Global Flight School, S.A. (hereafter “GFS”) adopts appropriate measures to ensure the protection of your personal data, compliance with the applicable legislation, namely the Regulation (CE) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data or General Data Protection Regulation (hereafter “GDPR”).
What is personal data?
Personal data is any information that relates to an identified or identifiable individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.
Examples of personal data: a name and surname, an address, an email address, an identification card number, location data, an Internet Protocol (IP) address, a cookie ID.
Who is the data controller?
The controller of your personal data is Global Flight School, S.A., based in Aeródromo Municipal de Ponte de Sor, Hangar 5, EN 2, Km 440,37, Águas-Todo-o-Ano, 7400-601 Ponte de Sor with the single registration and VAT number 515 063 517.
Which data are collected and for what purposes?
The GFS collects 2 (two) types of data: personal data and anonymous data.
The anonymous data are data that generally do not reveal your specific identity or do not directly relate to an individual. To the extend other data reveal your specific identity or relate to an individual, we will treat anonymous data as personal data.
Anonymous data include: browser and device data, data collected through cookies, pixel tags and other technologies, demographic data and other data provided by you and aggregated data.
We collect anonymous data in a variety of ways: your browser or device, cookies, pixel tags and other similar technologies, analytics, your IP address and aggregated data.
We collect personal data in a variety of ways: voluntarily provided by the user, in particular, when you communicate with us by phone, email or fax, when you apply for a course or training programme, when you fill out a form, when you acquire products, manuals or services from our website. We also collect personal data from other sources, such as public databases, joint marketing partners and other third parties.
We use personal data and anonymous data for the following purposes: registration and management of applications for a course or training programme; placement of publicity in the GFS digital platforms and analysis of navigation profiles; analysis of the use of GFS services and digital platforms, definition of the targeted audience in the preparation of events, brand activation and market research; to determine the total number or registered users; analysis, audits, security and fraud monitoring prevention; developing new goods and services; enhancing, improving or modifying our services; operating and expanding our business activity; technical answers and complains; sending newsletters.
We will request your express consent before using information for other purposes than those expressly contemplated in this Private Policy.
By providing your personal data to GFS you are expressly authorising that your personal data are processed according with this Privacy Police.
Can GFS collect personal data from minors?
GFS does not intentionally collect (and it’s unable to distinguish) personal data from children under age 16.
However, if any personal data from children under age 16 is collected it will be immediately deleted.
What is the data retention period?
Personal data will be kept for a period of 3 (three) years, after which they will be permanently and safely deleted.
Consent is subject to being withdrawn at any time, with no fault being attributed to the lawfulness of the data treatment that was carried out, based on the previously-provided consent. Said withdrawal of consent must be communicated in written form and addressed to the Data Controller or the Data Protection Officer, to the email email@example.com. This request will take effect within 30 (thirty) days from the date of its reception.
Can personal data be disclosed to third parties?
We may disclose your personal data to third parties. When we share your personal information with third parties, they will process your information as either a data controller or as our data processor and this will depend on the purposes of our sharing your personal data with such third party.
We may disclose your personal data to: (i) legal and regulatory authorities; (ii) our external advisors; (iii) our Processors; (iv) any party as needed in connection with legal proceedings; (v) any party necessary for investigating, detecting or preventing criminal offences; and (vi) any third party providers of advertising, plugins or content used on our site.
We will only share your personal data in compliance with the applicable data protection laws and regulatory requirements.
Transfers may be made outside the EU where we are satisfied that appropriate safeguards are in place over the transferring and processing of such information or data.
We may share some broader statistics and user profiling information with third parties, but the information or data will be anonymized, so you will not be identifiable from that data.
We will not rent or sell your data and/or information details to any other organization or individual.
What security procedures ensure data protection?
GFS takes all necessary and legally required precautions to ensure the privacy of your personal data handled and transmitted through its digital platforms. These measures include physical security measures and other measures such as the use of firewalls and systems intrusion detection, the existence of a policy of access to information and logging. These precautions ensure online and offline security of the information.
Whenever sensitive information is collected or used, the data will be encrypted using the Secure Socket Layer (SSL) protocol.This technology is used to improve the security of data transmission over the Internet, encrypting and protecting data and sensitive information using the HTTPS protocol.SSL guarantees the holder of personal data that the data will not be fraudulently intercepted and that all information is treated with maximum security.
GFS is not responsible for the content accessed through any link that causes the holder of personal data to navigate outside the digital platforms of GFS.Third party web sites that are accessed through links on our web site have separate privacy and data collection practices and security measures. We have no responsibility or liability for the practices, policies and security measures implemented by third parties on their web sites. We recommend that you always browse and carefully read the privacy policies, as well as the applicable terms and conditions.
What are the rights of personal data holders?
According to the GDPR, you are guaranteed the following rights:
Right to be informed - At the moment of its collection or processing, the holder of the personal data has the right to be informed of the following:
- Purpose of treatment;
- Responsible for data processing;
- Entities to which your data may be communicated;
- Conditions for access and rectification of your data; and
- What mandatory and optional data will be collected.
Right to Access - The holder of the personal data has the right to access them, without restrictions or delays, as well as to know what information is available on the origin of the data, purposes of treatment and communication to third parties.
Right to Rectification - The holder has the right to demand that the data about him/her are accurate and up to date, and may at any time request rectification from the GFS data controller.
Right to Erasure - The data subject has the right to have his / her data ceased to be processed, erased and deleted under certain conditions, in the case of:
a) No longer being necessary for the purpose for which they were collected;
b) The holder withdraws his/her consent or opposes the treatment of the data;
c) If the processing of the data does not comply with the legal provisions.
Right to Restrict Processing - The holder of personal data has the right to have his/her data limited only to the essential for the purpose of the data treatment.
Right to Data Portability - The data holder has the right to receive or to request the transmission of the data to another entity. This entity will be responsible for the personal data (only if technically possible).
Right to Object - The data subject has the right to object, at his/her request and free of charge, to the processing of his/her personal data. This is valid for the purpose of direct marketing or any other form of prospecting. Data subject also has the right to object that his/her personal data are communicated to third parties, unless otherwise provided by law.
Right to be informed about the existence of a data breach- The owner of the personal data has the right to be informed if there is a security breach that compromises his/her data.
Right to Lodge a Complaint - The holder of personal data has the right to complain not only to the controller of personal data of the company, but also to the control authority, the National Data Protection Commission (www.cnpd.pt).
If you wish to exercise your rights, please send your request to the contacts below.
Data Protection Officer - Contacts
For any questions you may have regarding the protection of your personal data, contact the Data Protection Officer (DPO) at the following addresses:
Address: Rua Gonçalo Velho Cabral, n.º 9, 1400-188 Lisboa.