Privacy Notice for the Counterparty Onboarding and Due Diligence

1. Introduction

Avia Solutions Group (ASG) is one of the largest global aerospace businesses holding offering aviation services worldwide. We take a zero-tolerance approach to money laundering and terrorism financing and are committed to the highest level of openness, integrity, and accountability. Seeking legitimacy and being reliable ASG and its subsidiaries seek to conduct business only with reputable counterparties whose funds are derived from legitimate sources and who have no imposed sanctions on them. In order to achieve the above, we implement the Know Your Customer (KYC) principle in our business, which allows you to know your customer: the identity of the customer, the customer's representatives or other authorized persons, the beneficial owners, the activities carried out, the sources of funds, etc. To implement the KYC principle, we use the Know Your Customer form (paper or electronic version), which we ask you to complete before any of Avia Solutions Group companies1 is intending to start a legally binding relationship with you or your represented legal entity.

Avia Solutions Group is committed to ensuring that the KYC process is based on the most up-to-date and relevant information, and therefore Avia Solutions Group regularly reviews and updates the data and information you provide in the Know Your Customer form. Normally, the update of the data provided in the Know Your Customer form takes place once a year, but in any case, we will inform you in advance when the data and/or other information provided by you needs to be updated.

This Privacy Notice applies to the processing of personal data in relation to counterparty onboarding and due diligence when we ask you to complete the Know Your Customer form.

In this Privacy Notice you find information about how we process your personal data and what rights you have as a data subject. You can also find here the contact details of the responsible data controller, with whom you may exercise your rights.

If you provide us with personal information other than your own (for example, identifying other natural persons as manager, beneficiary, representative, etc.), please inform them of this Privacy Notice and its contents and make sure they do not object to providing personal data on their behalf and processing it in accordance with privacy statements below.

2. Data controller and how to contact us

Avia Solutions Group companies act as joint controllers when processing your personal data for the purposes set out in this Privacy Notice.

The contact details of each Avia Solutions Group company can be found here: https://aviasg.com/en/the-group/general-contacts 

If you have any questions, comments, or complaints regarding how we handle information about you, or if you want to assert any of your rights, please contact: privacy@aviasg.com 

If you have any questions regarding the Onboarding and Due Diligence Procedure, please contact: risks@aviasg.com 

3. What personal data do we collect and for what purpose and legal basis?

Purpose Personal data categories Legal basis

Counterparty Onboarding and Due Diligence Procedure

When a counterparty is a natural person:
  • Name, surname, date of birth, nationality, occupation
  • valid ID/passport number
  • data on whether the client is a politically exposed person
  • residential and registered address details
  • phone number, e-mail address
  • bank information (account number)
  • relationship with the third party (if payment will be made by the third party)
  • source of funds/wealth (if payment will be made in cash)
  • signature.
  • Our legal obligation to monitor and implement the international and/or national sanctions (Article 6 Part 1. c) of the GDPR).
  • Our legitimate interest to fulfill the requirements for money laundering and financing terrorism prevention, prevention of corruption, bribery, and fraud to be legitimate, reliable, and reputable business to our counterparties and authorities (Article 6 Part 1. f) of the GDPR).

When a counterparty is a legal entity:
  • The authorized person to fill the Know Your Customer Form: name, surname, title, signature
  • Ultimate beneficial owner: name, surname, address, occupation, date of birth, nationality, data on whether the person is a politically exposed person
  • Shareholder: name, surname, address, date of birth, nationality, data on whether the person is a politically exposed person
  • Controlling person (e.g., a Chief Executive Officer, Chief Financial Officer, Managing Member): name, surname, address, country of residence, date of birth, nationality, data on whether the person is a politically exposed person, role/position of the person
  • Member of the board of directors: name, surname, data on whether the person is a politically exposed person
  • Authorised representative: name, surname, address, country of residence, date of birth, email, phone, role/position.

Personal data collected within provided copies of the following documents:
  • Identity Card or Passport.
  • Official documents of authorities verifying the identity and the place of residence.
  • Documentation proving the source of funds/wealth.
  • Articles of Association authorizing the representative of a legal entity.
  • Certificate of Incorporation or its equivalent.
  • Certificate of Directors or copy of CEO (or other principal management body) appointment document.

Defend our rights and interests

If you get involved in a dispute with us or we need to otherwise defend, enforce, exercise, and uphold our rights or legitimate interests, we collect, use and store the data that is necessary for the specific case.

Our legitimate interest to protect our business interests and defend or enforce legal claims (Article 6 Part 1. (f) of the GDPR)


4. How long do we store your personal data?

We will process your personal data collected during the Onboarding and Due Diligence Procedure for 5 years after the last Onboarding/Due Diligence procedure, unless longer storage of personal data and related documents will be required by applicable laws, legal regulations, or institutional/state authorities, or will be necessary for the defense in the judicial process. We ensure and take all necessary measures to avoid storing outdated or unnecessary personal data about you.

5. How do we collect your personal data?

We collect your personal data via:

  • The KYC Form and the provided copies of documents by you or the authorized person.
  • Consolidated lists of sanctions managed by institutional authorities (e. g.).
  • Other commercially available/public sources on the internet (e. g.).

6. To whom do we disclose your personal data?

As the Onboarding and Due Diligence Procedure is implemented groupwide we share your personal data described in this Privacy Notice with Avia Solutions Group as the parent company on the joint controllership of personal data basis. The result of the Onboarding and Due Diligence Procedure and some personal data may be shared with other Avia Solutions Group companies2 in case any of them is intending to start a legally binding relationship with you or your represented legal entity. Therefore, in certain cases, personal data may be transferred to third countries (outside the European Economic Area (EEA), such as United Kingdom, United States of America). For such transfers, we have entered into Standard Contractual Clauses approved by the European Commission, or we follow other grounds and conditions set out in the GDPR or decisions of the European Commission.

We also may share some of your personal data with:

  • Companies acting on our behalf as IT/electronic security service processors.
  • Our professional advisors, auditors, lawyers, and/or financial, and accounting advisers.
  • Law enforcement authorities at their request or on our own initiative if there is a suspicion that a criminal offense has been committed, as well as courts and other dispute resolution bodies.
  • Banks or other financial service providers who are subject to money laundering, sanctions, and prevention of financing terrorism, corruption, bribery, and fraud. 

7. Do we apply automated decision-making or profiling?

Your personal data will not be used for automated decision-making including profiling.

8. Rights guaranteed to you

We guarantee the implementation of the following rights and the provision of any related information at your request or in case of your query:

  • right of access - You have the right to ask us for copies of your personal information.
  • right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
  • right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • right to object to processing - You have the right to object to the processing where the processing is based on legitimate interests. You have the right to object to the processing of your personal data where the processing is based on our legitimate interests, but if we have compelling legitimate grounds, we will process your data without your consent. To exercise this right, please contact: privacy@aviasg.com 
  • right to data portability - You have the right to ask that we transfer the personal information you gave us to another organization, or to you, in certain circumstances.

9. How to complain

If you disagree with our actions or the response to your request, you have the right at any time to lodge a complaint with the data protection supervisory authority, in particular in the EU Member State where you are resident or where the alleged breach of the GDPR occurred, and to seek judicial remedies (the list of supervisory authorities by each EU countries: https://edpb.europa.eu/about-edpb/board/members_en). In all cases, we recommend that you contact us before making a formal complaint so that we can find the right solution.

10. Updates

We may change this Privacy Notice from time to time. We encourage you to review this Privacy Notice periodically.

https://aviasg.com/en/the-group/general-contacts