Regulation – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal data and on the free movement of such data, and repealing Directive 95/46/EC.
Company – JSC AIRHUB, number of legal entity 303262480, registration address Gariaus ir Girėno str. 81-1, LT-02189, Republic of Lithuania.
Data subject means a natural person whose Personal Data is collected and processed by the Company.
Personal data means any information about a natural person who is identified or identifiable; a natural person who can be identified, whose identity can be determined directly or indirectly, in particular, by the identifier, such as his name, personal identification number, location data and internet identifier, or according to one or more features of physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
1. Who we are and who collects Personal Data
JSC AIRHUB is a company registered in the Republic of Lithuania whose aviation training center prepares flight attendants and provides training services for pilots.
2. Why and what Personal Data do we collect about you?
3. What Personal Data is provided by the Data Subject
All Personal Data that the Data Subject is required to provide to the Company is set out in Section 2 of this Policy. The information provided is necessary to enable the Company to:
3.1. select the most suitable candidates for vacant posts;
3.2. conclude, terminate or modify employment contracts and to properly implement the provisions governing the employment relationship and the tax obligations arising therefrom;
3.3. enter into, terminate or modify contracts for the sale of services and goods, and perform them properly, including the tax obligations arising from them;
3.4. carry out activities related to the implementation of direct marketing;
3.5. conclude, terminate and amend service contracts where the service provider operates under a self-employed person’s certificate or business licence, including the implementation of tax obligations arising from this.
If the Data Subject fails to provide the information referred to in paragraph 2 of this Policy, the Company will not be able to enter into the relevant contracts and fulfil the obligations assumed.
4. Personal data is collected in other ways
In other ways, the Data Subject’s information may be collected through other natural and/or legal persons with whom the Company has concluded agreements and during the provision of whose services the Personal Data of third parties necessary for the proper implementation of contractual obligations may be transferred.
5. Use and sharing of processed Personal Data
Data subject information shall be used for the purposes set out in paragraphs 2 and 3 of this Policy.
The Company shall never provide Data Subject information to third parties where the transfer of such information is not related to the performance of proper contractual obligations or in the circumstances set out below.
Personal data of the data subject may be transferred to:
5.1. public authorities and legal representatives, where this is provided for by the requirements of the legal acts of the Republic of Lithuania and the European Union;
5.2. where this is provided for in a contract, agreement between the Company and the Data Subject or where the Data Subject’s consent has been obtained;
5.3. to protect the security and quality of the services provided or the protection of the data itself;
5.4. where disclosure of the data prevents the death of the person or adverse health consequences for the person.
6. Sharing with third countries or international organisations
Personal data is mainly collected and used in the European Union (EU) and the European Economic Area (EEA). In specific cases where Personal Data needs to be transferred outside the EU or EEA, this shall be done if:
6.1. The European Commission has decided that the third country, territory or one or more specified sectors in that third country, or the international organisation concerned, provides an adequate level of protection;
6.2. have been authorised by the State Data Protection Inspectorate;
6.3. other derogations may be used in specific cases (Article 49 of the Regulation).
7. Sharing personal data with related companies
Personal data necessary for the proper performance of the contractual relationship and for business purposes may be transferred to any of the Company’s subsidiaries, parent companies, or any other affiliated companies in Lithuania and/or abroad which, directly or indirectly, through one or more intermediaries, control, are controlled by, are under the control of, or are under common control with the Company, or are engaged in business with the Company.
8. Collection and storage of personal data
Personal data is collected and stored in two ways. If the Data Subject submits Personal Data electronically, the Personal Data shall be collected and stored on internal hosts that comply with security requirements. If the Data Subject submits Personal Data in paper format, all Personal Information received shall be stored in paper records in a fireproof lockable cabinet.
9. Availability and control of personal data
The right of every person to have access to his or her Personal Data stored by the Company is guaranteed by the Regulation. Any Data Subject may obtain and access his or her Personal Data held by the Company by submitting a written request to the email or address specified in Clause 11 of this Policy. Likewise, Personal Data shall be accessible to the Company’s employees whose functions require such information, to the extent necessary for the performance of the Company’s obligations.
Control, updating and evaluation of personal data collected shall be performed periodically by persons authorized by the Company. The State Data Inspectorate of the Republic of Lithuania and other state institutions shall carry out the control of the collection and processing of personal data in accordance with the procedure prescribed by legal acts.
10. Rights of the Data Subject
The data subject may exercise the following rights after having given the Company the opportunity to identify him or her:
10.1 the right to know (to be informed) about the processing of one’s Personal Data, i.e. to receive a notification with confirmation about the processing or non-processing of your Personal Data;
10.2 the right of access to the processing of one’s Personal Data, i.e. to receive a notification containing the scope of the information collected, the purposes and the grounds for processing the data;
10.3 to request in writing the rectification of the Personal Data collected in the Company if there is information that the Personal Data collected is or may be erroneous;
10.4 right to request to delete the personal data (right to be forgotten);
10.5 the right to restrict the processing of Personal Data in at least one of the circumstances referred to in Article 18 (1) of the Regulation;
10.6 the right to the portability of Personal Data if the person has a need to have their Personal Data transferred or otherwise transferred to third parties;
10.7 the right to object to the processing of Personal Data or to withdraw consent to the processing of Personal Data where, in a particular case, the Data Subject has a need to do so or where the processing of Personal Data for the purposes of direct marketing is no longer relevant for the Data Subject.
12. Contact details
If you have any comments, questions or complaints regarding the way we collect, use, store and process Personal Data of Data Subjects, or if you wish to exercise your rights as a Data Subject as set out in this Policy, you can contact the Company at: Dariaus ir Girėno str. 81-1, LT-02189, Vilnius, Lithuania or tel. no. +370 658 99 459, email firstname.lastname@example.org or email@example.com.
CEO of JSC AIRHUB by order of 09/30/2022