INFORMATION ON THE PROCESSING OF PERSONAL DATA

In accordance with the Regulation of the European Parliament and the EU Council 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Regulation on the Protection of Personal Data) (hereinafter “GDPR”).

This Privacy Policy (hereinafter “Policy”) provides you with information on how NAV Flight Services obtains and processes your personal data, namely in running a website and carrying out our other business activities, e.g. customer-supplier relationships necessary for the operation of our company.

We would also like to inform you about your rights in relation to the processing of your personal data.

Your personal data is always processed in connection with our business activities and in accordance with the defined purpose of that processing.

In the event you have any questions regarding the processing of your personal data, please contact the:

Personal Data Controller:

NAV Flight Services, LLC, registered address Šmolíkova 1016/48, 161 00 Prague 6, ID: 25741195, file number: C 66001, kept by the Municipal Court in Prague

EMAIL: nav@nav.cz

Processing personal data:

NAV Flight Services processes personal data only for the following purposes:

1. Entering and performing customer-supplier relationships

NAVsystem, NAVjet

The proper operation of our company requires us to enter customer-supplier relationships that relate to our business activities. For these purposes, we process only a minimum range of personal data (if provided to us, then identity and contact details such as name and surname, place of business, email or phone, perhaps the VAT registration number of an individual entrepreneur), which directly relate to entering a contractual relationship and performing it. In this context, we store personal data only for the duration of the contract (or to fulfill the legal obligations arising especially from regulations of a taxation or accounting nature).

NAVacademy

Data processed in connection with entering a contract for providing educational events.

For the purpose of entering and performing the contract, we process only a minimum range of personal data (if provided to us, then identity and contact details such as name and surname, place of business, email or phone, perhaps the VAT registration number of an individual entrepreneur), which directly relate to entering a contractual relationship and performing it. In this context, we store personal data only for the duration of the contract (or to fulfill the legal obligations arising especially from regulations of a taxation or accounting nature).

In order to organize educational events and maintain attendance records or final exams, we record the personal data of participants:
– Name and surname
– Telephone contact
– Email address
The personal data of participants is processed and stored in accordance with the law on protecting personal data for the purpose of carrying out the object of the contract or observing other directly applicable regulations.
When the data subject is an immediate party to the contract, the legal basis for processing that personal data is the performance of the contract, as stipulated by article 6, paragraph 1(b) of the EU Regulation.
If the data subject is not an immediate party to the contract, rather the contract is concluded with a third party for the benefit of the data subject, the legal basis of processing the personal data is the legitimate interests of the controller and the third party with whom the contract has been concluded, as stipulated by article 6, paragraph 1(f) of the EU Regulation.

2. Accounting and taxes

We collect your identification and transaction data (especially cash payments made for supplied/consumed services) for the purpose of meeting our accounting and tax obligations, which are imposed on us by applicable legislation (especially the Accounting Act and Value Added Tax Act). This is data found on invoices, delivery notes and in payment documents. If the law imposes an obligation on us to archive these documents, we store them along with the personal data that must be entered on the document.

This objective applies to all contractual relationships referred to in this Policy.

The legal basis for processing your data is to meet legal obligations in accordance with article 6, paragraph 1(c) of the EU Regulation.

The rights of data subjects:

The data subject has the right to:

• Access their processed personal data, to rectify or erase it or restrict its processing.
• Object to the processing of it.
• File a complaint with the supervisory authority, which is the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7.
• Withdraw consent to the processing of personal data with future effect at any time.
• Obtain confirmation from the controller about whether their personal data has been processed or not.
• Have the controller correct inaccurate personal data relating to them immediately. In taking into account the purpose of the processing, the data subject has the right to complete any incomplete data.
• The controller shall immediately erase any personal data (including the right to be forgotten) that concerns the data subject, and the controller has the obligation to erase this personal data immediately, in accordance with the reasons set out in detail in the Regulation, if:
o the personal data is no longer needed for the purpose for which it was collected or otherwise processed;
o the subject withdraws their consent to the processing of their personal data and there is no other legal title for processing it;
o the subject objects to the processing of it and there are no overriding legitimate grounds for further processing it;
o the personal data has been processed unlawfully;
o the personal data must be erased in order to comply with the legal obligations set out by EU or national legislation which applies to the controller;
o the personal data has been collected in connection with the offer of the services of an information company.
The details and exceptions to exercising these rights are governed by GDPR.
• The controller shall restrict processing in any of the following cases:
o The data subject contests the accuracy of the personal data during the time the controller needs in order to verify the accuracy of the personal data;
o The processing has been unlawful but the data subject rejects deleting their personal data and instead requests that its use be restricted;
o The controller no longer needs the personal data for processing, but the data subject requires it for establishing, exercising or defending legal claims
o The data subject has objected to the processing of it until it has been verified whether the legitimate reasons of the controller outweigh the legitimate reasons of the data subject.
• The transferability of their personal data, i.e. obtain the personal data that concerns them which was provided to the controller, in a structured, ordinary and machine-readable format, and the right to transmit such data to another controller without the controller to whom the personal data was provided being inhibited, namely in the case where i.a) the processing is based on consent or on a contract; and i.b) the processing is done automatically.
• Raise an objection any time to the processing of personal data that relates to them, including profiling based on the provisions of GDPR. The controller shall furthermore not process personal data unless it can prove that it has serious, legitimate reasons for processing it that outweigh the interests and rights and freedoms of the data subject, or for establishing, exercising or defending legal claims.
• Not being subject to any decisions based solely on automated processing, including profiling, which have legal effects for them or significantly affect them in a similar way. GDPR provides exceptions and details.

The application of the rights of the data subject
How you can exercise your rights:

You can exercise your rights (including the right to raise an objection) with the controller of your personal data, which is our company. You can contact us in writing, by telephone or email (the contact details are above).

If you believe that the law or GDPR has been breached, you may file a complaint with the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7, phone +420 234 665 111, email: posta@uoou.cz, website: https://www.uoou.cz/

“Request Form” on the website

If you take the opportunity to contact us via the “Request Form” on our website, we will obtain information about your name and surname, phone and email. This personal data will be used only for the purpose of handling your request and will be deleted within 3 years.