Controller:
Name: “Institute of Air Transport” LTD
UIC: 831910409
Headquarters and address: “Brussels” №1 Blvd., Sofia, Bulgaria
E-mail: gdpr@sofiaflighttraining.com
Data Protection Officer:
Name: Tanya Tomova
Mailing address: “Brussels” №1 Blvd., “Institute of Air Transport”, Sofia, Bulgaria
E-mail: gdpr@sofiaflighttraining.com
Tel: +359 2 94 24 177
Commission for Personal Data protection
Address: “Prof. Tsvetan Lazarov” №2 Blvd., Sofia, Bulgaria
E-mail: kzld@cpdp.bg
The personal data, which we could collect from you and process, are:
1. Data for physical identification – names, ID number, date of birth, permanent/current address, phone number, e-mail, place of birth, data from your ID/passport, photo (if applicable);
2. Data for education and qualification – type of education, specialty, place where education completed, issue number and date of the diploma/certificate;
3. Data for work activity – work experience, occupation, employer, sponsor
4. Data for the capacity to work and for the purposes of the Occupational Health Service – health certificate; a document from Territorial Expert Medical Commission (if available);
5. Banking details;
6. Legal status;
7. Data from the CCTV records on the territory of the “Institute of Air Transport” LTD;
8. IP address;
9. Operation System, browser, location;
10. For inquiries on our Website – please review our Cookies policy
Special category of personal data we could process:
1. Data for the capacity to work and for the purposes of the Occupational Health Service – health certificate; a document from Territorial Expert Medical Commission (if available);
2. Legal status.
For what purposes do we process your personal data:
• Preparing the documentation for conducting training courses; issuing certificates for successful completion of the training courses; verification for completed courses by the trainee; issuing clearances for airports and/or MRO organizations;
• Financial and accounting activities, concluding contracts and agreements, trading and legal relations;
• Access control and protection of the order on the territory of “Institute of Air Transport” LTD, reading the exact number of visitors in case of a natural disaster, fire or other accidents; verification regarding the hours flown and the experience of the pilot crew required by the DR CAA, EASA or any other aviation authorities and administrations; compliance with the Information protection policy of “Institute of Air Transport” LTD; verification of conducted safety training for the users of the flight simulators, for the competent aviation authorities, required by law; certification for conducted training;
• Statistics;
• Answering to inquiries on our Website;
• Recruitment procedures.
On what grounds are we gathering your personal data?
Complying with legal obligations; complying with the internal company policies; legitimate interest; executing a contract in which you are a Party; based on your consent.
We collect, use, transmit and disclose personal data because of one of the following reasons: (i) because we are obliged to do so in accordance with the applicable law; (ii) because the data is needed to execute a contract; (iii) because such information is of extreme importance for us and we have acquitted legitimate interest; or (iv) when it is necessary to preserve the health and life of an individual.
In case none of the purposes for the collection and usage of your personal data, listed above, are applicable, the decision to give your personal data is voluntarily. If you do not give us your personal data, under certain circumstances we may not be able to execute our obligations and we will inform you about the consequences of this decision.
The following organizations may receive your personal data:
• State authorities, administrations and agencies, when required by applicable law. (e.g. National Revenue Agency, National Social Security Institute, Directorate General “Civil Aviation Administration”, etc.).
Storage periods for personal data
The Controller performs annual check-ups of the personal data in order to assess the necessity of their processing and if that obligation has expired – to be deleted. The Controller determines which personal data is set to be deleted because of expired storage period or because it has met its purpose when processed.
The periods for storage in the Trainees filing system are as follows:
– For Technical Training: unlimited period of time according to the Regulation (EU) 1321/2014 of the Commission;
– For Cabin Crew Training: 3 years minimum according to the Training manual for Cabin Crew Training of “Institute of Air Transport” LTD;
– For Pilot Training: 3 years minimum according to the Regulation (EU) 178/2011 of the Commission.
The periods for storage in the Partners filing system is 5 years or until the expiration of the contract and the deadline for filing claims.
The periods for storage in the Visitors filing system is:
-Visitor’s log of the Simulator Training Centre: 1 year;
-Flight-technical logs; declaration for responsible use of Internet; computer systems and internal computer network; application for safety briefing for the users of the Flight Simulators and the Simulator Training Centre; log for conducted cabin crew training: 5 years.
The periods for storage in the Video Surveillance is 30 days.
The periods for storage of personal data from the CVs of participants in recruitment is up to 6 months. Documents containing personal data generated in the recruitment process are stored for up to 3 years.
The periods for storage of IP addresses is 1 month.
Your rights and obligations as a data subject of personal data are as follows:
• To withdraw the consent your personal data to be processed;
• The right to information and access to your personal data;
• The right to rectification of incorrect personal data;
• The right to object to your personal data being processed;
• The right to erasure of your personal data;
• The right to restriction of processing of your personal data;
• The right to receive your personal data, which you have given us and which concerns you, and use them again by transferring them to another Controller.
To exercise any of above-mentioned rights, you should comply with the requirements of Regulation (EU) 2016/679 and the Personal Data Protection Law of Republic of Bulgaria and send a written request to the Controller, by filling a request form for the specific claim. The request form then should be filed to the address of the Controller or to the following e-mail: gdpr@sofiaflighttraining.com
The Controller provides information regarding the actions undertaken in connection to the request, in a period of 1 month of receiving the request. If necessary, this period can be extended with additional 2 months, taking into account the complexity and number of requests.
Please keep your personal data up to date and inform us for any changes.
You are required to follow the applicable laws in regards to the personal data.
How do we protect your personal data?
The Controller will process the information provided by you, in compliance with the requirements of Regulation (EU) 2016/679 and the Personal Data Protection Law of Republic of Bulgaria. The Controller applies procedures and technologies in order to protect the personal data you provide, from unauthorized access, use, disclosure, change or erasing in compliance with the applicable laws. The Controller requires from his partners, who have access to your personal data, to apply appropriate technical and organizational measures, with which to ensure protection and confidentiality of your personal data.