Privacy Policy

1. GENERAL PROVISIONS

  • Contact details of the Data Controller Jet Maintenance Solutions, UAB (hereinafter “We”, “Ours”) process the personal data of its customers, partners, candidates to employees, shareholders or other data subjects (hereinafter below you can read how we handle the data you submit to us.
  • In processing the personal data, we responsibly comply to the regulation No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), the Republic of Lithuania Law on the Legal Protection of personal data, the Republic of Lithuania Law on Electronic Communications and other directly applicable legal acts regulating the protection of personal data, as well as instructions from competent authorities.
  • If you have any questions regarding this Privacy Policy or requests regarding the processing of your personal data, please send us an email to: gdpr@jetms.aero.
  • You can also at any time refuse to receive any information we send by sending an email to gdpr@jetms.aero exempt for the information needed for the direct cooperation purpose.

2. TO WHOM THE PRIVACY POLICY APPLIES?

  • This Privacy Policy applies to all personal data Data controller processes regardless of the media (way) on which that data is stored or whether it relates to past or present employees, workers, customers, clients or supplier contacts, shareholders, website www.jetms.aero users or any other Data subjects. The terms and conditions of the Privacy Policy apply to you every time you access the content and/or the service we provide, regardless of which device (computer, cell phone, tablet, TV, etc.) you are.
  • This Privacy Policy does not apply to references to other entities websites provided on the Website; therefore we recommend that you read the personal data processing rules applied on such websites.

3. ESSENTIAL CONCEPTS OF PRIVACY POLICY

Data controller – Jet Maintenance Solutions, UAB

Websites managed by the Data Controllerhttps://www.jetms.aero

Terms and Conditions are the terms of the contract for our website visitors/customers regarding the use of the services provided by the Data Controller.

Processors. The Company also uses the services provided by third parties (such as third-party data centres, servers, website design, administration services, online traffic and website analysis, statistics, direct marketing services, mailers, messengers, etc.) that may require access to your personal data to the appropriate extent. In this case, the Company ensures that the data processors comply with the obligations of confidentiality and adequate personal data protection. We also use dedicated service providers to send newsletters and other promotional or related information, as well as to collect and transfer analytical information on statistical use of such information we sent to you.

Services – all services provided by the Data Controller to Clients including  Base and Line Maintenance services for business and regional jets, spare parts and components supply, repair and management services, supplier of business aircraft parts and aviation logistics services, aircraft conversion services, interior refurbishment services, engine management services, Ground Support Equipment (GSE) supply and support services, aircraft cleaning services.

4. HOW DO WE OBTAIN YOUR DATA AND ON WHAT LEGAL BASIS DO WE PROCESS IT?

  • Ways how personal data are obtained:
    • When you submit data to us through our websites;
    • By concluding both electronic (Term and Conditions) and paper service or other contracts;
    • During events/meetings, by submitting business cards or other personal data;
    • By email when contacting at our general email addresses: info@jetms.aero;
    • When you contact by email any of our employees;
    • When you agree to provide your data, for example by subscribing to a newsletter and etc.;
    • When you access your account through third party accounts (Facebook, LinkedIn, Google);
    • When you agree to the installation of cookies on your device;
    • When the data came from publicly accessible sources to use for a legitimate purpose and under a legal basis.
  • Basics of lawful management:
    • Contract (sale/purchase of products/services);
    • Consent to receive offers and news from us and our affiliates. You may revoke your consent to process their personal data at any time. Unless the Company has any other legal basis for processing personal data, the Company will terminate the processing of such personal data and destroy the data;
    • Legitimate interest is to respond to your queries, to provide the information you request, to improve our service quality and products, statistics and analytics, personalized services, to protect the Company from possible losses due to business relationships with authorized persons while preventing money laundering and support for terrorist activities, etc.
    • Implementation of legal obligations (accounting, archiving, data breach notification, to protect the Company from possible losses due to business relationships with authorized persons while preventing money laundering and support for terrorist activities etc.).

5. PERSONAL DATA PROCESSING PURPOSES

  • Website administering purpose:
    • For website administering purposes, we process data in the following cases:
  1. When you enter our company’s’ website and give consent for different cookies.
    • For the purpose of administering, the jetms.aero account, we process the following of your personal data:
  2. Full name;
  3. Email address;
  4. IP address;
  5. Date and time of access;
  6. Visitors’ geo-location;
  7. Other relevant technical
    • Your personal data for direct cooperation purposes can be processed in the following ways:
  8. Your connection technical information may be used process related with website matters, such as to show website usability.
    • Cooperation purpose
      • For cooperation purposes, we process data on these legal basis:
  1. On the basis of contract;
  2. On the basis of legitimate interests to manage contacts (e.g. to keep records of people we work with and wish to communicate), manage communication history for business continuity purposes, to protect the interests of the company, etc.);
  3. On the basis of compliance with a legal obligation;
  4. In special cases based on public interest.
    • For the cooperation purposes, we process the following of your personal data related with the represented company details and other related employees personal data:
  5. Full company name;
  6. Company code,
  7. Address;
  8. E-mail address;
  9. Telephone number;
  10. employees’ full name;
  11. employees’ title;
  12. employees’ e-mail address;
  13. employees’ telephone number.
    • Your personal data for cooperation purposes can be processed in the following ways:
  14. You may be called by phone regarding the negotiations due to past, current of future cooperation matters;
  15. You may receive a letter regarding the cooperation related matters by e-mail;
  16. Other legal
    • Services provision purpose
      • For services provision purpose, we process data on these legal basis:
  1. in order to take steps at your request prior to entering into a contract;
  2. When the written or verbal agreement is made by both Parties;
  3. On the basis of legitimate interests to manage contacts (e.g. to keep records of people we work with and wish to communicate), manage communication history for business continuity purposes, to protect the interests of the company, etc.);
  4. On the basis of compliance with a legal obligation;
  5. In special cases based on public interest.
    • For the services provision purposes, we process the following of your personal data related with the represented company details and other related employees personal data:
  6. Full company name;
  7. Company code,
  8. Address;
  9. E-mail address;
  10. Telephone number;
  11. employees’ or representatives’ full name related to the performance of the agreement;
  12. employees’ or representatives’ title;
  13. employees’ or representatives’ e-mail address;
  14. employees’ or representatives’ telephone number.
    • Your personal data for services provision purposes can be processed in the following ways:
  15. When you may receive requirement due to agreement preparation by e-mail.
  16. When you may receive the request for needed information regarding the other type of agreement;
  17. When we communicate regarding the providing of services etc.
    • Direct marketing purpose
      • For direct marketing purposes, we process data on these legal basis:
  1. When we obtain your explicit consent to such processing (on the basis of your consent);
  2. When you are a customer of us who have not objected to the processing of personal data for the purposes of direct marketing, marketing of similar services or products where you have been duly notified of such processing beforehand (on the basis of our legitimate interest).
    • For the purpose of direct marketing, we process the following of your personal data:
  3. Full name;
  4. E-mail address;
  5. Telephone number.
    • Your personal data for direct marketing purposes can be processed in the following ways:
  6. You may receive a newsletter with our offers, promotions, products, and news by e-mail;
  7. You may receive invitations to events and similar information by e-mail;
  8. You may be called by phone with invitation, commercial proposal or offer. We inform you that you are free to opt out of our newsletters or any other information sent by e-mail at any time. You may exercise this option by clicking on a corresponding link at the bottom of our e-mail.
    • Employees recruitment purpose
      • For employees recruitment purposes, we process data on these legal basis:
  1. When we obtain your explicit consent to such processing (on the basis of your consent).
  2. When we obtain your personal data from data provider qualified to share your personal data information with potential employers on the consent basis. ).
    • For the purpose of employees recruitment, we process the following of your personal data:
  3. Full name;
  4. Contact details, including correspondence address, telephone number, email address;
  5. Place of residence;
  6. Residential address;
  7. Citizenship;
  8. Work permit, visa and information pertaining to these documents;
  9. Personal identification data;
  10. Licenses and records;
  11. Information about former workplaces (company name, position title, professional experience);
  12. References from former workplaces;
  13. Licenses or certificates of qualification related to the specifics of the work;
  14. Other work experience;
  15. Education information (training institutions, types of qualifications obtained and dates of acquisition);
  16. Other information provided by the user of the Data Controller and required to provide the Services.
    • Your personal data for employees recruitment purposes can be processed in the following ways:
  17. You may be called due to possible open job position offer;
  18. You may receive recruitment offer due to your suitability for open work position by e-mail.
    • KYC (Know Your Customer) procedure implementation purpose
      • For KYC procedure implementation purposes, we process data on these legal basis: :
  1. we process data on the basis of legitimate interest and/or legal obligation;
  2. We may receive information about you from public and commercial sources (as permitted by applicable law) and associate it with other information we receive from you or about you on legitimate interest.
    • For the purpose of KYC procedure implementation, we process the following of your personal data:
  3. Full company name;
  4. Company code;
  5. Address;
  6. Bank details;
  7. E-mail address;
  8. Website address;
  9. Telephone number;
  10. Date of the company‘s incorporation;
  11. Full names of the management;
  12. Full names Board members;
  13. Full names of shareholders/ ultimate beneficial owners;
  14. Full names and other relevant company‘s employees;
  15. Shareholders/ ultimate beneficial owners copies of the identity documents;
  16. Amount of shares shareholders/ ultimate beneficial owners hold.
    • Your personal data for KYC purpose can be processed in the following ways:
  17. you may receive KYC form due to the needed information and documentation for the proper KYC procedure implementation by e-mail;
  18. you may be called for asking the needed information due to proper KYC procedure implementation;
  19. other processing operations regarding the KYC process.
    • Processing of personal data when you provide questions, requests, other information (queries)
      • For queries administration purpose, process data on these legal basis:
  1. On the basis of legitimate interests to manage contacts (e.g. to ensure the quality of the services we provides, manage communication history for business continuity purposes, to protect the interests of the company, etc.);
  2. On the basis of compliance with a legal obligation.
    • We process the following your personal data:
  3. Persons’ from whom the question / request was received name and surname;
    • Your personal data for processing of personal data purpose can be processed in the following way:
  4. Regarding the Legitimate Interest.
    • Processing of personal data of the shareholders, other data subjects
      • The Company processes the personal data of its shareholders as well as information on ultimate beneficial owners to fulfil its legal obligations, laid down in applicable securities market, anti-money laundering and related legal requirements.
      • The personal data are processed by Company to fulfil its obligations under the law, including company, securities, and tax legislation and the Company’s legitimate interest of convening general meetings and administrating other matters relating to the shareholders of the company.
      • We only process your personal data for the purpose for which we collected such data. Should we need to process your personal data for any other purpose or a purpose that requires your consent under data protection legislation, we will inform you of such purpose respectively obtain your consent in advance.
      • The personal data relating to a shareholder that is processed by Company include:
  1. Name, personal identity number, and contact details.
  2. Information regarding your shareholding (number of shares and any notes/information to be linked to that shareholding according to the law).
  3. Data from any communication between you and Company, including data in minutes of board meetings and general meetings.
    • In connection with general meetings, the personal data are used for registration, drawing up of voting lists, and, where applicable, minutes of the general meeting.

6. HOW LONG WE WILL RETAIN YOUR PERSONAL DATA?

  • We will retain your personal data for as long as necessary to achieve and fulfil the purposes set out in this Privacy Policy, taking into account the nature of the services provided to you and the contracts you enter into, unless longer storage of personal data and related documents is required by applicable laws and regulations and is necessary (e.g. mandatory time limits for accounting and others, etc.) or is required for the defence of the Data Controller’s legitimate interests in judicial or other public institutions.
  • We ensure and take all necessary measures to avoid storing outdated or unnecessary information about you and to keep your data up-to-date and accurate.
  • We will use your data for direct marketing purposes for 3 (three) years after you’re giving consent or after the end of the contractual relationship (direct marketing of similar services or products).

7. HOW DO WE PROTECT YOUR DATA?

  • We responsibly implement appropriate organizational and technical data security measures intended for the protection of personal data against accidental or unlawful destruction, alteration and disclosure as well as against any other unlawful processing. The security measures we implement include the protection of personnel, information, IT infrastructure, internal and public networks as well as office buildings and technical equipment.
  • We recommend that you additionally comply with the following minimum safeguards for personal data protection:
  1. Do not visit suspicious websites;
  2. Do not open links of uncertain origins;
  3. Update your software regularly;
  4. Independently take care of using antivirus protection.
    • Unfortunately, the transmission of any information on the Internet is not completely secure. Although we are endeavoring to protect your personal data, it is not possible to ensure the full security of personal data when you provide the data on the Website, therefore, you must assume the risks associated with the transfer of personal data to the Website.
    • In the event of personal data breach of security that could seriously jeopardize your rights or freedoms and determine the circumstances with which unauthorized access to personal data has been obtained, we will immediately inform you about it.

8. TO WHOM IS YOUR DATA ARE DISCLOSED?

  • Your personal data may only be accessed to a limited number of our employees and to our company’s IT, legal, personnel service providers, and only to the extent necessary for the proper processing of your personal data, and subject to strict confidentiality requirements.
  • To achieve the purposes set out in this Privacy Policy, we may transfer or grant access to your data to the following data recipients/processors:
    • Certain technical data on your visits on the website (IP address, cookies, technical information of your browser, other information related to the browser’s activity and browsing the site) may be transmitted or made available to the website’s for statistics, analyses and related purposes both for entities operating in the EU and outside the EU (e.g., when we use the Google Analytics service).
    • For the provision of some of our services, data can also be transferred to the companies of the Avia Solution Group, which we belong to (https://aviasg.com/en/media/logos), including those located outside the European Economic Area (EEA).
    • Within the interest and according to the order of data processors who provide services and process your data on our behalf (e.g. consultants, etc.) We note that our data processors process your data only on the basis of our explicit instructions, by committing to ensure the proper processing of data protection, organizational and technical measures compliant to confidentiality and security requirements, as specifically discussed in the agreements concluded between us and the service providers regarding the processing of data.
    • Entities entitled to receive information in accordance with legal requirements (e.g. courts, state and municipal authorities, banks and other financial institution for KYC information etc.) only to the extent necessary for the proper performance of the requirements of the legislation in force.
    • However, we always transfer your data in accordance with the highest standards of personal data protection.

9. DATA TRANSFER OUTSIDE THE EU AND EEA

  • Please note that in non-EEA states, personal data may be subject to less protection than within the EEA, but we carefully evaluate the conditions under which such data will be processed and stored after being transferred to the above-mentioned entities.
  • Please note that if the European Commission has determined that the third country, territory or one or more specified sectors in that third country or international organization concerned provides an adequate level of data protection, the transfer must take place in the same manner as in the EU. Please be informed that you can have access to the information as to the states in respect of which the decision of the European Commission has been taken, here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
  • In other cases, we take all necessary measures to ensure that your data is transferred to the recipient safely processing the data. The tools we use: a contract with a non-European recipient of personal data includes specific clauses for the secure processing of the data. In certain cases, we ask for your consent to transfer your data outside the Republic of Lithuania, the EU or the EEA.

10. SOCIAL MEDIA

  • We own and administer social media accounts (Facebook, LinkedIn, YouTube, etc.). Article 26 (1) of the GDPR (Joint Data Controllers) applies to certain relations with administrators of those social networks.
  • All information you provide to us on social media (including messages, use of the Like and Follow fields, and other communications) is controlled by the social network administrator.
  • As the administrator of our social media accounts, we select the appropriate preferences based on our target audience, performance management and promotion goals. Giving the fact that social network may limit the ability to change certain essential privacy preferences, we cannot influence what information (including personal data) the social network administrator collects about you when you visit and use our social media account.
  • All such settings, both selected by us and set by the social network administrator, may affect the processing of your personal data when using social media, visiting our social media account or reading our posts or/and messages on the social network. Even if you only view our messages on social media, the social network administrator may receive certain personal information, such as what device you are using and your IP address.
  • Typically, a social network administrator processes your personal data (even when we do not collect it) for purposes set by the social network administrator in accordance with the social network administrator’s Privacy Policy. However, when you use the social network, communicate with us through the social media, visit our account on the social network or monitor our content therein, we receive information about you. The amount of data we receive depends on the preferences we choose, our agreements with the social network administrators for additional services, and the cookies set by the social network administrator.
  • We note that the data collected by Facebook, LinkedIn, YouTube, etc., is shared globally between these companies and their partners.
  • As far as we know, Facebook, LinkedIn and YouTube uses standard contract terms for data transfers, which are approved by the European Commission’s decisions on data transfers from the EEA to the United States and other countries.
  • We encourage you to read third-party privacy notices and contact social network administrators directly if you have any questions about how they use your personal data.

11. RIGHTS GRANTED TO YOU

  • We guarantee the implementation of these rights and the provision of any related information at your request or in case of your query:
  1. Know (be informed) about the processing of your personal data;
  2. To get access to your personal data which are processed by the Data Controller;
  3. Request correction or addition, adjustment of your inaccurate, incomplete personal data;
  4. Require the destruction of personal data when they are no longer necessary for the purposes for which they were collected;
  5. Request the destruction of personal data if they are processed illegally or when you withdraw your consent to the processing of personal data or do not give such consent, when is necessary;
  6. Disagree with the processing of personal data or withdraw the previously agreed consent;
  7. Request to provide, if technically possible, the provision of your personal data in an easily readable format according to your consent or for performing the contract, or request the transfer of data to another data controller.
    • In order to exercise your rights, please send us an e-mail to: gdpr@jetms.ae or directly. Upon receipt of your request, we may ask you to provide proof of identity, as well as any additional information required by us for the request, which we undertake to delete after identification.
    • Upon receipt of your request, we will respond to you within 30 (thirty) calendar days of receipt of your claim and the due date for submission of all documents necessary to prepare the answer.
    • If we think we need to, we will stop the processing your personal data, except for storage, until your application is resolved. If you have legally waived your consent, we will immediately terminate the processing of your personal data and within no more than 30 calendar days, except in the cases provided for in this privacy policy and in the cases provided for by law when further processing of your data is binding on us by the legislation in force, the legal obligations we are facing, court judgements or binding instructions from the authorities.
    • By refusing to comply with your requirement, we will clearly indicate the grounds for such refusal.
    • If you disagree with our actions or the response to your request, you can complain to the competent state authority – the State Data Protection Inspectorate (for more information – ada.lt). In all cases, we recommend that you contact us before making a formal complaint so that we can find the right solution.

12. CONTACT US

  • If you have any request concerning the processing of your data or any question relating thereto, please email us at gdpr@jetms.aero.
  • Our Data Protection Officer’s contacts: privacy@aviasg.com.

13. HOW I LEARN ABOUT THE CHANGES TO THIS POLICY?

  • This Privacy Policy is reviewed at least once every two years. Once we update our Privacy Policy, we will notify you of the update by posting a notice on a specific website or social networking accounts. If you login or use our content and/or services after posting such notice, we will assume that you agree to the new requirements specified in the update notice.
  • This Privacy Policy applies from the date it is posted on the Website. Last review of the Privacy Policy: 15th of July 2020.