If you provide us with personal information other than your own (for example, identifying other natural persons as manager, beneficiary, representative, etc.), please inform them of this Privacy Notice and its contents and make sure they do not object to providing personal data on their behalf and processing it in accordance with privacy statements below.
FOR WHAT PURPOSE AND LEGAL BASIS, DO WE PROCESS PERSONAL DATA?
We are part of Avia Solutions Group the largest aerospace business holding in Central & Eastern Europe offering aviation services worldwide. We take a zero-tolerance approach to money laundering and terrorism financing and are committed to the highest level of openness, integrity, and accountability. Seeking legitimacy and being reliable Avia Solutions Group and its subsidiaries seek to conduct business only with reputable counterparties whose funds are derived from legitimate sources and who have no imposed sanctions on them.
Personal Data for Onboarding and Due Diligence Procedure is processed in accordance with Article 6 Part 1. c) of the GDPR, i. e. our legal obligation to monitor and implement the international and/or national sanctions.
Personal Data for Onboarding and Due Diligence Procedure is also processed in accordance with Article 6 Part 1. f) of the GDPR, i. e. our legitimate interest to fulfill the requirements for money laundering and financing terrorism prevention, prevention of corruption, bribery, and fraud to be legitimate, reliable, and reputable business to our counterparties and authorities.
WHAT PERSONAL DATA DO WE PROCESS?
When a counterparty is a natural person:
Name, surname, date of birth, nationality, occupation, valid ID/passport number, data on whether the client is a politically exposed person, residential and registered address details, phone number, e-mail address, bank information (account number), relationship with the third party (if payment will be made by the third party), source of funds/wealth (if payment will be made in cash), signature.
When a counterparty is a legal entity:
- The authorized person to fill the “Know Your Customer” (KYC) Form: name, surname, title, signature.
- Ultimate beneficial owner: name, surname, address, occupation, date of birth, nationality, data on whether the person is a politically exposed person.
- Shareholder: name, surname, address, date of birth, nationality, data on whether the person is a politically exposed person.
- Controlling person (e.g., a Chief Executive Officer, Chief Financial Officer, Managing Member): name, surname, address, country of residence, date of birth, nationality, data on whether the person is a politically exposed person, role/position of the person.
- Member of the board of directors: name, surname, data on whether the person is a politically exposed person.
- Authorised representative: name, surname, address, country of residence, date of birth, email, phone, role/position.
We also process personal data collected within provided copies of the following documents:
- Identity Card or Passport.
- Official documents of authorities verifying the identity and the place of residence.
- Documentation proving the source of funds/wealth.
- Articles of Association authorizing the representative of a legal entity.
- Certificate of Incorporation or its equivalent.
- Certificate of Directors or copy of CEO (or other principal management body) appointment document.
HOW DO WE COLLECT YOUR PERSONAL DATA?
We collect your personal data via:
- The KYC Form and the provided copies of documents by you or the authorized person.
- Consolidated lists of sanctions managed by institutional authorities (e. g. https://www.sanctionsmap.eu/).
- Other commercially available/public sources on the internet (e. g. https://www.dowjones.com/professional/risk/).
HOW LONG WE WILL RETAIN YOUR PERSONAL DATA?
We will process your personal data collected during the Onboarding and Due Diligence procedure for no longer than 5 years unless longer storage of personal data and related documents will be required by applicable laws, legal regulations, or institutional/state authorities, or will be necessary for the defense in the judicial process. We ensure and take all necessary measures to avoid storing outdated or unnecessary personal data about you.
TO WHOM DO WE DISCLOSE YOUR PERSONAL DATA?
As the Onboarding and Due Diligence procedure is implemented groupwide we share your personal data described in this Privacy Notice with Avia Solutions Group as the parent company on the joint controllership of personal data basis. The result of the Onboarding and Due Diligence procedure and some personal data may be shared with other Avia Solutions Group companies (listed at https://aviasg.com/en/the-group/general-contacts) in case any of them is intending to start a legally binding relationship with you or your represented legal entity. Therefore, in certain cases, personal data may be transferred to third countries (outside the European Economic Area (EEA), such as United Kingdom, United States of America). Such transfers shall be conducted in accordance with the requirements provided for in applicable legal acts.
We also may share some of your personal data with:
- Companies acting on our behalf as IT/electronic security service processors.
- Our professional advisors, auditors, lawyers, and/or financial, and accounting advisers.
- Law enforcement authorities at their request or on our own initiative if there is a suspicion that a criminal offense has been committed, as well as courts and other dispute resolution bodies.
- Banks or other financial service providers who are subject to money laundering, sanctions, and prevention of financing terrorism, corruption, bribery, and fraud.
WHAT DATA SUBJECT’S RIGHTS DO WE GUARANTEE TO YOU?
We guarantee the implementation of these rights and the provision of any related information at your request or in case of your query:
- know (be informed) about the processing of your personal data.
- to get access to your personal data which are processed by us.
- request correction or addition, adjustment of your inaccurate, incomplete personal data.
- require the destruction of personal data when they are no longer necessary for the purposes for which they were collected.
- request the destruction of personal data if they are processed illegally.
- Disagree (object) with the processing of personal data.
- request to provide, if technically possible, your personal data in an easily readable format or request the transfer of data to another data controller.