being transferred, any Personal Data provided by you will be transferred with that part; the new owner or a new controlling party will have the right to use that data only for the same purposes, for which we originally collected it, subject to the terms hereof.
LINKS TO OTHER WEBSITES
Our Website may contain links to other websites that are not operated by us. We have no control over how such websites collect, store or use your data; we encourage you to check their privacy policies before providing any information to such websites.
When you visit social networks, your Personal Data is processed by the specific social network; we start processing your Personal Data when you visit Ascend Airways Limited on social networks. We want to introduce you to our wide range of services/products and exchange views with you on important topics through various social media channels.
Your Personal Data provided on the social network is processed for the following purposes:
- communication with visitors to our social networks;
- answers to visitors’ questions;
- gathering statistical information;
- conducting customer surveys, marketing campaigns, market analyses, sweepstakes, contests, or similar promotions or events;
- if necessary, defending the legitimate interests of the Company in institutions and other cases;
Unless explicitly stated otherwise, the legal basis for the processing of data is referred to in Article 6 (1) (f) GDPR. We have a legitimate interest in being able to respond to your messages or queries and to analyze our availability on social networks, to present our products and services. If you wish to enter into a contractual relationship with us upon your request, the legal basis for such processing is referred to in Article 6 (1) (b) GDPR.
If we intend to process your Personal Data for any other purpose not listed above, we will inform you before such processing.
Our social networking sites are managed by specific social networks; when you visit them, the processing of your Personal Data is governed by the privacy policies of the social networking sites. In some social networks, we are considered to be joint data controllers depending on the social network’s policies, purposes and scope of processing.
Currently we use these social networks:
|Personal Data we process
|Personal Data we process as joint data controllers
|Your Facebook username, when you comment, react to the publication, share posts, write us messages, Your activities on our site, e.g. Your page views, duration statistics, query, comment information, and more.
|We use statistical information (visits to our website, range of contributions, visits and average video transmission times, information about the countries and cities from which our visitors come, age range, gender). We receive anonymous statistics from Facebook through their service. The data controllers’ agreement can be found here: https://www.facebook.com/legal/terms/page_controller_addendum]
|Your LinkedIn username, when you comment, react to the publication, share posts, write us messages, Your location indicated on the personal account, Your activities on our site, e.g. Your page views, duration statistics, query, comment information, and more.
|We use statistical information (visits to our website, range of contributions, visits and average video transmission times, information about the countries and cities from which our visitors come, age range, gender). We receive anonymous statistics from LinkedIn through their service. The data controllers’ agreement can be found here: https://www.linkedin.com/legal/l/dpa
 AVIA SOLUTIONS GROUP PLC, a private limited liability company, established and acting under the laws of the Republic of Ireland, registration code 727348, registration address Building 9, Vantage West, Central park, Dublin 18, D18 FT0C.