Privacy Policy

    AIRSWIFT PRIVACY NOTICE FOR WORKERS, CONTRACTORS AND EMPLOYEES

    APRIL 2018

    We are committed to respecting your privacy. This notice is to explain how we may use personal information we collect before, during and after your working relationship with us.

    This notice applies to current and former employees, workers and contractors. This notice does not form part of any contract of employment or other contract to provide services.

    This privacy notice does not apply to you if you are a client (our engagement letter and terms of business state the nature and purposes of our processing).

    References to we, our or us in this privacy notice are to the Airswift Group (being Airswift Holdings Limited a company registered in England and Wales under number 09913703, and each of its direct and indirect subsidiaries, trading under the “Airswift” brand).

    1. PERSONAL INFORMATION
      • When you interact with us in relation to your work with us, you may provide us with or we may obtain personal information about you, such as information regarding your:
        • personal contact details such as name, title, addresses, telephone numbers, and personal email addresses;
        • date of birth;
        • gender;
        • marital status and dependants;
        • next of kin and emergency contacts;
        • national insurance number and other tax or governmental identifiers;
        • bank accounts, payroll and tax status
        • salary, annual leave, pension and benefits;
        • start date;
        • location of employment or workplace;
        • driving licence (including copies thereof where we are required to hold such information for identification or insurance purposes where you are to use our vehicles);
        • recruitment (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process);
        • employment records (including job titles, work history, working hours, training records and professional memberships);
        • compensation history;
        • pension and pension entitlements;
        • performance including that generated through our appraisal systems;
        • disciplinary and grievance information;
        • movements though CCTV footage and other information obtained through electronic means such as swipecard and key fob records;
        • use of our information and communications systems;
        • image in photographic form;
        • shareholding, option, SARS and dividend entitlement; and
        • loans that you have made to us.
      • We may also collect, store and use the following “special categories” of more sensitive personal information regarding your:
        • information about your race or ethnicity, religious beliefs, sexual orientation and political opinions;
        • information about your health including any medical condition, health and sickness records; and
        • information about criminal convictions and offences.
    1. USES MADE OF THE INFORMATION
      • We are committed to protecting your privacy and will only use your personal information in accordance with applicable data protection legislation, including the Data Protection Act 1998 and (once applicable) the General Data Protection Regulation and the UK implementing legislation. Most commonly, we will use your personal information in the following circumstances:
        • where we need to perform the contract we have entered into with you;
        • where we need to comply with a legal obligation; and
        • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
      • We may also use your personal information in the following situations, which are likely to be rare:
        • where we need to protect your interests (or someone else’s interests); and
        • where it is needed in the public interest.
      • We need all the categories of information in the list in paragraph 1 above primarily to allow us to perform our contract with you and to enable us to comply with legal obligations. In some cases we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests. There are more limited circumstances where we process personal data pursuant to your consent. The situations in which we will process your personal information are listed below.
        • making a decision about your recruitment or appointment;
        • determining the terms on which you work for us;
        • checking you are legally entitled to work in your assignment location;
        • paying you and, if you are an employee, deducting tax and National Insurance or Social Security contributions;
        • providing benefits of employment, including flexible benefits
        • liaising with your pension provider;
        • administering the contract we have entered into with you;
        • business management and planning, including accounting and auditing;
        • conducting performance reviews, managing performance and determining performance requirements;
        • making decisions about salary reviews and compensation;
        • assessing qualifications for a particular job or task, including decisions about promotions;
        • gathering evidence for possible grievance or disciplinary hearings;
        • making decisions about your continued employment or engagement;
        • making arrangements for the termination of our working relationship
        • education, training and development requirements
        • dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work;
        • ascertaining your fitness to work;
        • managing sickness absence;
        • complying with health and safety obligations;
        • to prevent fraud;
        • to monitor your use of our information and communication systems to ensure compliance with our IT policies;
        • to ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution; and
        • [to conduct data analytics studies to review and better understand employee retention and attrition rates;]
        • equal opportunities monitoring;
        • shareholding, options and dividend details.
      • Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
      • If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).
      • We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
      • Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
      • ”Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:
        • in limited circumstances, with your explicit written consent;
        • where we need to carry out our legal obligations or perform a contract with you;
        • where it is needed in the public interest, such as for equal opportunities monitoring [or in relation to our occupational pension scheme]; and
        • where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards.
      • Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
      • We will use your personal information in the following special categories in the following ways:
        • we will use information relating to your absence from work, which may include sickness absence or family-related absences, to comply with employment and other laws;
        • we will use information about criminal convictions to comply with law and in order to determine your eligibility to undertake particular types of work;
        • we will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits;
        • we will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting; and
        • We will use trade union membership information to pay trade union premiums, register the status of a protected employee and to comply with employment law obligations.
      • We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.
      • Where you have given us your consent to use your personal information in a particular manner, you have the right to withdraw this consent at any time, which you may do by contacting us as described in paragraph 8. Please note however that the withdrawal of your consent will not affect any use of the data made before you withdrew your consent and we may still be entitled to hold and process the relevant personal information to the extent that we are entitled to do so on bases other than your consent.
      • You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
    1. DISCLOSURE OF YOUR PERSONAL INFORMATION
      • We may share your personal information where it is necessary to administer the working relationship or we have a legitimate interest in so doing. We may also disclose your personal information to third parties if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply such other terms as apply to our relationship, or to protect rights, property, or safety of our other employees, workers and contractors our customers, ourselves or others. with you or where we have a legitimate interest in doing so.  This includes exchanging information with other companies and organisations for the purposes of providing references and fraud protection.
      • ”Third parties” includes third-party service providers (including contractors and designated agents) and other entities within the Airswift Group.
      • The third parties we share your personal information with where required by law are courts and governmental agencies.
      • The third parties we share your personal information with where it is necessary to administer the working relationship with you include (where you are a contractor) the client of ours for whom you are ultimately providing services to.
      • The following activities are carried out by third-party service providers: payroll, pension administration, benefits provision and administration and IT services. All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
      • We will share your personal information with other entities in our group [as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise, for system maintenance support and hosting of data. All members of the Airswift Group are bound by this privacy policy.
      • We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal information with a regulator or to otherwise comply with the law.
      • In certain cases the disclosure of your personal information to a third party as described in this paragraph 3 may involve your personal information being transferred outside of the United Kingdom. This may be to:
        • a country in the European Economic Area or that is otherwise considered to have data protection rules that are equivalent to those in the United Kingdom; or
        • a country which is not considered to have the same standards of protection for personal data as those in the United Kingdom, in which case we will take all steps required by law to ensure sufficient protections are in place to safeguard your personal information, including where appropriate putting in place contractual terms approved by the relevant regulatory authorities.
      • For more information about the circumstances in which your personal information may be disclosed to third parties and the safeguards we put in place to protect your personal information when we do so, please contact us as described in paragraph 8.
    1. DATA SECURITY
      • We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
      • We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
      • You should take all reasonable steps to keep your personal information held on out IT systems secure, including choosing a secure password for your accounts and not disclosing your passwords to anybody else. You should use a unique password for every account. Further details are in our IT and password policies.
    1. RETENTION, UPDATING AND REMOVAL OF YOUR PERSONAL INFORMATION
      • The duration for which we retain your personal information will differ depending on the type of information and the reason why we collected it from you. However, in some cases personal information may be retained on a long term basis: for example, personal information that we need to retain for legal purposes will normally be retained for at least six years in accordance with usual commercial practice and regulatory requirements.
      • It is important to ensure that the personal information we hold about you is accurate and up-to-date, and you should let us know if anything changes, for example if you move home or change your phone number or email address. You may be able to update some of the personal information we hold about you through our customer portal. Alternatively, you can contact us using the details in paragraph 8.
      • Under certain circumstances, by law you have the right to:
        • request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
        • request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
        • request the erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to stop processing personal information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground;
        • request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it; and
        • request the transfer of your personal information to another party.
      • If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please use the contact details in paragraph 8.
      • You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
      • We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
    1. ENQUIRIES, ISSUES AND COMPLAINTS
      • In the unlikely event that you have any concerns about how we use your personal information, please contact us as described in paragraph 8.
      • If you make a complaint about our handling of your personal information, it will be dealt with in accordance with our complaints handling procedure accessible on our website – www.airswift.com/contact
      • If we are unable to resolve your complaint, you may make a complaint to the Information Commissioner’s Office. Please see https://ico.org.uk/ for more information.
    1. COOKIES
      • This Website uses analytics services provided by Google Analytics a web analytics service provided by Google, Inc. (Google).
      • Google Analytics uses “cookies”, which are text files placed on your computer, to help the Website analyse how users use the site. The information generated by the cookie about your use of the Website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the Website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of the Website. By using the Website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
      • You can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third party cookies. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser.
      • You can choose to delete Cookies at any time however you may lose any information that enables you to access the Website more quickly and efficiently including, but not limited to, personalisation settings.
      • It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.
    1. CHANGES TO THIS PRIVACY NOTICE
      • We reserve the right to alter this privacy notice at any time. Such alterations will be posted on our website. You can also obtain an up-to-date copy of our privacy notice by contacting us as described in paragraph 8. Should you object to any alteration, please contact us.
    1. CONTACTING US
      • If you need to contact us about this notice or any matters relating to the personal information we hold on you, you can write to the Data Protection Officer, 42 New Broad Street, London, EC2M 1JD or email dpo@airswift.com.
    1. FURTHER INFORMATION
      • We hope that the contents of this privacy notice address any queries that you may have about the personal information we may hold about you and what we may do with it. However, if you do have any further queries, comments or requests, please contact us as described in paragraph 8
      • Whilst this privacy notice sets out a general summary of your legal rights in respect of personal information, this is a very complex area of law. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/

    AIRSWIFT PRIVACY SHIELD POLICY

    Introduction

    To demonstrate our commitment to the protection of Personal Information, we adhere to the Privacy Shield Principles and are certified to the EU-U.S. Privacy Shield Framework.

    Swift Technical Services LLC, the U.S. member firm, and  Airswift Group Holding Limited , (together "Airswift," “we,” “our,” and “us”), complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data (as defined below) from European Union member countries.  Airswift has certified that it adheres to the Privacy Shield Principles of Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement, and Liability.  If there is any conflict between the policies in this Privacy Shield Policy (“Privacy Shield Policy”) and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.

    Definitions

    “Data Subject” means the individual to whom any given Personal Data covered by this Privacy Shield Policy refers.

    “Personal Data” means any information relating to an individual residing in the European Union that can be used to identify that individual either on its own or in combination with other readily available data.

    “Sensitive Personal Data” means Personal Data regarding an individual's racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, physical or mental health, or sexual life.

    Scope and Responsibility 

    This Privacy Shield Policy applies to Personal Data transferred from European Union member countries to Airswift’s operations in the U.S. in reliance on the respective Privacy Shield framework and does not apply to Personal Data transferred under Standard Contractual Clauses or any approved derogation from the EU Directive.

    Some types of Personal Data may be subject to other privacy-related requirements and policies. For example:

    • Some Airswift websites have their own privacy policies.
    • Personal Data regarding and/or received from a client is also subject to any specific agreement with, or notice to, the client, as well as additional applicable laws and professional standards.
    • Employee Personal Information is subject to internal human resource policies including the Employee Data Privacy Notice.

    All employees of Airswift that have access in the U.S. to Personal Data covered by this Privacy Shield Policy are responsible for conducting themselves in accordance with this Privacy Shield Policy.  Adherence by Airswift to this Privacy Shield Policy may be limited to the extent required to meet legal, regulatory, governmental, or national security obligations, but Personal Data covered by this Privacy Shield Policy shall not be collected, used, or disclosed in a manner contrary to this policy without the prior written permission of Airswift’s Data Privacy Officer.

    Airswift employees responsible for engaging third parties to which Personal Data covered by this Privacy Shield Policy will be transferred are responsible for obtaining appropriate assurances that such third parties have an obligation to conduct themselves in accordance with the applicable provisions of the Privacy Shield Principles, including any applicable contractual assurances required by Privacy Shield.

    Privacy Shield Principles

    Airswift commits to subject to the Privacy Shields’ Principles, all Personal Data received by Airswift in the U.S. from European Union member countries in reliance on the respective Privacy Shield framework.

    1. Notice

    Airswift notifies Data Subjects covered by this Privacy Shield Policy about its data practices regarding Personal Data received by Airswift in the U.S. from European Union member countries in reliance on the respective Privacy Shield framework, including the types of Personal Data it collects about them, the purposes for which it collects and uses such Personal Data, the types of third parties to which it discloses such Personal Data and the purposes for which it does so, the rights of Data Subjects to access their Personal Data, the choices and means that Airswift offers for limiting its use and disclosure of such Personal Data, how Airswift’s obligations under the Privacy Shield are enforced, and how Data Subjects can contact Airswift with any inquiries or complaints.

    1. Choice

    If Personal Data covered by this Privacy Shield Policy is to be used for a new purpose that is materially different from that for which the Personal Data was originally collected or subsequently authorized, or is to be disclosed to a non-agent third party, Airswift will provide Data Subjects with an opportunity to choose whether to have their Personal Data so used or disclosed. Requests to opt out of such uses or disclosures of Personal Data should be sent to: dpo@airswift.com

    If Sensitive Personal Data covered by this Privacy Shield Policy is to be used for a new purpose that is different from that for which the Personal Data was originally collected or subsequently authorized, or is to be disclosed to a third party, Airswift will obtain the Data Subject’s explicit consent prior to such use or disclosure.

    1. Accountability for Onward Transfer

    In the event we transfer Personal Data covered by this Privacy Shield Policy to a third party acting as a controller, we will do so consistent with any notice provided to Data Subjects and any consent they have given, and only if the third party has given us contractual assurances that it will (i) process the Personal Data for limited and specified purposes consistent with any consent provided by the Data Subjects, (ii) provide at least the same level of protection as is required by the Privacy Shield Principles and notify us if it makes a determination that it cannot do so; and (iii) cease processing of the Personal Data or take other reasonable and appropriate steps to remediate if it makes such a determination. If Airswift has knowledge that a third party acting as a controller is processing Personal Data covered by this Privacy Shield Policy in a way that is contrary to the Privacy Shield Principles, Airswift will take reasonable steps to prevent or stop such processing.

    With respect to our agents, we will transfer only the Personal Data covered by this Privacy Shield Policy needed for an agent to deliver to Airswift the requested product or service.  Furthermore, we will (i) permit the agent to process such Personal Data only for limited and specified purposes; (ii) require the agent to provide at least the same level of privacy protection as is required by the Privacy Shield Principles; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the Personal Data transferred in a manner consistent with Airswift’s obligations under the Privacy Shield Principles; and (iv) require the agent to notify Airswift if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield Principles.  Upon receiving notice from an agent that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield Principles, we will take reasonable and appropriate steps to stop and remediate unauthorized processing.

    Airswift remains liable under the Privacy Shield Principles if an agent processes Personal Data covered by this Privacy Shield Policy in a manner inconsistent with the Principles, except where Airswift is not responsible for the event giving rise to the damage.

    1. Security

    Airswift takes reasonable and appropriate measures to protect Personal Data covered by this Privacy Shield Policy from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the processing and the nature of the Personal Data.

    1. Data Integrity and Purpose Limitation

    Airswift limits the collection of Personal Data covered by this Privacy Shield Policy to information that is relevant for the purposes of processing. Airswift does not process such Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the Data Subject.

    Airswift takes reasonable steps to ensure that such Personal Data is reliable for its intended use, accurate, complete, and current. Airswift takes reasonable and appropriate measures to comply with the requirement under the Privacy Shield to retain Personal Data in identifiable form only for as long as it serves a purpose of processing, which includes Airswift’s obligations to comply with professional standards, Airswift’s business purposes and unless a longer retention period is permitted by law, and it adheres to the Privacy Shield Principles for as long as it retains such Personal Data.

    1. Access

    Data Subjects whose Personal Data is covered by this Privacy Shield Policy have the right to access such Personal Data and to correct, amend, or delete such Personal Data if it is inaccurate or has been processed in violation of the Privacy Shield Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the Data Subject’s privacy, or where the rights of persons other than the Data Subject would be violated).  Requests for access, correction, amendment, or deletion should be sent to: dpo@airswift.com

    1. Recourse, Enforcement, and Liability

    Airswift’s participation in the EU-U.S. Privacy Shield Framework is subject to investigation and enforcement by the Federal Trade Commission.

    In compliance with the Privacy Shield Principles, Airswift commits to resolve complaints about your privacy and our collection or use of your Personal Data. Data Subjects with inquiries or complaints regarding this Privacy Shield Policy should first contact Airswift at: dpo@airswift.com

    Airswift has further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles to an independent dispute resolution mechanism, The United Kingdom Information Commissioners Office. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://ico.org.uk/make-a-complaint/eu-us-privacy-shield/  for more information and to file a complaint.

    Under certain conditions detailed in the Privacy Shield, Data Subjects may be able to invoke binding arbitration before the Privacy Shield Panel to The International Centre for Dispute Resolution-American Arbitration Association (ICDR-AAA), please visit https://www.icdr.org/privacyshield.

    Airswift agrees to periodically review and verify its compliance with the Privacy Shield Principles, and to remedy any issues arising out of failure to comply with the Privacy Shield Principles. Airswift acknowledges that its failure to provide an annual self-certification to the U.S. Department of Commerce will remove it from the Department’s list of Privacy Shield participants.

    Changes to this Privacy Shield Policy

    This Privacy Shield Policy may be amended from time to time consistent with the requirements of the Privacy Shield. Appropriate notice regarding such amendments will be given.