PART OF
In Cooperation with

Privacy Policy

This Privacy Policy specifies and defines information collected by Aviator Airport Alliance, legal entity code 559070-3368, address Tornvägen 17A, 190 46 Stockholm-Arlanda, Sweden (hereinafter – the “Company”, “We”), means and sources wherefrom this information is obtained, as well as actions taken with the collected information and measures taken to protect this information by the Company. To find out more about data processing for Client Verification and Onboarding please read. By using our services and/or by browsing the Company’s websit (hereinafter – the “Website”), you agree with the terms of this Privacy Policy, as well as the Website Usage Policy.

All personal data are processed in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and the Law on Legal Protection of Personal Data of the Kingdom of Sweden.

1. COLLECTION AND USE OF PERSONAL DATA

1.1. Data controller

The personal data presented on or collected by the Website are managed by the Company, therefore, the Company is the controller of the personal data of the Website Visitor’s, as indicated in the GDPR.

1.2. Application of Privacy Policy

This Privacy Policy applies to any website managed by the Company and to any service provided by the Company, regardless the devices used by the Website visitor (hereinafter – the “Visitor”) visiting the Website.

This Privacy Policy does not apply to the references of other entities’ websites provided on the Website, therefore, we encourage you to review policies of the personal data processing, which are valid and applied to such websites.

1.3. Purposes of personal data processing

The Company processes the personal data of Visitors for the following purposes:

  • to provide Visitors with our services that are accessible on the Website (e.g., by providing access to website functions, e.g., browsing, submitting queries, subscribing to newsletters;
  • to ensure the functionality of the Website, to improve it, to offer better and adapted services to Visitors;
  • to measure, evaluate and improve the functioning of the Website;
  • convenient, efficient and functioning of the Website that meets the needs of the Visitor;
  • to ensure smooth administration of the Website;
  • submission of responses to Visitors’ queries or requests in a timely and proper manner;
  • developing and delivering new products or services;
  • in case of the Visitor’s consent, the provision of relevant information and interesting offers;
  • to contact the Visitor concerning any information and/or request provided;
  • to perform statistical and other analysis by continuously improving the content of the Website and services provided by the Company;
  • other purposes that are disclosed to Visitors when such personal data is submitted by the Visitor.

1.4. Basis for personal data processing

The Company processes personal data of Visitors as it is required for:

  • the implementation of the Company’s legitimate interests (e.g., to administrate and manage the Website, to provide services and etc.);
  • fulfilment of obligations when such are determined by the applicable laws.

Visitor consent as a legal basis is used for direct marketing or third parties access to personal data. Visitors may revoke their consent to process their personal data at any time. If the Company does not have other legal basis for the processing of personal data, the Company will terminate processing of such personal data and destroy the data, unless the laws establish the obligation for the Company to retain such personal data.

1.5. The Visitors’ personal data collected on the Website

The Company processes the Visitors’ personal data which is received from the Visitors submitting such data to the Website and using the Website and the services and functions provided by it.

In addition to the following cases, the Company processes the personal data of Visitors when:

  • Visitors submit a request using the Website (e.g., name, surname, phone number, e-mail address);

The list of personal data collected by the Company is not exhaustive, whereas the Company may need to collect additional personal data due to exceptional cases and depending on the reason of the Visitor’s reference to the Company and in order to achieve the purposes indicated in this Privacy Policy.

Each time the Visitor visits the Website, the Company collects and processes the following technical personal data:

  • IP address of the Visitor’s device;
  • date and time of login to the Website;
  • data of the operating system of the Visitor’s device;
  • information of the Visitor’s internet provider;
  • other related technical information may also be collected.

1.6. Storage of personal data

We store personal data of Visitors no longer than necessary pursuant to the purposes indicated in this Privacy Policy. Personal data is stored:

  • 30 days after the last contact with the Visitor; or
  • as long as personal data becomes redundant or obsolete in order to implement the purposes specified in this Privacy Policy.

Longer storage of Visitor’s personal data may only be performed when:

  • there is a reasonable suspicion of an unlawful act that is being investigated;
  • the Visitor’s personal data is necessary for the proper resolution of the dispute or complaint;
  • if the Company has received a complaint (complaints) related to the Visitor, or the Company reasonably believes that the Visitor has committed unlawful actions; or
  • under other grounds indicated by laws.

1.7. Transfer of personal data to third parties

Personal data of Visitors will not be sold, provided or otherwise transferred without any legal basis, to third parties, and will not be used for purposes other than those specified in this Privacy Policy. The Company does not use personal data of Visitors in any other way, subject to this Privacy Policy. However, the Company reserves the right to provide information about the Visitor if the Company is required to do so in accordance with the law or if the Company would require legally operating law enforcement agencies or prosecuting authorities. The Company may use third parties for the processing of personal data of Visitors and, for this purpose, transmit information about Visitors to other legal entities, subject to the conditions set forth in this Privacy Policy.

Personal data of Visitors may be transferred to the following third parties:

  • Certain technical data on the visits of the Visitor on the Website (IP address, cookies, technical information of the Visitor’s browser, other information related to the browser’s activity and browsing the site) may be transmitted or made available to the Website for statistics, analysis and related purposes both for entities operating in the EU and outside the EU (e.g., by using the Google Analytics service by the Company).
  • Data for some services provided by the Company may also be transmitted to AB „Avia Solutions Group“, company code: 302541648 (to which the Company belongs) group companies, including those located outside the European Economic Area (EEA). The Company does not transmit the Visitor’s personal data, such as the Visitor’s name, contact details or other data provided by the Visitor to the Website and provided in the account, to the entities indicated above. Please note that in non-EEA States, personal data may be subject to less protection than within the EEA, but the Company carefully evaluates the conditions under which such Visitor data will be processed and stored after being transferred to the above-mentioned entities.
  • The Company would like to draw the Visitor’s attention to the fact that, during the visit of each Visitor to the Website, third parties may collect various technical information generated during the visits of Visitors (IP address, cookies, and technical information used by the Visitor’s browser, other information related to the browser activity and browsing the Website).
  • The Company also uses the services provided by third parties (such as third-party servers, website design, administration services, online traffic and website analysis, statistics) that may require access to the Visitor’s personal data to the appropriate extent. In this case, the Company ensures that the data processors comply with the obligations of confidentiality and ensure adequate personal data protection.

1.8. Processing of the personal data of minors

The processing of personal data of minors on the basis of consent for the provision of information society services is lawful if the minor is at least 16 years of age. If such a minor is less than 16 years of age, such processing is legal only if the consent was given or processing was allowed by the minor’s parents or carers, and therefore:

  • if you are under 18 years of age but already have 16 years of age, using the services available on our Website, you confirm that you have the consent of your parents, guardians for disclosure of your personal information to the Company;
  • if you are under the age of 16 years, you can use the Services and content available on our Website only with the consent of your parents, carers, to the Company.

2. RIGHTS OF WEBSITE VISITORS

Visitors are given certain rights related to the protection of their personal data. These rights are:

  • to know (be informed) about the processing of your personal data;
  • to know your personal data which is processed by the Company;
  • to request correction or addition, adjustment of your inaccurate, incomplete personal data;
  • to require the destruction of personal data when they are no longer necessary for the purposes for which they were collected;
  • to request the destruction of personal data if they are processed illegally or when you withdraw your consent to the processing of personal data or do not give such consent, when is necessary;
  • to disagree with the processing of personal data or withdraw the previously agreed consent;
  • to request to provide, if technically possible, the provision of your personal data in an easily readable format according to your consent or for the purpose of performing the contract, or request the transfer of data to another data controller.

In order to fulfill your rights, please contact us by contacts listed in this policy. We will respond to your request no later than 30 calendar days after receiving it and the date of submission of all the documents required to reply.

Upon receipt of your request, we will respond to you within 30 calendar days of receipt of your claim and from the date of submission of all documents necessary to prepare the answer.

If we think we need to, we will stop the processing your personal data, except for storage, until your application is resolved. If you have legally waived your consent, we will immediately terminate the processing of your personal data and within no more than 30 calendar days, except in the cases provided for in this privacy policy and in the cases provided for by law when further processing of your data is binding on us by the legislation in force, by our legal obligations, by court judgements or by binding instructions from the authorities.

By refusing to comply with your requirement, we will clearly indicate the grounds for such refusal.

If you disagree with our actions or the response to your request, you can complain to the competent state authority – the State Data Protection Inspectorate (for more information – www.ada.lt). In all cases, we recommend that you contact us before making a formal complaint so that we can find the right solution.

3. DATA PROTECTION

The Company, by implementing technical and organizational measures, protects Personal data of Visitors from loss, misuse, unauthorized access, disclosure or modification.

The Company recommends that the Visitors comply with the following minimum safeguards for personal data protection:

  • do not visit suspicious websites;
  • do not open links of uncertain origins;
  • update their software;
  • independently take care of using antivirus protection.

Unfortunately, the transmission of any information on the Internet is not completely secure. Although the Company makes efforts to protect the Visitor’s personal data, it is not possible to ensure the full security of personal data when Visitors provide the data on the Website, therefore, Visitors must assume the risks associated with the transfer of personal data to the Website.

In the event of breach on personal data security that may cause a serious threat to the rights or freedoms of the Visitors and after determination of the circumstances under which unauthorized access to personal data has been obtained, the Company will immediately inform the Visitor.

4. GENERAL PROVISIONS

This Privacy Policy may be updated by the Company. The Company will inform Visitors about the updates by submitting a new version of the Privacy Policy on the Website, together with the dates of the corrections made. Visitors understand that by continuing to use the Website after the updates made to the Privacy Policy, they agree to the changes made.

If any provision of the Privacy Policy is void or inapplicable, this provision shall not affect the legality and validity of the remaining provisions of the Privacy Policy.

This Privacy Policy applies from the date it is posted on the Website.