Skip to main content

PRIVACY NOTICE

SHAREHOLDER AND ULTIMATE BENEFICIAL OWNER

 

1. WHO ARE WE AND HOW YOU CAN CONTACT US

UAB “Avion Express”, company code 300087830, address: Dariaus ir Girėno g. 21A (38A – from April 2025), 02188 Vilnius, Lithuania, and / or

Avion Express Malta Ltd, company code C 87300, address: NuBis Centre, Mosta Road, Lija LJA 9012, Malta.

Please note that UAB “Avion Express” and Avion Express Malta Ltd act as independent controllers (hereinafter “We”, “Ours”, “Company”, “Avion Express”).

This Privacy Notice explains how We process personal data that relates to you as an individual shareholder of the Company, or as an ultimate owner (also referred to as the ultimate beneficiary owner, UBO) of the Company or its direct shareholders (hereinafter “you”, “your”). This personal data may also pertain to you if you are an officer, legal representative, UBO, or director of a corporate shareholder of the Company.

If you have any questions regarding this Privacy Notice or requests regarding the processing of your personal data, please contact our Data Protection Team by email: [email protected].

We may change this Privacy Notice from time to time. We encourage you to review this Privacy Notice periodically.

UAB “Avion Express” and Avion Express Malta Ltd are the part of companies’ group of AVIA SOLUTIONS GROUP (ASG) PLC, legal entity code: 727348, address (as may be changed from time to time): Building 9, Vantage West, Central Park, Dublin, D18 FT0C, Ireland. In certain cases, Company and AVIA SOLUTIONS GROUP (ASG) PLC may jointly act as controllers of your personal data.

In processing the personal data, we responsibly comply to the regulation No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”), and other directly applicable legal acts regulating the protection of personal data, as well as instructions from competent authorities. The Company applies the highest technical and legal standards of protection and taking all necessary measures to prevent possible breaches of personal data protection.

2. WHAT PERSONAL DATA, FOR WHAT PURPOSE AND BASIS DO WE PROCESS

The Company collects certain personal data of its registered individual shareholders or ultimate beneficial owners, also personal data of officers or directors of corporate shareholders of the Company, which may include the following types of data:

2.1 We collect and process personal data for the following purposes:

• Managing your shareholder interest in the Company.

• Verifying your identity and documents to maintain an accurate shareholder register.

• Ensuring compliance with anti-money laundering and counterterrorist financing regulations, including providing information for third-party Know Your Customer (KYC) procedures.

• Enabling you to exercise your rights as a shareholder in line with our Articles of Association and applicable laws.

• Communicating with you about shareholder-related matters, including payments, resolutions, reports, AGM notices, and other relevant information.

• Fulfilling legal obligations to tax authorities, law enforcement, and other regulatory requirements.

• Identifying and resolving legal claims.

2.2 What personal data:

· Contact Information: Name, title, home address, email address, contact details for other videoconferencing platforms, and telephone number(s) and Bank account details.

· Identity Information: Identity number, tax number, date of birth, or a copy of an identity document (which may include your signature and image.

· Shareholder Information: Details regarding your shareholding (e.g., number of shares) and any legal notes or information linked to that shareholding, including the structure of shareholding.

· Communication Data: Information from communications between you and the Company, including data from board meetings and general meetings (which may include your voice and/or image if captured during online meetings.

· General Meetings Information: (Personal data used for registration, preparation of voting lists, and drafting minutes during general meetings (including any relevant details from these meetings).

2.3 On what legal basis do we process personal data?

· Article 6(1) (c) of GDPR (legal obligation) processing is necessary for compliance with a legal obligation to which the controller is subject i.e necessary to manage your shareholder rights and our obligations to you as a shareholder in accordance with our Articles of Association and other legal regulations.

· Article 6(1)(f) of the GDPR (legitimate interest) It is in our legitimate interest to verify your identity and the validity of your documents in order to protect our business and ensure compliance with the applicable laws and regulations.

3. RETENTION PERIOD

Personal data will be processed only for as long as necessary to fulfil the purpose of the processing or for as long as the Company is legally required to retain such data. The data will be erased upon the cessation of your status as a shareholder in the Company. However, as previously mentioned, certain data may be retained for a longer period where required by law, including under company, securities, and tax legislation.

4. TO WHOM DO WE DISCLOSE YOUR PERSONAL DATA?

We may share some of your personal data with the following categories of third parties:

· AVIA SOLUTIONS GROUP (ASG) PLC.

· our professional advisors, auditors, lawyers and/or financial advisers; notaries; judicial officers, entities providing legal services.

· our other service providers (data processors) or our subcontractors.

· anyone we transfer or delegate our rights or obligations to, as allows under terms and conditions of any agreement you have with us (e.g. if we transfer the management of our share register to another service provider).

· law enforcement authorities at their request or on our own initiative if there is a suspicion that a criminal offense has been committed, as well as courts and other dispute resolution bodies, tax administrators.

· companies providing data centres service, cloud service, companies providing information technology infrastructure services, companies providing communication services.

· companies providing archiving, physical and/or electronic security, asset management and/or other business services.

5. DATA TRANSFER OUTSIDE THE EUROPEAN ECONOMIC AREA

In most cases, your personal data will be processed within the countries of the European Economic Area (EEA). However, there may be instances where your personal data is transferred to countries outside the EEA. We may work with trusted third-party processors (such as data centres, cloud service provides, site administration and related services, software developers, companies providing information technology infrastructure services, companies providing communication services) that are located outside the EEA.

Please note that countries outside the EEA may not offer the same level of data protection as those within the EEA. When transferring your data outside the EEA, we have entered into Standard Contractual Clauses approved by the European Commission, or we follow other grounds and conditions set out in the GDPR or decisions of the European Commission.

For the purposes of fulfilling an air carriage contract, your personal data may be transferred to entities outside the EEA. This could include authorities, institutions, other carriers, ground handing companies or other parties authorized to receive such data under relevant legal provisions and international agreements. This includes situations where the transfer is necessary to comply with immigration, customs, or other border-crossing requirements in departure/destination countries.

6. YOUR DATA PROTECTION RIGHTS

We guarantee the implementation of these rights and the provision of any related information at your request or in case of your query:

· Your right of access – You have the right to ask us for copies of your personal information.

· Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

· Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.

· Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.

· Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organization, or to you, in certain circumstances.

To exercise these rights, contact the Company at [email protected]. Each request will be assessed on a case-by-case basis. The Company may not be legally required to comply with your request due to applicable data protection legislation exemptions.

7. COMPLAINTS

If you disagree with our actions or the response to your request, you have the right to file a complaint with the relevant supervisory authority. A list of supervisory authorities in each EU country can be found here: https://edpb.europa.eu/about-edpb/board/members_en.

However, we recommend that you contact us first to allow us the opportunity to resolve the issue before you submit a formal complaint.

For any questions about your personal data, please contact us at: [email protected].