“OSM Aviation” (referred to as “we”, “us”, “our” or “OSM Aviation”) in this policy primarily refers to OSM Aviation UK LTD, the operating company of the OSM Aviation group within the UK, and, where appropriate, to other companies in the OSM Aviation group. OSM Aviation UK LTD is the “data controller” of all personal information that is collected and used about its candidates and employees.
Policy of Compliance
What is Personal Information?
What Personal Information we collect and how we use it
We will only use your personal data when the law allows us to do so. Most commonly, we will use your personal data in the following circumstances:
- As part of our recruitment process.
- To perform the contract we are about to enter into or have entered into with you.
- To comply with a legal or regulatory obligation.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where you consent to our doing so.
- Where we need to protect vital interests.
We collect and maintain different types of personal information in respect of those individuals who seek to be, are, or were employed by us, including the personal information contained in:
- Contact data including name, email address, address and phone number.
- Device and browser data, such as IP address, information about your device and browser settings.
- Marketing and communications data includes your preferences in receiving marketing from us.
- Employment and educational history data, such as CVs and job titles, qualifications.
- References where you have provided us with a referees’ contact details.
- Eligibility to work data such as passport and visa checks.
- Bank, tax and social security data e.g. account numbers and social security number.
- Your preferences such as preferred location, fleet, salary etc.
- Role data about roles in which you have been placed.
- Medical/Health data (in limited circumstances).
- Criminal report data (in limited circumstances).
- Trade union membership data (in limited circumstances).
As a general rule, OSM Aviation collects personal information directly from you. In most circumstances where the personal information that we collect about you is held by a third party, we will obtain your permission before we seek out this information from such sources. We may utilize the services of third parties in our business and may also receive personal information collected by those third parties during the performance of their services for us or otherwise. Where this is the case, we will take reasonable steps to ensure that such third parties have represented to us that they have the right to disclose your personal information to us. Where permitted or required by applicable law or regulatory requirements, we may collect information about you without your knowledge or consent.
We use your contact details to contact you about news, job opportunities, and information which we think may be of interest to you. However, we will not contact you with marketing material unless you have consented to our doing so. You have the right to unsubscribe at any time.
Why Do We Collect Personal Information?
The personal information collected is used and disclosed for our business purposes, including establishing, managing or terminating your employment relationship with OSM Aviation. Such uses include:
- Determining eligibility for employment, including the verification of references and qualifications.
- Administering pay and benefits.
- Processing employee work-related claims (e.g. worker compensation, insurance claims, etc.).
- Establishing training and/or development requirements.
- Conducting performance reviews and determining performance requirements.
- Assessing qualifications for a particular job or task.
- Gathering evidence for disciplinary action, or termination.
- Establishing a contact point in the event of an emergency (such as next of kin).
- Complying with applicable labour or employment statutes.
- Ensuring the security of company-held information.
Legal basis for processing
The legal basis for processing personal information of our employees and potential employees is that it is either necessary for taking steps prior to entering into an employment contract and for performing an agreement with the employee (cf. GDPR article 6 no. 1 b), that we are under a legal obligation to process personal information (such as in relation to applicable tax, social security and social protection law and labor law legislation, cf. GDPR article 6 no. 1 a) and sometimes we process personal information in order to achieve our legitimate interest in ensuring the purposes mentioned above (cf. GDPR article 6 no. 1 f).
Further, we process personal information based on consent (cf. GDPR article 6 no. 1 a). This is for instance the case for recruitment, where the potential employee may consent to OSM Aviation retaining information regarding the applicant for a period of time after the application.
The legal basis for processing information relating to union membership and health data is that the processing is necessary for the purposes of carrying out our obligations as an employer towards our employees and for exercising our or the employee’s specific rights in the field of employment and social security and social protection law insofar as authorized by applicable law or a collective agreement pursuant to local law.
When Do We Disclose Your Personal Information?
We will not share your personal information with third parties except for in circumstances where such sharing is necessary to provide our services or achieve our business objectives as further described in this Policy.
We may share your personal information within the OSM Aviation Group and with our clients when necessary to fulfil a request from you or for entering into an employment contract with you or in other circumstances where sharing is necessary.
We use external third-party service providers for delivering services on our behalf and on our instructions as set out in a data processing agreement with the relevant service provider. In such instances, we may share your personal information with such parties to the extent necessary to perform such services or to fulfil terms within an employment contract with you.
In addition to using cookies and related technologies, we also may permit certain third party companies to help us tailor advertising that we think may be of interest to our registered users.
Further, your personal information may be disclosed:
- as permitted or required by applicable law or regulatory requirements. In such a case, we will endeavor to not disclose more personal information than is required under the circumstances;
- to comply with valid legal processes such as search warrants, subpoenas or court orders;
- as part of OSM Aviation’s regular reporting activities to other members of the OSM Aviation Group (including outside of your home jurisdiction);
- to protect the rights and property of OSM Aviation;
- during emergency situations or where necessary to protect the safety of a person or group of persons;
- where the personal information is publicly available; or
- with your consent where such consent is required by law.
Transfer of personal information
When sharing personal information to other parties as described above, we sometimes need to transfer personal data to a country outside the EEA in order to be able to fulfil one of the purposes set out in this Policy. As an example, we may need to transfer personal information to OSM Aviation business units outside the EEA in order to provide you employment or international assignments located outside the EEA.
We will not transfer personal information to a third country outside the EEA that does not provide adequate protection of personal information unless appropriate safeguards are adduced or the transfer otherwise takes place in accordance with applicable data protection legislation. Examples of such safeguards are Binding Corporate Rules, EU Standard Contractual Clauses or if the receiving party is certified under the EU-US Privacy Shield.
How is Your Personal Information Protected?
OSM endeavors to maintain physical, technical and procedural safeguards that are appropriate to the sensitivity of the personal information in question. These safeguards are designed to protect your personal information from loss and unauthorized access, copying, use, modification, destruction or disclosure and all other unlawful forms of processing.
We follow strict security procedures in the storage and disclosure of your personal data, and to protect it against accidental loss, destruction or damage. The data you provide to us via our website or associated services is protected using SSL (Secure Socket Layer) technology. SSL is the industry standard method of encrypting personal information and credit card details so that they can be securely transferred over the Internet.
How Long is Your Personal Information Retained?
Except as otherwise permitted or required by applicable law or regulatory requirements, OSM endeavors to retain your personal information only for as long as it believes is necessary to fulfill the purposes for which the personal information was collected (including, for the purpose of meeting any legal, accounting or other reporting requirements or obligations).
When we no longer need your personal data, we will securely delete or destroy it. We will also consider if and how we can minimize over time the personal data that we use, and if we can anonymize your personal data so that it can no longer be associated with you or identify you, in which case we may use that information without further notice to you.
Your Rights as a Data Subject
You have the right to request access to and rectification of any information we have collected about you. To help us keep your personal information updated, we advise you to inform us of any changes or discrepancies. In some circumstances, we may not agree with your request to rectify your personal information and will instead append an alternative text to the record in question. You will be notified both when information is rectified and when not, and if so what the reason is for not obeying to your request.
You also have the right to erasure and restriction of processing in some instances. You may have a right to receive personal data concerning you in a machine-readable format and to forward the data to another party (data portability), provided that certain conditions are met.
You also have the right to object to the processing, including if the processing is for marketing purposes. In order to object to processing, please contact OSM Aviation.
Where your consent was required for our collection, use or disclosure of your personal information, you may, at any time, withdraw your consent. All communications with respect to such withdrawal or variation of consent should be in writing.
Your right to access the personal information that we hold about you is not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal information that we hold about you. In addition, the personal information may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices. In the event that we cannot provide you with access to your personal information, we will endeavor to inform you of the reasons why, subject to any legal or regulatory restrictions.
To exercise your rights as a data subject, or if you wish to make a complaint regarding our compliance with this Policy, please contact OSM Aviation. Prior to fulfilling your request, we may request specific information from you to enable to confirm your identity and right to access as well as to search for and provide you with the personal information we hold about you.
You have a right to complain to OSM regarding violations of your rights under applicable data protection law. Further, you have a right to complain to the supervisory authority competent to resolve such concerns according to applicable law, but we encourage you to first contact us before filing such complaint; our dedicated contact for such concerns is [email protected]. In the UK, the relevant supervisory authority is the Information Commissioner (the ICO) and their contact details can be found at https://ico.org.uk/global/contact-us/
Revisions to this Policy
Interpretation of this Policy