Data Protection/Disclaimer

Data Protection/Disclaimer

The website www.klmukengineering.com is designed by and the property of:

KLM UK ENGINEERING LIMITED
Head Quarters: Liberator Road, Norwich Airport, Norwich, Norfolk, NR6 6ER. ENGLAND 
Phone: +44 (0)1603 254400 
E-mail: info (at) klmukengineering (dot) com

Legal Disclaimer

KLM UK Engineering Limited and it's novated agents regularly update this website and often include information on the aircraft engineering industry. KLM UK Engineering Limited and it's novated agents use all reasonable endeavours to ensure the data on its website is accurate and up to date, and where necessary will correct any errors or omissions as soon as practicable.

KLM UK Engineering Limited and it's novated agents give no guarantee of the accuracy and currency of the information provided on the website. Nor does KLM UK Engineering Limited and it's novated agents accept liability for any errors or omissions on the website, or the outcome of the use of such information.

In no event shall KLM UK Engineering Limited and it's novated agents be liable for any loss of profit, revenue, goodwill, opportunity, business or other indirect or consequential loss, even if such loss was considered reasonable, of any kind in contract, tort (including negligence) or otherwise arising out of use of the website, save where such liability cannot be excluded by law.

KLM UK Engineering Limited and it's novated agents do not give any warranty that the website is free from viruses or anything else which may have a harmful affect on any technology.

Collection, Storage and Processing of Personal Data

Introduction

The introduction of GDPR (General Data Protection Regulation) from 25 May 2018 has led us to review our data protection policy. From time to time it is necessary for us to obtain, process and retain legitimate personal information about individuals. Personal information is any information relating to an individual which can be used to identify that individual.

We, our representatives or appropriate third parties may need such information so that we can undertake successfully and consistently a wide variety of necessary processing tasks. For each processing task involving sensitive data there must be a legal basis to undertake the process. 

Legal Bases for Processing

There are 6 available lawful bases for processing personal data.  We have identified 5 that apply to the data we collect and process:

Contract

This is the legal basis that applies the most.  It refers to the processing that is necessary because the company has a contract with an individual.  A good example is that in order to fulfil part of the contractual obligation we must be able to pay our employees.  To achieve this we need to store, for example, name, bank account details and national insurance number. 

We need to collect personal data to fulfil our contracts with those undertaking training courses or booking examinations through our Technical College.

Legal Obligation

We are also obliged to process personal data to fulfil legal obligations.  For example having paid our employees we routinely share PAYE and national insurance data by individual with HMRC. We have no choice; it is a legal obligation.

A further example is the licence and type approval process that we undertake for employees and contractors which is a legal obligation under EASA regulations.  Once again, we have no choice but to carry out this process using personal data; it is a legal obligation.

Legitimate Interest

Personal data can be processed under this basis if we have a genuine and legitimate reason to do so.  This basis can normally be considered appropriate where an individual would reasonably expect us to use personal data and which would have minimal privacy impact.  A good example is the recording of accidents and incidents where inevitably personal data will be recorded and could involve employees or third parties.

Consent

Consent may apply where an individual has given clear consent for us to process their personal data for a specific purpose.  In most cases this applies during recruitment where an applicant voluntarily sends us information, e.g. in the form of a CV, which inevitably contains personal data.

Vital Interests

This basis applies when it is necessary to protect the vital interests of the data subject or other persons.  We consider that holding emergency contact details for employees or contractors falls under this category.

Privacy

We are accountable for the personal data we collect and:

  • Process it lawfully, fairly and in a transparent manner.
  • Collect it only for specified, explicit and legitimate purposes.
  • Confirm it is adequate, relevant and limited to what is necessary for the purpose.
  • Ensure it is accurate and, where necessary, up to date.
  • Keep it in a format which identifies data subjects for no longer than necessary.
  • Process it in a manner that ensures appropriate security.

We and/or our representatives retain such personal data and other relevant information on various systems, e.g. quality management system, or in hard copy format.  We only collect and process the minimum amount of personal information necessary to fulfil each specific purpose.

Privacy considerations are uppermost in the design and operation of our processes and systems.  We retain all information confidentially with strictly restricted access and only for as long as necessary. It is securely destroyed or erased when its use has been fulfilled.

Data Breach

In the event of a significant breach to your personal data (e.g. by hacking) we will advise you directly. A significant breach is typified as one that would potentially have detriment to your rights or freedoms. In such circumstances, we will advise you of the breach as promptly as possible. We may also have to inform the appropriate supervisory authority.

Right of Access

You have the right to seek access to personal information we hold about you without charge. You should set out in writing the specific information you want and pass the request to our HR department (see Contact us section of website).  We will respond within one month.  This period can be extended by up to two months where requests are complex or numerous. We can refuse manifestly unfounded or excessive requests; particularly those which are clearly repetitive. Alternately, we may charge reasonable fees reflecting our administrative costs in facilitating their provision. We may also charge for further copies of the same information, previously supplied.

If you believe information we hold is incorrect or no longer retained for a relevant purpose, please advise us immediately. You may ask us to erase personal data you believe no longer fulfils an appropriate purpose.

We will advise you if we believe there is still an appropriate basis for maintaining such data. Where we do not propose to take any action regarding your request, we will tell you why. You may then be able to raise your concern with the appropriate supervisory authority.  In the UK this is normally the Office of the Information Commissioner.

Where we rectify incorrect or incomplete information we will also advise any relevant third parties (e.g. HMRC).

Transportability

In certain circumstances employees may request that we move your personal information to another organisation if you want us to.