Privacy

NAVBLUE
GDPR PRIVACY NOTICE

1. Privacy Statement

NAVBLUE (hereinafter “NAVBLUE” or “we” or “us”) appreciates your interest in its products and services and your use of our website, portals and ”apps” (“Websites”). Your privacy is important to us and we want you to feel comfortable using our Websites. The protection of your privacy and Personal Data is an important concern to which we pay special attention throughout our business processes. Personal data collected during use of our Websites is processed by us according to the legal regulations valid for the countries in which the Websites are maintained. In addition, Airbus Binding Corporates Rules, to which NAVBLUE as a fully owned subsidiary completely adheres, protect customer and partner data throughout the entire organisation.

However, the Websites will include links to other websites or applications which are not necessarily covered by this Privacy Notice. In such event, we encourage you to carefully read the privacy policies of such websites.

NAVBLUE is committed to protecting the rights of individuals in line with General Data Protection Regulation (reference EU2016/679) of the European Parliament (“GDPR”) as well as each applicable national personal data protection laws and regulations (collectively referred as “Data Protection Laws and Regulations”).

2. Privacy Notice index

This Privacy Notice will inform you of the Personal Data we collect when you access and/or use the Websites, how we use and disclose your Personal Data, how you can control the use and disclosure of your Personal Data and how we protect your Personal Data.

• What is Personal Data?
• Which sources and what Personal Data we use?
• What are the purposes of the processing of your Personal Data?
• What is the basis for processing of your Personal Data?
• Who will receive your Personal Data?
• Will your Personal Data be transferred to a third country outside the European Economic Area?
• Which countries will NAVBLUE transfer Personal Data to?
• For how long will your Personal Data be stored?
• Security
• What are your rights and how to exercise them?
• Am I obliged to provide my Personal Data?
• To what extent will decision-making be automated?
• Will profiling take place?
• How can I contact the responsible for processing my Personal Data?
• Can I ask for assistance to the competent authorities?
• Cookies
• Modification of the Privacy Notice

2.1. What is Personal Data?

Personal data is information that can be used to identify a person either directly or indirectly (“Personal Data”). A “identifier“ is a piece of information that can identify an individual. This definition covers a wide range of personal identifiers to constitute Personal Data, including name, address, email address, identification number, location data or online identifier.

2.2. Which sources and what Personal Data we use?

When you use the Websites, NAVBLUE will collect, use and process any Personal Data you provide to us (e.g. your name, date of birth, company name etc.) and any information generated as a result of using the Websites, such as IP address, the date, length of visit to the site, the pages you view etc.

2.3. What are the purposes of the processing of your Personal Data?

By using the Websites, NAVBLUE will collect and process Personal Data in accordance with this Privacy Notice and with the applicable Data Protection Laws and Regulations. Your Personal Data may be used for the following purposes:

• Website Browsers/Administration: We use your Personal Data for administrative purposes, including to help us better understand how our customers access and use our Websites and applications; to provide reports to prospective partners, service providers, regulators, and others; to implement and maintain security, anti-piracy, fraud prevention, and other services designed to protect our customers, partners and us; and to enforce our policies, directives and processes.
• Marketing: To the extent permitted by law or with your consent, we may use your Personal Data for marketing and promotional purposes, including communications through email or equivalent electronic means. For example, we use your Personal Data, such as your email address to send news and newsletters, special offers, promotions and competitions, or to otherwise contact you about the products and services or information we think will interest you.
• Communication: We use your Personal Data to communicate with you, including responding to requests for assistance. We can communicate with you in a variety of ways, including email and via your social media accounts if you have agreed, and/or text message.
• Customer service: We use your Personal Data for customer service purposes, including to provide services to you, for technical support or other similar purposes and to establish and maintain customer accounts.
• Research and development: We use your Personal Data for research and development purposes, including to improve our websites, applications, services, and customer experience and for other research and analytical purposes dedicated to improve our products, services, businesses, operations and processes.
• Legal compliance: We use your Personal Data to comply with applicable legal obligations, including to respond to an authority or court order or discovery request.
• To protect us and others: Where we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of policies, terms, and other policies.

2.4. What is the basis for processing of your Personal Data?

As a responsible company, we need a lawful basis for collecting and/or processing your Personal Data. We generally rely on a number of grounds (reasons) for our business processing.

We process your Personal Data in accordance with the provisions set out in the GDPR and the relevant applicable Data Protection Laws and Regulations. The purposes for processing your Personal Data are:

• To comply with contractual obligations: When you subscribe to a particular product or service through the Websites, the purposes of processing your Personal Data are primarily determined by such product or service and we will process your Personal Data so that we can provide that product or service to you.
• As a result of your consent: When you have consented to the processing of your Personal Data by us for certain services through the Websites, you can withdraw consent at any time by following the instructions provided in the application process or by contacting us at dataprotection@navblue.aero. For further information on the right of withdrawal, please see below Section “Am I obliged to provide my Personal Data?”
• Within the scope of a legitimate interest: On occasion, we may not need your permission to use your Personal Data, given our legitimate interest to do so but we must inform you that we do this. Examples of this are:
  • For the analysis and optimisation of the Websites;
  • For ensuring IT security and the IT operation of NAVBLUE;
  • For prevention and investigation of criminal acts.
• On the basis of NAVBLUE legal obligations or in the public interest: NAVBLUE, as any other company, is subject to legal obligations and regulations. In some cases, the processing of your Personal Data will be necessary for NAVBLUE in other to fulfil these obligations.

2.5. Who will receive your Personal Data?

Your Personal Data may be received by:

• Authorised persons working for or on behalf of NAVBLUE and Airbus;
• NAVBLUE and its affiliates, on a need-to-know basis for the purposes as outlined in this Privacy Notice;
• Our agents, service providers and advisers (e.g., Third party service providers and advisers providing a variety of products and services we need such as IT maintenance and support, Personal Data storage analytics, procurement services and subcontractors of NAVBLUE, compliance and security services, etc.);
• Other authorised third parties in connection with a reorganisation or sale of NAVBLUE businesses and/or assets;
• Law enforcement or government authorities where necessary to comply with applicable law.

2.6. Will your Personal Data be transferred to a third country outside the European Economic Area (EEA)?

NAVBLUE processes your personal data mostly in the EEA. On occasion, Personal Data is transferred to NAVBLUE or its affiliates, on a need-to-know basis, including entities outside the EEA. This transfer is subject to appropriate safeguards, and through the legal framework of our Binding Corporate Rules, that that can be found on our website www.airbus.com or through alternative contractual frameworks where a third party is engaged to help us provide web-services to you.

2.7. Which countries will NAVBLUE transfer Personal Data to?

Our Binding Corporate Rules allow us to transfer Personal Data within our international organisation, and they include a list of countries (below) which are structured to allow us to transfer personal information to the countries where we or our affiliates have a presence. For NAVBLUE, Canada, France and United Kingdom are where most of our processing of Personal Data takes place and below is a list of countries where Airbus, to which we may transfer your Personal Data according to this Privacy Policy, operates:

Algeria, Australia, Belgium, Brazil, Canada, Chile, China, Czech republic, Denmark, Egypt, Finland, France, French Guyana, Germany, Greece, Hong Kong, Hungary, India, Indonesia, Ireland, Italy, Japan, Kazakhstan, Libya, Malaysia, Mexico, Morocco, Netherlands, New Zealand, Norway, Oman, Philippines, Poland, Qatar, Romania, Russia, Saudi Arabia, Singapore, Slovakia, South Africa, South Korea, Spain, Sweden, Taiwan, Tanzania, Thailand, Tunisia, Turkey, United Kingdom, United States of America, Uruguay, United Arab Emirates, Vietnam.

2.8. For how long will your Personal Data be stored?

We process and store your Personal Data for as long as is required to meet our contractual and statutory obligations. If your Personal Data is no longer required for the performance of the contractual or statutory obligations, these will be erased on a regular basis unless further processing is necessary, for instance for preserving a particular evidence under the applicable. Data Protection Laws and Regulations, or in the context of legal liabilities limitation.

2.9. Security

We use technical and organisational security measures in order to protect the Personal Data we have under our control against accidental or intentional manipulation, loss, destruction and against access by unauthorised persons. Our security procedures are continually enhanced as new technology becomes available.

2.10. What are your rights and how to exercise them?

You may at any time exercise your data protection rights:

• Right to access/ obtain a report detailing the information held about you: You have the right to obtain NAVBLUE’s confirmation as to whether or not your Personal Data is being processed by NAVBLUE and if so, what specific data is being processed.
• Right to correct Personal Data: You have the right to change any inaccurate Personal Data concerning you.
• Right to be forgotten: In some cases, for instance, when the Personal Data is no longer necessary in relation to the purposes for which they were collected, you have the right for your Personal Data to be erased.
• Right to stop the processing of your data: You have the right to restrict the processing of your Personal Data by NAVBLUE, for instance when the processing is unlawful and you oppose the erasure of your Personal Data. In such cases, your Personal Data will only be processed with your consent or for the exercise or defense of legal claims.
• Right to data portability: Under some circumstances provided by law, you have the right to receive the Personal Data concerning you in a structured, commonly used and machine-readable format and/or transmit those Personal Data to another controller.

• Right to object and to withdraw consent: please see below section “Am I obliged to provide by Personal Data?”

To this effect, please contact NAVBLUE in writing either by e-mail at the following address: dataprotection@navblue.aero or you can write to the addresses below: NAVBLUE SAS, 1 rond-point Maurice Bellonte, 31700 Blagnac cedex, France.

2.11. Am I obliged to provide my Personal Data?

You may at any time object to the processing of your Personal Data or where your consent is required, withdraw such consent by contacting us at dataprotection@navblue.aero. However, please note that if you withdraw your consent, you may not be able to access and use certain information, features or services of the Websites.

2.12. To what extent will decision-making be automated?

As a matter of principle, we do not use fully automated decision-making processes. In the event that we should use such processes in individual cases we will inform you of this and of your rights in this respect separately if prescribed by law.

2.13. Will profiling take place?

As a matter of principle, your Personal Data will not be processed automatically with the objective of evaluating certain personal aspects (profiling). In the event that we should process your Personal Data with the objective of conducting profiling we will inform you of this and of your rights in this respect separately if prescribed by law.

2.14. How can I contact the responsible for processing my Personal Data?

If you are unhappy with the way in which your Personal Data has been processed or should you have questions regarding the processing of your Personal Data, you may refer in the first instance to our Group Data Protection Officer, who is available for enquiries, suggestions or complaints, at the following email address dataprotection@airbus.com or you can write to the addresses below : Airbus SA, Head of Data Protection, HAP, 1 rond-point Maurice Bellonte 31700 Blagnac cedex, France.

2.15. Can I ask for assistance to the competent authorities?

If you remain unsatisfied, then you have the right to apply directly to a Data Protection Supervisory Authority. Listed below are the main European countries where NAVBLUE operates and the relevant Supervisory Authority:

FRANCE : CNIL
UK : ICO

3. What are cookies?

Cookies are small files that may be downloaded on your device when you access and use our Websites. They allow the Website to recognise your device and store information about your preferences or past actions. We use cookies to record the preferences of our users, to enable us to optimise the design of our Websites. They ease navigation and increase the user-friendliness of websites and applications. Cookies also help us to identify the most popular sections of our Websites. This enables us to provide content that is more accurately suited to your needs, and, in doing so, improve our service. Cookies can be used to determine whether there has been any contact between us and your device in the past.

Personal details can be saved in cookies, provided that you have consented, for example, in order to facilitate secure online access so that you not need to enter your user ID and password again.

Please find below a table with specific information for each cookie that we may use on our Website:

NAME OF COOKIES	PURPOSE	RETENTION PERIOD
Cookies-approval	Cookies policy approval.	1 year
ga-disabled-XXXX	Allow to use google analytics	1 year
Google analytics	For the purpose of statistical analysis NAVBLUE uses Google Ʌnalytics.

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

If you continue browsing the Websites, we understand that you accept the use of cookies. You can revoke this consent at any time. You can also manage and control the cookies we use on our Websites through the use of cookies tools.

If you choose not to accept cookies, you can still visit our Websites. Most browsers automatically accept cookies. You can prevent cookies from being stored on your hard drive by setting your browser to not accept cookies. The exact instructions for this can be found in the manual for your browser. You can delete cookies already on your hard drive at any time. However, if you choose not to accept cookies it may result in a reduced availability of the services provided by our Websites.

For the purpose of statistical analysis NAVBLUE uses Google Ʌnalytics. You may object at any time to the collection and analysis of statistical data regarding your access to and use of our Website by clicking here.

4. Modification of the Privacy Notice

NAVBLUE will update this Privacy Notice from time to time in order to reflect the changes in our practices and services and also to remain compliant to Data Protection Laws and Regulations. We will inform you of any substantial modification in how we process your Personal Data.

Date of Last Revision: 2018 06 15