Privacy Notice

This document sets out how we keep your personal data safe, and describes your rights, in accordance with data protection laws adopted in the UK on 25 May 2018.

 

Resource International Group Investments AG is the ultimate holding company of the Resource Group of companies, operating through its Aviation Resourcing Services, Flight Crew Services (Jointly AARS) and Aviation Technical Training (ATT) divisions. We understand that your privacy is important to you and, in our capacity as data controllers, we are committed to protecting and respecting it.

 

The General Data Protection Regulation (GDPR) describes Personal Data as any information relating to a natural person who can be directly or indirectly identified in particular by reference to an identifier.

Sensitive personal data is data which is described in Article 9 of GDPR as that relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. We will not collect sensitive data unless required to do so by law.

 

 

This Privacy Statement, together with our Terms of Use and any other documents referred to herein, sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read it carefully to understand our views and practices regarding your personal data and how we will treat it.

 

It is important to point out that we may amend this Privacy Notice from time to time. Please visit our website if you want to stay up to date as we will post any changes there.

 

The territorial scope of the regulation covers data subjects in the European Union whether the controller/processor is located in the Union or where member state law applies by virtue of public international law.

 

 

Who we are

Resource International Group Investments AG provides consulting, resourcing, recruitment and training  services, primarily to the aviation and aerospace industrial sectors. Our products and services will identify which entity you have a relationship with. You can find out more about us at www.resourcegroup.co.uk

If you have any questions, or want more details about how we use your personal information, you can contact us at data@resourcegroup.co.uk

 

The term “recruitment” is used throughout this document and refers to:

  1. Flight Crew Services, which provides clients with flight deck or cabin crew on a permanent or contract
  2. Aviation Resourcing Services, which provides skilled manpower across line & base maintenance, aircraft production, interiors, maintenance & completions and business aviation on both a temporary and permanent

 

How the Law Protects You

Your privacy is protected by law. This section explains how that works.

 

Data protection laws say that we are allowed to use personal information only if we have a proper reason to do so. This includes sharing it outside Resource Group. The law says we must have one or more of the following reasons:

 

 

 

 

  1. To fulfil a contract we have with you;
  2. When it is our legal duty;
  3. When it is in our legitimate interest; or
  4. When you consent to

 

A legitimate interest is when we have a business or commercial reason to use your information. But, even then, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is.

 

In the following sections we will describe all the ways that we may use your personal information, and which of the reasons we rely on to do so, including our legitimate interests.

 

The Data We Collect – AARS

From candidates

In order to provide the best possible employment opportunities that are tailored to you, we need to process certain information about you. We collect details that will genuinely help us to help you, such as your name, age, contact details, educational history, industry-related qualifications, employment history, emergency contacts, right to work status, financial details (including bank account and current remuneration) and National Insurance number. You may also voluntarily share other information with us. Where appropriate, and in accordance with local laws and requirements, we may also collect information related to your health, diversity or details of any criminal convictions.

 

We may collect details of nominated referees (in which case this will be limited to their contact details).

 

We may use some of the information provided to email you details of jobs/vacancies which relate to your sector of the aviation and aerospace industry.

 

If you are found placements outside of your country of residence, we may also require you to provide   information to allow us to process documentation on your behalf relating, for example, to National Insurance and local/ national tax matters. This may include photographic proof of identity (usually a scan of your passport or other formal identification documents), your marital status and local social security number.

 

From clients

We generally only need to have your contact details, or the details of individual contacts at your organisation (such as their names, telephone numbers and email addresses), to enable us to ensure that our relationship runs smoothly. If we need any additional personal data for any reason, we will let you know.

 

From suppliers

We’ll collect the details of our contacts within your organisation, such as names, telephone numbers and email addresses. We’ll also collect bank details so that we can pay you. We may also hold extra information that someone in your organisation has chosen to tell us.

 

From referees & emergency contacts

All we need from referees is confirmation of what you already know about the candidate or prospective member of staff, so that they can secure that job they really want. Emergency contact details give us somebody to call on in an emergency. To ask for a reference, we’ll obviously need the referee’s contact details (such as name, email address and telephone number). We’ll also need these details if our candidate or a member of our staff has put you down as their emergency contact so that we can contact you in the event of an accident or an emergency.

 

From website users

 

 

 

When you visit our website there is certain information that we may automatically collect, whether or not you decide to use our services. This includes your IP address, the date, the time, the frequency with which you access the website and the way you browse its content. We will also collect data from you when you contact us via the website.

 

The Data We Collect – ATT

From learners

In order for us to provide a full range of training services including examination and certification in line with the aviation and aerospace industry regulator’s requirements. We need to process certain information about you. We collect data which allow us to place you on course(s) and receive examination and certification in line with the requirements of the regulatory authorities. This data will include your name, address, Telephone number, email address, date of Birth, Place of Birth, a copy of either your Passport/ Driving Licence or other formal identification document, relevant educational qualifications.

 

We may also use this data to email details of our training courses which we believe are relevant to the industrial sector you work within.

 

In order for us to process payments for our services, we may require payment card details, although we may take these for phone bookings, we will destroy the card details as soon as the payment has been taken.

 

From clients

If you are a client of ours, we need to collect and use information about you, or individuals at your organisation, in the course of providing you with services such as: sponsoring training to your staff. This is may either be through attending courses or online training services. In these circumstances we will correspond with you regarding details of the staff being sponsored. We will also require an address to send documentation relating to successful course completion.

We may from time to time contact you to request feedback on the quality of training services we have provided and may discuss any future training courses that we feel may be of interest to your organisation.

 

From suppliers

We’ll collect the details for our contacts within your organisation, such as names, telephone numbers and email addresses. We’ll also collect bank details, so that we can pay you. We may also hold extra information that someone in your organisation has chosen to tell us.

 

From website users

When you visit our website there is certain information that we may automatically collect, whether or not you decide to use our services. This includes your IP address, the date and the times and frequency with which you access the website and the way you browse its content. We will also collect data from you when you contact us via the website

 

How we collect Data – AARS

From candidates

We collect candidates’ personal data in three primary ways:

 

  1. Personal data you give to us, which may include:

 

  1. Entering your details on our website or via an application form, as part of the registration process;
    1. Providing us with a hard-copy CV;
    2. Emailing your CV to us in electronic format;
    3. Applying for jobs through a job aggregator, which then redirects you to our

 

  1. Personal data we receive from other sources:

 

  1. Your referees may disclose personal information about you;
  2. Our clients may share personal information about you with us;
  1. We may obtain information about you from third party sources, such as LinkedIn and other job

 

  1. Personal data we collect automatically:

 

From clients

  1. When you access our website, we collect your data automatically via cookies, in line with cookie settings in your browser. (Please see the section on how we use your personal data.)We collect client personal data in three ways:

 

  1. Personal data we receive directly from you:

 

  1. Where you contact us, usually by phone or email;
  2. Where we contact you by either phone or email as part of a business development

 

  1. Personal data we receive from other sources:

 

  1. By analysing your online media presence;
  2. From third parties such as

 

  1. Personal data we collect via our website:

 

  1. We may collect data about the extent to which you access our

 

From suppliers

During the course of our business with you we may ask for details from you relating to contact and payment.

 

Referees & emergency contacts

Personal data relating to emergency contact details and nominated referees are usually provided by candidates.

 

Website users

IP addresses and cookies

We may collect information, such as through Google Analytics (http://www.google.com/analytics), about your computer, including, where available, your IP address, operating system and browser type. This would be for system administration purposes and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.

 

Similarly, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our website and to deliver a better and more personalised service. They enable us:

 

  1. To estimate our audience size and usage pattern;
  2. To store information about your preferences, and so allow us to customise our website according to your individual interests;
  3. To speed up your searches;
  4. To recognise you when you return to the

 

Our website is run on WordPress which utilises cookies for two purposes:

  1. Registered members need a cookie to be able to log This is strictly necessary as WordPress won’t work without it;
  2. Visitors who leave a comment on a blog post will also have a cookie set on their This is not “strictly necessary” as it’s a user preference.

 

When you purchase via the website WooCommerce, it makes use of three cookies:

  1. woocommerce_cart_hash
  2. woocommerce_items_in_cart
  3. wp_woocommerce_session_

 

The first two cookies contain information about the cart as a whole and helps WooCommerce know when the cart data changes. The final cookie contains a unique code for each customer so that it knows where to find the cart data in the database for each customer. No personal information is stored within these cookies.

 

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting, you may be unable to access certain parts of our website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our website.

 

How we collect Data – ATT

 

From learners

We collect data applicants who wish to use our training services in three primary ways:

 

  1. Personal data you give to us, which may include:

 

  1. Entering your details on our website or via an application form, as part of the registration process;
    1. When you email us a course booking form;
    2. When you contact us via phone, we may record your details on a course booking form;
  2. When you first attend one of our training courses we may require a copy of your passport for our training

 

  1. Personal data we receive from other sources;

 

  1. Your employer may provide data about you if they are sponsoring your training;
  2. Your employer may provide data about you if they are booking a training course on your behalf;
  1. Your colleagues may occasionally provide us with data that will allow us to provide you with information about our training (We assume that this is at your request)

 

  1. Personal data we collect automatically;

 

  1. When you access our website, we collect your data automatically via cookies, in line with cookie settings in your (Please see the section on how we use your personal data.)

 

From clients

We collect client personal data in three ways:

 

  1. Personal data we receive directly from you:

 

  1. Where you contact us, usually by phone or email;
  2. Where we contact you by either phone or email as part of a business development

 

  1. Personal data we receive from other sources:

 

  1. By analysing your online media presence;
  2. From third parties such as

 

  1. Personal data we collect via our website:

 

  1. We may collect data about the extent to which you access our

 

From suppliers

During the course of our business with you we may ask for details from you relating to contact and payment.

 

Website users

IP addresses and cookies

We may collect information, such as through Google Analytics (http://www.google.com/analytics), about your computer, including, where available, your IP address, operating system and browser type. This would be for system administration purposes and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.

 

Similarly, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive.

 

They help us to improve our website and to deliver a better and more personalised service. They enable us:

 

  1. To estimate our audience size and usage pattern;
  2. To store information about your preferences, and so allow us to customise our website according to your individual interests;
  3. To speed up your searches;
  4. To recognise you when you return to the

 

Our website is run on WordPress which utilises cookies for two purposes:

  1. Registered members need a cookie to be able to log This is strictly necessary as WordPress won’t work without it;
  2. Visitors who leave a comment on a blog post will also have a cookie set on their This is not “strictly necessary” as it’s a user preference.

 

When you purchase via the website WooCommerce, it makes use of three cookies:

  1. woocommerce_cart_hash
  2. woocommerce_items_in_cart
  3. wp_woocommerce_session_

 

The first two cookies contain information about the cart as a whole and helps WooCommerce know when the cart data changes. The final cookie contains a unique code for each customer so that it knows where to find the cart data in the database for each customer. No personal information is stored within these cookies.

 

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting, you may be unable to access certain parts of our website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our website.

 

 

How we use your personal data – AARS

General

Some personal data we collect from you is required to enable us to fulfil our contractual obligations to you or to others. Some data are required by statute or other laws. Other items may simply be needed to ensure that our relationship can run smoothly.

Depending on the type of personal data in question and the grounds on which we may be processing it, should you decline to provide us with such data, we may not be able to fulfil our contractual requirements or, in extreme cases, may not be able to continue with our relationship.

 

Candidates

The main reason for using your personal details is to help you find employment or other work roles that might be suitable for you. The more information we have about you, your skillset and your ambitions, the more bespoke we can make our service.

 

We’ve listed below various ways in which we may use and process your personal data (sometimes it will be to comply with local laws). Please note that this list is not exhaustive:

  1. Collecting your data from you and other sources, such as LinkedIn;
  2. Storing your details (and updating them when necessary) on our database, so that we can contact you in relation to recruitment;
    1. Providing you with our recruitment services and to facilitate the recruitment process;
  3. Assessing data about you against vacancies which we think may be suitable;
  4. Sending your information to clients, in order to apply for jobs or to assess your eligibility for jobs;
  5. Enabling you to submit your CV, apply online for jobs or to subscribe to alerts about jobs we think may be of interest to you;
  6. Carrying out our obligations arising from any contracts entered into between us;
  7. Carrying out our obligations arising from any contracts entered into between us and third parties in relation to your recruitment;
    1. Facilitating our payroll and invoicing processes;
  8. Verifying details you have provided, using third party resources (such as psychometric evaluations or skills tests), or to request information (such as references, qualifications and potentially any criminal convictions, to the extent that this is appropriate and in accordance with local laws);
  9. Complying with our legal obligations in connection with the detection of crime or the collection of taxes or duties;
  10. Fulfilling our obligations to engage agencies to carry out relevant national security checks when required to do so;
    1. Processing and responding to individual complaints through Corrective Action Reporting;
    2. Processing your data to enable us to send you targeted, relevant marketing materials or other communications which we think are likely to be of interest to you.

 

 

Marketing

We may periodically send you information that is relevant to your relationship with us. Additionally, we may wish to use your data for the purposes listed below:

  1. To enable us to develop and market other products and services;
  2. To market our full range of recruitment services to you;
  3. To use testimonials from you on our website (but only where we have obtained your express consent to do so).

If you are not happy about any of these, you may opt out by writing to data@resourcegroup.co.uk

 

Profiling

Article 22 of the GDPR describes automated profiling and limits the use of this type of decision making to:

  1. Where it is necessary for the entry into or performance of a contract;
  2. Carry out functions that are authorised by local law;
  3. Incidents where we have the individual’s

 

Although we don’t carry out fully automated decision making, we do use algorithms within our database to identify jobs that match your profile. This would be acceptable as it allows for entry into or the performance of a contract.

You may wish to object to this form of processing; in which case we will revert to only processing your details manually. This could make it more difficult to match you with jobs and, in the worst-case scenario, it may mean we have to stop working with you.

 

Legal Claims

Occasionally we may have to use your personal data to help us to establish, exercise or defend legal claims.

 

Client data

Recruitment activities

We mainly use client data to assist us with recruiting activities and may:

  1. Store your details on our database so that we can contact you in relation to recruitment activities;
  2. Keep records of our communications so that we can provide targeted services to you;
  3. Contact you to carry out customer satisfaction surveys;
  4. Process your data for targeted and appropriate

 

Marketing activities

We will not seek consent to send marketing literature to a corporate postal or email address. If you are not happy with this, you may opt out by writing to data@resourcegroup.co.uk .

 

Supplier data

We will only use data supplied by you in the following circumstances:

  1. To allow us to contact you in relation to our business agreements;
  2. To perform legal obligations;
  3. To perform checks, such as due diligence, should this be

 

Referees & Emergency contacts

If a candidate of ours has put you down on our form as an emergency contact, we’ll contact you in the case of an accident or emergency affecting them.

 

If you were appointed by a candidate of ours as a referee, we will contact you in order to take up a reference. This is an important part of our candidate quality assurance process and could be the difference between the individual getting a job or not.

 

How we use your personal data – ATT

General

Some personal data we collect from you is required to enable us to fulfil our contractual obligations to you or to others. Where appropriate, some data are required by statute or other laws. Other items may simply be needed to ensure that our relationship can run smoothly.

Depending on the type of personal data in question and the grounds on which we may be processing it, should you decline to provide us with such data, we may not be able to fulfil our contractual requirements or, in extreme cases, may not be able to continue with our relationship.

 

Learner data

The main reason for using your personal data is to maintain an accurate record of your details for the purposes of examination and certification. In certain circumstances this is a regulatory requirement.

 

We’ve listed below various ways in which we may use and process your personal data (sometimes it will be to comply with local laws). Please note that this list is not exhaustive:

  1. To compile documentation relating to course availability and ensure courses are not oversubscribed;
  2. Recording attendance on taught courses as mandated by the regulatory authorities, to provide evidence of attendance to employers and also in case of legal dispute;
  3. The provision of any relevant training material related to the course you are attending either in person or online;
  4. Compiling and discussing individual feedback from you and possibly your employer which support our course review and improvement strategies;
  5. Confirming the identity of candidates who are attending courses and associated exams;
  6. Producing online exams and confirming the identification of the candidate(s);
  7.    Producing and distributing certificates to successful candidates;
  8. Processing and responding to individual complaints;
  9. To allow us to correctly invoice you;
  10. Carrying out our obligations arising from any contracts entered into between us;
  11. Carrying out our obligations arising from any contracts entered into between us and your employer/sponsor in relation to your training;
  12. Carrying out our obligations arising from any contracts entered into between us and third parties in relation to your training;
  13. Processing your data to enable us to send you targeted, relevant marketing materials or other

communications which we think are likely to be of interest to you.

 

Marketing

We may periodically send you information that is relevant to your relationship with us. Additionally, we may wish to use your data for the purposes listed below:

  1. To enable us to develop and market other products and services;
  2. To market our full range of training services to you;
  3. To use testimonials from you on our website (but only where we have obtained your express consent to do so).

If you are not happy about any of these, you may opt out by writing to data@resourcegroup.co.uk

 

Legal Claims

Occasionally we may have to use your personal data to help us to establish, exercise or defend legal claims.

 

Client data

Training activities

We mainly use client data to assist us with recruiting activities and may:

  1. Store your details on our database so that we can contact you in relation to training activities;
  2. Keep records of our communications so that we can provide targeted services to you;
  3. Contact you to carry out customer satisfaction surveys;
  4. Process your data for targeted and appropriate

 

Marketing activities

We will not seek consent to send marketing literature to a corporate postal or email address. If you are not happy with this, you may opt out by writing to data@resourcegroup.co.uk .

 

Supplier data

We will only use data supplied by you to:

  1. Allow us to contact you in relation to our business
  2. To perform legal
  3. To perform checks, such as due diligence, should this be

 

 

Legal bases for processing data – AARS

General

Under Article 6 of the GDPR, the data you supply must be processed under one of six lawful bases:

  1. Consent to the processing of personal data for one or more specific purposes;
  2. Where necessary, for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
  3. processing is necessary for compliance with a legal obligation to which the controller is subject;
  4. processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  5. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  6. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a

 

Legitimate interests

Candidates

We believe that all of our processing of data relating to recruitment activities is in line with our legitimate interests. The only exceptions to this is are for marketing reasons, where we have a lawful basis under soft opt- in consent, and for legal reasons when we have a legal obligation to process your data (see below).

 

It is reasonable to expect that, if you are looking for employment or have posted your professional CV information on a job board or professional networking site, you are happy for us to collect and use your personal data, offer or provide our recruitment services to you, share that information with prospective employers and assess your skills against our bank of vacancies.

 

Prior to being accepted for a job vacancy, any prospective employer may also want to check the information you’ve given us to confirm, for example, your references, qualifications and criminal record.

 

We will always make sure that we operate in a manner that is satisfactory for both of us, whether we are processing your data to carry out an essential business function (like preparing the payroll or processing invoices) or helping you to find suitable employment.

 

Clients

We believe that contacting our clients about recruitment activities and keeping records of our business meetings and communications, constitute legitimate business interests. We also believe that conducting customer  surveys and appropriate targeted marketing are all legitimate interests.

 

Suppliers

We believe that we have a legitimate business reason to contact you in connection with our business dealings, to perform a legal obligation and/or to carry out business checks (such as in the interest of due diligence).

 

Referees & Emergency contacts

We believe that contacting referees to request candidate information that enables us to carry out background checks on candidates is a legitimate interest. We also believe that processing emergency contact details is a legitimate interest to us and also of personal interest to the candidate.

 

Consent

Candidates

A soft opt-in consent is a specific type of consent which applies when, by virtue of your having engaged with us (for example by submitting a job application or CV, or registering a vacancy to be filled), we consider that you would like us to send you information on other recruitment-related services. Under ‘soft opt-in’ consent, we will take your consent as given unless or until you opt out. For most, this is beneficial as it allows us to suggest other jobs to you alongside the specific one you applied for, significantly increasing the likelihood of us finding you a new position. For other types of e-marketing, we are required to obtain your explicit consent.

If you are not happy about our approach to marketing, you have the right to withdraw your consent at any time by writing to us at Data@resourcegroup.co.uk .

 

 

Legal obligation

Like all businesses, we have a legal duty to provide information relating to crime detection, tax collection or actual or anticipated litigation. In these circumstances we will process your information as a legal obligation

 

Legal Basis for processing data – ATT

General

Under Article 6 of the GDPR, the data you supply must be processed under one of six lawful bases:

  1. Consent to the processing of personal data for one or more specific purposes;
  2. Where necessary, for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
  3. processing is necessary for compliance with a legal obligation to which the controller is subject;
  4. processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  5. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  6. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a

 

Legitimate interests

 

Learner data

We believe that to run our training course in an efficient manner and to ensure your place on any training course is reserved is in both our interests as a business and yours as a student. We also view legitimate interests as  the lawful basis for administration of courses and for collection of feedback from both you and where  appropriate, your employer/sponsor.

In order for us to continue as a business it is in our interests to also use data for invoicing and accounting purposes. This may also help you with your tax affairs.

When you attend a course either you or your employer/ sponsor enter into a contract with us, which is in our interests to administer to ensure that all parties abide by the content, we believe it is our legitimate interests to process this data to ensure both parties are adequately protected.

 

Clients

We believe that there are legitimate business interests to contact our clients about training activities, and keeping records of our meetings and communications where they are related to business training activities. Furthermore, we believe that it is customer surveys and appropriate targeted marketing are all legitimate interests on balance.

 

Suppliers

We believe that being able to contact you serves as legitimate business interests whether in relation to our business dealings, performance of legal obligation and performing checks such as due diligence.

 

 

Consent

Learner data

Soft opt-in consent is a specific type of consent which applies where you have previously engaged with us (for example by expressing an interest in or completing training activities with us), we consider that you would like us to send you information on other training-related services.. Under ‘soft opt-in’ consent, we will take your consent as given unless or until you opt out. For most people, this is beneficial as it allows us to suggest other training courses to you alongside the specific one(s) you have already undertaken with us, for example annual mandatory training or other modules you will need attend and pass to achieve career progression. For other types of e-marketing, we are required to obtain your explicit consent.

If you are not happy about our approach to marketing, you have the right to withdraw your consent at any time by writing to us at Data@resourcegroup.co.uk .

 

Legal obligation

 

Like all businesses, we have a legal duty to provide information relating to crime detection, tax collection or actual or anticipated litigation. In these circumstances we will process your information as a legal obligation.

 

When you undertake approved training or examinations, we are required to process and retain all your training, examination and assessment records for an unlimited period.

.

 

 

Special categories of personal data

Sensitive personal data is data which is described in Article 9 of GDPR as that relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. We will not collect sensitive data unless required to do so by law. If you are required to provide this data, we will request your specific consent prior to collecting this information.

 

However, you may voluntarily offer us information about yourself especially where you may be concerned that it may prejudice you.

 

Third parties’ disclosure – AARS

General

We employ external agencies, for example, to manage our IT, Web and payroll services. Each of the businesses employed to manage our activities has made guarantees that your data will be securely processed in line with the General Data Protection Regulation.

 

Candidates

Primarily we will share your personal data with prospective employers to increase your chances of securing employment. Unless you specify otherwise, we may also share your information with any of our group of companies and associated third parties where we feel this will help us to provide you with the best possible service.

 

Third Parties disclosure – ATT

 

General

We employ external agencies to manage both our IT and Web services. Each of the businesses employed to manage our activities has made guarantees that your data will be securely processed in line with the General Data Protection Regulation.

 

Online learning is via a Learning Management System which is managed through a third party supplier who has made guarantees that your data will be securely processed in line with the General Data Protection Regulation..

 

Certificate generation for successful candidates is managed by a third party hosted solution which is provided through a third party supplier has made guarantees that your data will be securely processed in line with the General Data Protection Regulation..

 

On occasion we may be required to disclose information relating to your training when it has been requested by the National Aviation Authorities to whom you have made a licence application.

 

We use Worldpay to provide third party payment services, however they act as the data controller for any data collected relating to payment for our services. You need to talk to them about how they handle your data.

 

 

Retention Period -All

Except for training records which we are obliged to retain securely for an indefinite period (see legal obligation above), we will delete from our system, or securely archive your personal data, if we have not had any meaningful contact with you (or, where appropriate, the company you are working for or with) for three years. This period may be extended if we believe in good faith that the law or relevant regulators require us to preserve your data for longer. After this period, it is likely your data will no longer be relevant for the purposes for which it was collected.

 

How we store and transfer your data internationally – AARS

Recruitment services

In order to provide you with the fullest and best service possible it may be necessary to transfer your data as follows:

 

    1. between and within our business;
    2. to overseas clients;
    3. to clients within your country who may, in turn, transfer your data internationally.
    4. We want to make sure that your data is stored and transferred in a way that is secure. We will therefore only transfer data outside of the European Economic Area or EEA (i.e. the Member States of the European Union, together with Norway, Iceland and Liechtenstein) when it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:
  1. when we have a data transfer agreement with the recipient, incorporating data sharing contractual clauses;

 

  1. by signing up to the EU-U.S. Privacy Shield Framework for the transfer of personal data to entities in the United States of America;

 

  1. only transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country’s levels of data protection via its legislation;

 

  1. where it is necessary for the conclusion or performance of a contract between us and a third party and the transfer is in your interests for the purposes of that contract; or

 

  1. where you have consented to the data transfer.
  2. To ensure that your personal information receives an adequate level of protection, we have put in place appropriate procedures with the third parties with whom we share your personal data to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the law on data protection.

 

How we store and transfer your data internationally – ATT

 

Transfer of your data to countries outside the territorial scope of GDPR will only take place when the person/business who is sponsoring your training is based outside of them.

We may also be required to provide information to support an application you have made, where a security pass is required and we are asked to provide data as a referee, in which case we will assume it is with your consent

Your rights as a data subject – All

Under Article 13 of the GDPR, we are bound to provide you with information relating to your rights, which are as follows:

Right to object

If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days.

 

Right to withdraw consent

Where we have obtained your consent to process your personal data, you may withdraw your consent at any time.

 

Data Subject Access Requests

You have the right to ask us to confirm what information we hold about you at any time, and you may ask us to modify, update or delete such information. We are required to confirm your identity before processing any such request and, where we are legally permitted, we may decline your request, but we will explain the reason why to you.

 

Right to erasure

You have the right to request for us to “erase” your personal data. We will respond to your request within 30 days and will delete your data unless there is a legal reason for keeping your data which prevents us from agreeing to your request, in which case we will let you know why.

 

Right of data portability

If you wish, you have the right to transfer your data from us to another data controller. This will be by directly transferring your data to you in a commonly used machine-readable format.

 

 

 

Contact details – All

Resource Group

 

If you wish to legitimately exercise any of your rights, please contact: Resource Group Data Protection Officer:

Email: data@resourcegroup.co.uk Phone +44 (0)1285772669

 

Right to lodge a complaint with a supervisory authority:

You also have the right to lodge a complaint with your local supervisory authority. The supervisory authority is:

Information Commissioner’s office Wycliffe House

Water Lane Wilmslow Cheshire SK9 5AF

 

Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number

 

Fax: 01625 524 510

 

https://ico.org.uk/