1. Data Protection Principles
1.1. At Amber Jet Group SIA privacy is taken seriously. For this reason, the Company is committed to Processing data in accordance with its responsibilities under the Regulation, Article 5 (‘Principles relating to processing of personal data’):
1.1.1. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the Regulation in order to safeguard the rights and freedoms of individuals; and
1.1.2. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures;
1.1.3. processed lawfully, fairly and in a transparent manner in relation to individuals;
1.1.4. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
1.1.5. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
1.1.6. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
2. General Provisions
2.1. This Policy applies to all Personal Data processed by the Company.
2.2. The Responsible Person shall take responsibility for the Company’s ongoing compliance with this policy. 2.3. Any Personal Data provided will only be used in accordance with this Policy. This Policy applies to Personal Data that we collect, use and otherwise Process in connection with the Company’s relationship with the Customer (as a client or potential client, use of Company’s Services, use of the Company’s website or mobile apps, booking the Services through third parties (such as agents, brokers and other carriers).
2.4. This Policy applies to the Company’s Customer whether the Company Services are provided on a casual basis or the Customer entered into a contract with the Company. The Company’s Services acquired by the Customer from the Company will be subject to their own terms and conditions. In the event of any conflict between this Policy and the terms and conditions of any such Services, then the terms and conditions of those Services shall prevail.
3. Lawful, Fair and Transparent Processing
3.1. To ensure its Processing of Personal Data is lawful, fair and transparent, the Company shall maintain a Register of Systems.
3.2. The Register of Systems shall be reviewed at least annually. The Company shall process Personal Data on the basis of:
3.2.1. Customer’s consent;
3.2.2. legal agreement between the Company and the Customer that establishes a basis for data processing;
3.2.3. legal obligations to which the Company is subject; and / or
3.3. The processing of Personal Data is limited to the scope of purpose for which the data was collected. Access to Personal Data will be restricted to personnel who are required to process the Personal Data to fulfil their professional responsibilities and their duties to you as the Customer. Personal Data is not stored or processed longer than is necessary with respect to the data processing purposes that are listed above.
4. Company’s Obligations
4.1. With respect to the Services, the Company is the Processor of Personal Data and Customer is the Controller of Personal Data.
4.2. The Company shall Process the Personal Data to perform the Services in accordance with Customer’s documented instructions, agreements, specifications, descriptions.
4.3. The Company shall maintain the confidentiality of any such Personal Data and shall take reasonable steps to ensure the reliability of any employee, agent or contractor who may have access to the Personal Data, ensuring in each case that access is limited only to those individuals who need to access the relevant Personal Data for the purposes necessary to perform the Services.
4.4. To the extent that the Company experiences a Personal data Breach with respect to the Personal Data that the Company processes as part of its performance of the Services, the Company will notify Customer promptly upon becoming aware of such Personal Data Breach.
4.5. The Company will provide all reasonable assistance to Customer with regards to any issues related to data protection to the extent required by applicable law.
4.6. After the end of the provision of Services, the Company shall delete all copies of Personal Data Processed by the Company in accordance with the Company’s procedures on data protection.
4.7. Upon prior written notice by the Customer, the Company shall make available to the Customer all information necessary to demonstrate compliance with the terms set forth in this Policy.
5. Customer’s Responsibilities
5.1. In performing the Services on behalf of the Customer, the Company is relying on the following information to be true and accurate:
5.1.1. The Customer is the Controller and the Company is the Processor acting on the Customer’s behalf;
5.1.2. The Customer shall comply with the applicable laws and regulations related to data protection and confidentiality;
5.1.3. The Customer shall be responsible for obtaining the consent of the Data Subject for the Processing of the Personal Data;
5.1.4. To the extent applicable the Customer shall be responsible for notifying or otherwise gaining approval of any regulatory body to the data transfer arrangements.
6. Personal Data Processing Territory
6.1. The Company primarily stores and Process Personal Data within the European Union. Nevertheless, it may at times be necessary that Personal Data is transferred to and stored at a destination outside the European Union. It may also be processed by data processors operating outside the EU.
6.2. By submitting Personal Data to the Company or by consenting to the processing of Personal Data Customer agrees to the processing of Personal Data, including both data storage and data transfer, outside the EU for the purposes set out in this Policy. The Company shall take all reasonably necessary precautions to ensure that transferred Personal Data is treated securely and in accordance with the applicable Data Protection Laws.
7. Transfer of Personal Data to Third Parties
7.1. Due to the nature of the Company’s provided Service Personal data may be transferred to third parties, including to other countries that may not have the same data protection laws as the country where Personal Data was originally collected. Such transfer of Personal Data to third countries is necessary for the performance of contractual Services between the Customer and the Company. Therefore, the transfer of Personal Data is hereby legitimized on the basis that such transfer is necessary for the performance of a contract between Customer and the Company. These third-party services providers are to be considered Data Processors.
7.2. To the extent applicable it may be necessary for the Company in fulfilment of the Services to transfer Personal Data to a third-party agency or authority (including, but not limited to: various governmental agencies, airport authorities, customs officials etc.) (hereinafter referred to as the Authorities), which may be located outside of the EEA. To the extent that Authorities make independent decisions in Processing of Personal Data, Authorities act as independent Controller, and the Company shall not be liable for the Processing of Personal Data by the Authorities.
7.3. The Personal Data that will be transferred will be limited to the minimum that is required to ensure the provision Services.
8. Final Provisions
8.1. The Company shall ensure that Personal Data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
8.2. To ensure that Personal Data is kept for no longer than necessary, the Company shall put in place an archiving policy for each area in which Personal Data is Processed and review this Process annually.
8.3. The archiving policy shall consider what Personal Data should/must be retained, for how long, and why.
8.4. The Company shall make Personal Data available to the Customer for review pursuant to a request from the Customer. The Customer among other rights has the right to request from the Company erasure of Personal Data or restriction of processing.
8.5. Any dispute arising from or related to the acceptance, interpretation or observance of this Policy shall be submitted to the exclusive jurisdiction of the competent court of the Republic of Latvia which shall apply the laws of the Republic of Latvia.
8.6. This Policy is effective as of the Effective Date. Last Revised Date appearing at the bottom of this Policy to determine when this Policy was last updated. Any changes or modifications will become effective with the Last Revised Date. Any changes to this Policy will be made as required.
8.7. If the Policy has been changed in any way, then the latest revision of this Policy will be publicly available at the Company's website. The Customer is encouraged to check whether any changes have been made to the Policy from time to time.
8.8. Customer’s access to or use of any of the Company’s Services is entirely voluntary. Customer’s use of Services constitutes Customer’s acceptance of all of the terms and practices described in this Policy, including without limitation, the collection, use, processing, and disclosure of Personal Data as described in this Policy.
8.9. Company’s Services should not be used by the Customer if the Customer disagrees with any part of this Policy.
8.10. The Company hereby invites to contact the Company in case of any questions or issues regarding this Policy or its implementation, matters related to data processing, consent revocation, usage of the Data subject rights and complaints regarding the Personal data usage, by writing a request to: firstname.lastname@example.org