Privacy Policy

1.1. This Privacy Policy applies to personal data processing carried out by airBaltic Training, including, data processing of our clients, event visitors, visitors of our webpage.

1.2. This Privacy Policy is not applicable to the personal data processing of employees or during recruitment process, except information on video surveillance, which is available in the Section 8. Information on personal data processing for such category of data subjects are provided in separate privacy policies that available for employees and candidates during recruitment process.

1.3. airBaltic Training knows the importance of personal data protection in this modern information age. airBaltic Training understands that appropriate data protection has impact on trust of its clients and employees, as well as on reputation and sustainability of the company. Therefore, airBaltic Training pays attention to appropriate data protection and is working to comply with the applicable regulatory enactments and apply data protection regulations in everyday work.

1.4. airBaltic Training is a subject to the General Data Protection Regulation No. 679/2016 (GDPR) of the European Parliament and of the Council as well as relevant national regulatory enactments, which impose obligations to ensure appropriate processing and protection of personal data. airBaltic Training aims to ensure inter alia:

Transparency – airBaltic Training wants to be transparent about data collection and processing so that data subjects have comprehensive information on how airBaltic Training process their data. Therefore, we have created with Privacy Policy through which we would like to communicate with you and inform you about personal data processing.  When necessary, we may update this Privacy Policy to reflect topical data processing activities carried out by airBaltic Training;

Lawfulness – airBaltic Training respects data protection and privacy laws and aim to comply with obligation provided by such laws;

Security – airBaltic Training aims to protect personal data pursuant to the industry standards, including having access control in place and encryption solutions, as well as updating security measures when necessary to comply with industry standards.

1.5. We aim to ensure processing of accurate and true personal data. However – as it is in any relationships – also in our cooperation you may help us to achieve this. Therefore, each time you provide us with your data, please verify accuracy of such information with due care, for example, when you apply for our services, in particular, when you provide airBaltic Training with contact information. We rely that information provided by you is accurate and true. If you notice any mistake, please feel free to contact us as soon as possible in order we could make appropriate changes to the data and thus ensuring processing of accurate data, in particular – accurate contact details. In case you mistakenly indicate wrong contact details, information may be sent to wrong recipient and accordingly you may not receive important information from us.

1.6. In case you provide us with personal data of another person (for example, when applying for training services on behalf of another person), then provide us with such data only if you have a legal ground to share such data with us, if the person has authorised you to share such data, as well as present to such individuals this Privacy Policy and obtain consent from such individuals. We may rely that individuals whose data you share with us have authorized you to do so and are informed and got acquainted with this Privacy Policy and agree to them.

We collect information about you in the following ways:

2.1 you visit airBaltic Training website or enter information into them;

2.2 you apply for our training services;

2.3 third parties provide us with information about you (for example, your employer may provide us with information about you for training purposes, or it may come from another partner);

2.4 you talk with our employees on our communication channels, for example, via social media, the phone or contact them by e-mail;

2.5 you file a claim or any other request with us, or you have contacted us;

2.6 your participation is registered for event organized by us and/or you participate in any event organized by us;

2.7 our partner has shared information about you as its representative;

2.8 we may ask you to provide us with data for authentication purposes and to verify whether you are a person who applied for our services or to verify whether you are the individual who you declare to be;

2.9 we may contact you in course of cooperation or corporate communication (for example, we may obtain contact information).

3.1. Taking into account that we may check your identification document (ID) only after you visit us, so we assume that a person applying for our services is you or is entitled to share your personal data with us on your behalf.

3.2. We may collect the following categories of personal data:

3.2.1. Basic data (e.g., name, surname, gender, age);

3.2.2. Identification data (e.g., birth data, identification data, data of passport);

3.2.3. Contact data (for example, e-mail, phone number, emergency contact information, in some cases – address, accommodation data etc.);

3.2.4. Settlement data (for example, payment information, fees, bank account information, taxes, debt information);

3.2.5.  Media data (e.g., photographs, video recordings, video surveillance data);

3.2.6. Communication data (e.g., language preferences, communication channels, consents, claims, opinions, correspondence etc.);

• WEB data (e.g., IP address, operating system, device type, cookies, access, website visit session, clicks, visited website sections information, reviewed information on website, reviewed services);

• Special category data (e.g., health related data, medical certificate, psychological test results);
• Training data (e.g. flight crew licenses, training records, certificates of trainings, behavioral data related to training, pilot logbook or other evidence for previous completed training and flight experience, pre-requisite forms).

3.3. We process your data for the following purposes and based on the following legal ground:

3.3.1. Conclusion and fulfilment of agreement (e.g., service provision legal ground – agreement with data subject or steps taken prior conclusion of agreement, agreement with a corporate customer who registers their employees for training services);

3.3.2.  Fulfilment of lawful rights, obligations and execution of law (for example, providing information to the relevant authorities based on request, legal ground – fulfilment of law and lawful rights and obligations);

3.3.3. Monitoring of fulfilment of the agreement;

3.3.4. The provision, administration and improvement of services – this purpose is related to the performance of a contract with data subject, which serves as the legal basis for data processing. In some cases, in order to improve the services, we may review the services rendered to client; such processing is based on a legitimate interest;

3.3.5. Quality and experience control and improvement (incl., surveys, customer satisfaction and claim reviews, review of communication. Legal ground – legitimate interest;

3.3.6. Provision, management and improvement of the website, as well as ensuring its continuity and security (for example, processing of data related to applications, habits of website visitors, legal ground – agreement with data subject and legitimate interest to ensure operation of website, its security and improvements);

3.3.7. Statistic and analytics of services and website experience;

3.3.8. Administration and management of corporate communication and event organization (e.g., administrating list of event participants, arranging accommodation for the guests (if agreed upon)));

3.3.9. Recording of historical events, ensuring historical succession, continuity and archiving purposes, legal basis – legitimate interest and in some cases Archives Law, for example we may take photographs and video recordings at events organized by us based on a legitimate interest in documenting such events for historical purposes. Before the event, visitors are separately informed that photos and videos may be taken during the event);

3.3.10. Claim management and debt recovery;

3.3.11. Organizational, resource, IT system and infrastructure (for example, information systems, software, data bases, network maintenance, improvement and security) and financial management, as well as management and administration of settlement and transactions (e.g., organizational management of insurance, management of processes);

3.3.12. Audits, revisions, due diligences, reorganization and restructuring or preparation for such processes or transactions, including we may process data in case of mergers or divisions, different acquisitions and/or transfer of liabilities, business and assets in full or partially, as well as within different legal proceedings, for example, legal protection proceeding, liquidation, insolvency proceeding. Additionally, in case of reorganization and/or acquisition and transfer of assets, liabilities and business, before such transaction data may be processed with the purpose to get acquainted with business transaction content and to evaluate its value. In any such case we will assess necessary scope of personal data with due care and will reduce personal data processing as much as possible to achieve the purpose and ensure appropriate protection of personal data, as well as conclusion of appropriate agreement with partner. We will inform you in cases any of such transaction has an impact our liabilities towards you or may involve transfer of your personal data to another company. Such processing may be based on law (for example, Commercial law, audits and revisions may be based on Law on Revision) and legitimate interest;

3.3.13. Protection of lawful interest, for example, data processing in relation to claim, obtaining and submitting necessary evidence in case of dispute or in case airBaltic Training shall prove to authorities or others that airBaltic Training has complied with any its lawful obligations, as well as any other processing necessary to protect legitimate interest.

More detailed information about cookies can be found here: Cookie policy

In general, we shall store your personal data until we have fulfilled the purpose of processing.

In this regard, we apply the following criteria when we determine period of time for processing and storage of the data:

5.1. we process/store the data until fulfilment of the purpose;

5.2. period of time, which is necessary to ensure fulfilment of contractual relationships;

5.3. period of time specified by the applicable regulatory enactments. airBaltic Training is a subject of various laws and regulations that impose strict obligations, including specific retention periods for certain types of information;

5.4. period of time necessary to protect lawful interests, including period of time necessary to review and resolve the dispute or claim, as well as period of time necessary to prove that appropriate processing was carried out and appropriate measures taken (including, to having proof to present to appropriate competent authorities that airBaltic Training has complied with its legal obligations and has provided training in accordance with the requirements for certified training service provision);

5.5. limitation period for different requests and claims, including those, which may be addressed towards airBaltic Training by data subject and those, which airBaltic Training may address to data subjects when exercising its lawful rights – for example, requesting data subject to cover the debt;

5.6. period of time during which a person or authority may exercise its rights and contact airBaltic Training.

We have implemented various tools and services that facilitate our cooperation and communication and achievement of purposes of personal data processing. Therefore, we may disclose your data to the categories of data recipient as mentioned below.

Please note that we disclose your personal data only when there is a legal ground for disclosure of data.

The categories of data recipients:

6.1. we may disclose your data to auditors, providers of accounting and financial services, as well as payment service providers (for example, banks or other financial institutions) to ensure payment for services or related purposes;

6.2. we may disclose your data to partners who provide us with the following services – insurance service providers, IT service and support providers.

6.3. we may disclose personal data to the relevant state or local government authorities in cases and under the procedure provided by law;

6.4. your data may be disclosed to the website service providers with whom we have concluded the agreement to ensure operation of the website;

6.5. hotels and accommodation service providers may receive information about you in specific cases – for example, if you are a representative of our partner and we have arrangement to organize an accommodation reservation for you;

6.6. social networks and social media platforms as categories of data recipients, for example, Facebook, Google or other social media. We may provide you with an opportunity to access social media by using our website. Similarly to other companies, we may introduce scripts on or website, which becomes active when you have consented to certain preferences at our website (cookies and other technologies), thus providing consent for sharing such data. In such a case information you have entered on our website may be sent to such service providers in accordance with the preferences you have accepted (cookies and other technologies), further appropriate information may be reflected in your social network and media profiles according to the services offered by such social network or media service provider (for example, in your profile of the relevant social media, advertisement may be reflected, which corresponds to your latest searches in our website). More detailed information on such social network and media services can be obtained by approaching your social network and media service provider and in accordance with your privacy settings with such service providers.  Please, get acquainted with our cookies and other technologies policy available in the Section 4 of this Privacy Policy and select your preferred settings. You can update them or withdraw your consent at any time in the same section.

6.7. we may disclose personal data in certain cases to consultants, debt recovery service providers, and lawyers;

6.8. we may disclose your data when it is necessary and by applying the principle of data minimization to persons involved in transactions of reorganization, acquisition and/or transfer of assets, liabilities and business, and any others, who provide support or consultations for preparation and execution of such transactions, as well as those, who are involved in evaluation of such transactions before they are commenced;

6.9. we may disclose your data to other training providers (e.g. instructors), to perform the contract and ensure the provision of training services;

6.10. your data may be disclosed to “Air Baltic Corporation” AS for the purpose of cooperation and administration;

6.11. we may disclose your data to the Civil Aviation Agency of the Republic of Latvia (CAA) in order to ensure compliance with regulatory enactments regarding certification.

6.12. your data may be disclosed to Flightlogger ApS, the company that owns and operates flight training management software “FlightLogger”, which is necessary to ensure the training process and log trainees performance.

Our partners are always obliged to adequately safeguard your personal information and process it in accordance with instructions stated in our mutual agreement.

We apply technical and organizational measures to protect your privacy and data.

We update and test our security technology on a regular basis. We restrict access to your personal data only to authorized staff in order to provide services to you. We also train our staff about personal data protection, the importance of confidentiality to ensure the privacy and security of your information.

We use different encryption solutions to ensure security of information.

As a subsidiary of Air Baltic Corporation AS, we operate in compliance with its Privacy Program. Several policies and procedures have been implemented to support the processing of personal data in accordance with applicable regulatory requirements, with the goal of ensuring secure data handling.

In order to ensure transparent and clear information on what kind of communication you may receive from us, as well as your rights in this regard, we have prepared this Section in this Privacy Policy. This Section does not in any way impact or limit any of your rights stipulated under the Section 10 of this Privacy Policy.

We may approach you in the following situations:

8.1. General information and information on your application. For example, information on your application process, confirmation of your application, invoices, conditions, information about any changes or information which may have impact to service rendered to you.

Legal ground and your rights: Legal ground for providing such information is the performance of a contract or in order to take steps prior to entering into a contract. Such communication is essential for our mutual contractual relationships.

8.2. We may invite you to participate in a survey and give your opinion on our provided service or invite you to participate in any other survey with the purpose to improve our operation and services.

Legal ground and your rights: Legitimate interest to evaluate and improve our operation and quality of services. You have the right to freely choose whether you would like to participate in such a survey or refuse participation. In case you do not want to receive any further invitation to participate in any further surveys, you can write an e-mail to [email protected] at any time by indicating your objection (for example, I object receiving any invitation to surveys in a future).

8.3. We may contact the person indicated by you as an emergency contact.

airBaltic Training may offer clients a possibility to indicate a person whom to contact in case of emergency. We consider this also as a legitimate right of client to inform relatives.

Legal ground and your rights: You have rights to choose whether you submit contact details of other person in case of emergency. If you choose to indicate such person, please make sure that such person is informed and consented that its data is delivered to airBaltic Training of emergency contact purposes.

8.4. We may contact you in relation to some complaint, application, request or any liabilities. During business, there might be a necessity to contact you in relation to different matters, for example, to answer to your claim, to contact you in case there is some debt, to contact you in case of your request or application, to provide you with answer, to provide you with requested data. The purpose of such communication is to ensure contact with you and provide you with necessary information. Such communication may be based on requirement of law (for example, obligation to answer of consumer claims), based on conclusion or execution of contract with you, as well as in separate situations based on legitimate interest to contact you for different matters.

Legal ground and your rights: You have rights to object communication when it is based on legitimate interest. However, in case of objections we may not be able to ensure you with requested answer if provision of answer is based on legitimate interest. Therefore, in case there are some objections towards our communication, please do not hesitate to contact us to [email protected] and we will investigate situation with due care and try to find the best solution in a particular situation.

8.5. We may contact you in any other meaningful situations, for example, to inform you about changes in the company`s operations or about certain restrictions in the training process.

Legal ground for such communication is legitimate interest to ensure clients with meaningful information in relation to the company and its operation, as well as in some specific situations it may be requirement of law, when applicable regulatory enactments imposes obligation to provide certain information. In case information is provided due to obligation of law, then the right to object does not apply (unless clearly stated by law). In case of legitimate interest, you have the right to object.

Legal ground and your rights: You have rights to object communication when it is based on legitimate interest, by following the scope of law and writing to [email protected].

8.6. You may see our advertisements on social networks and media platforms you use if you have agreed to certain cookies. Depending on the choices you have made regarding cookies and other technologies (which you can access and manage freely in Section No.4 of this Privacy Policy), information about your activities on our website may be shared with social networks and media platforms. Please note that such information may be sent only if you have accepted certain preferences on our website (cookies and other technologies).

Legal ground and your rights: consent according to the preferences you have chosen in relation to application of the cookies and other technologies at our website. You have the right to object and withdraw your consent at any time by changing your cookie and other technology settings (Section No. 4 of this Privacy Policy). In the case of cookies, you may also delete specific cookies stored on the device you used to access our website. Additionally, several social network and media service providers offer options to adjust privacy settings in the profile associated with their services. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

airBaltic Training may conduct video surveillance at its facilities and the surrounding area to ensure the security of individuals, information, property, aviation and infrastructure; to prevent illegal activities or other threats (including through preventive measures); and to support the detection of criminal offenses within the facilities and adjacent areas. Video surveillance may be carried out based on a legitimate interest.

We place warning signs at airBaltic Training facilities where video surveillance is conducted.

airBaltic Training carefully evaluates the facilities where video surveillance cameras are located, assessing the surveillance area and the risks associated with it. Before the video cameras are placed, the surveillance area is carefully selected to minimize monitoring of irrelevant areas and focus only on those necessary to achieve the intended purpose. airBaltic Training ensures that video cameras are not placed in areas with increased level of privacy, such as lounges, toilets, changing rooms.

The data from video surveillance may be accessed only by authorized personnel for performance of direct duties, as well as by security guards, security and consultation service providers, law enforcement authorities and other entities  as permitted under the applicable regulatory enactments (the mentioned may involve inter alia data subjects who lawfully request access to such records, provided that granting access does not infringe upon the rights and freedoms of any other individual).

Video surveillance records may be kept for the period necessary to achieve the intended purpose, taking into account the specifics of the observed objects, the conditions and the risks associated with them. Depending on the observed area and its specifics, the storage duration of records may differ. However, in any case the retention period for video surveillance records shall not exceed five days.

In exceptional cases, for example, if request from court or law enforcement authority is received, in case of theft or in case of suspected unlawful behavior, specific records may be stored for longer period (exceeding five days) if necessary for execution of request and protecting of lawful interest. For instance, airBaltic Training may retain records to provide evidence of illegal behavior or a criminal offense, to address suspicions related to such activities, or to investigate a potential incident in line with the purposes outlined above.

In case you have visited facilities of airBaltic Training and you would like to access records of video surveillance, in such a case (if such records are not yet deleted) we may ask you to submit additional information (the time and date for which you request access, the premises or locations you have been in). To ensure that we can identify you in those records, you must either visit our office (access will only be granted if the security officer can recognize the person in the video recording) and present an identity document, or send an electronically signed request to [email protected] along with a copy of your passport or ID (to allow for image comparison with the video recording, as stipulated in European Data Protection Board Guidelines 3/2019, point 96). airBaltic Training will evaluate any such request and event independently, evaluating whether the request infringes the rights and freedoms of another person and ensuring adequate protection of the data and privacy of the persons involved. airBaltic Training will provide records to data subject if data subject has submitted request that complies with this Privacy Policy and is in accordance with the applicable regulatory enactments.

We process your data; therefore, you have the right to request information about how we handle it and what we do with it. In some cases, you may also request that we limit the processing of your data, in compliance with the applicable regulatory enactments.

You have the following rights according to the applicable regulatory enactments:

10.1 to access your personal data (receive a copy of your personal data and request the purpose and legal basis of the data processing);

10.2 to object to the processing of your personal data when it is based on legitimate interest. If you submit an objection to [email protected], please specify which data processing activity your objection concerns;

10.3 to withdraw consent (e.g. refuse optional cookies). Take into account that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;

10.4 to rectification (update your contact information or submit current information in case of changes);

10.5 to be forgotten or erased (request to delete your information from our databases, in compliance with the applicable regulatory enactments). Please be informed that according to the applicable regulatory enactments we may keep certain information also after the request on rights to be forgotten or erasure, for example, when the applicable regulatory enactments impose obligation to store certain information for specified period of time, for example, the Accounting Law may impose obligation to store information on our transaction. We retain training records to comply with legal obligations under different aviation regulations, incl. Regulation (EU) No 1178/2011 (EASA Part-FCL & Part-ORA) and applicable national civil aviation requirements. These records may be stored for a period necessary to ensure compliance, safety oversight, and in accordance with our legitimate interest to demonstrate training completion as required by aviation authorities. As well as we may continue storage of information for the establishment, exercise or defense of legal claims and in other cases provided under the applicable regulatory enactments. We will examine each request with due care and will exercise your rights to be forgotten towards information which shall be deleted according to GDPR.

10.6 to restrict processing of personal data (ask us not to use certain information about you for limited period);

10.7 to data portability (receive information about yourself which you have provided to us and ask to deliver such information to another controller if it is technically feasible);

10.8 in case you have any concerns, objections or complaints on processing of personal data carried out by airBaltic, we encourage you to contact us by writing to [email protected] and we will review the issue with due care and take steps to resolve it as soon as possible. Nevertheless, data subjects have the right to lodge a complaint with a supervisory authority.

Depending on the nature of information you want to access, some authentication requirements may apply to allow airBaltic Training to verify whether you are the person you declare to be, for example, if you want to obtain data generated while receiving the service or obtain special category personal data, more strict authentication requirements may be applied comparing to procedure applied in a daily course of business.

Please note that in most cases we may commence exercise of data subject rights, if we have received request directly from the data subject, and such request is signed with a secure digital signature and sent to [email protected] or if the original request with handwritten personal signature has been submitted to the administration of airBaltic Training (Marupe parish, Riga International Airport, Pilotu 6, Latvia, LV-1053).

If you have any questions or concerns regarding the Privacy Policy or the processing of personal data by airBaltic Training, we invite you to contact us at [email protected] and we will review the issue with due care and will take appropriate steps to resolve the issue as soon as possible.

Our activities in the field of personal data protection are monitored by State Data Inspectorate of the Republic of Latvia (Datu valsts inspekcija). To resolve any misunderstandings as quickly as possible, we encourage you to contact us first.

Contact us:

Air Baltic Training, SIA

Marupe parish, Riga International Airport,

Pilotu 6, Latvia

LV-1053