Privacy Notice

In this Privacy Notice, “we, “us”, “our” or “Airbus” means Airbus Financial Services Limited. Airbus is the ‘controller’ of your personal data. We are committed to being open with the persons that share their information with us. We have accordingly developed this Privacy Notice explaining how we manage, share and look after your information.

What information we collect

We may collect the following types of information from you, depending on how you interact with us:

(A) information you provide to us or, where they share it with us, our affiliates, such as information contained in the customer due diligence checklist (this captures information we need to check for anti-money laundering and anti-terrorist purposes) such as your name, address (and proof of address), copy of passport, date of birth, role within your company and, in certain cases, any shareholdings;

(B) information collected to facilitate bank payments, maintain bank accounts and apply for new bank accounts such as bank account details, shareholdings, sample signature, signatory name, passport and proof of address, role in company, payment information and the intended recipient’s name and bank account details;

(C) information collected for the purposes of facilitating and coordinating aircraft inspections such as your name and copy of passport;

(D) CCTV footage of you when you visit our premises and facilities, as well as your name and time and duration of your visit; and

(E) your contact details such as your name, email address and phone number if you work for one of our suppliers or customers.

How we collect your information

We collect information relating to you in the following main ways:

(A) you (or someone on your behalf) provide some of it directly to us such as by completing our customer due diligence checklist or by signing in at reception when you visit our premises;

(B) we record CCTV footage of you when you visit our premises and facilities;

(C) we receive some of it, such as information collected for anti-money laundering or anti-terrorism purposes, from other data controllers within our group (e.g. Airbus SAS and/or Airbus SE in France which is the group headquarters) where you have consented to them sharing your information with us or where they share it with us in our respective legitimate interests in complying with anti-money laundering and anti-terrorism laws and best practice); and

(D) we receive some of it from third parties such as screening service providers like LexisNexis and Bureau van Dijk which share information with us from anti-money laundering and anti-terrorism watch lists based upon our legitimate interest in complying with anti-money laundering and anti-terrorism laws and best practice.

If we ask you to complete our customer due diligence checklist, it is important that you complete it. If you do not, we may not be able to provide services to the organisation that you work for, due to our legal obligations and/or Airbus group directives regarding anti-money laundering and anti-terrorism checks. Similarly, if you do not provide us with the information required by banks to maintain or apply for new bank accounts or process payments, we may not be able to facilitate this for you.

How we use your personal data

We fully respect your right to privacy.

We use the information you provide to us to enable us to provide services to, or receive services and products from, the organisation you work for. For instance, if you work for one of our customers or suppliers, we will keep your contact details so we can get in touch with you. Also, we use bank details and related information so we can implement payments that arise from or connected with the services we provide to you or your employer and to maintain or apply for new bank accounts. We may also use your information to facilitate or co-ordinate aircraft inspections. We process information relating to you in this regard on the basis of our legitimate interests in providing and improving our services on a sustained basis and in complying with our contractual obligations and any relevant payment and bank related legislation, protocols, codes and requirements.

We and our affiliates have to comply with Irish, EU and other global anti-money laundering legislation and anti-terrorism laws (“AML”) and, in particular, we must comply with the Irish Criminal Justice (Money Laundering and Terrorist Financing) Acts 2010 and 2013 and/or Airbus group directives on AML. We use the information you provide us through our customer due diligence checklist in this regard to comply with these laws and related best practice. We do this on the basis of our need to comply with those legal obligations and our legitimate interests in complying with those laws and related best practice.

In some cases, we also receive from, or share with, our affiliates information about you collected as a part of the customer due diligence process or otherwise where you have consented to your information being shared in this way or where they or we share it based upon our respective legitimate interests in complying with anti-money laundering and anti-terrorism laws and best practice.

We use CCTV footage and other information about visitors to our premises and facilities for safety and security purposes. We do this on the basis of our legitimate interest in providing and maintaining a safe and secure place of work for us and others who use it and protecting our and others’ property and confidential information.

Who we share your information with

We may share your information with:

(A) our service providers that assist us in providing our services – these service providers are contractually required to keep your information secure and only use it to provide services to us;

(B) banks, SWIFT, issuing and clearing houses and other data controllers involved in facilitating payments or maintaining or applying for bank accounts arising from or connected with the services we provide to you or your employer, as well as the intended recipient of any payments – this can include the sharing of your customer due diligence information so those companies can comply with anti-money laundering and anti-terrorism laws and best practice and relevant banking and payment codes, protocols and requirements, as well as payment and accounts details so the payment can be implemented. We do this based upon our and those companies’ legitimate interests in this regard;

(C) airlines for the purposes of facilitating and co-ordinating aircraft inspections;

(D) affiliates when it is reasonably necessary or desirable, such as to enable them to comply with their legal obligations and best practice in the area of anti-money laundering and anti-terrorism (although we do not share customer due diligence information with our affiliates where you opt-out of this when you submit your customer due diligence information to us, unless we are required to do so by law in a given case);

(E) government, regulatory and law enforcement agencies where we believe in good faith that we are required to do so in order to comply with our legal obligations;

(F) any third parties where we believe in good faith that such a disclosure is appropriate to comply with the law or protect our or others’ rights, property or interests (such as enforcing our legal terms and policies);

(G) professional advisers such as lawyers, accountants, auditors and other professional advisers; and

(H) if we are involved in a reorganisation, merger, acquisition or sale of some or all of our assets, your personal information may be transferred as part of that deal to the purchaser if we consider it appropriate to do so in the circumstances.

Retention periods

We take measures to delete your personal information, or keep it in a form that does not permit identifying you, within a reasonable period of time after the information is no longer necessary for the purposes for which we process it as outlined in this notice or when you request its deletion, unless, in certain circumstances, when we consider the information potentially necessary to comply with our legal obligations, resolve disputes, prevent fraud or abuse, comply with our contracts or protect our legitimate interests. The exact retention periods vary, depending on the purposes for which we use the information, changes in legal requirements and our business practices and the relevant circumstances in a given case. For instance, we keep information collected through our customer due diligence process for up to 6 years from the later of the date of the last transaction for the customer and the date we cease providing services to the customer.

Data transfers outside the European Economic Area

We will generally store your personal data within the European Economic Area (“EEA”). However, in certain cases we may transfer data to locations outside of the EEA. The privacy protections in these jurisdictions may not be equivalent to those in Europe. We will only transfer personal data outside of the EEA where permitted to so by European Union law and we will take reasonable steps to ensure that the personal data continues to enjoy appropriate protections. If we transfer such personal information outside the EEA, we will take reasonable steps to ensure that such information will be adequately protected.

For instance, when we transfer personal information to an Airbus entity outside the EEA that does not have an “adequate level of protection” as determined by the European Commission, we do so on the basis of our approved binding corporate rules known as the Airbus Binding Corporate Privacy Rules ("Airbus BCRs"). The Airbus BCRs establish adequate protection of personal information and are legally binding on Airbus SE (formerly Airbus Group N.V.) and all of its dependent subsidiaries. The Airbus BCRs can be accessed here or on the Airbus website www.airbus.com.

France and Germany is where most processing of personal information outside of Ireland takes place, but Airbus group has operations in other countries / regions including Algeria, Australia, Belgium, Brazil, Canada, Chile, China, Czech republic, Denmark, Egypt, Finland, France, French Guyana, Germany, Greece, Hong Kong, Hungary, India, Indonesia, Ireland, Italy, Japan, Kazakhstan, Libya, Malaysia, Mexico, Morocco, Netherlands, New Zealand, Norway, Oman, Philippines, Poland, Qatar, Romania, Russia, Saudi Arabia, Singapore, Slovakia, South Africa, South Korea, Spain, Sweden, Taiwan, Tanzania, Thailand, Tunisia, Turkey, United Kingdom, United States of America, Uruguay, United Arab Emirates, Vietnam. We may, accordingly, transfer information to Airbus companies in those countries / regions too based upon the Airbus BCRs. We may rely upon a number of other means to transfer personal information which is subject to the GDPR in accordance with Chapter V of the GDPR. These include:

(A)Privacy Shield. We may transfer, in accordance with the GDPR, personal information to companies which have certified their compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (each individually and jointly, the “Privacy Shield”).

(B)Standard Data Protection Clauses. We may, in accordance with the GDPR, transfer personal information to recipients which have entered into the European Commission approved contract for the transfer of personal information to outside the European Economic Area.

(C) European Commission Adequacy Decision. We may, in accordance with the GDPR, transfer personal information to recipients which are in a country which the European Commission or a European data protection supervisory authority has confirmed, by decision, offers an adequate level of data protection. 

(D) Approved Codes of Conduct and Certification Mechanisms. We may, in accordance with the GDPR, transfer personal information pursuant to an approved certification mechanism or code of conduct, together with binding and enforcement commitments from the recipient to apply the appropriate safeguards, including as regards data subjects’ rights.

(E)Binding Corporate Rules. We may, in accordance with the GDPR, transfer personal information to processors which have committed to comply with their own Binding Corporate Rules that have been approved by EU data protection supervisory authorities.

(F)Protection of vital interests or important public interest reasons. We may, in accordance with the GDPR, transfer personal information if it is necessary to protect the vitial interests of you or others or if the transfer is necessary for important reasons of public interest.

(G)Legal protection. We may, in accordance with the GDPR, transfer personal information if it is necessary for the establishment, exercise or defence of legal claims.

You can find out more information about these transfer mechanisms here and if you want a copy of the standard data protection clauses you can ask us by email to the email address below.

Third parties

When we provide your information to independent data controllers, they are solely responsible for how they handle and use your information.

Your rights in relation to your information

We operate in accordance with the rules set out in Irish data protection law (including the GDPR). You may enjoy a number of rights under Irish data protection law, having regard to the legal basis that we use to process the data and various exceptions contained in Irish data protection law. These rights are outlined below:

(A)Withdraw consent – if we rely on consent for the processing of your personal data in a given case, you can withdraw that consent prospectively at any time by contacting us at dl-afsnotices@airbus.com though that does not impact on the lawfulness of what we did before then

(B) Right of access – you have a general right to find out if we hold any personal data relating to you and obtain a copy of any such personal data we hold on you, though this is subject to certain exceptions.

(C) Right to rectification – you have the right to rectify any information we hold about you that is inaccurate.

(D) Right to erasure – you have the right, in certain cases, to have erased any information we hold about, provided there is valid grounds for doing so.

(E)Right to restriction of processing – you have the right, in certain cases, to temporarily restrict the processing of your personal data, provided there is valid grounds for doing so.

(F)Right to data portability – you have the right, in certain cases, to obtain a commonly used machine-readable copy of the electronic information you provided to us.

(G)Right to object – you have the right to object to the processing of your personal data in certain cases.

(H)Marketing preferences – if at any time you would like to change the way we market to you, you should contact dl-afsnotices@airbus.com. You can also choose to stop receiving marketing e-mails or SMS messages from us by clicking on the opt-out link in the SMS or e-mail and by following the relevant instructions in the link.

(I)Right to lodge a complaint – if you are unhappy with how we have acted in handling your personal data, you have the right to lodge a complaint with the supervisory authority in your EEA country of residence, place of work, or with the Office of the Data Protection Commissioner in Ireland who can be contacted at info@dataprotection.ie.

Who are we?

Airbus Financial Services Limited, a company registered in Ireland with number 144820 and registered address at 5th Floor, 6 George’s Dock, IFSC, Dublin 1, D01 K5C7, Ireland.

We occasionally update this Privacy Notice

We develop new and improved services which we hope will increase our level of service to you. We may also change our practices over time as our business and technology evolves. Occasionally, this means that we will need provide you with new or additional information about the ways in which collect and use your personal data. As a result, we may amend this Privacy Notice from time to time.

If we materially change our Privacy Notice we will take steps to inform you of the change in advance. We may do this through an email, SMS, notices on a website or other means (or a combination of these means).

Contact us

If you have any questions or comments about this Privacy Notice, please contact us at dl-afsnotices@airbus.com or in writing at:

Airbus Financial Services Limited
5th Floor
6 George’s Dock
IFSC
Dublin 1
D01 K5C7
Ireland

 

This Privacy Notice was last updated in August 2018.