AviAlliance GmbH

Data protection

Thank you for your interest in our online presence. The protection of your personal data is a central concern for us. With this data protection declaration we would like to inform you about the handling of your personal data in accordance with the requirements of the EU General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 - hereinafter "GDPR") in the context of the use of the website available at https://www.avialliance.com/avia_en (hereinafter "website"):

I. Party responsible

AviAlliance GmbH
Klaus-Bungert-Str. 5
40468 Düsseldorf
Germany
Tel.: +49 211 20540-200
Fax: +49 211 20540-202

Send message

AviAlliance GmbH is represented by the Management Board:
Holger Linkweiler, Gerhard Schroeder

II. Data protection official

Data protection official of AviAlliance:

Dr. Thorsten Behling
FAS AG

Thomas-Wimmer-Ring 1
80539 München
Germany
Tel.: +49 89 28646-2732

Send message

III. Preliminary remarks
1. Provision of general data and information

AviAlliance makes every effort to ensure that the information and data contained on this website is accurate. AviAlliance reserves the right to make changes or additions to the information or data provided without prior notice.

2. Contractual relations

AviAlliance enables users of its websites to also access the websites of partner enterprises. The AviAlliance websites therefore contain hyperlinks to the websites of third-party service providers. Users of AviAlliance websites enter into a contractual relationship with the respective service provider through the use of its services. The corresponding terms and conditions of this service provider are then applicable. The legal and textual responsibility for the services offered on the pages of the partner enterprises lies solely with the respective partner enterprise whose website can be called up via the avialliance.com homepage.

If the services of a service provider are used, contractual relationships are formed exclusively between the respective partner enterprise and the user according to the terms applicable for this contractual relationship.

3. Liability

The information which we provide to you on the AviAlliance websites has been collated with the greatest possible care and is updated on an ongoing basis. Despite our best efforts, however, the absence of errors cannot be guaranteed. No liability shall be accepted nor any guarantee given with regard to the currency, correctness or completeness of the information and data provided.

Despite every effort to monitor content, we accept no liability for the content of external links. The operators of such linked pages are exclusively responsible for their content. Moreover AviAlliance GmbH accepts no responsibility for the data protection measures taken by the operator of such websites.

4. Copyright

The content of the AviAlliance websites is protected by copyright. The copying, dissemination, storage, reproduction and transmission of all information or data, particularly the use of texts, parts of texts or images, or other works published on the websites, is expressly prohibited without the prior written consent of AviAlliance GmbH. The texts and images in the "Press" area which are provided expressly for distribution are exempted.

5. Applicable law

All information or data, their use, the log-in to the AviAlliance websites as well as any associated action, inaction or omission are subject exclusively to German law. The place of jurisdiction is Düsseldorf.

IV. General information on data handling
1. Scope of the handling of personal data

As a matter of principle, we only process personal data of our users insofar as this is necessary for providing a functional website and for our contents and services. We regularly process personal data of our users only after these users have given their consent. There is only an exception in such cases where there is an actual practical reason why securing prior approval is not possible and the processing of the data is permitted in accordance with statutory regulations.

2. Legal framework for the handling of personal data

Insofar as we obtain the consent of the data subject for the handling of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.

In the handling of personal data required for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to handling operations that are necessary to carry out pre-contractual measures.

Insofar as the handling of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

In the event that the vital interests of the data subject or another natural person require the handling of personal data, Article 6(1)(d) GDPR serves as the legal basis.

If handling is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for handling.

3. Data deletion and storage time

The personal data we collect is only kept for as long as this is necessary for fulfilling the respective purpose for which the data is stored. If the purpose no longer applies, we always delete or anonymize the data again, insofar as and to the extent which this does not conflict with legitimate storage reasons or obligations. A storage obligation may, for instance, be continued beyond the above definition if this is envisaged by the European or national legislator in European Union regulations, laws or other regulations which the controller is subject to.

V. Provision of the website and creation of log files
1. Description and scope of data handling

Every time you visit our website, our system automatically collects data and information from the computer system of the requesting computer.

The following data is collected:

  • Information about the browser type and version used
  • The user's operating system
  • The user's Internet service provider
  • The IP address of the user
  • Date and time of access
  • Websites from which the user's system reaches our website
  • Websites accessed by the user's system through our website

The data is also stored anonymously in the log files of our system. This data is not stored together with other personal data of the user. For reasons of success control, the anonymized log files are regularly statistically evaluated.

2. Legal basis for data handling

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data handling

The temporary storage of the IP address by the system is necessary to enable the website to be displayed to the user's computer. For this the IP address of the user must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

In these purposes also lies our legitimate interest in data handling according to Art. 6 para. 1 lit. f GDPR.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.

5. Possibility of objection and elimination

The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

VI. Social media plug-ins

On our website we use the following social media plug-ins:

1. Facebook plug-in (share button)

On our website we use the share plug-in of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). The plug-in is marked with a Facebook logo.

If you click the Facebook button and are logged into your account on Facebook, you have the option of linking content from our websites to your Facebook profile page. You allow Facebook to associate your visit to our website with you or your user account. We have no knowledge of the content of the transmitted data and its handling by Facebook.

For more details on the collection of the data and your legal options and setting options, please see Facebook's privacy policy at: http://www.facebook.com/policy.php

2. Twitter plug-in (share button)

On our website we use the share plug-in of Twitter Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). The plug-in is marked with a Twitter logo.

If you click on the Twitter button and are logged into your account on Twitter, you have the possibility to link a content of our website with your Twitter account. You allow Twitter to associate your visit to our website with you or your user account. We have no knowledge of the content or handling of the transmitted data through Twitter.

For further details on the collection of data and your legal options and setting options, please see Twitter's privacy policy at: https://twitter.com/privacy

3. LinkedIn plug-in (share button)

We use the share plug-in of LinkedIn from LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA ("LinkedIn"). The plug-in is marked with the LinkedIn logo.

If you click the LinkedIn button and are logged in to your LinkedIn account, you can link content from our websites to your LinkedIn profile on your profile page. In doing so, you enable LinkedIn to assign your visit to our website to you or your user account. We have no knowledge of the content of the transmitted data and their handling by LinkedIn.

For further details on the collection of the data and your legal options and setting options, please refer to LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy

4. XING plug-in (share button)

On our website we use the share plug-in of XING AG, Gänsemarkt 43, 20354 Hamburg, Germany ("Xing"). The plug-in is marked with the Xing logo.

If you click the Xing button and are logged into your Xing account, you will be able to share content from our website through your Xing profile. Your data will not be saved when you access this website.

For more information, please see Xing's privacy policy at: https://privacy.xing.com/en

VII. Contact form and contact by telephone or email
1. Description and scope of data handling
a) Contact form

On our website there is a contact form which can be used for electronic contact. If a user takes advantage of this possibility, the data entered in the input mask will be transmitted to us and stored. This data is:

  • Personal master data (e.g. title, first name, last name)
  • Contact information (e-mail address, telephone number)
  • Address details (street, postcode, city, country)
  • Message content

At the time the message is sent, the following data is also stored:

  • Date and time of registration

Your approval is obtained for the handling of the data within the scope of the sending process and reference is made to this data protection declaration.

Alternatively, you can contact us via the e-mail address provided. In this case, the user's personal data transmitted by e-mail will be stored.

In this context, the data will not be passed on to third parties. The data will be used exclusively for the handling of your request.

Reference is made to this Privacy Policy within the framework of the sending process.

b) Telephone

Alternatively contact can be established via the available telephone number. In this case the following data are processed:

  • Personal master data (for instance first name, second name)
  • Contact data (for instance telephone number, email address)
  • Meta data (for instance date and time of your phone call/email)
  • Message content

2. Legal basis for data handling
a) Contact form

As soon as you establish contact with us by using this form, the data you provided has to be processed, in order to answer your inquiry, or also to be able to perform the pre-contractual measures you inquired about. In doing so, we process the types of data stipulated in VII 1. a), insofar as you provide these. Please only provide the data which we require for answering your query (for instance, only provide your telephone number if you want a response by phone). The legal bases for this processing is Art. 6 (1), 1 b) and f) of the GDPR.

The data entered in the contact form are processed on the basis of Art. 6 (1), 1 lit. f of the GDPR. Here we have a legitimate interest in answering your inquiry to your satisfaction. Regarding the other personal data processed during the sending process, there is a legitimate interest in preventing misuse of the contact form and securing the IT security of our information technology systems.

b) E-mail and/or telephone

Insofar as you are to contact us by phone or because you have been provided with an email address you should also correspond with us by email, we process the types of data stipulated under point VII 1. b). It is necessary to process the data which is provided, in order to answer your inquiry and, if required also to fulfill pre-contractual measures you inquired about and/or to fulfill a contract, if such a contract should have been concluded between you and us and this requires correspondence or such correspondence is at least appropriate within the framework of fulfilling the contract.

The legal basis for this processing is Art. 6 (1), 1 b) and f) of the GDPR. Insofar as we maintain that we have a legitimate interest, this is in particular for fulfilling our main and secondary obligations as well as for appropriately, promptly and efficiently dealing with the matters you put to us.

3. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those that were sent by e-mail, this is the case if the request, i.e. the purpose of establishing contact, is fulfilled. The purpose is fulfilled if it can be inferred from the circumstances that the facts in question have been finally clarified.

4. Possibility of objection and elimination

The user has the possibility to withdraw his consent to the handling of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

You can send the withdrawal either by post, e-mail or fax to our data protection officer (see paragraph II of this data protection declaration for contact details).

All personal data stored in the course of contacting us will be deleted in this case.

VIII. Sending an Application
1. Description and Scope of Data Processing

Insofar as you want to send an application to us, we process your data to establish an employment relationship with you and in the event of your employment also for establishing, implementing and terminating this.

a) Application for a specific job

Insofar as we have advertised a specific job, you will find this on our website in the section “Career”. Underneath a job description you can apply for the job using an online form via the link “apply for this job now”. In the respective form you have the possibility of entering, amongst other things, the following data:

  • personal master data (for instance, salutation, first name, second name and date of birth)
  • address data (for instance street, house number, zip code, town and country)
  • contact data (for instance, telephone number, cell phone number and email address)
  • skills (for instance, language skills, additional qualifications)
  • information on current employment situation (for instance employed/not employed and availability)
  • envisaged career plans (for instance, place of work and locality, working time model and desired career)
  • application data (for instance, cover letter, curriculum vitae and references/certificates)
  • meta data on your application (for instance, date and time)

Some data fields are designed as mandatory fields, because our service provider cannot further process your application without this information, respectively your suitability cannot be checked without such content. Such mandatory fields are recognizable because they are marked with a star (*).

Insofar as you provide us with personal data which are not required for this purpose – particularly in the free texts and appendices – we do not wish to collect these data.

Insofar as you apply by email (or post), we process your personal master data, your contact data, your address data, the content of your message and your application data, as stipulated under point VII. We only process additional data inasmuch and insofar as these are suitable for proving your suitability for this job. Insofar as this is not the case, we do not wish to collect these data. If you send us personal data by email, please ensure appropriate encryption, because data transfer by email is not secure and it cannot be ruled out that third parties also read it.

b) Unsolicited application

If you have not found a suitable job offer on our website in the sector “Career”, you also have the possibility of sending an unsolicited application to us. In this case you can either contact us by telephone or send us a message on the contact form that can be accessed in the sector “Career”. After your message has been received, you will be contacted via email by employees responsible for personnel matters.

The following data are collected for this purpose:

  • personal master data (for instance first name, second name)
  • address data (for instance street, house number, zip code and town)
  • contact data (for instance telephone number and email address)
  • your message to AviAlliance
  • meta data about your message (for instance, date and time)

c) Inclusion in the pool of applicants

If you apply for a specific job or send us an unsolicited application, but we are unable to offer a suitable job, you can have your application included in our pool of applicants. This allows you the possibility that your applications will be compared with our respective vacant jobs. Insofar as there is a job available, you can be contacted by us, notified about the job and invited to a job interview.

The data categories that we process in connection with the pool of applicants include in particular:

  • personal master data (for instance salutation, first name, second name and date of birth)
  • address data (for instance street, house number, zip code, town and country)
  • contact data (for instance, telephone number, cell phone number and email address)
  • skills (for instance, language skills and additional qualifications)
  • information on current employment situation (for instance employed/not employed and availability)
  • envisaged career plans (for instance, place of work and locality, working time model and desired career)
  • application data (for instance, cover letter, curriculum vitae, references/certificates and possible starting date)

Your data are only forwarded to the respective responsible head of department at AviAlliance. There is no forwarding to third parties in addition to this.

2. Legal Basis for the Data Processing

Your application data is only processed for deciding on establishing an employment relationship with you, and in the case of a positive decision also for establishing, implementing and terminating this pursuant to Art. 88 GDPR in combination with § 26, sub-section 1, clause 1 of the Federal Data Protection Act (BDSG).

Your application is only included in the pool of applicants when you apply via our job portal or though an unsolicited application and after your explicit consent has been given pursuant to Art. 6 (1) a) GDPR using the following wording:

“I hereby give my consent to the data and documents of my application being included in AviAlliance GmbH’s pool of applicants and consequently examined and used for addition applications at AviAlliance GmbH and that I may be contacted by AviAlliance GmbH when there are fitting vacancies. I may withdraw my consent at any time with effect for the future, whereby the legitimacy of the processing up to this point in time shall not be affected. I have had the opportunity to take note of the details regarding the processing of my data.“

3. Duration of Storage

If you want to be included in our pool of applicants, we will store your personal data for the duration of two years. These data are exclusively forwarded to the respective responsible head of department at AviAlliance. Your data are not forwarded to places outside AviAlliance.

If you do not want your data to be included in our pool of applicants, we shall delete them after one month.

4. Possibility of Withdrawing Your Consent

You have the possibility of withdrawing your consent to your data being included in our pool of applicants pursuant to Art. 7 (3) GDPR with effect for the future.

You can send us your objection by post, email or fax (contact data see point I of this data privacy policy).

In this case, all data which were stored in connection with the application are erased.

IX. Recipients or categories of recipients

Depending on the processing purposes, the personal data shall be forwarded to the following recipients:

  • public entities, to which the data have to be transmitted pursuant to statutory regulations (for instance supervisory authorities, financial authorities, social insurance institutions, and if applicable, law enforcement agencies)
  • internal entities, which are involved in performing tasks
  • data processor (for instance IT service provider)
  • our external data protection officer
  • other companies in our group

X. Rights of the data subjects

If your personal data is handled, you are concerned within the meaning of the GDPR and you have the following rights towards the responsible party:

1. Right of information

You can ask the person in charge to confirm whether your personal data are handled by us.

If such handling has taken place, you can request the following information from the party responsible:

  • the purposes for which the personal data are handled;
  • the categories of personal data handled;
  • the recipients or categories of recipients to whom your personal data
  • have been or are still being disclosed;
  • the planned duration of the storage of your personal data or, if specific information on this is not possible, criteria for determining the storage period;
  • the existence of a right to have your personal data corrected or deleted, a right to have handling restricted by the responsible party or a right to object to such handling;
  • the existence of a right of appeal to a supervisory authority;
  • any available information on the origin of the data if the personal data are not collected from the person concerned;
  • the existence of automated decision-making, including profiling in accordance with Art. 22 para. 1 and 4 GDPR and - at least in these cases – significant information on the logic involved and the scope and intended effects of such handling for the person concerned.

You have the right to request information as to whether your personal data is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.

2. Right of correction

You have a right of correction and/or completion towards the responsible party if the handled personal data concerning you are incorrect or incomplete. The party responsible shall make the correction without delay.

3. Right of limitation of the data handling

You can request the limitation of the handling of your personal data under the following conditions:

  • if you question the accuracy of your personal data concerning you for a period that enables the person responsible to verify the accuracy of the personal data;
  • the handling is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
  • the responsible party no longer needs the personal data for the purposes of the handling, but you need them to assert, exercise or defend legal claims, or
  • if you have filed an objection to the handling pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the party responsible outweigh your reasons.

If the handling of your personal data has been restricted, these data may only be handled - apart from their storage - with your consent or in order to assert, exercise or defend rights or to protect the rights of another natural or legal person or on grounds of an important public interest of the Union or of a Member State.

If the handling restriction has been limited in accordance with the above conditions, you will be informed by the party responsible before the restriction is canceled.

4. Right of deletion
a. Obligation to delete

You may request the responsible party to delete the personal data concerning you without delay and the responsible party is obliged to delete this data without delay if one of the following reasons applies:

The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise handled.

You revoke your consent, on which the handling was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the handling.

You file an objection against the handling pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the handling, or you file an objection against the handling pursuant to Art. 21 para. 2 GDPR.

The personal data concerning you have been handled unlawfully.

The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data responsible party is subject.

The personal data concerning you have been collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.

b. Information to third parties

If the responsible party has made your personal data public and is obliged to delete them in accordance with Art. 17 para. 1 GDPR, it shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform those responsible for data handling who process the personal data, that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.

c. Exceptions

The right of deletion does not exist if the handling is necessary

  • to exercise freedom of expression and information;
  • for the performance of a legal obligation required for handling under the law of the European Union or of the Member States to which the responsible party is subject or for the performance of a task in the public interest or in the exercise of official authority conferred on the responsible party;
  • for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the law referred to under a) is likely to make it impossible or seriously impair the attainment of the objectives of such handling, or
  • for asserting, exercising or defending legal claims.

5. Right of information

If you have exercised your right to have the party responsible correct, delete or limit the handling, he is obliged to inform all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of the handling, unless this proves impossible or involves a disproportionate effort.

You have the right towards the party responsible to be informed of such recipients.

6. Right of data transferability

You have the right to receive the personal data concerning you that you have provided to the party responsible in a structured, common and machine-readable format. In addition, you have the right to pass this data on to another person in charge without obstruction by the person in charge to whom the personal data was provided, if

  • handling is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
  • handling is carried out using automated methods.

In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one party responsible to another party responsible, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right of transferability shall not apply to the handling of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the party responsible.

7. Right of objection

You have the right to object at any time, for reasons arising from your particular situation, to the handling of your personal data based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.

The responsible party no longer processes your personal data, unless he can prove compelling reasons for the handling, which outweigh your interests, rights and freedoms, or the handling serves to assert, exercise or defend legal claims. If your personal data is handled for direct marketing purposes, you have the right to object at any time to the handling of your personal data for such advertising purposes, including profiling, in so far as it is related to such direct marketing.

If you object to the handling for direct marketing purposes, your personal data will no longer be handled for these purposes.

You have the possibility to exercise your right of objection in connection with the use of Information Society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

8. Right to withdraw the data protection declaration of consent

You have the right to withdraw your declaration of consent under data protection law at any time. The revocation of consent does not affect the legality of the handling carried out on the basis of the consent until revocation.

9. Automated decision in individual cases including profiling

You have the right not to be subject to a decision based exclusively on automated handling - including profiling - that has legal effect against you or significantly impairs you in a similar manner. This does not apply if the decision

  • is necessary for the conclusion or performance of a contract between you and the person responsible,
  • is admissible under EU or Member State legislation to which the person responsible is subject and that legislation contains appropriate measures to safeguard your rights, freedoms and legitimate interests; or
  • with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

In the cases referred to in (1) and (3), the party responsible shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person by the party responsible, to state his own position and to challenge the decision.

We shall not use your data for automated decision-making processes, including profiling, pursuant to Article 22 (1) and 4 of the GDPR.

10. Right of complaint to a supervisory authority

Notwithstanding any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you are staying, working or suspected of infringing, if you believe that the handling of your personal data is contrary to the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

The following data protection supervisory authority is responsible for us:

Landesbeauftragte für Datenschutz und
Informationsfreiheit Nordrhein-Westfalen

(State Data Protection and Freedom-of-Information
Officer for North Rhine-Westphalia)
Kavalleriestr. 2-4
40213 Düsseldorf
Germany
www.ldi.nrw.de

XI. Status and adjustments of this data protection declaration

This data protection declaration corresponds to the status stated below. We reserve the right to amend this data protection declaration. We would therefore ask you to review the data protection declaration on an ongoing basis so that you can inform yourself about any changes.

XII. Data Security

We have implemented comprehensive technical and organizational security measures to protect the personal data we have processed against unauthorized access and abuse. Our security procedures and measures are regularly checked and adapted to our technological progress.

XIII. Status and Adaptations of this Privacy Policy
Status: July 2019