Skip to main content

Privacy Notice

1.    WHO ARE WE AND HOW YOU CAN CONTACT US

UAB “Avion Express”, company code 300087830, address: Dariaus ir Girėno g. 21A (38A – from April 2025), 02188 Vilnius, Lithuania, and / or

Avion Express Malta Ltd, company code C 87300, address: NuBis Centre, Mosta Road, Lija LJA 9012, Malta.

When processing your data UAB “Avion Express” and Avion Express Malta Ltd each acts separately or both act together as joint controllers (hereinafter “We”, “Ours”, “Company”, “Avion Express”).

Avion Express process the personal data of its’ customers representatives, potential customer representatives, employees, candidates to employees, passengers, supplier’s representatives, partners representatives, shareholders etc. (hereinafter – “you”, “your”).

This Privacy Notice (hereinafter referred to as the “Privacy Notice”) outlines the basic rules for the collection, processing, and storage of personal data, including its scope, purposes, sources, recipients, your rights as a data subject, and other important aspects related to the use of your personal data.

If you have any questions regarding this Privacy Notice or requests regarding the processing of your personal data, please contact our Data Protection Team by email: [email protected].

UAB “Avion Express” and Avion Express Malta Ltd are the part of companies’ group of AVIA SOLUTIONS GROUP (ASG) PLC, legal entity code: 727348, address (as may be changed from time to time): Building 9, Vantage West, Central Park, Dublin, D18 FT0C, Ireland. In certain cases, Company, AVIA SOLUTIONS GROUP (ASG) PLC and its subsidiaries may jointly act as controllers of your personal data. We will notify you of this arrangement in this Privacy Notice. The contact details of each Avia Solutions Group company can be found here.

In processing the personal data, we responsibly comply to the regulation No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”), and other directly applicable legal acts regulating the protection of personal data, as well as instructions from competent authorities. The Company applies the highest technical and legal standards of protection and taking all necessary measures to prevent possible breaches of personal data protection.

To ensure clarity, the following terms are defined as used in this Privacy Notice:

  • Personal Data (the “Personal Data”) refers to any information related to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, economic, cultural, or social identity of that person.
  • Processing (the “Processing”) refers to any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means. This includes activities such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

All other terms used in this Privacy Notice have the same meaning as defined in the GDPR.

If you provide us with personal information other than your own (for example, identifying another person as a beneficiary), please inform them of this Privacy Notice and its contents.

We may update this Privacy Notice at any time. Any changes will be posted on our websites. We recommend checking this page regularly to stay informed.

This Privacy Notice is effective from the date it is posted on the websites. Last reviewed: 28 February 2025.

2.    TO WHOM THE PRIVACY NOTICE APPLIES

This Privacy Notice applies to our website https://avionexpress.aero/ and https://careers.avionexpress.aero/ (regardless of which device you are using) and any activities of the Company where personal data is being process.

This Privacy Notice does not apply to links to other entities websites provided on our websites. We have no control over how your data is collected, stored, or used by such other websites and we advise you to check the privacy policies of any such websites before providing any data to them.

3.    WHAT PERSONAL DATA, FOR WHAT PURPOSE AND BASIS DO WE PROCESS

Please note that if you do not provide the necessary personal information required by law or to complete and fulfil the contract, we won’t be able to offer you our services or proceed with any agreements.

The purpose of the processing of personal data. Why we process personal data? The categories of processed personal data. What kind of categories of personal data we process? On what legal basis do we process personal data? The period of processing
Administration of our website When you visit our website, data about your browsing on the Website is collected using cookies. We use necessary / technical cookies to ensure the proper functioning of the Website and / or other third-party cookies to improve your browsing experience (i.e., to consider your needs, to continuously improve the website and to make offers that suit your interests). Data using cookies and similar technologies related to Internet browsing, etc. are collected (processed) in accordance with Article 6 (1)(a) of the GDPR, i.e., with your consent (except for necessary cookies). You can find more information about cookies and their storage terms on our websites:

https://avionexpress.aero/cookie-policy/ and

https://careers.avionexpress.aero/cookie-policy/
Responding to your general enquiries or requests of information Our public business channels provide contacts where you can contact us to consult us on issues that concern you. We will accept, review, and respond to all your messages. If you contact us by e-mail, regular mail, or phone, we may process the following personal data of yours: name, surname, e-mail, postal address, and the text of the correspondence and / or attached documents. This data will be processed for the administration of your enquiry. Please note that we may need to contact you to provide with a reply to your enquiry so be sure to share accurate contact data of yours. All personal data you provide when communicating with us is used only for the purposes of reviewing, and responding messages, administering (managing) communication flows and providing you with a response. We will process the personal data in accordance with

Article 6 (1)(a) of the GDPR, i.e., with your consent, which you express by contacting us by e-mail, mail, or phone.

 Communication with you will be handled until the enquiry is fully processed and stored for one year from the date of the last communication with you unless there is another legitimate purpose for storing it longer (e. g. business contract with you has been concluded and communication material can be considered as the proof of negotiation).
Drawing up and executing contracts for the purchase and sale of services We may process name, surname, contact information, position in the company you represent, signature, other information required for negotiations, concluding, and performing of contracts. We will process in accordance with

Article 6 (1) (b) of the GDPR, i. e. to conclude a contract with you and perform it, as well as Article 6 (1)(c) of the GDPR., i.e., we are subject to a legal obligation to keep contracts and accounting documents and Article 6 (1) (f) of the GDPR, i.e., our legitimate interest in asserting and / or defending our legal claims (where applicable). Article 6 (1) (f) of the GDPR, i.e., our legitimate interest in processing legal entities representatives’ data.

 Contracts and accounting documents (in physical and electronic form) are kept for 10 years from the date of full performance of the contract.
Onboarding and due diligence procedure for counterparties Company and Avia Solutions Group subsidiaries act as joint controllers.

Depending on whether a counterparty is a natural person or legal entity and if the latter depending on your status in the company, we may process the following personal data:

Name, surname, date of birth, nationality, occupation, valid ID/passport number, data on whether the client is a politically exposed person, residential and registered address details, phone number, e-mail address, bank information (account number), relationship with the third party (if payment will be made by the third party), source of funds/wealth (if payment will be made in cash), signature, role/position in the company, occupation, information about reputation from public sources.

We also process personal data collected within provided copies of documents: Identity Card or Passport; Official documents of authorities verifying the identity and the place of residence; Documentation proving the source of funds/wealth; Articles of Association authorizing the representative of a legal entity; Certificate of Incorporation or its equivalent; Certificate of Directors or copy of CEO (or other principal management body) appointment document.

 Personal data for onboarding and due diligence is processed in accordance with:

Article 6 (1) (c) of the GDPR, i.e., our legal obligation to monitor and implement the international and/or national sanctions.

Article 6 (1) (f) of the GDPR, i.e., our legitimate interest to fulfil the requirements for money laundering and financing terrorism prevention, prevention of corruption, bribery, and fraud to be legitimate, reliable, and reputable business to our counterparties and authorities.

 We will process for no longer than 5 years unless longer storage of personal data and related documents will be required by applicable laws, legal regulations, or institutional/state authorities, or will be necessary for the defence in the judicial process.

 

For more details of personal data processing for onboarding and due diligence please check the Privacy Notice: https://avionexpress.aero/privacy-notice-for-the-counterparty-onboarding-and-due-diligence/
Whistleblowing Policy – prevention of adverse effects to whistle-blower, investigation of disclosure and perpetrated or suspected infringement Company and Avia Solutions Group PLC act as joint controllers of your personal data.

We may process name, surname, contact information, position in the company, other information provided voluntarily by a whistle-blower or processed by Company or Avia Solution Group PLC, – for the purpose of investigation of the perpetrated or suspected infringement.

In principle, we do not request or process any special categories of personal data (e.g., information about health, racial and/or ethnic origin, religious and/or ideological convictions, trade union membership or sexual orientation), unless such special categories of personal data are voluntarily disclosed by the whistle-blower or other concerned persons.

 Your personal data shall be processed in accordance with:

Article 6 (1) (c) of the GDPR, i.e., legal obligation to establish an internal reporting channel to which we are subject.

Article 6 (1) (f) of the GDPR, i.e., our legitimate interest to handle fraud, corruption or other wrongdoings in the Company and to defend against requirements and/or claims and investigations of the competent authorities, litigations (if any) or, if necessary, to keep such data regarding possible investigations on allegedly illegal or criminal acts.

 We will process your personal data collected during the whistleblowing procedure no longer than 5 years unless longer storage of personal data and related documents will be required by applicable laws, legal regulations, or authorities, or will be necessary for the judicial process.

For more details of personal data processing for whistleblowing procedure please check the Privacy notice

(https://trust-line.aviasg.com/files/privacy_notice.pdf?v=1.0.4 ).
Selection of personnel (recruiting) Company and Avia Solutions Group PLC may act as joint controllers for office roles candidates’ personal data.

Considering the requirements of the position applied we may collect, assess, and store the following personal data about you: name, surname, age or date of birth, your e-mail address, phone number, address of the place of residence, visa information (if applicable) information on language proficiency, computer skills, information about expected salary, educational background, profession, working experience and projects you have been involved with, attended courses, training sessions, seminars, development of qualification, licenses held, accumulated hours on aircraft and other information regarding flights (for pilots and cabin crew), health certificate information (for pilots and cabin crew), criminal records information (for certain roles) social media accounts, pictures and other information that you may wish to provide in your CV, motivation letter, interviews, also our remarks and assessment of your suitability to perform the duties of a particular position, reference information.

 We will process the said personal data in accordance with:

Article 6 (1) (a) of the GDPR, i.e., with your consent, which we presume when you proactively apply for a job or when we get information about your candidacy data from job search portals, recruiting agencies or from publicly accessible sources, business-related social media or platforms we presume that you are aware and consented or there is an assessed legitimate interest where you had the right to object.

Article 6 (1) (f) of the GDPR, when company proactively search information about candidates in job search portals, recruiting agencies or in publicly accessible sources, business-related social media or platforms the legal basis for this processing is legitimate interest.

Article 6 (1) (b) of the GDPR, when processing is necessary in order to take steps at the request of the data subject prior to entering into a contract

Article 6 (1) (c) of the GDPR when company process criminal records or health information, i.e., to comply with legal requirements (for certain roles).

 We will process the personal information for the recruiting process for 6 (six) months or 12 (twelve) months (for certain roles) from getting your application unless the selection process continues longer than the indicated period.

If your application for a specific position is unsuccessful, you may provide consent for your personal data to be stored for up to 3 years from the end of the selection process or from the date we receive your data.

For more details on the processing of personal data for the selection of office role candidates, please refer to the Privacy Notice (https://careers.aviasg.com/en/candidate-privacy-policy ).

For more details of personal data processing for selection of crew members, candidates please check the Privacy Notice https://avionexpress.aero/notice-of-privacy-for-recruitment-and-selection-process-for-flight-crew-members-cabin-crew-members/
Performance of the air carriage contract between the passenger and the Company This information applies only to those flights, or flight segment, where Avion Express name or Airline Designator Code is indicated in the carrier box of the Ticket for that flight, or flight segment.

We may process your personal data such as name, surname, contact details, passport information; visa information, health information (if applicable); flight information (flight number, origin and destination airport, flight date and time), information-related in- flight services (meals), luggage information, seat information, payments information for the purpose of performance of the air carriage contract.

 To complete the air carriage contract, we will process the information in accordance with

Article 6 (1) (b) of the GDPR, i. e. to conclude a contract with you and perform it.

Article 6 (1) (c) of the GDPR, i.e., legal obligation to comply with immigration, customs, and border control legal requirements.

Article 6 (1) (f) of the GDPR, i.e., our legitimate interest in asserting and / or defending our legal claims (where applicable).

 We will process your personal data collected performing the air carriage contract no longer than 5 years unless longer storage of personal data and related documents will be required by applicable laws, legal regulations, or authorities, or will be necessary for the judicial process.

 
Providing with news, promotions, newsletters, information about products and invitations to events (direct marketing) When we obtain your explicit consent, we will use your e-mail address and (or) telephone number for direct marketing.

When you are our customer and have not objected to direct marketing of similar services, we will process your e-mail address.

 Personal Data for direct marketing is processed in accordance with

Article 6 (1) (a) of the GDPR, i.e., with your consent or

Article 6(1)(f) of the GDPR, i.e., our legitimate interest in offering you services similar to those you have received from us and obtaining your feedback on the services.

 Your data will be used for direct marketing purposes for 3 years after your consent is obtained or until you withdraw your consent. We consider you to be our customer 3 years after your order or purchase of our service.
Management of online registration and participation in the company’s events We may collect and process your personal data, including your name, surname, work email, company name, event date, time, and location, as well as photos and audio/video recordings from the event, for the purpose of registering you for the event and organising your participation. Article 6 (1) (a) of the GDPR, i.e., with your consent Personal data is only processed for no longer than 30 (thirty) calendar days after the end of the event (except photos and audio, video recording of the event) or until you withdraw your consent.

For more details of personal data processing please check the Privacy Notice: https://avionexpress.aero/privacy-notice-for-the-purpose-of-processing-personal-data-related-to-the-registration-and-participation-in-avion-express-events/
Management of shareholders’ and UBO’s rights and the Company’s responsibilities to authorities regarding corporate regulation We may collect your name, surname, home address, email address, telephone number, bank account details, date of birth, number shares, structure of shareholding, communication with the Company (including your voice and / or image captured during general meetings, organized online) , data used for registration to meetings, drawing up of voting lists and, where applicable, minutes of the general meeting. We process in accordance with:

Article 6 (1) (c) of the GDPR, i.e., our legal obligation to communicate and implement the rights of shareholders, to meet responsibilities to tax authorities or other law enforcement.

Article 6 (1) (f) of the GDPR, i.e., our legitimate interest to administer shareholders’ and UBO’s rights.

 Personal data is only processed for as long as it is necessary to fulfil the purpose of the processing, or as long as the Company is required to store such data by law.

For more details of personal data processing please check the Privacy Notice: https://avionexpress.aero/privacy-notice-shareholder-beneficial-owner/

Be informed as well that we will retain your personal data for as long as necessary to achieve and fulfil the purposes following the terms set out in this Privacy Notice, unless longer storage of personal data and related documents is required by applicable laws and regulations or is required for the defence of the Company’s legitimate interests in judicial, other public institutions etc. We ensure and take all necessary measures to avoid storing outdated or unnecessary personal data about you.

4.     HOW DO WE PROTECT YOUR DATA?

We responsibly implement appropriate organisational and technical personal data security measures intended for the protection of personal data against accidental or unlawful destruction, alteration and disclosure as well as against any other unlawful processing. The security measures we implement include the protection of personnel, information, IT infrastructure, internal and public networks as well as office buildings and technical equipment.

In the event of personal data breach of security that could seriously jeopardise your rights or freedoms and determine the circumstances with which unauthorised access to personal data has been obtained, we will immediately inform you about it.

5.     TO WHOM IS YOUR DATA DISCLOSED

We may share some of your personal data with the following categories of third parties:

  • companies providing data centers service, cloud service, site administration and related services, software developers, companies providing information technology infrastructure services, companies providing communication services.
  • any Avia Solutions Group company (listed at https://aviasg.com/en/the-group/general-contacts) for the purposes set out in this Privacy Notice.
  • in the event that you are an air passenger, we may be required to share your personal data with government authorities and institutions in accordance with applicable laws. This may include the provision of data for compliance with immigration, customs, and border control regulations, as well as for police investigations. Additionally, your data may be shared with service providers involved in ground handling and other services necessary for the completion of air carriage contract.
  • credit and debit card companies used to facilitate payment transactions related to the provision of our services, banks and other credit and/or payment companies.
  • our professional advisors, auditors, lawyers and/or financial advisers; notaries; judicial officers, entities providing legal and/or debt recoveries services, subrogator of claim right.
  • our other service providers (data processors) or our subcontractors (for example, recruiters, lectors, etc.).
  • companies providing advertising and marketing services.
  • companies providing archiving, physical and / or electronic security, asset management and/or other business services.
  • in accordance with the laws to state institutions, establishments, etc.
  • law enforcement authorities at their request or on our own initiative if there is a suspicion that a criminal offense has been committed, as well as courts and other dispute resolution bodies, tax administrators.

6.      DATA TRANSFER OUTSIDE THE EUROPEAN ECONOMIC AREA

In most cases, your personal data will be processed within the countries of the European Economic Area (EEA). However, there may be instances where your personal data is transferred to countries outside the EEA. We may work with trusted third-party processors (such as data centres, cloud service provides, site administration and related services, software developers, companies providing information technology infrastructure services, companies providing communication services) that are located outside the EEA.

Please note that countries outside the EEA may not offer the same level of data protection as those within the EEA. When transferring your data outside the EEA, we have entered into Standard Contractual Clauses approved by the European Commission, or we follow other grounds and conditions set out in the GDPR or decisions of the European Commission.

For the purposes of fulfilling an air carriage contract, your personal data may be transferred to entities outside the EEA. This could include authorities, institutions, other carriers, ground handing companies or other parties authorized to receive such data under relevant legal provisions and international agreements. This includes situations where the transfer is necessary to comply with immigration, customs, or other border-crossing requirements in departure/destination countries.

7.      DO WE APPLY AUTOMATED DECISION-MAKING OR PROFILING?

We do not use automated decision-making processes, including profiling. We value your privacy and ensure that no automated systems are used to analyse or evaluate your personal data in a way that would result in legal consequences or similarly significant effects.

8.      RIGHTS GUARANTEED TO YOU

We guarantee the implementation of these rights and the provision of any related information at your request or in case of your query:

  • Your right of access – You have the right to ask us for copies of your personal information.
  • Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organization, or to you, in certain circumstances.
  • Your right to withdraw consent – You have the right to withdraw your consent at any time.

To exercise your rights, please send us the request by e-mail: [email protected].

Upon receipt of your request, we may ask you to provide proof of your identity or other identifying information to ensure that we are exercising your rights as a data subject and to prevent unauthorized disclosure of personal data or information to others who are not entitled to it. If we are unable to identify you, we will not be able to exercise your rights.

We provide information about the processing of your personal data free of charge. If your request is unfounded, repetitive or disproportionate, we may charge a fee commensurate with our administrative costs.

Upon receipt of your request, we will respond to you within 30 calendar days of receipt of your request.

In exceptional circumstances, which may require us to have additional time, the deadline for replying may be extended for a further two months, depending on the complexity of the situation. In this case, it is mandatory to inform you writing about such extension within 1 (one) month from the receipt of the request and indicate the reasons for the delay.

If we are unable to fulfil your request, we will provide a clear explanation for the refusal.

If you disagree with our actions or the response to your request, you can complain to the competent state authority (the list of supervisory authorities by each EU countries: https://edpb.europa.eu/about-edpb/board/members_en). In all cases, we recommend that you contact us before making a formal complaint so that we can find the right solution.

9.    SOCIAL NETWORKS

When you visit social networks, your personal data is processed by a specific social network, and we start processing your personal data when you visit Avion Express on social networks. Through various social media channels, we want to introduce you to our company and exchange ideas and opinions with you on important topics.

Currently we use these social networks:

Facebook: https://www.facebook.com/avionexpress/

Linkedin: https://www.linkedin.com/company/avion-express/

Instagram: https://www.instagram.com/avionexpress/

YouTube: https://www.youtube.com/@avionexpress

Tiktok: https://www.tiktok.com/@avionexpress

Your personal data provided on the social network is processed for the following purposes:

  • communicate with our social network visitors;
  • respond to visitor inquiries;
  • obtaining statistical information;
  • conducting surveys, marketing campaigns, hiring campaigns, market analysis, competitions or similar actions or events;
  • if necessary, defending the legitimate interests of the Company in institutions and in other cases.

Unless explicitly stated otherwise, the legal basis for data processing is Article 6 (1) (f) of the GDPR. Our legitimate interests are to be able to answer your messages or questions and analyse our availability on social networks, to present our company’s service to potential employees and clients To the extent that you wish to enter into a contractual relationship with us with your request, the legal basis for such processing is Article 6 (1)(b) of the GDPR.

Our pages on social networks are managed by specific social networks, so when you visit them, the processing of personal data is based on the social network privacy policies. With some social networks, depending on the social network policy, the purposes and scope of the processing, we may be considered as joint data controllers.

Name of the social network and its Privacy Policy Personal Data we process Personal Data we process as joint data controllers
Facebook

You can read their privacy policy by clicking here:

https://www.facebook.com/policy.php

 Your Facebook username, when you comment, react to the publication, share posts, write us messages, Your activities on our site, e.g. Your page views, duration statistics, query, comment information, and more. We use statistical information (visits to our website, range of contributions, visits and average video transmission times, information about the countries and cities from which our visitors come, age range, gender). We receive anonymous statistics from Facebook through their service.
Instagram

You can read their privacy policy by clicking here: https://help.instagram.com/519522125107875/?helpref=uf_share

 Your Instagram username, when you comment, react to the publication, share posts, share content in stories section, write us messages, Your activities on our site, e.g. Your page views, duration statistics, query, comment information, and more. We use statistical information (visits to our website, range of contributions, visits and average video transmission times, information about the countries and cities from which our visitors come, age range, gender). We receive anonymous statistics from Instagram through their service.
LinkedIn

You can read their privacy policy by clicking here: https://www.linkedin.com/legal/privacy-policy

 Your LinkedIn username, when you comment, react to the publication, share posts, write us messages, Your location indicated on the personal account, Your activities on our site, e.g. Your page views, duration statistics, query, comment information, and more. We use statistical information (visits to our website, range of contributions, visits and average video transmission times, information about the countries and cities from which our visitors come, age range, gender). We receive anonymous statistics from LinkedIn through their service.
YouTube

You can read their privacy policy by clicking here: https://www.youtube.com/howyoutubeworks/our-commitments/protecting-user-data/

 

 Your YouTube username, when you comment, interact with content. We use statistical information (such as visits to our YouTube channel, video views, video likes, comments, watch times, retention rates, and changes in the number of subscribers). This also includes demographic information like gender distribution, age range, geographical data (places of origin), device usage, and other usage data (e.g. websites visited, content interest, and access times). We receive anonymous statistics from YouTube through their service.
Tiktok

You can read their privacy policy by clicking here: https://www.tiktok.com/legal/page/row/privacy-policy/en

 

 Your TikTok username, when you comment, interact with content. We use statistical information (such as the videos you watch, rewatch, and comment on, your keyboard rhythms, phone and location data, clipboard data, private messages, contacts, and any information shared when creating your account, from linked social media accounts). We receive anonymous statistics from TikTok through their service.