Last updated August 13th, 2019
Processing of personal data
With respect to the personal data processed by Svenskt Industriflyg AB on the Customer's behalf (see Appendix 1 below), Svenskt Industriflyg AB shall fulfill the following requirements:
Restrictions on use. Svenskt Industriflyg AB will only process personal data in order to perform the agreed service, following written instructions from the Customer or as required by applicable law.
Information security programs. Svenskt Industriflyg AB will maintain a documented information security program that incorporates appropriate administrative, technical, and physical safeguards to protect personal data from anticipated threats or risks of security, confidentiality, or privacy.
Svenskt Industriflyg AB will:
Considering the nature of the information, as far as possible, implement technical and organizational measures to assist the Customer in complying with its obligations regarding responding to requests from individuals who wish to exercise their rights under Chapter III of the Regulation
Considering the nature of the processing and the information available to Svenskt Industriflyg AB, the customer assists in complying with the customer's commitments regarding the implementation of appropriate security measures, to notify the supervisory authority and individuals of personal data incidents, and to carry out impact assessments and consult the supervisory authority as required;
Ensure that the Customer receives the information reasonably requested by the Customer to assist the Customer by showing that the obligations laid down in Article 28 of the Regulation with regard to the appointment of an assistant and to enable and contribute to audits may be carried out by the Customer or appointed by the Customer auditor.
Svenskt Industriflyg AB may charge a reasonable fee for the assistance described above, however, not when the assistance is requested as a direct result of Svenskt Industriflyg AB 's own conduct or omission. In such a case, such assistance will be at Svenskt Industriflyg AB expense. The Customer shall notify Svenskt Industriflyg AB thirty (30) days prior to an audit and may not conduct an audit that may jeopardize the confidentiality obligations that Svenskt Industriflyg AB may have against its affiliates or customers. If the Customer wishes to appoint an auditor to conduct the audit, the Customer shall ensure that the auditor enters into a confidentiality agreement with Svenskt Industriflyg AB in a manner that Svenskt Industriflyg AB may reasonably request.
Return or destruction. The Customer may instruct Svenskt Industriflyg AB to delete or return personal data at the end of the period of time that Svenskt Industriflyg AB undertakes to process such personal data on behalf of the Customer in accordance with Appendix 1.
The customer confirms that the services include pseudonymisation and anonymisation in order to carry out coordinated reporting and investigation of trends, and agrees to that Svenskt Industriflyg AB may use pesudonymized and anonymized data for its own business purposes, and Svenskt Industriflyg AB will comply with applicable data protection legislation in respect of this processing.
Transfer of personal data
The Customer confirms that Svenskt Industriflyg AB may transfer personal data to its related companies, subsidiaries and applicable authorities within and outside the European Economic Area (EEA) for support, backup and in line with regulatory procedures pertaining to the services rendered. Svenskt Industriflyg AB has taken protective measures to protect the personal data transferred to countries outside the EEA.
Appendix 1 - Description of the personal data processing
Content and purpose
Any processing (including collection, processing and analysis of personal data) that may reasonably be required to facilitate or constitute support for the services provided as described in the Policy.
The duration of the personal data processing. Svenskt Industriflyg AB will process personal data as long as services are provided to the Customer and will thereafter preserve personal data in an archive to the extent necessary to meet legitimate business purposes.
Categories of registrants: Those registered may be individuals referred to in charter or service level contracts or systems depending on which entity within Svenskt Industriflyg AB has been hired to provide the services and / or individuals who are the recipients of, or have made claims to, or are otherwise involved in, any such contract or system . Usually, the registrants will be one of: (1) employees, hired or others working for the Customer and / or their family members, representatives or others related to the Workers; (2) Former, existing or potential customers, and / or their employees or other individuals related to them and / or their family members, representatives or others related to them and / or (3) past, existing or potential complainants or claimants in in connection with any charter or service level contract, and / or their family members, representatives or others associated with them.
name and contact information;
demographic information (such as gender, age, date of birth, marital status, nationality, education / work history, academic / professional qualification, employment details, leisure interests, family relationships, and relatives);
personal identification document(s) and associated information such as passport number as well as employee number;
financial information and payment information such as bank accounts or transaction information;
information related to the provision of the services, such as insurance and injury information, including information linked to injury events and related claims;
documentation of communication and monitoring systems; and
personnel data, such as title and role information, benefits and compensation, beneficiaries, education, academic and professional qualifications, emergency contact information and performance evaluation.
Specific categories of personal data referred to in Article 9 of the Regulation (sensitive personal data): Personal data processed by Svenskt Industriflyg AB may contain the following special categories of personal data: personal characteristics and circumstances of sensitive nature such as race or ethnic origin, sexual life, mental and physical health, genetic information, medical history, medical treatment, political opinion, religious belief, membership in the trade union, as well as criminal records and other lists of legal documents.
Svenskt Industriflyg AB
FAO: Data Protection Officer
Bromma Airport, Hangar 7
168 67 Bromma SWEDEN