The purpose of this privacy notice is to explain how Carlyle Aviation Partners Ltd. and its subsidiaries (collectively, the “Company“, “we”, “us” and “our”) may process your personal information.
This Privacy Notice is addressed to any individual who provides his / her personal information to the Company (“Data Subject“) either directly or indirectly.
We are committed to protecting the privacy of Data Subjects. This Privacy Notice is designed to ensure that Data Subjects are aware of their rights concerning the use by the Company of their personal data.
An individual has the right to expect that personal and sensitive information disclosed by him/her to the Company will be kept confidential. All such information will be processed by the Company in accordance with its legitimate business requirements, or as required by law, and will not be disclosed to third parties without a valid legal basis to do so.
We will always comply with the General Data Protection Regulation (“GDPR“) when dealing with your personal data. Further details on the GDPR can be found at Office of the Data Protection Commissioner’s dedicated GDPR website (gdprandyou.ie).
For the purposes of the GDPR, we will be the “controller” of all personal data which we hold about you.
What personal information do we collect about you?
We collect and gather, use, store and process various categories of personal data. This is known as processing personal data. The personal information we collect about you may include:
- Email address;
- Contact details;
- Photos; and
- Other personal information provided to us through forms, questionnaires, legal agreements or ongoing correspondence.
How will we use your personal information and what is the legal basis for this?
The Company will hold and process personal data provided by Data Subjects to:
- comply with the Company’s obligations under legal, regulatory and tax requirements;
- to update the records we hold from time to time;
- to communicate with you about our business; and
- for all legitimate purposes related to the Company’s business.
Special Personal Data
Certain categories of a Data Subject’s personal data are regarded as sensitive under the GDPR. This includes information relating to:
- Physical or mental health or condition;
- Religious, philosophical or political beliefs;
- Ethnic or racial origin;
- Criminal convictions or involvement in criminal proceedings;
- Genetic data or biometric data; and
- Sex life or sexual orientation.
The Company will not process any such sensitive information about you unless permitted by law or, where necessary, with your prior consent.
Who do we share your personal information with?
As the Company operates globally, we may share your personal data with other companies in the group.
Updates to your personal information
If any of the personal information you have given to us should change, such as your contact details, please inform us without delay. Similarly, if we have collected personal information about you that you consider to be inaccurate, please inform us. Our contact details are below.
The people and organisations that we may share your personal information with may be located in a country that does not have data protection laws which provide the same level of protection as the laws in Ireland. Some countries already have adequate protection for personal information under their applicable laws. In other countries, safeguards will be applied to maintain the same level of protection as the country in which the products and services are supplied. These safeguards may be contractual agreements with the overseas recipient or it may require the recipient to subscribe to international data protection frameworks. For more information about these safeguards, and others as may be relevant from time to time, you can contact us using the details below.
How long do we keep your personal information?
We need to keep your personal information for as long as necessary to fulfill the purposes for which it was collected (as described above).
Your rights under data protection laws
Your rights are as follows (noting that these rights do not apply in all circumstances):
- The right to be informed about the processing of your personal information;
- The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed;
- The right to object to processing of your personal information;
- The right to restrict processing of your personal information;
- The right to have your personal information erased (the right to be forgotten);
- The right to request access to your personal information and to obtain information about how we process it;
- The right to move, copy or transfer your personal information (data portability).
In addition, you have the right to complain to the Office of the Data Protection Commissioner which has enforcement powers and can investigate compliance with data protection laws.
Should you wish to exercise your rights in relation to your personal information please contact the Chief Compliance Officer (firstname.lastname@example.org). In certain circumstances, the Company will be exempted from responding to certain requests. The Company may use these exemptions to the extent appropriate.