Last updated: June 2022
WEBSITE PRIVACY NOTICE
CDB Aviation Lease Finance DAC of 1GQ, George’s Quay, Dublin 2, Ireland (the Company, we, us or our) is committed to protecting and respecting your privacy. This privacy notice (Notice) is intended to ensure that you are aware of how we, as a Controller, process your personal data, in accordance with applicable data protection laws, including the EU General Data Protection 2016/679 (GDPR), Data Protection Act 2018, EU Privacy and Electronic Communications Directive 2002/58/EC, and any national implementing laws, as amended or updated from time to time.
It is important that you read this Notice carefully, and any privacy and data protection notice that we may subsequently provide to you, so that you are aware of and understand how and why we are processing your personal data.
SCOPE OF NOTICE
It applies to all personal data collected, maintained, transmitted, stored, retained, or otherwise used (i.e. processed) which is collected by us via our website, regardless of the media on which that personal data is stored. We may update this Notice at any time.
WHAT IS PERSONAL DATA?
‘Personal Data’ is defined as any data relating to a living individual who can be identified directly from that data or indirectly in conjunction with other information. There are instances where we invite or request individuals to provide us with their personal data through our website. We will collect some or all of the types of personal data set in relation to you via our website: contact/identifying details including name, address, email address, your preferred location; and any such data you choose to include in the ‘Your skillset’ section of the website Careers portal: https://www.cdbaviation.aero/careers/
HOW IS YOUR PERSONAL DATA COLLECTED?
PURPOSE AND BASIS FOR PROCESSING
We will hold, process and may disclose the personal data provided by you for the purposes and on the legal basis set out:
|Category of Personal Data||Purpose for Processing||Legal Basis|
contact/identifying details including name, address, email address, your preferred location.
any such data you choose to include in the ‘Your skillset’ section of the website Careers portal
|We may also need to use the personal data collected via our website for the purposes of establishing, exercising or defending legal proceedings.|
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you by updating this data protection notice and we will explain the legal basis which allows us to do so.
RECIPIENTS OF YOUR PERSONAL DATA
Where this is relevant to their roles, Company staff and in some cases third parties will have access to your personal information.
The Company is a wholly owned subsidiary of China Development Bank Financial Leasing Co., Ltd (Parent Company) which is based in People’s Republic of China (PRC). We may disclose your personal data to the Parent Company including, without limitation,for the following reasons: in order to run global processes and to carry out-group wide and regulatory reporting.
It may be necessary from time to time for us to disclose personal data to third parties or agents, including without limitation to the following third parties or agents, and others as may be required from time to time:
- Third parties to assist in the administration, processing and management of certain activities pertaining to the provision of past, current and prospective services;
- Individuals or companies employed or engaged by the Company to carry out specific services, functions or consultancy work including external reference agencies;
- Regulatory bodies to whom are obliged or required to disclose information including the Courts and Court-appointed persons;
- Insurance or assurance companies;
- Legal advisors and auditors;
- Potential purchasers or bidders;
- Relevant Government departments and agencies; and
- Other support service providers necessary to assist the Company with the above.
We will inform you in advance if we intend to further process or disclose your personal data for a purpose other than the purposes set out above. We take all reasonable steps, as required by law, to ensure the safety, privacy and integrity of such data and information and, where appropriate, enter into contracts with such third parties to protect the privacy and integrity of such data and any information supplied.
CROSS-BORDER DATA TRANSFERS
The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA), including but not limited to the PRC, for the purposes described above. It may be processed by personnel operating outside the EEA who work for us, the Parent Company or for one of our suppliers who act on our behalf. The Company and its Parent Company have entered into a data sharing agreement, which incorporates the European Commission standard contractual clauses, to ensure that relevant personal data is appropriately safeguarded.
We will store your personal data only for as long as necessary for the purposes of providing access to our website and related services to you; as required by law or regulatory guidance to which we are subject, and for the exercise or defence of legal claims that may be brought by or against us.
In general, we will hold this information for a period of seven years after you cease to interact with us, unless we are obliged to hold it for a longer period under law or applicable regulations. However, data specifically collected as part of our recruitment process will only be held for a period of 12 months from our final interaction with a candidate during the recruitment process. If you are a successful candidate, some of your personal data obtained during the recruitment process will be held by us. This data will be subject to our separate staff privacy statement.
For further information concerning our data retention practices please see the Contact Us section below.
LINKS TO OTHER WEBSITES
Our website may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies and we do not accept any responsibility or liability for those policies. Please check those policies before you submit any personal data to those websites.
SECURITY AND STORAGE OF PERSONAL DATA
We are committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. We have implemented strict internal guidelines to ensure that your privacy is safeguarded at every level of our organisation. We will continue to revise policies and implement additional security features as new technologies become available.
Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our website. Any transmission of personal data is at your own risk. Once we receive your personal data, we use appropriate security measures to seek to prevent unauthorised access or disclosure.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach as appropriate and in accordance with our legal obligations.
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We do not envisage that any decisions will be taken about you using automated means, without human involvement in the decision-making process, however we will notify you in writing if this position changes.
YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
You have the right to request access to, rectification, or erasure of your personal data, or restriction of processing or to object to processing of your personal data, as well as the right to data portability. The following is a summary of what these rights involve:
- The right of access enables you to receive a copy of your personal data.
- The right to rectification enables you to ask us to correct any inaccurate or incomplete personal data.
- The right to erasure enables you to ask us to delete your personal data in certain circumstances, for example where it is no longer necessary for us to process it.
- The right to restrict processing enables you to ask us to halt the processing of your personal data in certain circumstances, for example if you want us to verify its accuracy or our legitimate interests in processing it.
- The right to object enables you to object to your personal data being processed on the basis of our legitimate interests (or those of a third party). We will cease processing your information, unless the processing is based on compelling legitimate grounds or is needed for the exercise or defence of legal claims. Where we use your personal data for direct marketing purposes, you can always object and opt out of future marketing messages using the unsubscribe link in such communications.
- The right to data portability enables you to ask us to transmit the personal data, that you provided to us, to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party.
In the event that we request, and receive, your consent to process your personal for a specific purpose, you have the right to withdraw your consent at any time. Your withdrawal of consent will not affect the lawfulness of our processing based on consent before its withdrawal. If you wish to exercise this right, please see Contact Us below.
If you wish to exercise any of these rights, please see Contact Us below. We will respond to your request within one month. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of your request. We may request proof of identification to verify your request. We have the right to refuse your request where there is a legal basis to do so, or if it is manifestly unfounded or excessive, or to the extent necessary for important objectives of public interest.
You also have the right to lodge a complaint with the Office of the Data Protection Commission (DPC) at any time. Contact details of the DPC are available here.
If you have any questions about how we handle your personal data, or if you want to exercise any of your rights, please contact us by email at firstname.lastname@example.org or in writing at 1GQ, George’s Quay, Dublin 2, Ireland addressed for the attention of the Head of Corporate Legal. All requests will be dealt with promptly and efficiently.
CHANGES TO THIS NOTICE
We reserve the right to change this Notice from time to time at our sole discretion. If we make any changes, we will post those changes here and update the “Last Updated” date at the bottom of this Notice. However, if we make material changes to this Notice, we will notify you by means of a prominent notice on the website prior to the change becoming effective.