Privacy policy for the use of Loft Dynamic`s flight training solution
This privacy policy provides information on how and for what purposes Loft Dynamics AG (hereinafter "we" or "Loft Dynamics") processes your personal data (hereinafter "you") which you disclose to us or which we collect from you when you use our flight training solutions. This privacy policy is not exhaustive; other privacy policies, general terms and conditions, and similar documents may regulate further specific data protection-relevant matters.
"Personal data" means all data and information relating to an identified or identifiable natural person. The name and address of the data controller are as follows:
Loft Dynamics AG
Sonnentalstrasse 8
8600 Dübendorf
Switzerland
Phone: +41 44 211 15 15
E-Mail: info@loftdynamics.com
If you have any questions regarding data protection at Loft Dynamics, please get in touch with us by using the addresses above.
We primarily process personal data of you, which you disclose to us or which we collect from you when you use our flight training solutions. Also, we process your personal data that we receive from operators of our flight training solutions (e.g. flight schools, aircraft operators). If you provide us with the personal data of other persons (e.g. of family members, data of work colleagues, etc.), please ensure that these persons are aware of this privacy policy and only share their personal data with us if you have been permitted to do so and if the relevant personal data is correct.
The personal data or categories of personal data we process of you include, as the case may be, in particular, personal and contact data (e.g. name, address, telephone number, e-mail address, pilot licenses, interpupillary eye distance and body weight); contractual data that we receive or collect in connection with the initiation, conclusion and performance of the contract with you (e.g. products and services claimed or requested by you and related behavioral and transactional data, training records, pilot license, affiliation with organizations offering training using Loft Dynamic solutions); communications data (e.g. name and contact details such as postal address, e-mail address and telephone number, content of e-mails, written correspondence, chat messages, telephone calls, proof of identity, pilot license); health data (e.g. interpupillary eye distance and body weight), image and sound recordings (e.g. photos, videos and audio recordings of the pilot's training session in our flight training solutions) and technical data (e.g. login data, technical data on the conducted training flights, records of the flight sessions).
3.1 In connection with our business activities
We process your personal data primarily for those processing purposes, which are necessary in connection with our business activities and the provision of our services. In particular, we process your personal data for the following purposes:
- to communicate with you, in particular, to provide you with information or to process your requests, to authenticate and identify you, for customer service and customer care;
- for the processing of contracts, namely in connection with initiating, concluding and processing contractual relationships. This includes all data processing that is necessary or appropriate to enter into, perform, and, if necessary, enforce a contract, to provide contractually agreed services, e.g. to deliver products, to provide services and functions (including personalized service components), to invoice our services and generally for accounting, to enforce legal claims arising from contracts (debt collection, legal proceedings, etc.);
- to provide you with our products and services and to evaluate and improve them, including statistics, research, evidence-based training, career log, quality assurance and training of our employees;
- for customer care and marketing purposes, e.g., sending you written and electronic communications and offers and carrying out marketing campaigns. These may be our own offers or offers from our advertising partners. We may also process your personal data automatically to evaluate certain personal aspects (profiling) or to create a preselection when you enquire about a product or service. In particular, we may use profiling to provide you with targeted information about products and services;
- related to accounting, archiving of data and management of our archives;
- for security measures, namely for IT and building security (such as access controls, visitor lists, prevention, defence and resolution of cyber-attacks and malware attacks, network and mail scanners, video surveillance, telephone records), as well as for the prevention and resolution of criminal offences and other misconduct or conducting internal investigations, protection against misuse, evidentiary purposes, data analysis to combat fraud, evaluation of system-side records of the use of our systems (log data);
- in connection with corporate transactions or other corporate actions (e.g. due diligence, sale of companies, maintenance of share registers, etc.);
- for the assertion of legal claims and defence in connection with legal disputes as well as official proceedings at home and abroad, including clarification of litigation prospects and other legal, economic and other issues;
- to comply with our legal, regulatory (including self-regulatory and industry standards) and internal requirements and rules at home and abroad, including compliance with court or governmental orders and business partner clarifications.
We process your personal data for the above purposes, depending on the situation, in particular, based on the following legal bases:
- the processing of personal data is necessary for the fulfilment of a contract with you or pre-contractual measures;
- you have given your consent to the processing of personal data concerning you;
- the processing of personal data is necessary for compliance with a legal obligation;
- the processing is necessary to protect the vital interests of the data subject or another natural person; or
- we have a legitimate interest in processing personal data, and our legitimate interests may include, in particular, the following interests: providing good customer service, keeping in touch and communicating with customers outside of a contract; in advertising and marketing activities; improving products and services and developing new ones; combating fraud and preventing and investigating crime; protecting customers, employees and others, as well as our data, trade secrets and assets; ensuring adequate security (both physical and digital); ensuring and organizing business operations, including the operation and further development of websites and other systems; corporate management and development; the sale or purchase of companies, parts of companies and other assets; the enforcement or defence of legal claims; compliance with Swiss and foreign law and other rules applicable to us.
3.2 E-Mail, telephone calls and video conferences
You can contact us via the e-mail addresses and telephone numbers provided. The personal data you send to us will be stored by us and processed for the completion of your request.
If you contact us by e-mail, you authorize us to reply to you via the same channel, please note that unencrypted e-mails are transmitted via the open Internet, which is why it cannot be ruled out that they can be viewed, accessed and manipulated by third parties. We exclude – as far as legally permissible – any liability which you may incur, particularly as a result of faulty transmission, falsification of content, cyber security events or network disruption.
Telephone and video conference calls with us may be recorded; we will inform you of this at the beginning of each call. If you do not want us to record such conversations, you have the option to terminate the conversation at any time and contact us by other means (e.g. by e-mail).
4.1 Disclosure of personal data to recipients
In addition to the transfers of data to recipients expressly mentioned in this privacy policy, we may disclose your personal data to the following categories of recipients to the extent permitted:
- Providers to whom we have outsourced certain services (e.g., IT and hosting providers, advertising and marketing services, business administration, including accounting and/or asset management, collection services, photographers, payment service providers, banks, insurance companies, etc.) and other suppliers and subcontractors;
- Consulting service providers, e.g. tax consultants, lawyers, and management consultants;
- Prospective buyers or investors in the case of corporate transactions or other corporate actions;
- Auditors;
- domestic and foreign authorities, official agencies or courts.
4.2 Disclosure of personal data abroad
In principle, we process your personal data in Switzerland. However, in certain cases (e.g. when using certain service providers or certain software applications), your personal data may also be transferred abroad, primarily to member states of the EU/EEA and EFTA, but also in some cases to other countries worldwide, in particular to the USA (primarily in connection with the ticketing system for support, transactional e-mails, direct communication and other third-party software applications).
If we transfer data to a country without an adequate level of data protection, we ensure an adequate level of protection as provided by law by using appropriate contracts (namely on the basis of the so-called standard contractual clauses of the European Commission) or rely on the legal exceptions of consent, contract performance, the establishment, exercise or enforcement of legal claims, overriding public interests, published personal data or because it is necessary to protect the integrity of the data subjects. Nevertheless, we would like to point out that data transmitted abroad is no longer protected by Swiss law and foreign laws, and official orders may require the transfer of this data to authorities and other third parties.
We process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations or otherwise for the purposes pursued with the processing or another legal basis (e.g. legal retention periods) that exists for this. We retain personal data that we hold on the basis of a contractual relationship with you at least as long as the contractual relationship exists and limitation periods for possible claims by us run or contractual retention obligations exist. As soon as your personal data is no longer required for the above-mentioned purposes, it is generally, and as far as possible, passively set, deleted or anonymized.
Within the scope of the data protection law applicable to you and insofar as provided therein, you have the right to information, correction, deletion, the right to restrict data processing and otherwise to object to our data processing as well as to the release of certain personal data for the purpose of transfer to another body (so-called data portability). Please note, however, that we reserve the right to enforce the restrictions provided for by law, for example, if we are obliged to retain or process certain data, if we have an overriding interest in doing so (insofar as we are entitled to rely on this) or if we require the data in order to assert claims. If you incur costs, we will inform you in advance.
If the personal data processing is based on your consent, you can revoke this at any time after giving your consent with effect for the future. However, this does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
The exercise of such rights usually requires that you clearly prove your identity (e.g. by means of a copy of your ID card if your identity is otherwise not clear or cannot be verified). You can contact us at the address specified in section 1 of this privacy policy to exercise your rights.
In addition, every data subject has the right to enforce his or her claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
We take appropriate security measures of a technical and organizational nature to maintain the security of your personal data, namely to protect it against unauthorized or unlawful processing and to counteract the risk of loss, unintentional modification, unauthorized disclosure or unauthorized access. However, we cannot rule out data security breaches with absolute certainty like all companies, because certain residual risks are unavoidable. As part of our security measures, we use firewalls, logging and encryption in particular, with authorization concepts and have implemented other protective measures to ensure protection of personal data.
We expressly reserve the right to change this privacy policy at any time. If such adjustments are made, we will publish the adjusted privacy policy on our website. The privacy policy published on our website is valid in each case.
August 2023