Privacy policy
PRIVACY POLICY
This Privacy Policy is intended to inform you on how Heston Airlines UAB (hereinafter referred to as we or Heston Airlines) handles your personal data.
Personal data are processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and the requirements of the Law on Legal Protection of Personal Data of the Republic of Lithuania.
The provisions of the Privacy Policy apply when we process your personal data. If you are browsing this website, you are deemed to have read the Privacy Policy. We may amend the Privacy Policy at any time at our own discretion or as required by law. Please make sure you have read the latest version of the Privacy Policy before browsing the website.
This website may contain links to other websites. This Privacy Policy does not apply when you browse other websites, and you should always read the privacy notices of other service providers and contact them directly regarding the use of personal data.
INFORMATION ON THE DATA CONTROLLER
The Controller of your personal data is Heston Airlines UAB, registration No. 304618456, address Pylimo st. 58, Vilnius, tel. +37065829980, e-mail [email protected].
PURPOSES OF THE PROCESSING OF PERSONAL DATA
We use personal data to provide services to you or our business customers, to enter into agreements with business partners and for the following purposes:
- Identification,
- Management of inquiries and complaints,
- Implementation of the Know Your Customer principle in the Company,
- Implementation of the Know Your Customer principle with respect to the Company’s (potential) business partners, when the Company is providing information to (potential) business partners,
- Presenting offers to potential business partners or customers,
- Protecting and defending its rights, legitimate interests, and property,
- Compliance with legal requirements,
- Provision of the services of Heston Airlines,
- Improvement of the services of Heston Airlines, development of new services and business,
- Internal administration, accounting of Heston Airlines,
- Employee selection,
- Fulfilment of our obligations to third parties, including our business customers, partners,
- Debt recovery and administration, filing of legal claims for the purpose of the exercise or defence thereof, defending against claims, lawsuits and complaints filed against us,
- Statistics,
- Maintenance and improvement of the Heston Airlines website,
- Management of social media accounts,
We process personal data when: (i) we are required to do so by law, (ii) you intend to or have entered into an agreement with us, (iii) there is a legitimate interest of our company or third parties, or (iv) we have obtained your consent to the processing of personal data, (iv) processing is necessary to protect the vital interests of the data subject or another natural person.
EMPLOYEE SELECTION
During the employee (including crew members) selection process, we process your personal data for the purpose of selecting the most suitable candidate for the vacancy announced by Heston Airlines. For this purpose, we usually process personal data such as name, surname, date of birth, address, e-mail address, telephone number, information about the candidate’s work experience, information about the candidate’s education, qualifications and training, information about valid licences, as well as other details provided in your resume, cover letter or other documents provided to us, including the information provided on your LinkedIn profile, results of the tests taken and information related to the evaluation of the selection interview.
If required by law, to comply with the mandatory requirements set out therein, we may also ask you to provide special categories of personal data: data concerning your health and criminal records (for example, where we are required by law to assess information on good repute).
We process the candidate’s personal data during the selection process. If, at the end of the selection process, the candidate is not selected for the position, at the end of the selection process, we process the candidate’s personal data with the candidate’s consent: (i) for 6 months if the person applies for a flight crew position; (ii) for 12 months if the person applies for other positions at Heston Airlines; or until the withdrawal of the consent given, whichever occurs first.
An unsuccessful candidate may withdraw his/her consent to the processing of his/her personal data at any time by contacting Heston Airlines at the e-mail address provided in the Heston Airlines Privacy Policy.
SOURCES AND TYPES OF DATA WE ACQUIRE
Personal Data Obtained Directly from the Data Subject
We receive personal data directly from you when you make inquiries, various complaints or claims related to the provision of services of Heston Airlines or Heston Airlines partners (including complaints related to lost or missing luggage), provide data during the employee selection process, browse our website, interact with us on social media, follow us on social media or contact us on behalf of the organisation or company you represent.
We process the following personal data (non-exhaustive list):
- Identity-related data: name(s), surname(s), personal identification number, date of birth, gender, details of the submitted identity document, personal data of your representative,
- Website browsing data (for more details, see sections Browsing Statistics and Cookies), data related to your behaviour on social networks, as far as Heston Airlines is concerned, e.g., your visits to social media accounts managed by Heston Airlines,
- Contact details: address, correspondence address, telephone number, e-mail address,
- Information related to your inappropriate behaviour during a flight,
- information related to the employee selection process (see section Employee Selection of the Privacy Policy).
All data you provide to us are freely given. If you do not provide certain personal data, we may be unable to take appropriate action.
Personal Data Obtained from Other Persons
We may obtain information about you, including but not limited to, indirectly from organisations and individuals that you represent, from legal entities of which you are a representative, manager, accounting officer, board member or final beneficiary.
When we are contacted by legal entities, for the purposes of entering into agreements with such legal entities and submitting our offers, we may receive the following personal data related to you as a representative, manager, owner, venturer, shareholder, beneficiary, or holder of voting rights at such legal entity:
- Identification-related data: name(s), surname(s), personal identification number, date of birth, gender,
- Contact details: address, correspondence address, telephone number, e-mail address,
- Other data related to the procedures of the Know Your Customer principle implemented by Heston Airlines, such as the position held at your legal entity, the number of shares/voting rights held directly or indirectly in the legal entity.
We may also obtain your data as a representative of an organisation or company from publicly available sources or search engines.
When we provide flight services under agreements with Heston Airlines business customers, we may receive the following personal data from our business partners with whom you have entered into an agreement for travelling on our aircraft:
- Identification-related data: name(s), surname(s), identity document number, date of birth, gender,
- Contact details: address, correspondence address, telephone number, e-mail address,
- Other data related to the air passenger services provided: passenger name record (PNR) data including, but not limited to, travel dates and itinerary, flight number, ticket information, contact information, travel agent (organiser), price, seat and luggage information, information related to your complaint to the travel agent (organiser) including complaints about lost or missing luggage, cancelled trip or delayed flight, information related to your inappropriate behaviour on previous flights,
- Accommodation-related data, when we are obliged to provide accommodation for passengers in cases of flight delays, in accordance with the procedure laid down in the legislation,
- Health-related data where this is necessary for the proper provision of services (e.g., providing the necessary equipment, such as mobility aids, if you have mobility problems, when serving food – information on food allergies, etc.).
Furthermore, when we provide flight services as indicated above, in certain cases, we may obtain the above data directly from you.
We may also indirectly receive information about you from the authorities of any country from which you are departing or to which you are arriving for the prevention, detection, investigation or prosecution of terrorist offences and serious crime.
We may obtain the information listed in the Employee Selection section of the Privacy Policy from Heston Airlines business partners.
We may also receive indirectly from third parties the same data that we receive directly, as described above.
Sharing of Information
We do not normally share your personal data with other parties. However, in order to fulfil our obligations to our business partners, customers, to comply with the legal requirements or on the basis of a legitimate interest of Heston Airlines or a third party, your personal data may be transferred to the following persons:
- travel agent (organiser),
- any company of the Heston Airlines group to the extent necessary for the provision of services, for the purposes of financial accounting, auditing, and corporate governance of Heston Airlines, and for the use of integrated information systems and equipment by Heston Airlines group companies,
- accommodation service providers, when we are obliged to organise accommodation services in cases provided for by law,
- government and law enforcement institutions, authorities,
- border police, immigration authorities, services, other competent authorities: in some countries, applicable laws require Heston Airlines to provide border control agencies with access to booking and travel information. Therefore, any information we have about you and your trip may be disclosed to the border police, customs, and immigration authorities of the country of destination, airport authorities, other competent authorities at your point of departure or arrival, or to the Passenger Information Unit. In addition to that, in some countries, the applicable laws require Heston Airlines to collect passport and related information on all passengers before travelling to or departing from those countries. When required, Heston Airlines will provide this information to the relevant customs and immigration authorities.
Please be informed that according to Directive (EU) 2016/681 of the European Parliament and of the Council of 27 April 2016 on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime (and in accordance with the relevant legislation in the United Kingdom, if applicable) Heston Airlines is obliged to transfer your travel information to the Passenger Information Unit of the Member State to which you are travelling,
- courts,
- other persons or authorities, if required to do so by law,
- Heston Airlines service providers, such as:
lawyers, auditors, accountants, insurance companies,
catering service providers,
groundhandling service providers at airports,
providers of certain services at airports, such as ticket sales, luggage-related services, priority boarding, flight changes, etc.),
airports you are arriving to/departing from,
other persons to the extent necessary for the respective service to be provided to us properly,
- data processors involved,
- data controllers when Heston Airlines processes your personal data as a data processor,
- Heston Airlines business partners, e.g., other airlines, for the purpose of providing you with the service properly, partners resolving disputes at our instruction,
- (potential) Heston Airlines partners (business customers) in their implementation of the Know Your Customer principle, in which case information related to the structure, management and final beneficiaries of Heston Airlines (or Heston Airlines group) is provided.
Depending on your travel destination and the service providers we use to provide our services, personal data may be transferred to third countries or international organisations. In such cases, we apply appropriate measures for such transfers, as required by law. Unless the EU Commission has issued a decision stating that the countries where the recipient of the transferred data is located ensure an adequate level of data protection, we apply the EU Standard Contractual Clauses. Please note that such transfers may entail certain risks, in particular that unauthorised third parties in the country of the recipient may also have unwarranted access to the data in question, and that you may not be able to exercise your rights as a data subject and/or your right to object to activities that may affect your personal data and your right to privacy.
In order to comply with the legal requirements, we may transfer your personal data to other persons not specified in this Privacy Policy.
We will only transfer your personal data to persons other than those specified in this Privacy Policy if we have received your consent to such transfer or if we have received a request from you to transfer your personal data to specific persons.
When transferring your personal data to other persons, we always follow the principle of data minimisation and ensure the confidentiality and security of the personal data transferred.
PERSONAL DATA PROCESSORS
In order to fulfil our obligations, as well as to ensure the operations of Heston Airlines and for other legitimate purposes, we may use data processors (e.g., persons providing us with data centre, server, website administration, document archiving, accounting and other services) who process the personal data in accordance with our instructions and within the scope determined by us to the extent necessary to achieve the purposes of the processing of personal data. Any company in the Heston Airlines group can also act as a data processor.
When selecting data processors, we require that the data processors have appropriate organisational and technical measures in place to ensure the security and confidentiality of personal data.
HESTON AIRLINES AS A DATA PROCESSOR
When we provide certain services related to the personal data we process, we may also act as a personal data processor. In such cases, we act in accordance with the lawful instructions and requirements of the personal data controller, including in relation to organisational and technical security measures, and process your personal data in accordance with the lawful instructions of such personal data controller.
Social Media
Heston Airlines uses its social media accounts on platforms such as Facebook and LinkedIn. If you intend to interact with us on social media, please read the privacy notices of these social networks and if you have any questions, please contact them directly regarding the use of your personal data.
TIME LIMITS FOR THE STORAGE OF PERSONAL DATA
We ensure that your personal data are processed for not longer than is necessary to achieve the purposes of the processing, and for not longer than is required by law.
We will normally retain personal data for the duration of the provision of the service, for the duration of the agreement, and for 10 years from the end of the provision of the service or the end of the agreement, unless longer periods are required to comply with the requirements relating to archiving of documents, or with any other requirements laid down by law, or longer periods are specified by the data controller.
We will retain information relating to the implementation of the Know Your Customer principle for a period of 6 months from the end of contract negotiations in the event that a contract is not concluded with a potential business partner or customer.
Upon the expiration of the retention period, the personal data collected will either be deleted, destroyed or anonymised. Some personal data stored in computer files may still be accessible for a certain period of time after the expiry of their retention period in data backup systems, but access to such personal data is strictly limited.
SECURITY AND CONFIDENTIALITY OF PERSONAL DATA
Since we place a high value on the security of your personal data, we take appropriate technical and administrative measures to protect the personal data we collect against loss, unauthorised use and alteration.
Your privacy is of the utmost importance to us, which is why we process all personal data strictly in accordance with the principle of confidentiality.
YOUR RIGHTS
As a data subject, you have the following rights listed below in this section.
The right to know (be informed) about the processing of your personal data.
The right to access your data and to be informed on how they are being processed.
The right to request the rectification of incorrect, incomplete, or inaccurate personal data.
The right to obtain the erasure of personal data or the restriction of processing operations if it is established that personal data are processed unlawfully or by unfair means.
The right to object to the processing of personal data, except in cases where such personal data are processed in the legitimate interest of our company or a third party, and your interests are not overriding.
The right to withdraw consent to the processing of your data.
You can request the erasure of all data we have collected about you in order to exercise your “right to be forgotten”. We have the right to refuse your request “to be forgotten” in cases provided for by law.
You have the right to request that the personal data you have provided, if they are processed on the basis of consent or agreement and the processing is performed using automated means, be transferred, i.e. forwarded to another controller or provided to you in a structured, commonly used and machine-readable format, if this is technically possible (this applies if you have provided the personal data yourself and if the personal data are processed using automated means on the basis of consent or conclusion and performance of an agreement).
You have the right to object to automated processing, including profiling.
We will normally provide you with the requested information free of charge, unless your requests are manifestly unfounded or disproportionate, in particular because of their repetitive content. In addition, if your requests are manifestly unfounded or disproportionate, we have the right to refuse to comply with your request. If you do not specify the form in which the information is to be provided in your request, we will provide you with the information in the form in which the request was received.
If you have doubts as to the lawfulness of the processing of your personal data or you are not satisfied with the resolution of the situation, you have the right to lodge a complaint regarding such processing of personal data with the State Data Protection Inspectorate (address: L. Sapiegos g. 17, Vilnius, e-mail: [email protected], website: https://vdai.lrv.lt/) or a competent court. You have the right to complain about our actions or omissions.
If you are dissatisfied with the resolution of the situation, we encourage you to contact Heston Airlines first, using the contact details provided in this Privacy Policy. Once we have received your enquiry, we will get back to you within 1 month at the latest. In exceptional cases, for valid reasons, we may extend the deadline for responding by informing you hereof. In such a case, the extended time limit shall not exceed 3 months from the date of receipt of the request, unless a different time limit is provided for by law.
If you suffer material or non-material damage as a result of our breach of your rights as a data subject, you are entitled to receive a compensation.
Data on the Website Server
The server hosting our website may record the enquiries you submit to the server (address of the website opened, your IP address, session duration, browser description, protocol version and enquiry method). This information is used to ensure safe and proper functioning of the website. In addition, if necessary, the data are used to investigate potential security breaches.
We process these data on the basis of the principle of legitimate interest, to ensure the technical availability and security of the website. The data are stored for not longer than 7 days.
The server on which our website is hosted is located in the USA. This means that data collected using these tools are transferred outside the European Economic Area.[1]
Browsing Statistics
To improve our website, we collect various data related to website visitors. It is important for us to know which information is interesting to our website visitors, how often they connect, which browsers and devices they use, which content they read most and the regions they are located in. Therefore, we collect statistical data on the basis of our legitimate interest.
We collect statistical information using the Google Analytics tool, which allows us to capture and analyse the data specified. For more information on how Google Analytics works and what information it allows you to collect and analyse, click here:
https://support.google.com/analytics/answer/1012034?hl=lten&ref_topic=6157800.
You can deactivate the collection of data about you using the Google Analytics feature at any time. To do that, follow the detailed instructions below: https://tools.google.com/dlpage/gaoptout/.
Google Analytics is provided by Google Inc. based in the USA. This means that the data collected using this tool are transferred outside the European Economic Area.
Website traffic statistics are stored for a maximum of 2 years.
Cookies
Some data on the website is collected using cookies.
What Are Cookies?
Cookies are small files that a website stores on your device and uses each time you visit that website. Such practice is common on most websites. Stored cookies allow the website to ensure functionality, e.g., to remember your actions and selected settings, e.g., language, for a certain period of time. This makes it easier to use the website, as you don’t have to reselect the settings every time you open the website or visit a different page.
We have not received clarification on where the website is hosted. For the time being, we leave it as it is.
What Types of Cookies Do We Use and Why?
We use the following cookies on the website.
Name | Provider | Description, Purpose | Duration |
_ga | Google Analytics | Used to identify the objectives of website visitors, generate website activity reports for site managers and improve the experience of visitors using the website. | 2 years |
_gid | Google Analytics | Used to collect statistical information on website traffic (collects information on website traffic, IP address, visits, time spent on the website). | 1 day |
_gat | Google Analytics | This cookie is used to limit the amount of data that Google captures on high-traffic websites. | Until the moment the site window is closed |
_allowcookies | Heston Airlines | A system cookie that identifies and collects information about visitor consents in privacy settings. | 1 month |
How Can You Manage the Cookies?
You can disable the cookies or delete those already stored on your browser using the browser’s Help function. In addition, most browsers offer tools that prevent the cookies from being installed. If you disable the cookies by preventing their installation, it may restrict the proper functioning of our website and may require you to reset the preferences (settings) of the website.
Cookies are installed on your device only with your consent, except for cookies that are necessary for ensuring the proper technical functioning of the website. Without your cookie consent, some features of the website may be partially or completely unavailable. For this reason, we advise our website visitors to accept the use of the cookies.
This Privacy Policy was last updated on 26/10/2021.