Data Protection Policy and Statement 

1. ​Airvis is fully committed to full compliance with the requirements of the General Data Protection Regulation. Airvis will therefore follow procedures which aim to ensure that all employees, candidates, contractors, consultants, partners, or other agents of Airvis (collectively known as Data Users) who have access to any Personal Data held by or on behalf of Airvis are fully aware of, and abide by their duties under the General Data Protection Regulation. 
2. ​Airvis respects the privacy rights of any person, who’s Personal Data we are entrusted with and Airvis complies with laws and regulations protecting Personal Data. We regard the lawful and appropriate treatment of Personal Data as very important to our successful operations and essential to maintaining confidence between Airvis and those with whom we carry out business. This Policy covers all Personal Data collected, processed, shared or used by Airvis .
3. Airvis needs to collect and use information about people with whom it works in order to operate and carry out its functions. These may include members of the public, current, past and prospective employees, clients and customers and suppliers, and people who use the services that we provide. This Personal Data must be handled and dealt with properly however it is collected, recorded and used, and whether it is on paper, in computer records, or recorded by other means. 
4. ​It is the responsibility of every Airvis Manager to adhere to this Policy within his or her area of functional or business responsibility, to lead by example, and to provide guidance to those Data Users reporting to him or her. All Data Users are responsible for adhering to the principles and rules set out in this Policy and are expected to recognise if they are collecting, processing, sharing or using Personal Data.  Data Users must be aware of the general privacy requirements and principles that govern Personal Data and know when to escalate issues to the Data Protection Officer

​Data Protection Principles  – Privacy by Design and Default 

5. ​This Policy explains the relevant data privacy principles for the protection of Personal Data and how such principles are to be implemented.
6. The GDPR provides conditions for the processing of any Personal Data. It also makes a distinction between Personal Data and 'special category' data.

Personal Data is defined as any information relating to an identified or identifiable natural person  
Special category data is defined as Personal Data consisting of information as to:

  • Racial or ethnic origin
  • Political opinion
  • Religious/philosophical beliefs
  • Trade union membership
  • Physical or mental health or condition
  • Sexual life or sexual orientation
  • Biometric data
7. ​Any Data User processing Personal Data must comply with 6 principles of good practice. The principles require that Personal Data shall be: 

  • processed lawfully, fairly and in a transparent manner in relation to individuals
  • collected for specified, explicit and legitimate purposes and not further processed in an manner that is incompatible with those purposes
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
  • accurate;
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the Personal Data are processed
  • processed in  a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures, and acting in accordance with the rights of data subjects under the GDPR. 
8. A fundamental principle of Data Privacy requires that Airvis process Personal Data fairly and lawfully. When collecting and using Personal Data consider how you would like to be treated by a company who is collecting your Personal Data and apply relevant laws, regulations and this Policy. 
9. All Airvis Data Users must: 

  • Collect and use Personal Data only with a legal justification which may include the legitimate business interests of Airvis.  For example, some Airvis Guidelines or local laws may require explicit consent of the person concerned prior to collecting Personal Data.
  • Notify people about how their Personal Data will be used prior to collecting the information (“Privacy Notice”).  Note – this doesn’t mean you need to inform individuals personally, but you can refer people to a specific Privacy Notice that is relevant and applicable.
  • Collect only the Personal Data required for a specific business purpose.
  • Be aware of any contractual obligations with regard to the processing of Personal Data (including any specific methods of transfer or security requirements).
  • Use Personal Data only for the specific business purpose described in the Privacy Notice or Consent Form or in a way that the person would reasonably expect. “Consent” means any freely given, unambiguous, revocable and informed indication of the person’s agreement to the processing of his/her Personal Data.  A Privacy Notice means an oral or written statement that individuals are given when Personal Data about them is being collected. The Privacy Notice describes who is collecting Personal Data, why Personal Data is being collected, how it will be used shares, stored and any other relevant information of which the person should be aware.
  • Use Personal Data in ways that do not have an adverse effect on the person concerned unless such use is justified by law.
  • Anonymise Personal Data where possible and appropriate in a way that ensures the necessary safeguarding of Personal Data and Special Category Personal Data.
10. ​Responsible management of Personal Data is required to protect privacy rights and comply with Data Privacy laws.
11. Where we collect, use and/or maintain Personal Data Airvis must take the appropriate steps to : 

  • Keep Personal Data accurate and up to date throughout the Information Lifecycle (from collection to destruction) and for only as long as necessary for the purpose or as required by law.
  • Safeguard Personal Data so that is not shared with others who do not have a valid business reason to access the information.
  • Comply with Airvis Information Security Policies and procedures when processing Personal Data
  • Prevent the misuse of Personal Data for a purpose that is not compatible with the original purpose for which it was collected
  • Ensure Traceability of Personal Data throughout its lifecycle. “Traceability” follows the lifecycle of Information to track all access and changes to Personal Data and locations of the Personal Data. It helps Airvis demonstrate transparency, compliance and adherence to regulations
  • Report any Data Privacy breach in accordance with the terms of the Data Breach Policy. Data Privacy Breach means any unauthorised disclosure, acquisition, access, destruction or alteration of, or any similar action involving Personal Data, or any other incident where the confidentiality, integrity or availability of Personal Data may have been compromised.
12. Airvis has designated Protection Officer who is accountable on advising on data privacy matters and for implementing Data Privacy controls.
When in doubt whether Personal Data may be used for a purpose different from the purpose for which it has been collected, or in case of any other question related to the management of Personal Data, please review our specific controls or contract our Data Protection Officer at

Info@airvis.co.uk
Title. Data Enquiry 

​Lawful Processing of Data

14. ​. Under the GDPR (and under the current Data Protection rules), there needs to be a lawful basis for processing Personal Data.  Data may not be processed unless there is at least one lawful basis to do so.
15.  The key "lawful basis" grounds for processing data that will apply to Airvis are that:

  • Processing is necessary for the purposes of Airvis legitimate business interests.
  • Processing is necessary for the performance of a contract to which the data subject is party (such as an employment contract) or to take steps at the request of the data subject prior to entering into a contract - this will often be the case where this is HR data.
  • Processing is necessary for us to comply with our legal obligations.
  • Consent has been given to us where we are Data Controller - by the person whose Personal Data is processed.  Where we are relying on consent as the lawful basis for processing, that consent must be explicit in respect of the data collected and the purposes data is used for and a record kept of such consent.

Data Transfers

​16. Personal Data may necessarily be shared with other Airvis affiliates, government agencies and third parties for legitimate business reasons or as otherwise allowed or required by law. Data Users who share Personal Data with third parties must obtain assurance that the third party has the ability and intention to protect Personal Data, consistent with the standards and principles contained in this Policy. This may be done through third party due diligence, risk assessment and/or a contract.   If risks are identified then appropriate requirements (including technical safeguards and organisational measures) must be set out to ensure adequate protection of Personal Data.  A processing agreement will usually be required whenever a third is provided access to Personal Data in order to process such Personal Data on behalf of Airvis.  If such agreement is not in place this should be reviewed with the Data Protection Officer for the business.   In addition similar arrangements are required where Airvs businesses process data to or on behalf of each other.   
17. Questions regarding requirements for the disclosure of Personal Data to Third Parties should be addressed to your regional/local Data Protection Officer. 
18. ​In many instances, the use of Third Parties will also involve the transfer of Personal Data across country borders. 

​Individual Rights Regarding Personal Data

19. We have in place arrangements for Data Subjects to exercise their individual rights with regard to Personal Data.  These include Data Subject Access Requests, and other rights with regard to the Personal Data.  In the event of a request made by a Data Subject then this should be actioned in accordance with the Data Subject Access process.  In respect of other requests made – such as the right to portability or any requests to be forgotten – these should be referred to the relevant Data Protection Officer.
20. ​ In the event of Data Breaches, you must follow the Data Breach Management Policy without delay.

Raising Concerns 

​21. In respect of any concerns with regard to the appropriate management of Personal Data, any Associate, who learns of a potential violation of applicable laws and/or this Policy should notify the relevant Data Protection Officer immediately.  Alternatively, they may report their suspicion (anonymously) in accordance with Airvis Code of Ethics.

COPYRIGHT© aIRVIS LTD 2023 

 Website Privacy Policy  Data Protection Statement. 
Airvis Ltd , International House , 61 Mosley Street, M2 3HZ, United Kingdom. Registered in England and Wales 9475054