May 2018

This Privacy Policy has been compiled to enable Nimrod Finance Publications Ltd to comply with the General Data Protection Regulations [GDPR] 2018. The purpose of this policy is to inform the individual the means of collection of their personal data; the means of processing that data; our obligations and the rights of the data subject [the individual] under the GDPR.

Within our firm are two nominated individuals responsible for data under the GDPR. The roles undertaken are twofold, namely; The Data Controller and the Data Processor.

A Controller determines the purposes and means of processing personal data and a Processor is responsible for processing personal data on behalf of a controller. To control and process data requires one of six recognised legal bases under GDPR. The six basis are as follows:

  1. Consent:

Consent must be freely given, specific, informed and unambiguous. There must be a positive opt-in – consent cannot be inferred from silence, pre-ticked boxes or inactivity. It must also be separate from other terms and conditions, and simple ways for the withdrawal of consent will be required.

  1. Contract:

Processing is necessary for a contract with an individual, or because that individual has asked that specific steps be taken before entering into a contract.

  1. Legal obligation:

Processing is necessary to comply with the law (not including contractual obligations).

  1. Vital interests:

Processing is necessary to protect an individual’s life.

  1. Public task:

Processing is necessary for the performance of a task in the public interest or for official functions, and the task or function has a clear basis in law.

  1. Legitimate interests:

Processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

Furthermore under the GDPR the Data Subject [individual] has a number of rights [seven] regarding the collection and processing of their data. For the purposes of the GDPR Data is identified under two categories:

Personal Data: Any ‘personal data’ relating to an identifiable person held automatically or manually.

Sensitive Personal Data: Including genetic & biometric where processed to uniquely identify an individual.

The seven rights of the Data subject are:

  1. Right to be informed:

The right to be informed encompasses the obligation to provide “fair processing information”. It emphasises the need for transparency in the use of personal data.

  1. Right of access:

Data Subjects have the right to access their personal data and supplementary information. The right of access allows individuals to be aware of and verify the lawfulness of the processing.

  1. Right to rectification:

The GDPR gives Data Subjects the right to have personal data rectified. Personal data can be rectified if it is inaccurate or incomplete.

  1. Right to erasure;

This right is to enables a Data Subject to request the deletion or removal of personal data where there is no compelling reason for its continued processing.

  1. Right to restrict processing:

Individuals have a right to ‘block’ or suppress processing of personal data. When processing is restricted, storage of the personal data is permitted, but not to further process it.

Information can be retained just enough for the individual to ensure that the restriction is respected in future.

  1. Right to data portability:

The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.  It allows them to move copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.

  1. Right to object:

The right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.

 

In addition a Data Subject has the right to make a complaint to the Information Commissioner’s Office [ICO]on line, by phone or in writing at the following:

https://ico.org.uk/concerns/

T: 0303 123 1113;

Information Commissioner’s Office,

Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

 

The following table identifies the types of data we collect, control and process; and the legal basis we rely upon for doing so:

 

 

Type of information collected. Purpose[s] Legal basis for processing
Data Subject’s name, job title, company, address, telephone numbers, e-mail address(es). Managing the Data Subject’s relationship with the Firm. Performing the Firm’s contract with the Data Subject.
Data Subject’s name, job title, company, address, telephone numbers, e-mail address(es). Managing and Distributing Print Copies of the Firms Magazines. Legitimate Interest.   The Data Subject has the right to object via the website; email, letter or similar method.

Contract for delivery of magazine

Data Subject’s name, job title, company, address, telephone numbers, e-mail address(es). Managing and Distributing Subscriptions for Print Copies of the Firms Magazines.

Processing shared with AerSpeed Publications

To fulfil the contract between the Firm and the Data Subject.
Data Subject’s name, job title, company, address, telephone numbers, e-mail address(es). Managing Subscriptions for Online Access of the Firms Magazines and Articles.

Processing shared with BritWeb Ltd

To fulfil the contract between the Firm and the Data Subject.
Data Subject’s name, job title, company, address, telephone numbers, e-mail address(es). Managing of the Firms Events. To fulfil the contract between the Firm and the Data Subject.
Data Subject’s Company and any Dietary Requirements. Managing the Firms Events To fulfil the contract between the Firm and the Data Subject.
Photos the Data Subject

 

Publicity of Data Subject post event. Contract. Permission gained at time of booking attendance.
Data Subject’s name, job title, company, address, telephone numbers, e-mail address(es). Sales and marketing purposes.  Processing shared with Alliance Sales Support Services Ltd [privacy policy] Legitimate Interest.   The Data Subject has the right to object via the website; email, letter or similar method.
Data Subject’s name, job title, company, address, telephone numbers, e-mail address(es). Sharing of the Data Subject’s information with the Firms associated companies only – Nimrod Publications; AircraftIT and Aircraft Commerce Consulting Legal Basis of Legitimate Interest.   The Data Subject has the right to object at any time via the website; email, letter or similar method.
Bank account details or payment details To pay, be paid, or to refund monies. To fulfil the contract between the Firm and the Data Subject.

 

The Firm will protect the data we collect in the following ways:

The Data Subject’s data will not be transferred outside the European Economic Area [EEA] except where identified in the table above.

The Firm has in place general recognised standards of technology including operational security including, but not limited to, data encryption thereby enabling the protection of relevant data from misuse, loss, damage, alteration, destruction or unauthorised access.

Any receipt or transfer of funds will be via recognised secure payment systems. The firm will securely destroy any financial information once used and no longer needed other than required by law.

The firm’s website will adhere to SSL encryption protocols.

Any breach of data which may pose a serious risk will be notified to the Data Subject without delay.

The Firm will not sell, pass on or contract with third parties Data Subject’s data without prior written [withdrawable] consent other than where required to by law; or otherwise provided for in the above table; or as follows:

A Data subject’s data may be passed to third parties which are under contract with the Firm to provide services to the Data Subject on the firm’s behalf. In such an event the data shared is only that necessary to fulfil the service requirement under the terms of the contract or Legitimate Interest with the Firm. Within such a contract an express condition will be that the third party keep any data secure and not to use in any other way, such data, for their own or other parties purposes.

The Firm will retain the Data Subject information for as long as necessary under the legal bases as identified in the table above or to comply with any legal obligation on the Firm’s part. The firm will review annually the data it holds to establish whether it continues to have the right to process it. Should such a right fail to continue to apply the Firm will cease from processing such data. Data may be retained thereafter in order to comply with any legal or auditing obligations which may arise.

Cookies.

A cookie is a text file placed on your hard disk by a Web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you the user.

A primary purpose of a cookie is to inform a web server that user has returned to a specific page on a web site. For example if a user personalises our Web page or registers with our website or services a cookie will enable us to recall specific personal data such as billing and delivery addresses. On a user’s return to our site the data previously provided can be retrieved thereby facilitating our services and features previously customised. The control and processing of any such data will be undertaken in line with the General Data Protection Regulation [GDPR] 2018.

Cookies can be accepted or declined. Web browsers have tools to modify cookie settings and can be set to decline if preferred by the user. Should the use of cookies be declined when using our web site there may be a loss of functionality and loss of potential services.

For further information, please address any questions or comments concerning this privacy policy to DCO@globaltransportfinance.net