Ortac Operations Management Limited Ortac (AoC) Limited Privacy Notice
Ortac Operations Management Limited and Ortac (AoC) Limited (ORTAC) are committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you during and after your relationship with us, in accordance with the General Data Protection Regulation (GDPR)
ORTAC is the “Data controller”. This means that we are responsible for deciding how to process personal information about you. We are required under the GDPR to notify you of the information contained in this privacy notice.
It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing your personal information.
The registered offices of ORTAC are at Hallmark House, Avenue de la Reine, St Peter, JE3 7BY, United Kingdom.
- your name;
- date of birth;
- place of birth;
- passport details;
- contact details;
- residential address;
- contractual details (such as salary, rank and start/end date);
- curriculum vitae/resume and supporting documentation;
- medical, proficiency certificates and pilot/engineering licences;
- bank account details; and
- any relevant results identified through background checks and screening.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We at ORTAC will collect, store and use the following categories of personal data about you:
We may also collect, store and use the following “special categories” of more sensitive personal information about you:
- Information about your health, including any medical conditions as confirmed in the Medical Certificate (or equivalent), health and sickness records;
- Information about criminal convictions and offences;
- Genetic information and biometric data; and
- Trade union membership.
We will collect personal information about you through the application and on boarding process, either directly from you or a third party representative which you have appointed. We may collect additional personal information in the course of the relationship from background check agencies such as World-Check.
We comply with our obligations under the GDPR by keeping personal data up to date; storing and destroying it securely; not collecting or retaining excessive amounts of data; protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect your personal information.
We will process your personal information in the following lawful circumstances:
- Where we need to perform the contract we have entered into with you;
- Where we need to comply with a legal obligation;
3. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override these interests.
“Special categories” of sensitive personal information require higher levels of protection. We have implemented appropriate policy documents and safeguards which we are required by law to maintain when processing such data.
We may process special categories of your personal information in the following circumstances:
- Where we need to carry out our legal obligations or exercise our rights in connection to the service being provided;
- Where it is needed to protect your vital interests (or someone else’s interests).
We will use your particularly sensitive personal information in the following ways:
- We will use information relating to leave of absence, which may include sickness absence or family related leaves, to comply with employment and other laws.
- We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace to assess your fitness to work, to provide appropriate workplace adjustments (if possible), to monitor and manage sickness absence to administer benefits.
- We will use trade union membership information to comply with employment legal obligations.
We do not require your consent when processing your personal data in accordance with this privacy notice. Your personal information is required to enable us to perform the contract we have entered into with you, to comply with our legal obligations and for our legitimate interests.
In limited circumstances, we may approach you for your written consent to allow us to process your personal information, for example, marketing purposes. If we do so, we will provide you with full details of the information we require and the reason we require it.
Please note, that it is not a condition of your contract with us that you agree to any request for consent from us.
We require all of the categories of information listed in Section 2 to primarily to allow us to perform our service with you and to enable us to comply with our legal obligations. In certain circumstances we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests. The situations we will process your personal data are listed below:
- maintaining accurate “know your client” information and conducting anti-money laundering and sanctions checks;
- assessing your skills and qualifications;
- verifying your information and carrying out reference checks and/or conductingbackground checks (where applicable);
- for crime and fraud detection, prevention, investigation and prosecution;
- for security and risk management purposes;
- to contact you and to respond to communications from you, including a complaint;
- to fulfil foreign and domestic legal, regulatory, governmental, tax, law enforcement andcompliance requirements;
- to protect and/or enforce our legal rights and interests, including defending any claims;
- for risk assessment, statistical and trend analysis and planning purposes, including to carryout data processing, statistical and anti-money laundering and sanctions analyses;
- to perform internal management and management reporting to ORTAC to operate control and management information systems, and to carry out business risk, control orcompliance review or testing, internal audits or enable the conduct of external audits;
- to manage ORTAC’s relationship with you;
- to comply with any obligations, requirements, policies, procedures, measures orarrangements for sharing data and information within ORTAC and any other use of data and information in accordance with any ORTAC programs for compliance with tax, sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities; and
- to improve the quality of ORTAC products and services, to develop additional products and services, and for staff training and quality assurance purposes.
10.Processing of third party personal data
When you supply us with personal data about another individual you must ensure that you have the individual’s agreement:
• to the supply of the personal information; and
• for ORTAC to use, collect, and disclose that individual’s personal data to provide the services and otherwise in accordance with this policy.
11.If you fail to provide personal information
If you fail to provide certain types of information when requested, we may not be able to perform the service which you have engaged with us to perform, or we may be prevented from complying with our legal obligations.
We will only use your personal information for the purposes which we collect it, unless we reasonably consider that we need to process it for another reason that is compatible with the original purpose.
If we need to process your personal information for an unrelated purpose, we will provide you with a new privacy notice which will explain this new purpose and the legal basis for which your personal data is to be processed.
Please note that we may process your personal information without your knowledge or consent where we are required to do so by law.
13.Automated decision-making and profiling
Profiling consists of automated processing of personal data with the aim of evaluating personal aspects relating to a person or group of people. For example collecting and analysing your personal information to gain insights into behaviours and characteristics.
Automated decision-making takes place when an electronic system uses your personal information to make a decision without human intervention.
We are able to implement profiling and automated decision-making in the following circumstance:
- The decision is necessary for entering into, or performance of the service with you;
- The decision is authorised by law to which we are subject to;
- the decision is based on your explicit written consent; and
- where we have implemented suitable measures to safeguard your rights andfreedoms and legitimate interests (which includes at least a means for the individual to obtain human intervention, express his or her point of view and/or contest the decision)
14.How long we retain your personal data
We will only retain your personal information for as long as necessary in order to fulfil the purpose for which we have collected it for. Details of retention periods for different aspects of your personal information is confirmed in our Retention Policy which is available upon request.
When determining the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process your personal data, business-sector requirements and agreed practices.
In some circumstances we may anonymise your personal data so that is can no longer be associated with you, in which case we may use such information without further notice to you.
Once you are no longer a client of the company and the retention period has lapsed, we will either anonymise or securely destroy your personal information in accordance with local legislation and our Data Retention Policy.
16.Why might we share your personal information with third parties?
Any data we receive will be kept strictly confidential unless we are compelled by law to disclose it. On occasions it may be appropriate for us to share your personal information with contractors, consultants, regulatory bodies, government, tax authorities and other parties who require such information to assist us with establishing, managing or terminating our relationship with you.
We will share your personal information with third parties where required by law, to comply with legal processes such as warrants and court orders, where it is necessary to administrator the working relationship with you or where we have another legitimate interest for doing so.
All our third-party service providers and other group entities are required to implement appropriate security measures to protect your personal information in line with our internal policies. We do not allow our third-party service providers to use your personal data for their own purpose and only permit them to process your personal information for specified purposes in accordance with our instructions.
When the third-party no longer requires your data to fulfil the service, they will dispose of your personal data in line with our internal procedures.
17. Sharing your personal information with other entities within the Group
18. Other Third Parties
We may share your personal information with other entities in our group as part of our regular reporting activities on the company, for system maintenance support and for compliance with imposed regulations.
We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. We may also share your personal information with a regulator or to otherwise comply with the law.
19. Transfer of your personal data
We may transfer the personal information we collect about you to the following countries outside the EU in order to perform our contract with you or when required to do so by law;
- The Island of Jersey
- The Island of Guernsey
This country has been deemed by the European Commission as having adequate level of safeguard in place to protect your personal data.
We will never transfer your personal information to a country or territory outside of the EU which have not implemented adequate safeguards in relation to your personal information.
To ensure that your personal information receives an adequate level of protection when being transferred to another country or territory, we have implemented the following appropriate measures; the issuing of Standard contractual clauses and binding corporate rules.
We have implemented appropriate security measures designed to protect your personal data from accidently loss, use, unauthorised access, alteration and disclosure. These measures include industry standard firewalls and intrusion detection.
In additional we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. These employees or parties are limited in number, will only process your data on our instruction and are subject to a duty of confidentiality.
Details of these measures are available upon request.
21. Exercising your rights
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal information:
- The right to request a copy of your personal data which ORTAC holds about you;
- The right to object to processing that is likely to cause or is causing damage or distress;
- The right to prevent processing for direct marketing;
- The right to object to decisions being taken by automated means;
- The right in certain circumstances to have inaccurate personal data rectified, blocked,erased or destroyed; and
- The right to claim compensation for damages caused by a breach of the Act.
If you would like to exercise any of your rights please contact the ORTAC Data Protection Officer in writing.
You will not have to pay a fee to access your personal information or exercise any of your other rights. However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may require specific information from you to assist us in confirming your identity and ensure your right to access the information. This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
22. Data Protection Officer
We have appointed Tobias Mathews as the Data Protection Officer to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the Data Protection Officer:
Data Protection Officer: Address:
Hallmark House, Avenue de la Reine, St Peter, Jersey, JE3 7BY+44 1534 750750
You have the right to make a complaint at any time to the Jersey Information Commissioner, the supervisory authority for data protection issues, if you believe we have not complied with your rights:
Address: The Office of the Information Commissioner
Brunel House Old Street St. Helier Jersey
Telephone: +44 (0) 1534 716530 Email: Enquiries@dataci.org