SHAREHOLDER AND UBO DATA PRIVACY NOTICE
The “Company” hereby means JSC “BAA Training, reg. 300618099.
The Company collects and processes certain personal data provided by you or on your behalf from third parties, (e.g., share registrars and brokers), and which relates to you as an individual shareholder of the Company or an ultimate owner (also called ultimate beneficiary, owner beneficial owner, UBO) of it or its direct shareholders. The personal data processed in this fashion could also relate to you if you are an officer or director of a corporate shareholder of the Company.
The Company processes such personal data in its capacity as a data controller for the provisions of the General Data Protection Regulation (EU) 2016/679) (“GDPR“), and determines how and why your personal data will be processed.
The purpose of this notice is to provide you with more information in relation to the processing of your personal data, and your rights in connection with that personal data.
What personal data is processed?
The Company collects certain personal data of its registered individual shareholders or ultimate beneficial owners, also personal data of officers or directors of corporate shareholders of the Company, which may include the following types of data:
- Contact information such as your name, title, home address, email address, contact details in other videoconferencing platforms (e.g. Skype, Zoom, etc.) and telephone number(s), bank account details;
- Identity information such as identity number, date of birth, or copy of an identity document (may include your signature and image), signature;
- Shareholder information regarding your shareholding (number of shares and any notes/information to be linked to that shareholding according to law, structure of shareholding).
- Data from any communication between you and the Company, including data in minutes of board meetings and general meetings (including your voice and / or image captured during general meetings, organized online) and respective decisions.
- General meetings information – in connection with general meetings the personal data is used for registration, drawing up of voting lists and, where applicable, minutes of the general meeting.
How we will use your personal data?
The personal data we collect will be held and processed for the following purposes: |
The legal basis for doing so |
To manage your shareholder interest in Company |
– Where necessary to comply with the law – Where necessary to manage your shareholder rights and our obligations to you as a shareholder in accordance with the Articles of Association of the Company and applicable laws – It is in our legitimate interests to make sure that the services provided to you as a shareholder are well managed in accordance with applicable laws and regulations |
To check your identity and the validity of documents in order to keep the shareholder register up-to-date |
– Where necessary to manage your shareholder rights and our obligations to you as a shareholder in accordance with our Articles of Association and applicable laws – Where necessary to comply with the law – It is in our legitimate interests to check your identity and the validity of your documents so we can protect our business and keep to laws that apply to us |
To check your identity and the validity of documents in order to be compliant with anti-money laundering and counter terrorist financing regulations. Also providing information for know your customer (or similar) procedures at the request of third parties (e.g. banks, stock exchanges, etc.) |
– Where necessary to comply with the law – It is in our legitimate interests to check your identity and the validity of your documents so we can protect our business and keep to laws that apply to us – It is in our legitimate interests to check your identity and the validity of your documents and provide your personal data to the certain third persons so we can start or maintain dealing with other businesses (e.g. banks, our service providers and agents (legal, accounting, etc.), who are subjects to AML and CTF regulation |
To allow you to exercise your rights as a shareholder in accordance with our Articles of Association and applicable laws |
– Where necessary to comply with the law – Where necessary to manage your shareholder rights and our obligations to you as a shareholder in accordance with our Articles of Association and applicable laws |
To communicate with you about shareholder related information for legal, regulatory and servicing purposes. This includes information on shareholder payments, shareholder resolutions, the annual report and accounts, Notice of our Annual General Meeting and any other relevant information that relates to your shareholding in the Company |
– Where necessary to manage your shareholder rights and our obligations to you as a shareholder in accordance with our Articles of Association and applicable laws – Where necessary to comply with the law |
To meet responsibilities we have to the tax authority, law enforcement, or otherwise meet our legal responsibilities |
– Where necessary to comply with the law |
To identify, issue or resolve legal claims |
– It is in our legitimate interests to process your personal data so we can respond to any complaints or challenges from you or others which might be raised later. We will also retain personal data if we reasonably believe there is a prospect of litigation. |
How long do we store your personal data?
Personal data is only processed for as long as it is necessary in order to fulfil the purpose of the processing, or as long as the Company is required to store such data by law. The data is erased when you cease to be a shareholder in the Company. However, as mentioned, certain data is stored for a longer period of time when required by law, including company, securities and tax legislation.
To whom do we disclose your personal data?
Your personal data may be disclosed to a third party if required by law, regulations or an official decision by a relevant authority or who work with us to help deliver our services, in order to fulfil our legal obligations or at your request, under the following circumstances:
- other members of AVIA SOLUTIONS GROUP PLC as necessary to operate our business (for example, for internal reporting and where those companies provide services to us);
- our service providers and agents (including their sub-contractors);
- your advisers (such as lawyers and other professional advisers) who you have authorised to represent you, or any other person you have told us is authorised to give instructions on your behalf (such as under a power of attorney);
- the legal authorities;
- any third party after a restructure, sale or acquisition of any company, as long as that person uses your;
- information for the same purposes you originally provided it for;
- anyone we transfer or delegate our rights or obligations to, as allows under terms and conditions of any agreement you have with us (e.g. if we transfer the management of our share register to another service provider).
International transfers
In some circumstances the Company may transfer your personal data to third parties or group companies in a country (including your country of residence) other than the country in which the data was collected. When we transfer your personal data to a different country, we will take steps to ensure that such data transfers comply with applicable laws. For example, if we transfer personal data from the European Economic Area (EEA) to a country outside it, we will implement an appropriate or suitable data transfer safeguards and the means or taking other measures to provide an adequate level of protection under EU law.
Your rights
We guarantee the implementation of these rights and the provision of any related information at your request or in case of your query:
- know (be informed) about the processing of your personal data;
- to get access to your personal data which is processed by the Data Controller;
- request correction or addition, adjustment of your inaccurate, incomplete personal data;
- require the destruction of personal data when it is no longer necessary for the purposes for which they were collected;
- request the destruction of personal data if it is processed illegally or when you withdraw your consent to the processing of personal data or do not give such consent, when is necessary;
- disagree with the processing of personal data or withdraw the previously agreed consent;
- request to provide, if technically possible, the provision of your personal data in an easily readable format according to your consent or for the purpose of performing the contract, or request the transfer of data to another data controller.
If you consider that our processing of your personal data does not comply with the Data Protection legislation, you are also entitled to lodge a complaint with the Supervisory authority (https://edpb.europa.eu/about-edpb/board/members_en).
You have legal rights under data protection laws in relation to your personal data.
We may ask you for proof of identity when making a request to exercise any of these rights. We do this to ensure we only disclose information where we know we are dealing with the right individual for ensuring the rights of data subject.
We will not ask for a fee, unless we think your request is unfounded, repetitive or excessive. Where a fee is necessary, we will inform you before proceeding with your request.
We aim to respond to all valid data subject’s requests regarding processing of it’s personal data within one month. It may however take us longer if the request is complicated or you have made several requests. To speed up our response, we may ask you to provide more detail about what you want to receive or are concerned about.
We may not always be able to do what you have asked, for example if it would impact the duty of confidentiality we owe to others, if it falls within inside dealing limitations, restrictions by law or if we are otherwise legally entitled to deal with the request in a different way.
Contacting us
If you have any questions about our Privacy Notice or if you would like more information on your rights, or want to exercise them, you can send an email to [email protected].
The Data Protection Officer: [email protected].
We may change this Privacy Notice from time to time. We encourage you to review this Privacy Notice periodically.