Name: “Institute of Air Transport” LTD
Headquarters and address: “Brussels” №1 Blvd., Sofia, Bulgaria
Data Protection Officer:
Name: Tanya Tomova
Mailing address: “Brussels” №1 Blvd., “Institute of Air Transport”, Sofia, Bulgaria
Tel: +359 2 94 24 126
Commission for Personal Data protection
Address: “Prof. Tsvetan Lazarov” №2 Blvd., Sofia, Bulgaria
The personal data, which we could collect from you and process, are:
Special category of personal data we could process:
For what purposes do we process your personal data:
On what grounds are we gathering your personal data?
Complying with legal obligations; complying with the internal company policies; legitimate interest; executing a contract in which you are a Party; based on your consent.
We collect, use, transmit and disclose personal data because of one of the following reasons: (i) because we are obliged to do so in accordance with the applicable law; (ii) because the data is needed to execute a contract; (iii) because such information is of extreme importance for us and we have acquitted legitimate interest; or (iv) when it is necessary to preserve the health and life of an individual.
In case none of the purposes for the collection and usage of your personal data, listed above, are applicable, the decision to give your personal data is voluntarily. If you do not give us your personal data, under certain circumstances we may not be able to execute our obligations and we will inform you about the consequences of this decision.
The following organizations may receive your personal data:
Storage periods for personal data
The Controller performs annual check-ups of the personal data in order to assess the necessity of their processing and if that obligation has expired – to be deleted. The Controller determines which personal data is set to be deleted because of expired storage period or because it has met its purpose when processed.
The periods for storage in the Trainees filing system are as follows:
- For Technical Training: unlimited period of time according to the Regulation (EU) 1321/2014 of the Commission;
- For Cabin Crew Training: 3 years minimum according to the Training manual for Cabin Crew Training of “Institute of Air Transport” LTD;
- For Pilot Training: 3 years minimum according to the Regulation (EU) 178/2011 of the Commission.
The periods for storage in the Partners filing system is 5 years.
The periods for storage in the Visitors filing system is:
-Visitor’s log of the Simulator Training Centre: 1 year;
-Flight-technical logs; declaration for responsible use of Internet; computer systems and internal computer network; application for safety briefing for the users of the Flight Simulators and the Simulator Training Centre; log for conducted cabin crew training: 5 years.
The periods for storage in the Video Surveillance is 30 days.
The periods for storage of CVs and online inquiries is 6 months.
The storage period of the IP addresses is 30 days.
Your rights and obligations as a data subject of personal data are as follows:
To exercise any of above-mentioned rights, you should comply with the requirements of Regulation (EU) 2016/679 and the Personal Data Protection Law of Republic of Bulgaria and send a written request to the Controller, by filling a request form for the specific claim. The request form then should be filed to the address of the Controller or to the following e-mail: firstname.lastname@example.org
The Controller provides information regarding the actions undertaken in connection to the request, in a period of 1 month of receiving the request. If necessary, this period can be extended with additional 2 months, taking into account the complexity and number of requests.
Please keep your personal data up to date and inform us for any changes.
You are required to follow the applicable laws in regards to the personal data.
How do we protect your personal data?
The Controller will process the information provided by you, in compliance with the requirements of Regulation (EU) 2016/679 and the Personal Data Protection Law of Republic of Bulgaria. The Controller applies procedures and technologies in order to protect the personal data you provide, from unauthorized access, use, disclosure, change or erasing in compliance with the applicable laws. The Controller requires from his partners, who have access to your personal data, to apply appropriate technical and organizational measures, with which to ensure protection and confidentiality of your personal data.