OUR PRIVACY COMMITMENT
Scanwings Oy is committed to protecting your privacy.
We respect your rights as a data subject. We keep you informed about our data protection practices and the purpose and legal basis of data processing when we obtain your personal data. We retain your personal data only for as long as necessary.
We share your personal data only with appropriate and authorised third parties who also respect our privacy practices. We always use appropriate transfer mechanisms and safeguards when processing and transferring personal data.
SCANWINGS OY PRIVACY NOTICE
This privacy notice explains how Scanwings Oy collects, manages and protects your personal data. This privacy notice is addressed to our prospective, present and former clients, business partners, authorities, and other aviation professionals.
This privacy notice describes how we at Scanwings Oy process personal data when acting as a data controller.
PURPOSES AND LEGAL BASIS OF PROCESSING
In the course of our business, we collect and process personal data of our prospective, present and former clients, business partners, and agents.
The purposes of collecting and processing personal data depend on the capacity in which you interact with us. The main purposes for collecting and processing personal data at Scanwings Oy are:
- Seeking potential customers and developing customer relationships
- Carrying out marketing activities related to our products and services
- Providing services and consultation to our customers including both on-site and remote technical service and support, as well as charter and medevac flight services to our customer.
- Communicating with our present and potential customers through various channels such as newsletters, customer feedback surveys, requests or enquiries, and at events
- Promoting Scanwings Oy’s products and services
- Conducting market studies and research
- Administrative purposes such as planning and developing Scanwings Oy’s business operations.
We only process personal data when we have a legal basis to do so. The legal basis depends on the personal data concerned and the specific context in which we process it.
This means that we collect and process personal data in the following cases:
- To fulfill a contract when you have entered into an agreement with us or are considering to do so
- When we have a legitimate interest such as a business or commercial reason to process personal data − these reasons might include e.g. the management and development of customer relationship or business operations. When we use legitimate interest as a legal basis, we carefully consider that such processing is compatible with the data subject’s rights and freedoms.
- For compliance with our legal or statutory obligations
- When you have given us your prior consent to process personal data
CATEGORIES OF PERSONAL DATA WE PROCESS
The data we process depends on the nature of our relationship with you. We typically process personal data categories such as:
- General contact information and other information such as name, phone number, email address, mailing address, and other contact details
- Company information and information on the function and job title of the contact persons of our clients
- Data related to the customer relationship and contractual relationship, such as information related to orders and transactions, and information related to providing and administering our products and services
- Data related to customer interaction, e.g. customer contacts or enquiries via our websites or mail
- Data related to events and trainings organised by us or other associated parties
- Data related to any online accounts on our online stores, extranets or other online services
- Data collected from the use of our websites or other online services (e.g. cookies)
- Personal information, such as full name, gender, date of birth, nationality, passport and visa information
- Personal or company credit card information
- Personal dietary or food and drink preferences
- On ambulance flights, we may collect medical data, such as medical certificates or diagnosis
This data might be directly provided by you, or it might be collected from our business partners or other third parties. The data we collect from you comes from a variety of channels, such as when you contact us, purchase our products or services, or take part in our events.
We will only retain your personal data for as long as necessary to fulfill the purposes described in this Privacy Notice and to comply with mandatory legislation such as accounting requirements. As a general rule, we process relevant personal data for the duration of the customer contract and for a predefined period after the contract is fulfilled. We delete all the personal data where retention period has expired on regular basis. We aim to make sure that personal data we process is up to date and correct. In some circumstances, we may anonymise personal data for e.g. statistical purposes.
DATA TRANSFERS AND PROCESSING OUTSIDE THE EU/EEA
We are a global company and due to technical and operational requirements we may process personal data outside the European Union and/or the European Economic Area. If we transfer personal data outside the EU/EEA, the transfer will be carried out in accordance with appropriate transfer mechanisms, such as using the standard data protection clauses.
We may share personal data within our group companies and regional dealers and suppliers. In some cases, we may share personal data with appropriate and authorised service providers e.g. agents, who provide permit and ground handling services and IT hosting providers. We may also share personal data with third party recipients e.g. government authorities and other regulatory bodies. We only share information with government authorities if required to do so to comply with a legal or statutory requirement.
SECURITY OF PROCESSING
We maintain appropriate and adequate organisational, technical and physical safeguards designed to protect against the unlawful or unauthorised destruction, loss, alteration, use or disclosure of, or access to, the personal information provided to us. Only authorised persons have access to the personal data we maintain, and the access is on a strict 'need-to-know' basis. We require all employees who have access to any personal data to handle it strictly confidential.
DATA PROTECTION RIGHTS
In accordance with the applicable data protection legislation, you may have the right to
- Request access to the personal data we hold about you
- Request that we rectify any inaccuracies in the personal data we hold about you
- Withdraw your consent at any time if the processing of your personal data is based on consent
- In some circumstances, to request the transfer of your personal data to a third party
- In some circumstances, to request erasure or restriction of processing or to object to processing
You may also have the right to object to the use of personal data for marketing purposes.
If you would like to exercise any of the rights listed above, you can submit your request to us by sending email to firstname.lastname@example.org.
You have the right to file a complaint to your local data protection authority if you are not content with our data protection practices.
OUR CONTACT DETAILS
We have appointed a global Data Protection Officer. If you have questions about data protection at Scanwings Oy or if you need any further information, please contact the Data Protection Officer at email@example.com.
CHANGES TO OUR PRIVACY NOTICE
We may update this privacy notice without prior notice when necessary to reflect changes to our data protection practices. This notice was updated on 01 May 2021.