enPRIVACY POLICY OF
SKYLINE EXPRESS AIRLINES, LLC
The privacy Policy of "SKYLINE EXPRESS AIRLINES", LLC was developed in accordance with Article 98 of the Aviation Code of Ukraine, the provisions of the Law of Ukraine "On the Protection of Personal Data" and the General EU Data Protection Regulation 2016/679. The privacy policy applies to the Contract of carriage between the Airline and passengers, which is the basis for air transportation of the passenger and which is concluded with the Airline at the time of purchase of the air ticket. The airline is obliged to ensure the confidentiality of personal data of passengers (persons) and cannot process or transfer them without the consent of the interested person (passenger), except in cases provided for by the law of Ukraine.
Also, the Privacy policy applies if the passenger ordered the tickets of "SKYLINE EXPRESS AIRLINES", LLC from another company (for example, a partner of the Airline, a travel operator/agent or a ticket sales agent). At the same time, third parties may also have their own privacy policies (other similar documents) that are used when collecting information about the passenger/tourist. In addition, the Privacy Policy applies to the passenger's personal data, if another person (for example, a colleague or relative, or one of the parents for their child) performs the booking of the air ticket on their behalf.
In accordance with Article 15 of the Law of Ukraine "On Access to Public Information", the PRIVACY POLICY of "SKYLINE EXPRESS AIRLINES", LLC can be found for familiarization on the website of the Airline in the "TRAVEL" section and for ensuring the effective protection of passengers' rights, compliance with the legislation on the protection of personal data taking into account the specifics of personal data processing in the aviation sector.
STATEMENT ON THE PROTECTION OF PERSONAL DATA
One of the priority tasks of the Airline is a responsible attitude to the security of personal data of our clients (passengers, potential passengers and other persons who have contacted the Airline, travel operator/agent or ticket sales agent with any request or claim), therefore the Airline strives to protect the confidentiality of personal data of clients. The Airline undertakes to take all necessary measures to prevent misuse of personal data of clients that become known to the Airline. The airline processes personal data of client in strict accordance with the requirements of current legislation and only if there are legal grounds for such processing.
In the event that the Airline controls the methods of collecting personal data of clients and determines the purposes for which this personal data are used, the Airline acts as a "data controller" for the purposes of the EU General Data Protection Regulation 2016/679 (EU General Data Protection Regulation, hereinafter – "GDPR”) and other applicable European legislation on data protection, as well as the "owner of personal data" within the meaning of the Law of Ukraine "On the Protection of Personal Data" dated June 1, 2010 No. 2297-VI.
The airline processes personal data of clients only if one of the conditions specified in Article 6 of the GDPR is met, including, but not limited to:
the client has consented to the processing of personal data;
processing is necessary for the purpose of concluding or executing a contract of carriage with a passenger or providing other services to clients;
such processing is required by the legislation of the countries to/from which the Airline operates flights, etc.
In the case of processing a special category of personal data (for example, health data), at least one of the conditions specified in Article 9 of the GDPR must be met (for example, explicit consent to the provision of such data or the need to provide certain services in connection with the condition of client's health).
The airline has the right to periodically update the Privacy Policy, including if required by applicable law.
LEGISLATION GOVERNING THE PROCESSING OF PERSONAL DATA
The processing of the client's personal data takes place in accordance with the requirements of the Law of Ukraine "On the Protection of Personal Data". The processing of personal data of clients who are in the EU or who are EU citizens is regulated, in particular, by the EU General Data Protection Regulation 2016/679 "GDPR". Also, the legislation of the countries to which the Airline carries out flights may establish additional requirements.
TERMS USED IN THIS POLICY
Personal data is any information of a personal nature that allows a third party to identify a natural person (data subject).
Special categories of personal data are the so-called "sensitive" personal data that may cause harm to the data subject at work, in an educational institution, in the living environment, or may lead to his discrimination in society. For example, this is personal data that contains information about racial origin, political or religious views, trade union membership, health, sexual life, biometric or genetic data. In the terminology of Ukrainian legislation, this is such personal data, the processing of which carries a special risk for the subjects of personal data.
The subject of personal data is a natural person to whom the personal data relate and who can be identified or who is already identified by these personal data.
A personal data controller is a natural or legal person who determines the purposes and means of personal data processing and is primarily responsible for their processing. The controller of personal data is the "owner of personal data" in the terminology of Ukrainian legislation.
A personal data processor is a natural or legal entity that, on the basis of instructions (orders) of the controller, processes personal data for the controller. A personal data processor is an "administrator of personal data" in the terminology of Ukrainian legislation.
Processing of personal data is any operation or set of operations performed with personal data or arrays of personal data with or without the use of automatic procedures, such as collection, recording, systematization, structuring, storage, modification, arrangement, review, use, distribution or any other type of access to third parties, including employees of the controller or processor of personal data, as well as deletion.
SPECIAL (SENSITIVE) CATEGORIES OF PERSONAL DATA
As a rule, the Airline does not collect special categories of personal data about clients, and when it collects, it tries to minimize its use and process it with extreme care.
During the provision of special services, the Airline may process personal data that can be used to determine the client's physical or mental health. Such information refers to special or sensitive personal data in accordance with the law. The airline collects this personal data only when it is necessary directly for the provision of transportation services or the client knowingly provides such information.
For example, the Airline may collect such information in the following cases:
For the passenger's safety, when the client has a certain health condition, he must inform the Airline about it and, if necessary, provide a medical certificate or undergo a medical examination.
If the client makes a request for special services or assistance during the flight, this may disclose the passenger's health data to the Airline (for example, the client makes a request for a mobility aid);
If a conclusion can be drawn about the client's health or religion from the choice of meal, the Airline will not use this information in any way other than to provide the client with the ordered meal.
If the client does not allow the Airline to process any personal data of special categories, this may mean that the Airline will not be able to provide the client with the special services requested.
PROTECTION OF PERSONAL DATA OF CHILDREN
Among the Airline's clients there are parents with children who, in order to receive services, also order services for children (for example, a transportation service). In this case, the Airline receives and processes children's personal data for the appropriate purpose. At the same time, parents or other persons ordering appropriate services for children are responsible for the relevance (correctness) of the data and the possibility of providing the appropriate service to the child. In the process of booking/ordering a service the person ordering the service represents the legal interests of the child.
BOOKING ON BEHALF OF ANOTHER PERSON
If the client makes booking or orders additional services on behalf of another person(s), he/she must first obtain his/her consent to perform booking/ordering the service, having notified the Airline of the transfer of their personal data, and accordingly inform the Airline of their personal data. The client is responsible for the relevance (correctness) of this data. In the process of booking/ordering the service the client represents the legal interests of such a person. This also means that the client must inform that person about the conditions of booking/ordering the service and the conditions of this Policy.
All operational messages sent to one booking participant can also be sent to other persons specified in the same booking.
PLACE OF STORAGE OF PERSONAL DATA
Personal data bases processed by the Airline are located on its own servers located in the office in Ukraine: V. Sosyura str., 6, Kyiv, 02090.
TRANSFER OF PERSONAL DATA TO THIRD PARTIES
In cases exclusively determined by legislation, the Airline is obliged to provide personal data of clients to state authorities. These bodies can be law enforcement bodies, judicial bodies, control bodies, border services, migration bodies of the countries to which the flight is carried out.
The Airline cooperates with handling companies of Ukraine and with other handling agents at the airports of the Airline's destinations. The transfer of the client's personal data to the Airline's partners is necessary for the registration of the passenger and his baggage for the flight. In addition, for flights to certain destinations, the Airline instructs handling agents to check the personal data of passengers for compliance with the conditions of entry, for example, for the presence of a visa or the absence of a ban on entry to a certain country.
TECHNICAL, ORGANIZATIONAL AND OTHER DATA PROTECTION MEANS
In order to securely store personal data, the Airline has implemented a number of technical and organizational measures that protect personal data from unauthorized or illegal processing and from accidental loss, destruction or damage.
The airline adheres to the principle of minimizing personal data. The airline processes only the information about the client that is necessary for the provision of certain services, or the information that the client, with his consent, provides beyond the limits of necessary processing.
When transferring personal data to counterparties and government bodies, the Airline always uses the most secure and proven ways of transferring such data.
PERSONAL DATA PROCESSING (STORAGE) TIME
The airline does not store personal data for longer than is necessary to fulfill the purpose for which it is processed or to comply with legal requirements.
In order to determine the appropriate storage period, the Airline determines the nature and category of personal data, the purposes for which it is processed, and whether it is possible to achieve these purposes by other means.
As a general rule, the maximum time for personal data processing at the Airline is 2555 days from the moment of submission of the tax return for the period in which the relevant operation took place (for example, passenger transportation). The indicated processing time corresponds to the provisions of the Tax Code of Ukraine regarding the storage periods of documents related to the assessment and payment of taxes and fees. Since the legislation of the countries to/from which the Airline carries out transportation may establish additional requirements, the terms of storage of personal data may differ from those specified in this paragraph.
In particular, if the legislation of any country to/from where the Airline carries out transportation contains provisions on the statute of limitations during which the passenger has the right to file a claim or lawsuit against the Airline, and the Airline needs evidence of the existence of legal relations between the parties, the Airline may process Your personal data during this period.
The Airline may also take into account the periods for which it may be necessary to store client’s personal data in order to fulfill legal obligations to clients or regulatory authorities (for example, in relation to claims and actions in the event of flight cancellations/delays in accordance with EU Regulation 261/2004).
The airline may over time minimize the personal data it uses or anonymize the personal data so that it can no longer be linked to the client’s personally. In this case, the Airline will be able to use this information for statistical or other purposes without further informing the client, as such information will cease to be personal data.
COOKIES AND OTHER TRACKING TECHNOLOGIES
Cookies are small text files that websites store on a user's computer or mobile device when the user starts using them. Thus, the website will for a certain time remember the preferences and actions performed by the user, including so that the user does not need to re-enter this data. Our cookies by themselves do not identify an individual user, but only identify the computer or mobile device used by the user.
Cookies and other tracking technologies on our website and applications may be used in various ways, for example for the purpose of operating the website, analyzing traffic or for advertising purposes. The Airline uses cookies and other tracking technologies, in particular, to improve the quality and efficiency of our services.
In the settings of some Internet browsers, it is possible to configure the prohibition of cookies and other tracking technologies. At the same time, the user must understand that if he disables some cookies, the functionality of the Airline's website may be limited and the user will not be able to use all its advantages, as well as the incorrect operation of some services, including ticket booking.
RIGHTS OF PERSONAL DATA SUBJECTS
Rights of personal data subjects in accordance with the legislation of Ukraine
to know about the sources of collection, the location of their personal data, the purpose of their processing, the location or place of residence (stay) of the owner or administrator of personal data or to give a corresponding mandate to receive this information to persons authorized by them, except for cases established by law;
to receive information about the terms of providing access to personal data, including information about third parties to whom personal data is provided;
to access his personal data;
to receive no later than thirty calendar days from the date of receipt of the request, except for cases provided by law, an answer on whether his personal data is being processed, as well as to receive the content of such personal data;
to present a motivated demand to the owner of personal data with an objection to the processing of his personal data;
to make a motivated demand for the change or destruction of his personal data by any owner and administrator of personal data, if these data are processed illegally or are unreliable;
to protect his personal data from illegal processing and accidental loss, destruction, damage due to intentional concealment, failure to provide or untimely provision of them, as well as protection from providing information that is unreliable or defames the honor, dignity and business reputation of a natural person;
to file complaints about the processing of his personal data to the Human Rights Commissioner of the Verkhovna Rada of Ukraine or to the court;
to apply legal remedies in case of violation of the legislation on the protection of personal data;
to enter a disclaimer on the limitation of the right to process one's personal data when giving consent;
to withdraw consent to the processing of personal data;
to know the mechanism of automatic processing of personal data;
to protect against an automated decision that has legal consequences for him.
Other rights of personal data subjects in accordance with the GDPR
In addition to the Ukrainian legislation on the protection of personal data, the Airline pays close attention to ensuring the rights of passengers established by the GDPR, including:
Right to information
The Airline provides data subjects with information about which of their personal data is processed by the Airline.
If a person wishes to know what personal data is processed by the Airline, such a person can request this information at any time by contacting the Airline. The list of data that the Airline must provide to a person is defined in Articles 13 and 14 of the GDPR. At the same time, during the application, the person must inform the Airline of his specific requirements, so that the Airline has the opportunity to consider the request on legal grounds and provide a reasoned answer.
In the event that an employee of the Airline cannot prove the identity of the client through the exchange of electronic messages or during the client's contact to the call center, or in the case of reasonable doubts about the identity of the client, the employee of the Airline may ask to provide a document certifying the identity. Thanks to such actions, the Airline will be able to avoid disclosing the client's personal data to a person who can impersonate the client.
The airline processes requests in the shortest possible time, but at the same time, it should be noted that providing a complete and justified answer regarding personal data is a complex process that can last up to a month.
The right to correct client’s data
If the client discovers that some of the personal data processed by the Airline about the client are incorrect or out of date, such a client may independently contact the Airline to make appropriate changes. In this case, the Airline employee may ask the client to provide an identity document.
In some cases, the Airline cannot change the client's personal data. In particular, this may be the case when the client's personal data have already been used in the process of carrying out the transportation contract and/or they are contained in a tax document that was issued in accordance with tax legislation.
Withdrawal of consent to the processing of personal data and the right to be forgotten
If the Airline processes the client's personal data on the basis of consent to the processing of personal data, further processing can be stopped at any time. It is enough to withdraw consent to such processing.
A person can also use its right to be forgotten. In the cases provided for in Article 17 of the GDPR, the Airline will destroy the client's personal data that it processes, with the exception of those personal data that are required to be preserved in accordance with the requirements of the law.
Likewise, in this case, for security purposes, the Airline may ask the client to provide an identity document.
PERSON RESPONSIBLE FOR THE PROTECTION OF PERSONAL DATA
For more reliable protection of personal data, the Airline has appointed a person responsible for the protection of personal data. If you have any questions, comments or wishes regarding the protection and processing of your personal data, you can contact the person responsible for the protection of personal data:
"SKYLINE EXPRESS AIRLINES", LLC
Ukraine, Kyiv, 02090, V. Sosyura str., 6
mailto: [email protected]
The subject of the letter should state: for the person responsible for the protection of personal data.
The request should state:
1) surname, first name and patronymic, place of residence (place of stay) and details of the document certifying the natural person submitting the request (for a natural person - the applicant);
2) name, location of the legal entity submitting the request, position, surname, first name and patronymic of the person certifying the request; confirmation that the content of the request corresponds to the authority of the legal entity (for the legal entity - the applicant);
3) surname, first name and patronymic, as well as other information that makes it possible to identify the natural person in respect of whom the request is made;
4) information about the personal data base, in relation to which the request is submitted, or information about the owner or administrator of personal data;
5) list of requested personal data;
6) purpose and/or legal grounds for the request.