General Information

Panaviatic AS is committed to respecting your privacy and protecting your personal data. In this Privacy Policy (this “Policy”), “Panaviatic”, “we”, “us” or “our” means Commercial aircraft operator Panaviatic AS, registration code 11256731, with registered address: Estonia, Tallinn, Lennujaama tee 13 collectively; “you” or “your” means you, the person who provides us with personal data; and “personal data” shall have the meaning assigned to it in Article 4 of Regulation (EU) 2016/679 of the European Parliament and of the Council. All personal data is obtained, held, and processed by Panaviatic AS, in compliance with, this Policy, any and all data protection related laws and regulations that are applicable to Panaviatic AS (including without limitation, Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”)), and any and all data protection related terms in any agreement or contract in force between you and Panaviatic AS in relation to the supply by us to you of services and/or products. Panaviatic AS (a company incorporated in Estonia, with registration number 11256731, and with principal offices at Estonia, Tallinn, Lennujaama tee 13) is deemed data controller. When we ask you or your agent to provide certain personal data, then you can be assured that it will only be used in accordance with this Policy. This Policy applies to personal data about you that we collect, use and otherwise process in connection with your relationship with us as a client or potential client, including when you travel with us or use our other services, use our website or service agents and book to use our services through third parties (such as agents, brokers and other carriers). This Policy applies to you whether you use our services or products on a casual basis, or have registered to use any of our services or products, or have entered into a contract with us in relation to the supply by us to you of services and/or products. Any products and/or services acquired by you from us will be subject to their own terms and conditions which you must also read and accept. In the event of any conflict between this Policy and the terms and conditions of any such products or services (such as General Terms and Conditions of Carriage), then the terms and conditions of those products or services shall prevail. This Policy is effective as of the “Effective Date” which appears at the bottom of this Policy. We reserve the right, at our sole and absolute discretion, to change or modify this Policy at any time. Any such changes or modifications will become effective when posted on this page. Please check this page periodically to ensure that you are happy with any such changes or modifications. It is in your own interest to access this page regularly to view the latest version of this Policy. If we make a change or modification to this Policy, we may, where appropriate and where possible in our sole discretion, alert you with a notice on our website or with any other means of notification we deem fit. Your continued access to or use of any of our services or products or your purchase of any of our products or services or your continued provision of personal data to us following any change or modification to this Policy shall be deemed your acceptance to be bound by any such changes or modifications. Your access to or use of any our services or products and your purchase of any of our products or services is entirely voluntary. Please read this Policy carefully, as your access to or use of any our services or products and your purchase of any of our products or services constitutes your acceptance of all of the terms and practices described in this Policy, including without limitation, the collection, use, processing, and disclosure of your personal data as described in this Policy. Please do not access or use any of our services or products or purchase any of our services or products if you disagree with any part of this Policy.

What types of personal data do we collect?

We collect personal data about you, about your travel arrangements, about how you use our services and products, and about how you use our website, and such personal data so collected includes without limitation: • Your name and surname; • Contact information including address of residence, email address, telephone number, and fax number; • Your date of birth, nationality, and passport information when you book a flight with us; • Personal description and photograph (including passport and other identification documents) when you book a flight with us; • Personal tastes (e.g food and beverages) and dietary requirements; • Medical condition (e.g. allergies for catering purposes, and disabilities); • Information about your travel arrangements, such as details of your bookings, travel itinerary, details of any additional assistance you require and other information related to your travel with us. • Information about the services we have provided to you in the past, including your previous travel arrangements, such as flights and other bookings, and related matters, such as upgrades, etc. • Your geographical position; • Information about your use of our website, including information about which pages you view; • Information about interactions you have with us and our staff; • Your financial and credit card information (including such information as received from third party banks and other credit institutions and credit rating institutions) which are necessary for us to provide you with the requested product or service; and, • Other information that may be required by us, to carry out obligations arising from any contracts entered between you and us, and/or to carry out client surveys and/or offers. This personal data may include information that you provide to us directly or through companies or agents we work with, as well as information which we collect when you use our products or services.

When, and why, do we collect ‘sensitive personal data’?

Certain categories of personal data, such as that about race, ethnicity, religion or health, are considered “sensitive personal data” in terms of applicable law. Sensitive personal data will only be processed where: • you have requested specific medical assistance from us and/or an airport operator, such as the provision of wheelchair assistance or oxygen, or, • you have sought clearance from us to fly with a medical condition or because you are pregnant, or, • you have otherwise chosen to provide such information to us (or a third party such as the agent or broker through which you made your booking). By providing any personal data that is, or could be considered to be “sensitive personal data”, you explicitly agree that we may collect, use, share with third parties and transfer such data, within and outside of the European Economic Area, in accordance with this Policy.

Links to third party websites

Please be aware that this privacy policy applies only to the Panaviatic AS website. Since our site may contain links to other websites, we advise you to consult the privacy policies of these websites prior to submitting any personal data. We cannot be held responsibile for any data shared when visiting other websites.

What do we use your personal data for?

We store, handle, send and generally process personal data to provide you with the best service, and in particular for the following reasons: • We will need to use the personal data to fulfil your request and provide your: (i) flight if you choose to fly with us; and, (ii) other travel related arrangements if you choose to book them with us. This will include passing your personal data to relevant authorities such as passport control and border agencies and where appropriate relevant police and customs authorities. We may also need to contact you if we have questions regarding your request. Additionally, there may be travel arrangements that are not provided by us but which nevertheless form part of your overall journey which need to be fulfilled, such as details of your arrangements at airports and customs and immigration formalities. • To deal with the general enquiries you raise from time to time on our services; • To ensure that you or any passenger is not the subject or target of any economic or trade sanction law or regulation or travel ban; • For the purposes of accounting and billing, immigration and customs control, health and safety, security and legal compliance; • To carry out obligations and/or enforce rights arising from any contracts entered between you and us; • To carry out due diligence or other background checks on you (thru’ sanction and enforcement list data) so as to protect our rights, interests, property and safety and the interests, rights, property and safety of our clients, or others; • For internal record keeping and the general administration of your records by us which may include for example, accounting and billing, auditing, credit or other payment card verification, anti-fraud screening (including the use of credit reference agency searches and payment card validation checks), immigration and customs control, safety, security, health, administrative and legal purposes and systems testing, maintenance and development. • For security purposes to protect your personal data held and/or processed by us; • For training our employees in respect of providing our service and products to you; • For statistical analysis; • To improve our products and services; • From time to time, we may also use your personal data to contact you for feedback on our services and third-party supplier services so as to assist us in their improvement and development, and to provide services tailored to your requirements and treat you more personally, for example: o to deliver messages and information that we think is relevant and may be of interest to you, prior to, during, and after your travel with us o to personalise and tailor your travel experience When you are travelling with us and using airports at which we operate, we may have the ability to monitor where you are within the airport, for example, based on your having passed through security checks. This information may be used to assist with flight connections and with the prompt and effective boarding of aircraft, as well as to provide a personalised service. Please also be aware that in some airports where we operate, facial recognition and related biometric technology is used in order to facilitate passenger boarding. We shall keep your personal data for the above purposes in accordance with those retention periods set by applicable law and our internal policies.

Who do we share your personal data with?

We may disclose your personal data (and any third party personal data provided by you to us) to: • third parties: (i) in the event that we sell our entire business or assets (in which event disclosure shall be to a prospective purchaser and their professional advisers only) or in the event of a due diligence exercise carried out on Panaviatic AS by a potential investor or partner (in which event disclosure shall be to the potential investor or partner and his professional advisers, shall be limited to the extent required, and shall be subject to confidentiality protections to the extent practicable); (ii) if we are under a duty to disclose such personal data in order to comply with any legal or regulatory obligation or request; (iii) in order to give effect to and/or enforce the terms and conditions of any contract entered into between you and us; (iv) so as to protect our rights, property and safety and the rights, property and safety of our clients, or others (including by way of exchange of information with third parties for the purposes of fraud protection and credit risk reduction); (v) to carry out due diligence or other background checks on you (thru’ sanction and enforcement list data) so as to protect our rights, interests property and safety and the interests, rights, property and safety of our clients, or others; (vi) to facilitate your travel arrangements, including other carriers and airport operators, customs and immigration authorities, agents or brokers involved in making your travel arrangements; and, (vii) who deliver services either to you or to us, such as companies that provide airport assistance, ground handling, catering, fuel, transportation, and air crew (pilots and flight attendants). Panaviatic AS and other carriers are required by laws in several countries to give border control agencies and other public authorities access to booking and travel information and other personal data (including data obtained from official photo identification documents). Therefore, any information we hold about you and your travel arrangements may be disclosed to the customs, immigration and public authorities of any country in your itinerary. In addition, laws in several countries require Panaviatic AS and other carriers to collect passport and associated information for all passengers prior to travel to or from those countries. When required, Panaviatic AS will provide this information to the relevant customs and immigration authorities.

When do we collect personal data about you?

We collect personal data about you when you use our services or products (whether directly provided by us or by another company or agent), when you travel with us, and when you use our website. The following are examples of when we collect personal data about you: • when you book or search for a flight or other products or services on our website or through contact with our sales department; • when you book or search for a flight or other products or services through our other sales channels, such as through an agent or broker; • when you travel with us and use airports where we operate; • if you use lounge facilities provided by us or our agents; • if you use our communication services; • if you complete a client survey or provide us with feedback; In addition, we may receive personal data about you from third parties, such as: • companies contracted by us to provide services to you; • companies involved in your travel plans, including relevant airport operators and customs and immigration authorities; • companies (e.g. car hire providers and hotels) that participate in our programmes.

How long do we store your personal data?

Personal data is only processed for as long as it is necessary in order to fulfil the purpose of the processing, or as long as the Company is required to store such data by law.

Security, storage, and transfer

We are committed to ensuring that your personal data is secure at all times. We have in place suitable physical, electronic and managerial procedures to safeguard and secure the personal data we collect online. All of our employees and suppliers with access to your personal data and/or who are associated with the processing of that data are contractually obliged to respect the confidentiality of your personal data. As an example, if you are a passenger on a flight operated by us you can be assured that none of our crews, will take a photo of you whilst you are on our aircraft and then upload the photo on social media, or disclose to any person the fact that you are flying on our aircraft, or disclose any of your confidential information that they may become privy to during your flight (in each case, unless disclosure is required for any reason set out in this Policy). Your personal data will be stored on and processed by our systems and may also be stored on and processed by systems of a third-party data processor(s) appointed by us. The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by employees operating outside the EEA who work for us or for one of our suppliers. Such employees may be engaged in, amongst other things, the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Policy, the GDPR, and any data protection related laws that are applicable to Panaviatic AS.

Withdrawal of Consent

If you withdraw your consent to the processing of your personal data at any time, it may mean we will not be able to provide all or parts of the products or services you have requested from us (example: if you book a flight with us and prior to the flight you withdraw your consent to the processing of certain of your personal data which is necessary for the performance of that flight, then we will not be able to provide you with the flight). Please be aware that in these circumstances you will not be able to obtain a refund of any fees or monies you would have paid.

Transmission of information over the internet

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Services; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.

Providing information about someone else

If you are providing personal data to us about someone else you confirm that they have appointed you to act for them, to consent to the processing of their personal data, and that you have informed them of our identity, of this Policy, and of the purposes (as set out in this Policy) for which their personal data will be processed.

Complaint, applicable law, Jurisdiction and Severability

Any dispute arising from or related to the acceptance, interpretation or observance of this Policy shall be submitted to the exclusive jurisdiction of the competent Court of Estonia (Europe) which shall apply the laws of Estonia. If this Policy is incorporated by reference into a contract having its own choice of law and jurisdiction, then any dispute arising from or related to the acceptance, interpretation or observance of this Policy shall be submitted to the jurisdiction, and shall be subject to the governing law, of that contract. You also have the right to lodge a complaint with a supervisory authority established within the EEA. List of contact details of supervisory authorities within the EEA is available here. If any portion of this Policy is held to be invalid or unenforceable for any reason by a court or governmental authority of competent jurisdiction or by a supervisory authority, then such portion will be deemed to be stricken and the remainder of this Policy shall continue in full force and effect.

Further details

Further details about your rights under the GDPR can be accessed here.

Contacting us

If you have any questions about our Privacy Policy or if you would like more information on your rights, or want to exercise them, you can send an email to info@panaviatic.eu. We may change this Privacy Policy from time to time. We encourage you to review this Privacy Policy periodically.

This Policy is effective from 17.03.2021.