Introduction

At UAS International Trip Support, we understand the importance of privacy and the trust that our customers, employees, and other stakeholders place in us to handle their personal data responsibly. This Privacy Policy outlines our approach to data protection and the measures we take to ensure that personal data is collected, used, and protected in accordance with applicable laws and regulations.

We are committed to being transparent about our data practices and to providing our stakeholders with the information they need to make informed decisions about their personal data. If you have any questions or concerns about our Privacy Policy or the data that we process, please do not hesitate to contact us.

  1. Who Are We?
  2. UAS International Trip Support, ’we", "our", "us", "the Company", "the Group” is a leading global aviation services company that delivers award-winning, customized flight support solutions to the global market, backed by a team of experienced professionals who are dedicated to delivering exceptional support: A one-stop shop for all aviation needs such as trip support, executive travel, and air charter.

    We are trusted by Heads of State, VVIPs, Fortune 500 companies & business jet operators worldwide.

    You can find more information about UAS and its services on our website: https://www.uas.aero/.

    All our Group entities shall abide by this Data Protection Policy and the local laws, as applicable, in their respective jurisdictions.

  3. How Our DPIA Shaped Our Privacy Policy?
  4. Before putting in place this Privacy Notice, we have undertaken a Data Protection Impact Assessment (DPIA) in order to ensure that our policies and processes are compliant with relevant data protection regulations, including the General Data Protection Regulation (GDPR).

    The DPIA allowed us to audit all of our processes, which helped us to identify areas where we could improve our data protection practices. As a result, we have implemented additional measures to ensure that personal data is processed securely, and that data subjects' rights are respected.

    This informed the development of our Privacy Notice, which explains how we collect, use, and protect personal data.

  5. Scope and Application
  6. This privacy policy applies to all personal data that UAS controls and processes, including data provided by customers, employees, suppliers, and other stakeholders. This policy include but it is not limited to the data collected and processed through our website , it is intended for external stakeholders who interact with UAS and wish to understand our approach to privacy and data protection in all our internal and external operations.

  7. Data Processing as a Controller
    1. HR and Marketing Operations
    2. As a company, we act as a data controller in both our marketing and HR operations. In our HR operations, we handle candidates and potential employees' data with utmost care, ensuring that all personal data is processed in accordance with applicable data protection laws and regulations.

      We collect and process this data for legitimate business purposes, such as evaluating a candidate's qualifications for employment and managing the hiring process. We also provide candidates with transparency about the data we collect and how it will be used, and we give them the opportunity to exercise their data protection rights in accordance with applicable law. We process personal data for other legitimate HR-related purposes as well, such as managing the employment relationship, administering payroll and benefits, and complying with legal obligations. This personal data may include information such as employee names, addresses, and contact details.

      In our marketing operations, we collect and process personal data for marketing purposes, such as sending promotional emails or newsletters. The marketing team collects personal data through various means, such as website forms, events, and surveys. The collected data may include personal information such as name, email address, and interests. We would like to emphasize that we collect consent for data collection for marketing purposes at all times.

    3. Website
    4. We collect personal data through our website to better understand the interests of potential clients and vendors and as well as to improve our services and offers . Our website is designed to collect personal data through various means, such as online forms and surveys. The collected data may include personal information such as name, email address, and interests.

      Additionally, we may use cookies and other tracking technologies to collect data about website visitors' behavior and preferences. This data is used to improve the functionality and user experience of our website and to enhance our marketing efforts. We are committed to being transparent about our data collection practices and providing our website users with the opportunity to choose to not accept cookies or change their cookie preferences at any time. Importantly, users can still navigate and benefit from all of our website services, even if they choose to not accept cookies and limit their use, or to not subscribe to our newsletters to receive marketing offers.

  8. Data Processing as a Processor
  9. In the course of our business operations, UAS acts as a data processor, which means that in the majority of cases, we process personal data on behalf of our clients or vendors who act as the data controller. As a processor, UAS is responsible for following the instructions of the data controller and ensuring that personal data is processed in a manner that is consistent with the local and international Data protection regulations.

    To ensure the protection of personal data, UAS signs contracts with clients and vendors that include GDPR-compliant data protection clauses. These clauses specify the purpose of the processing, the types of personal data that will be processed, and the security measures that must be in place to protect that personal data. UAS may also sign additional data protection Addendums to further clarify and enhance the privacy obligations and commitments of both parties.

    Additionally, UAS takes its data protection obligations seriously and implements appropriate technical and organizational measures to ensure the security of personal data. These measures include, but are not limited to, regular training for employees on privacy and data protection, regular audits of our data protection practices , and the use of encryption and other security technologies to protect personal data.

  10. What personal data do we collect?
  11. Where personal data is collected and processed, it must be done so only under certain conditions. Where the data subject clearly consents to the processing in question, or where a legitimate interest for the processing is established. A legitimate interest requires three conditions, a well-defined purpose for the processing, that processing being necessary to the interest and that a balance is struck between the interest and those of the individual. We collect and process personal data to enable us to provide you with our services. Personal data collected may vary with the nature of the service we provide or may provide you with.

    Commonly, this includes among others:

    1. Contact information, such as name, address, phone number, and email address.
    2. Flight information, such as flight plans, flight schedules, and passenger information.
    3. Payment information, such as credit card numbers or bank account details.
    4. Employment information, such as job title, salary, and employment history, in the case of employees or job applicants.
    5. Communication data, such as email correspondence and call logs.

    Any other personal data that is necessary to provide our aviation services and to comply with legal and regulatory obligations.

    Cookies, when you use our website, cookies are stored on your computer in addition to the above-mentioned data to make our website more attractive. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using. This means that certain data is transmitted to the location that sets the cookie – in this case to us. Cookies cannot execute programs or transfer viruses to your computer.

    Note: Sensitive information is only processed when explicitly required and within the constraints of the law.

    You provide some of this data to us directly by subscribing to our newsletters or other regular information from UAS, by requesting offers for our services from us or through our website.

  12. What do we use personal data for?
  13. UAS is committed to collecting and processing personal data only for the purposes specified in this Privacy Policy.

    The principle of minimization requires that we collect and process only the personal data that is necessary for the specific purpose for which it is collected.

    We need your personal data for one or more of the following business purposes:

    • the assessment and acceptance of a customer, supplier or business partner.
    • the development and improvement of our services.
    • the conclusion and execution of agreements with customers, supplier and business partner.
    • relationship management and marketing.
    • business process execution, internal management and management reporting.
    • health, safety, security and integrity.
    • compliance with law.
    • the protection of the vital interests of individuals.

    If and when the processing of your personal data is based on your consent, you have the right to withdraw this consent at any time.

    To Summarize:

    We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

    Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest:
    To register you as a new customer/Vendor
    1. Identity
    2. Contact
    Performance of a contract or service with you

    To process and deliver your order including:

    1. Manage payments, fees and charges
    2. Collect and recover money owed to us
    1. Identity
    2. Contact
    3. Financial Transaction
    1. Performance of a contract or service with you
    2. Necessary for our legitimate interests (to recover debts due to us)
    3. Consent for Marketing and communication purposes

    To manage our relationship with you which will include:

    1. Notifying you about changes to our terms or privacy policy
    2. Asking you to leave a review or take a survey
    1. Identity
    2. Contact
    3. Profile
    1. Performance of a contract or service with you
    2. Necessary to comply with a legal obligation
    3. Necessary for our legitimate interests to keep our records updated , to enhance your user experience and provide you with the best service
    4. Consent for Marketing and communication purposes
    To enable you to partake in a prize draw, competition or complete a survey
    1. Identity
    2. Contact
    3. Profile
    4. Usage
    1. Performance of a contract with you
    2. Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
    3. Consent for Marketing and communication purposes
    To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
    1. Identity
    2. Contact
    3. Technical
    1. Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)
    2. Necessary to comply with a legal obligation
    To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
    1. Identity
    2. Contact
    3. Profile
    4. Usage
    5. Technical
    1. Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
    2. Consent for Marketing and communication purposes
    To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
    1. Technical
    2. Usage
    1. Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
    2. Consent for Marketing and communication purposes
    To make suggestions and recommendations to you about goods or services that may be of interest to you
    1. Identity
    2. Contact
    3. Technical
    4. Usage
    5. Profile
    1. Necessary for our legitimate interests (to develop our products/services and grow our business)
    2. Consent for Marketing purposes

  14. How do we Collect Your Consent?
    1. As Data Controller:
    2. As a data controller, we may need to obtain your consent before collecting, processing, or transferring your personal data. In UAS, we prefer to always collect Consent and keep you well informed about it. We will seek your consent in a clear and transparent manner, providing you with all necessary information regarding the processing of your personal data through sharing our privacy notice.

      We will collect your consent through personalized Consent forms and surveys depending on the context, delivered to you physically, through email or through our website.

      These include information about the purposes of the processing, the types of personal data involved, the recipients or categories of recipients of the data, and your rights as a data subject.

      We will keep records of your consent, including the time and date of your consent, the method used to obtain your consent, and the specific purposes for which your consent was obtained.

      You have the right to withdraw your consent at any time by contacting us using the contact details provided in this Privacy Notice. However, this will not affect the lawfulness of any processing carried out before the withdrawal of your consent.

    3. As Data Processor:
    4. As a data processor, we will only process personal data on behalf of the data controller and will not use the data for any other purpose than instructed by the data controller. At UAS, we ensure that the consent process with the data controller is carried out in accordance with applicable data protection laws and regulations.

      If you have any questions or concerns regarding the consent process, please contact us using the contact details provided in this Privacy Notice.

  15. Where is Your Personal Data Stored?
  16. UAS takes the security of personal data very seriously and we take appropriate measures to protect personal data from unauthorized access, use, disclosure, alteration, or destruction.

    Personal data collected by us or on behalf of our clients or vendors, is stored in secure servers and are protected by a combination of physical and technical security measures, including firewalls, encryption, and access controls.

    We have strict access controls in place to ensure that personal data is only accessed by authorized personnel who require the information to perform their job functions. All employees are subject to confidentiality agreements and are trained on our privacy and security policies and procedures.

    In addition, UAS has implemented a responsible data retention policy in accordance with best practices, legal and regulatory requirements. This means that personal data will only be kept for as long as it is necessary for the specific purpose for which it was collected or as determined by the law and will be deleted or anonymized when it is no longer required.

  17. With Whom Do We Share Personal Data?
  18. We share your personal data within the UAS Group or to a third-party service provider when it is necessary for the execution of the service and when it is required for the performance of the contract between you and UAS.

    In cases where personal data is transferred to a third-party service provider, UAS will sign the appropriate data protection clauses or GDPR addendums with these parties to ensure that they respect the privacy rights of individuals and process the personal data in a manner that is consistent with the GDPR. These data protection clauses or addendums will ensure that the third-party service provider processes the personal data in a secure manner and implements appropriate technical and organizational measures to protect the personal data. In the event that the Company opines that the destination processor resides on a jurisdiction with inadequate data processing protection measures, we will only transfer where you have consented to the same.

    Personal data of a sensitive nature is generally only shared by strict application of the law or in case of emergency where your vital interests are best served by sharing relevant information.

  19. Cross Border Transfer
  20. UAS is based in Dubai Airport Free Zone, we will only transfer your personal data outside the UAE if the transfer is necessary to the execution of your contract with UAS.

    Adequate measures in compliance with Data Protection laws and regulations will be put in place based on the level of adequacy of the country of destination.

    If you are a European Citizen, we may transfer your personal data to countries outside the European Union (EU) or the European Economic Area (EEA) in order to perform our services, such as for cloud storage or processing. Such transfers will only occur in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

    This includes implementing appropriate safeguards, such as using standard contractual clauses approved by the European Commission or other mechanisms that provide adequate protection of your rights.

  21. Your rights as an individual
  22. UAS, as a Dubai free zone company, is expected to comply with all relevant data protection laws and regulations, as well as industry-specific regulations and guidelines, to ensure that they process personal data in a manner that is compliant with local and international privacy laws.

    In UAS, we made sure that we meet the highest standards out there when it comes to Data protection, our internal policies are compliant with the Federal Decree Law No. 45 of 2021 regarding the Protection of Personal Data and furthermore, the General Data Protection Regulation (GDPR)

    All individual rights are stated in both sets of Regulation, and in accordance with international best practice, will be respected by UAS.

    These rights include the right to be informed where personal data are collected, the right to access and the right to rectification of your data when it is inaccurate. Also, under specific circumstances mentioned in the GDPR, you may request erasure of your personal data or restrict the processing of it. Furthermore, you have the right to object to the processing of your personal data, or to being subject to automated decision making and profiling. Lastly, you have the right to data portability.

    In addition to these rights, you have the right to lodge a complaint with the Data Protection Authority.

  23. About this privacy Policy
  24. The version of this Privacy policy was created in March 2023.

    We will periodically review and update this privacy policy, where appropriate. If there are any material changes to the statement or in how UAS will use your personal data, we will either notify you by prominently posting such changes on our website or by directly sending you a notification.

    In the event of a conflict between this UAS privacy statement and the terms of any agreement(s) between a customer and UAS, the terms of those agreement(s) will apply.

    For certain UAS entities, a more specific privacy statement may be applicable and will be offered to you in case of personal data processing.

  25. Questions about your privacy at UAS?
  26. If you have any questions left regarding our privacy policy, or you want to exercise any of your rights as a data subject, you can contact our Data Protection Unit via legal@uas.aero

    If you need to contact the regulatory body for data protection in the UAE, please do so at:

    Telecommunications and Digital Government Regulatory Authority

    Email: info@tdra.gov.ae

    Toll Free: +971 800 12

    International: +971 4 777 4444

    If you are a European Citizen, you have the right to contact the relevant supervisory authority. In the EU, this is the data protection supervisory authority of the member state where you reside, work, or where any alleged infringement occurred.