PRIVACY POLICY
When using the SmartLynx Airlines website, we will collect information about you, which includes the information you enter when subscribing to newsletters or requesting feedback.
The personal data you submit to the SmartLynx Airlines website will be treated with the utmost care and respect. SmartLynx Airlines will use it to fulfill our obligations during the handling and administration of reservations, payment and ticket delivery.
This will include the use of your data for the following purposes: accounting, billing and audit, ticketing, credit or other payment card verification, immigration and customs control, security, administrative and legal purposes, operation of frequent flyer programs, system testing, maintenance and development, customer relations.
Disclosure of personal data to third parties
For the above purposes, and subject to the travel arrangements you have chosen, we may need to disclose and transfer your personal data to companies which form a part of SmartLynx Airlines, airlines and other parties involved in providing your travel and related services - our partner airlines and other partner companies, data processing companies working on our behalf, travel agencies, governments and enforcement agencies, credit card companies, which may involve sending your personal data outside the European Union and the European Economic Area.
Direct marketing communications
In order to present offers and services that we believe are of particular interest to you, SmartLynx Airlines may use your personal data for marketing and communication purposes. You may at any time opt out of receiving these marketing communications.
SmartLynx Airlines will never allow a third party to use your personal data for marketing and communication purposes.
Site tracking
SmartLynx Airlines employs tracking software for site traffic monitoring and business development purposes.
Cookies
Cookies are small text files sent from a web server (such as that of www.smartlynx.aero) to your browser whenever you visit a website. They are either saved or rejected, depending on your browser settings.
Saved cookies allow servers to identify your computer. This means that during return visits and when using password-protected areas of the website, you can avoid the hassle of repeatedly entering the same data.
In short, cookies make it easier to browse websites which require manual data input.
We use cookies to help shape our website and streamline the user experience. They help us understand user preferences.
Please be advised that enabling cookies is recommended for the best user experience and full site functionality. Nonetheless, cookies can be disabled via your browser settings if you so wish.
This will include the use of your geo location for the following purposes: operation of loyalty and rewards programs, accounting, billing and audit, ticketing, credit or other payment card verification, security, administrative and legal purposes, system testing, maintenance and development, customer relations.
Security
We offer very high security against loss, misuse and unauthorised access of your personal data and payment details. Processing and data transfer between your web browser and our server is secured using a 128 b Secure Sockets Layer (SSL).
Links to third party websites
Please be aware that this privacy policy applies only to the SmartLynx Airlines website. Since our site may contain links to other websites, we advise you to consult the privacy policies of these websites prior to submitting any personal data. We cannot be held responsibile for any data shared when visiting other websites.
SHAREHOLDER AND UBO DATA PRIVACY NOTICE
The “Company” hereby means SIA Smartlynx Airlines1, Smartlynx Airlines Estonia OŪ2 or Smartlynx Airlines Malta Limited3.
The Company collects and processes certain personal data provided by you or on your behalf from third parties, (e.g., share registrars and brokers), and which relates to you as an individual shareholder of the Company or an ultimate owner (also called ultimate beneficiary, owner beneficial owner, UBO) of it or its direct shareholders. The personal data processed in this fashion could also relate to you if you are an officer or director of a corporate shareholder of the Company.
The Company processes such personal data in its capacity as a data controller for the provisions of the General Data Protection Regulation (EU) 2016/679) (“GDPR“), and determines how and why your personal data will be processed.
The purpose of this notice is to provide you with more information in relation to the processing of your personal data, and your rights in connection with that personal data.
What personal data is processed?
The Company collects certain personal data of its registered individual shareholders or ultimate beneficial owners, also personal data of officers or directors of corporate shareholders of the Company, which may include the following types of data:
-Contact information such as your name, title, home address, email address, contact details in other videoconferencing platforms (e.g. Skype, Zoom, etc.) and telephone number(s), bank account details;
-Identity information such as identity number, date of birth, or copy of an identity document (may include your signature and image), signature;
-Shareholder information regarding your shareholding (number of shares and any notes/information to be linked to that shareholding according to law, structure of shareholding);
-Data from any communication between you and the Company, including data in minutes of board meetings and general meetings (including your voice and / or image captured during general meetings, organized online) and respective decisions;
-General meetings information - in connection with general meetings the personal data is used for registration, drawing up of voting lists and, where applicable, minutes of the general meeting.
How we will use your personal data?
|
The personal data we collect will be held and processed for the following purposes: |
The legal basis for doing so |
|
To manage your shareholder interest in Company |
- Where necessary to comply with the law
|
|
To check your identity and the validity of documents in order to keep the shareholder register up-to-date |
- Where necessary to manage your shareholder rights and our obligations to you as a shareholder in accordance with our Articles of Association and applicable laws
|
|
To check your identity and the validity of documents in order to be compliant with anti-money laundering and counter terrorist financing regulations. Also providing information for know your customer (or similar) procedures at the request of third parties (e.g. banks, stock exchanges, etc.) |
- Where necessary to comply with the law
|
|
To allow you to exercise your rights as a shareholder in accordance with our Articles of Association and applicable laws |
- Where necessary to comply with the law
|
|
To communicate with you about shareholder related information for legal, regulatory and servicing purposes. This includes information on shareholder payments, shareholder resolutions, the annual report and accounts, Notice of our Annual General Meeting and any other relevant information that relates to your shareholding in the Company |
- Where necessary to manage your shareholder rights and our obligations to you as a shareholder in accordance with our Articles of Association and applicable laws
|
|
To meet responsibilities we have to the tax authority, law enforcement, or otherwise meet our legal responsibilities |
- Where necessary to comply with the law |
|
To identify, issue or resolve legal claims |
- It is in our legitimate interests to process your personal data so we can respond to any complaints or challenges from you or others which might be raised later. We will also retain personal data if we reasonably believe there is a prospect of litigation. |
How long do we store your personal data?
Personal data is only processed for as long as it is necessary in order to fulfil the purpose of the processing, or as long as the Company is required to store such data by law. The data is erased when you cease to be a shareholder in the Company. However, as mentioned, certain data is stored for a longer period of time when required by law, including company, securities and tax legislation.
To whom do we disclose your personal data?
Your personal data may be disclosed to a third party if required by law, regulations or an official decision by a relevant authority or who work with us to help deliver our services, in order to fulfil our legal obligations or at your request, under the following circumstances:
-other members of AVIA SOLUTIONS GROUP PLC as necessary to operate our business (for example, for internal reporting and where those companies provide services to us);
-our service providers and agents (including their sub-contractors);
-your advisers (such as lawyers and other professional advisers) who you have authorised to represent you, or any other person you have told us is authorised to give instructions on your behalf (such as under a power of attorney);
-the legal authorities;
-any third party after a restructure, sale or acquisition of any company, as long as that person uses your
-information for the same purposes you originally provided it for;
-anyone we transfer or delegate our rights or obligations to, as allows under terms and conditions of any agreement you have with us (e.g. if we transfer the management of our share register to another service provider).
International transfers
In some circumstances the Company may transfer your personal data to third parties or group companies in a country (including your country of residence) other than the country in which the data was collected. When we transfer your personal data to a different country, we will take steps to ensure that such data transfers comply with applicable laws. For example, if we transfer personal data from the European Economic Area (EEA) to a country outside it, we will implement an appropriate or suitable data transfer safeguards and the means or taking other measures to provide an adequate level of protection under EU law.
Your rights
We guarantee the implementation of these rights and the provision of any related information at your request or in case of your query:
know (be informed) about the processing of your personal data;
to get access to your personal data which is processed by the Data Controller;
request correction or addition, adjustment of your inaccurate, incomplete personal data;
require the destruction of personal data when it is no longer necessary for the purposes for which they were collected;
request the destruction of personal data if it is processed illegally or when you withdraw your consent to the processing of personal data or do not give such consent, when is necessary;
disagree with the processing of personal data or withdraw the previously agreed consent;
request to provide, if technically possible, the provision of your personal data in an easily readable format according to your consent or for the purpose of performing the contract, or request the transfer of data to another data controller.
If you consider that our processing of your personal data does not comply with the Data Protection legislation, you are also entitled to lodge a complaint with the Supervisory authority (https://edpb.europa.eu/about-edpb/board/members_en).
You have legal rights under data protection laws in relation to your personal data. We may ask you for proof of identity when making a request to exercise any of these rights. We do this to ensure we only disclose information where we know we are dealing with the right individual for ensuring the rights of data subject.
We will not ask for a fee, unless we think your request is unfounded, repetitive or excessive. Where a fee is necessary, we will inform you before proceeding with your request.
We aim to respond to all valid data subject’s requests regarding processing of it’s personal data within one month. It may however take us longer if the request is complicated or you have made several requests. To speed up our response, we may ask you to provide more detail about what you want to receive or are concerned about.
We may not always be able to do what you have asked, for example if it would impact the duty of confidentiality we owe to others, if it falls within inside dealing limitations, restrictions by law or if we are otherwise legally entitled to deal with the request in a different way.
CANDIDATE PRIVACY NOTICE
This Candidate Privacy Notice (the “Candidate Privacy Notice”) explains how SmartLynx Group of companies (‘we”, “us”, “SmartLynx”, “SmartLynx Group”) comply with applicable privacy requirements and how we deal with your personal data for recruiting purposes that you provide us via our website or any other websites of companies of SmartLynx Group or we get it via other recruitment sources, such as recruiting agencies, job search portals, publicly accessible business-related special media sources (such as LinkedIn) and other.
SmartLynx Airlines SIA is the data controller of personal data processed for the purposes of recruitment in SmartLynx Group.
Any other company(-ies) of SmartLynx Group (the SmartLynx Group includes these companies SmartLynx Airlines SIA1, SmartLynx Airlines Estonia OÜ2 and SmartLynx Airlines Malta Limited3 is the joint controller with SmartLynx Airlines SIA when you apply to its (their) position or agree that your personal data would be shared within the companies of SmartLynx Group for the recruiting purposes.
Smartlynx Airlines SIA information:
Address: Mazrudas, Marupe municipality, LV-2167, Latvia
Phone: +371 67207392
E-mail: info@smartlynx.aero
https://www.smartlynx.aero/en
Data Protection Officer e-mail address: privacy@smartlynx.aero
This Candidate Privacy Notice expresses Smartlynx's efforts to be compliant with the European General Data Protection Regulation 2016/679 of 27 April 2016 (the “EU GDPR”) and any applicable national data protection laws.
What is the recruiting purpose?
Collecting and using your personal data for the recruiting purpose – in particular means to determine your qualifications for employment and to make a hiring decision (whether to enter into an employment contract with you). This includes assessing your skills, qualifications, and background for a particular role, verifying your information, carrying out reference and/or background checks (where applicable), and generally managing the hiring process and communicating with you about it.
What personal data we process?
For the above-mentioned purpose we may collect, assess, and store the following personal data about you: name, surname, age or date of birth, your e-mail address, phone number, address or the place of residence, information on language proficiency, computer skills, information about expected salary, educational background, profession, working experience and projects you have been involved with, attended courses, training sessions, seminars, development of qualification, licenses and certificates held, social media accounts, pictures and other information that you may wish to provide in your CV, motivation letter, interviews, also our remarks and assessment of your suitability to perform the duties of a particular position.
Smartlynx is subject to various applicable regulations related to aviation industry, including but not limited Latvian Law “On Aviation” (Section 57.1 “Background Check”) and the Regulations of the Cabinet of Ministers No. 829 “Procedures for Performing a Background Check and Procedures for Issuing and Revoking an Identity Card of a Civil Aviation Crew Member and an Airport Identity Card”, which require conducting background checks and taking other steps before employing employees. Thereby, we may process certain information to ensure compliance with regulations (such as information on criminal and certain administrative convictions, examination of references from previous employers, certifying information on education and other data processing when conducting background check).
We may require you to provide any health information (including appropriate medical certificate) or sensitive information only when there is a valid legal ground for that (for example, medical certificate is mandatory for certain positions to be able to perform duties).
We may approach issuers of your licenses and medical certificates to verify the authenticity of such documens.
The sources we collect personal information from.
We may collect personal data about candidates from the following sources:
- Directly from you;
- Job search portals and recruiting agencies (all above–mentioned personal data);
- From other company of Smartlynx Group (on the basis of your consent to share data within Smartlynx Group);
- Our employees (referrals), your named referees;
- Issuers of your licenses and medical certificates;
- Former/current employers (your qualifications, professional skills, business qualities, performance during previous/current employment, etc.). Please note that we can request such information from your former/current employer only if we have your separate consent for this;
- From publicly accessible sources, such as LinkedIn and other business-related social media sources and/or collaboration platforms, websites or publicly available publications where you have added information about yourself (your full name, e-mail, work history, and other data included on your profile).
The legal basis of personal data processing
When you proactively apply for a job and provide us with your personal information, we regard it as your expression of consent for us to process your personal data for the recruiting purposes.
If we get information about your candidacy and (or) your CV or other documentation from other company of Smartlynx Group, job search portals, recruiting agencies or from publicly accessible sources, such as LinkedIn and other business-related social media sources and/or collaboration platforms we presume that you are aware and consented to such processing of your personal data and it comes as no surprise to you when we contact you as a candidate for the recruiting purposes. In this case we inform you about the source we collected your personal data from on the time of the first communication to you.
We shall collect personal data form (referrals), your named referees, former/current employers or share your personal data with others (e. g. other companies of Smartlynx Group) only if have your separate consent for this.
If you fail to provide personal information
We collect relevant personal information depending on the vacancy which is necessary for processing your application and/or for a pre-contractual relationship with us. It is in our legitimate interests to decide whether to appoint you to the role since it would be beneficial to our business to appoint a suitable candidate. Without required personal information, we are not able to continue the job application process or the selection procedure. If you fail to provide information we request, which is necessary for us to consider your application (such as evidence of qualifications or history of employment), we will not be able to process your application successfully and continue with the application process.
Data retention
We will process the personal information for the recruiting process for 6 (six) months from getting your application unless the selection process continues longer than the indicated period. The end of the selection process is considered to be the signing the employment contract with selected candidate. If an employment contract has been concluded with you, some of your data will be processed for the entire period of the employment contract under the employee personal data processing policy.
If you are unsuccessful in your application with us (or if you reject the position), but you would like to be in the database of the candidates, under your separate consent the personal data will be stored for 3 years from receiving the consent.
Data sharing inside EEE/EU
We could only disclose your personal information with the following third parties for the purposes of recruitment process: (i) third party services providers acting on our behalf and our instructions (the data processors); (ii) other companies within the Smartlynx group (for example one of the Smartlynx company offering the position that you are applying for, or Smartlynx companies where the responsible HR managers or the hiring manager(s), for your application are located) for all processing purposes identified above; (iii) governmental authorities (local and foreign), courts, law enforcement authorities, external consultants to the extent required or permitted by law. All our third-party service providers and other Smartlynx Group companies are required to take appropriate security measures to protect your personal information. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
Your personal information may be transferred to other Smartlynx Group’s companies whenever such is necessary to meet a contractual obligation towards you, and/or in order to process your application and manage the recruitment process (e.g. application for a job in another country; or the position involves managing people in another country; or being managed by someone in that country, or the position you are applying for means managers in another country have a need to know about your personal information). We may also disclose your personal information if you consent to share with other SmartLynx Group's companies for purposes of the recruitment.
Data transfer outside EEE/EU
The recipients (the data processors or independent controllers) of your personal information may be located in countries outside of the EU/EEA, including the UK, and SmartLynx will take the appropriate safeguards as required by the GDPR. In particular:
Your personal information may be transferred to recipients, such as service providers, which are located in countries outside the EU/EEA, in which case Smartlynx will take the necessary measures to protect the personal information: for recipients located outside the EU/EEA, some are located in countries with adequacy decisions pursuant to Art. 45 GDPR, and, in each case, the transfer is thereby recognized as providing an adequate level of data protection from a European data protection law perspective.
Other recipients are located in countries, which do not adduce an adequate level of protection from an EU/EEA data protection law perspective, we will take all necessary measures to ensure that transfers out of the EU/EEA or UK, as the case may be, are adequately protected as required by applicable data protection laws.
For example, we will base the transfer on appropriate safeguards, such as standard contractual clauses adopted by the European Commission (Art. 46(2)(c) or (d) GDPR), or approved certification mechanisms together with binding and enforceable commitments of the recipient (Art. 46 (2)(f) GDPR). You can ask for an information of such appropriate safeguards by contacting us at privacy@smartlynx.aero.
Depending on the data protection law applicable to you, you may have the right to make a complaint at any time to the relevant supervisory authority for data protection issues (the list of supervisory authorities by each EU countries: https://edpb.europa.eu/about-edpb/board/members_en). In all cases, we recommend that you contact us before making a formal complaint so that we can find the right solution.
Your rights in connection with personal information
Under certain circumstances, by law you may have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Right to object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your situation, which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, or request that we transfer a copy of your personal information to another party, please contact our Data Protection Officer by sending an email to privacy@smartlynx.aero. Any request to exercise one of these rights will be assessed by us on a case-by-case basis. There may be circumstances in which SmartLynx is not legally required to comply with your request or because of relevant legal exemptions provided for in applicable data protection legislation.
You can withdraw your application at any time
Right to withdraw Consent.
In some circumstances, you may have provided consent to us, to enable the processing of your personal information for the purposes of the recruitment exercise (the possibility to be in the candidates' database). You have the right to withdraw your consent for processing for that purpose at any time. To withdraw your consent, please contact our Data Protection Officer by sending an email to privacy@smartlynx.aero. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information and, subject to our retention policy, we will dispose of your personal information securely.
If you have any questions about this Candidate Privacy Notice or wish to contact us for any reasons in relation to the processing of your personal data, please contact our Data Protection Officer by sending an email to privacy@smartlynx.aero, or by sending a dated and signed request to the office address: Mazrudas, Marupe municipality, LV-2167, Latvia.
Contacting us
If you have any questions about our Privacy Notice or if you would like more information on your rights, or want to exercise them, you can send an email to privacy@smartlynx.aero
The Data Protection Officer: privacy@smartlynx.aero
We may change this Privacy Notice from time to time. We encourage you to review this Privacy Notice periodically.
[1]SIA Smartlynx Airlines, reg. No. 40003056133, legal address "Mazrūdas", Mārupes nov., LV-2167, Latvia
[2]Smartlynx Airlines Estonia OŪ, reg. No. 12264460, legal address "Harju maakond, Tallinn, Lasnamäe linnaosa, Lennujaama tee13, 11101, Estonia"
[3]Smartlynx Airlines Malta Limited, reg. No. C 90013, legal address "MK Business Centre, 115A, Floor 2, Valley Road, Birkirkara BKR 9022, Malta"