All personal data are processed in accordance with the requirements of the Lithuanian and European Union data protection legislation, including the General Data Protection Regulation (hereinafter – the “GDPR”) and the Law on Legal Protection of Personal Data of the Republic of Lithuania.
1. COLLECTION AND USE OF PERSONAL DATA
1.1. Data controller
The personal data presented on or collected by the Website are managed by the Company, therefore, the Company is the controller of the personal data of the Website Visitor’s, as indicated in the GDPR.
1.3. Purposes of personal data processing
The Company processes the personal data of Visitors for the following purposes:
- to provide Visitors with our services that are accessible on the Website (e.g., by providing access to website functions, e.g., browsing, submitting queries, subscribing to newsletters, and engaging in live chats;
- to ensure the functionality of the Website, to improve it, to offer better and adapted services to Visitors;
- to measure, evaluate and improve the functioning of the Website;
- convenient, efficient and functioning of the Website that meets the needs of the Visitor;
- to ensure smooth administration of the Website;
- submission of responses to Visitors’ queries or requests in a timely and proper manner;
- developing and delivering new products or services;
- in case of the Visitor’s consent, the provision of relevant information and interesting offers;
- to contact the Visitor concerning any information and/or request provided;
- to perform statistical and other analysis by continuously improving the content of the Website and services provided by the Company;
- other purposes that are disclosed to Visitors when such personal data is submitted by the Visitor.
1.4. Basis for personal data processing
The Company processes personal data of Visitors as it is required for:
- the implementation of the Company’s legitimate interests (e.g., to administrate and manage the Website, to provide services and etc.);
- fulfilment of obligations when such are determined by the applicable laws.
Visitor consent as a legal basis is used for direct marketing or third parties access to personal data. Visitors may revoke their consent to process their personal data at any time. If the Company does not have other legal basis for the processing of personal data, the Company will terminate processing of such personal data and destroy the data, unless the laws establish the obligation for the Company to retain such personal data.
1.5. The Visitors’ personal data collected on the Website
The Company processes the Visitors’ personal data which is received from the Visitors submitting such data to the Website and using the Website and the services and functions provided by it.
In addition to the following cases, the Company processes the personal data of Visitors when:
- Visitors submit a request using the Website (e.g., name, surname, phone number, e-mail address);
- Visitors subscribe to newsletters (e.g., name, e-mail address);
- Visitors purchase the services (e.g., name, surname, phone number, e-mail address, address, data of the bank account).
Each time the Visitor visits the Website, the Company collects and processes the following technical personal data:
- IP address of the Visitor’s device;
- date and time of login to the Website;
- name and URL of the web page from which the Visitor connects to the Website;
- data of the operating system of the Visitor’s device;
- information of the Visitor’s internet provider;
- geographic data, language settings of the Visitor;
- other related technical information may also be collected.
1.6. Storage of personal data
- 2 years after the last contact with the Visitor; or
- until the Visitor subscribes to newsletters and has not revoked his consent;
- until the Visitor is registered on the Website and/or uses the services and functions of the Website;
Longer storage of Visitor’s personal data may only be performed when:
- there is a reasonable suspicion of an unlawful act that is being investigated;
- the Visitor’s personal data is necessary for the proper resolution of the dispute or complaint;
- if the Company has received a complaint (complaints) related to the Visitor, or the Company reasonably believes that the Visitor has committed unlawful actions; or
- under other grounds indicated by laws.
1.7. Transfer of personal data to third parties
Personal data of Visitors may be transferred to the following third parties:
- Certain technical data on the visits of the Visitor on the Website (IP address, cookies, technical information of the Visitor’s browser, other information related to the browser’s activity and browsing the site) may be transmitted or made available to the Website for statistics, analysis and related purposes both for entities operating in the EU and outside the EU (e.g., by using the Google Analytics service by the Company).
- Data for some services provided by the Company may also be transmitted to AB „Avia Solutions Group“, company code: 302541648 (to which the Company belongs) group companies, including those located outside the European Economic Area (EEA). The Company does not transmit the Visitor’s personal data, such as the Visitor’s name, contact details or other data provided by the Visitor to the Website and provided in the account, to the entities indicated above. Please note that in non-EEA States, personal data may be subject to less protection than within the EEA, but the Company carefully evaluates the conditions under which such Visitor data will be processed and stored after being transferred to the above-mentioned entities.
- The Company would like to draw the Visitor’s attention to the fact that, during the visit of each Visitor to the Website, third parties may collect various technical information generated during the visits of Visitors (IP address, cookies, technical information used by the Visitor’s browser, other information related to the browser activity and browsing the Website).
- The Company also uses the services provided by third parties (such as third-party servers, website design, administration services, online traffic and website analysis, statistics) that may require access to the Visitor’s personal data to the appropriate extent. In this case, the Company ensures that the data processors comply with the obligations of confidentiality and ensure adequate personal data protection.
1.8. Processing of the personal data of minors
The processing of personal data of minors on the basis of consent for the provision of information society services is lawful if the minor is at least 16 years of age. If such a minor is less than 16 years of age, such processing is legal only if the consent was given or processing was allowed by the minor’s parents or carers, and therefore:
- if you are under 18 years of age but already have 16 years of age, using the services available on our Website, you confirm that you have the consent of your parents, guardians for disclosure of your personal information to the Company;
- if you are under the age of 16 years, you can use the Services and content available on our Website only with the consent of your parents, carers, to the Company.
2. DIRECT MARKETING
The Company processes personal data of Visitors for direct marketing purposes in the following cases:
- when it receives a clear permission from the Visitor for such processing (the basis of the processing is the Visitor’s consent);
- where the Visitor is a client of the Company, without expressing the objection of processing personal data for the purposes of direct marketing, marketing of similar services or products (the basis for processing is the legitimate interest of the Company in informing its customers about the services and products offered).
For the purpose of direct marketing, we process the following data of our Visitors: name, email address, phone number.
By the Visitor consenting to receive direct marketing communications or subscription to newsletters, you agree to receive the following notices:
- BAA Training reports on pilots’ initial training and type ratings, instructors, ground handling staff and flight attendantstraining programs, as well as market news and updates;
- Announcements about MOMook software for aeronautical training centres, as well as relevant news and news from the market;
- Aviaton Voice reports on aviation market news from around the world;
- SimHelp reports on simulators, their parts, maintenance and service for aviation training centres.
Your personal data can be used for direct marketing purposes in the following ways:
- by e-mail you can receive a newsletter with the Company’s offers, promotions and news;
- you can receive invitations to events, offers and similar information by e-mail;
- you can receive an invitation to the event on the phone or other relevant information.
We inform you that Visitors may at any time refuse our newsletters or other promotional messages by clicking on a link to it in our outgoing newsletters.
You can also at any time refuse to receive information about events or any other information we send by sending an email to [email protected].
3. RIGHTS OF WEBSITE VISITORS
Visitors are given certain rights related to the protection of their personal data. These rights are:
- to know (be informed) about the processing of your personal data;
- to know your personal data which is processed by the Company;
- to request correction or addition, adjustment of your inaccurate, incomplete personal data;
- to require the destruction of personal data when they are no longer necessary for the purposes for which they were collected;
- to request the destruction of personal data if they are processed illegally or when you withdraw your consent to the processing of personal data or do not give such consent, when is necessary;
- to disagree with the processing of personal data or withdraw the previously agreed consent;
- to request to provide, if technically possible, the provision of your personal data in an easily readable format according to your consent or for the purpose of performing the contract, or request the transfer of data to another data controller.
In order to exercise your rights, please send us an e-mail to: [email protected] or directly. Upon receipt of your request, we may ask you to provide proof of identity, as well as any additional information required by us for the request, which we undertake to delete after identification.
Upon receipt of your request, we will respond to you within 30 calendar days of receipt of your claim and from the date of submission of all documents necessary to prepare the answer.
By refusing to comply with your requirement, we will clearly indicate the grounds for such refusal.
If you disagree with our actions or the response to your request, you can complain to the competent state authority – the State Data Protection Inspectorate (for more information – www.ada.lt). In all cases, we recommend that you contact us before making a formal complaint so that we can find the right solution.
4. DATA PROTECTION
The Company, by implementing technical and organizational measures, protects Personal data of Visitors from loss, misuse, unauthorized access, disclosure or modification.
The Company recommends that the Visitors comply with the following minimum safeguards for personal data protection:
- do not visit suspicious websites;
- do not open links of uncertain origins;
- update their software;
- independently take care of using antivirus protection.
Unfortunately, the transmission of any information on the Internet is not completely secure. Although the Company makes efforts to protect the Visitor’s personal data, it is not possible to ensure the full security of personal data when Visitors provide the data on the Website, therefore, Visitors must assume the risks associated with the transfer of personal data to the Website.
In the event of breach on personal data security that may cause a serious threat to the rights or freedoms of the Visitors and after determination of the circumstances under which unauthorized access to personal data has been obtained, the Company will immediately inform the Visitor.
5. GENERAL PROVISIONS