In the context of our Group efforts to comply with provisions of the EU Regulation 2016/679 for General Data Protection (GDPR) on data protection and privacy for all individuals, also referred to as data subjects (*) AviationEU Group companies AviationEU Supplies & Services and AviationEU Training Systems & Services, in their capacities as Data Controller and Data Processor, strictly comply with AviationEU Group GDPR policy for transparency, fairness in the collection and safety of data collected from individuals for use in their offered services letting them know for what purpose their data shall be held and used,. This policy applies to all data received from individuals, stored and processed through the AviationEU Group Portal, all our websites and electronic platforms and/or any other means of voice or other means of communications with us such as emails, letters or faxes, in the context of their transactions with our Group companies for the supply and/or the receipt of products or services. In this respect, any and all collected data of individuals shall always be:
i) specific and the minimum required for our Group operations and the provision of our Group services and for which we believe there is a legitimate interest,
ii) collected and used ONLY after the respective consent of the individual,
iii) treated as STRICTLY CONFIDENTIAL and used exclusively for the purpose they are intended and for which permission has been granted,
iv) NOT BE DISSEMINATED in part or in total and in any form to third parties without the prior consent of the individual,
v) possible to be corrected, updated and/or removed at the request of the individual who also retains the right to require information about his/her data being held and processed,
vi) stored and processed by AviationEU Group in a way to safeguard and secure collected data by the Group presonnel trained to understand their obligations as well as suitable physical, electronic and managerial procedures,
vii) held for a given period. If such data are not used for any transaction or activity, they shall be deleted after a maximum period of 5 years.
viii) reported to the Competent National Authority within undue delay and not later than 72 hours in case of personal data breaches that pose a risk to data subjects.
This policy is under regular review and may be adapted pending legislative changes.
(*) The term individual or data subject used throughout this site relates to an identified or identifiable natural person whose personal data need to be protected and get processed in the context of the GDPR and is directly involved or to be involved in AviationEU Group operations and services including but not limited to Group personnel, representatives of product or service suppliers and/or customers, students and candidates for employment who are residing in an European Union (EU) or European Economic Area (EEA) country.