Privacy

Hello.

We want to make sure you are onboard with us when it comes to the use of your data.

Finnair Flight Academy Privacy Policy tells you how we collect, use, disclose and in other ways process your personal data. Here we also explain your rights, how to contact us and how we safeguard your data. 
Your privacy is our priority. 
 

Data controller

FINNAIR OYJ
Business ID       0108023-3
Address              Tietotie 9 01530 VANTAA, FINLAND

Data protection officer

You may contact the Finnair Group Data Protection Officer contact information: PRIVACY@FINNAIR.COM or Finnair Data Protection Officer, PO BOX 15, 01053 FINNAIR, FINLAND.

Your data, your rights

How to use your rights

You can use your rights as a data subject by contacting us at PRIVACY@FINNAIR.COM. Please note that we may need to request additional information to confirm your identity.

We will provide you a confirmation of the actions we have taken in response to your request (for example, confirmation of deletion). We will also let you know if we cannot fulfil a certain request, as well as the reasons behind such a decision. 

Making a personal data request is free of charge once every six (6) months. For additional requests during this time frame we may charge a reasonable fee to cover the administrative costs involved. We reserve the right to reject requests that are unreasonably repetitive, excessive or clearly unfounded.

Right to access

You have the right to access and be informed about your personal data processed by us. You may request a copy of your personal data. We will provide you with it unless we have lawful reasons not to share this data with you or in cases when sharing the data with you would result in severe damage to your rights or the rights of others.

Right to correction

You have the right to have inaccurate or incomplete personal data about you rectified or updated. You may update some of your personal data through our digital channels and, additionally, you have the right to request correction of your contact details or other personal data by contacting us.

Right to erasure

You may ask us to delete your personal data if, for example, your personal data are no longer needed for the purposes for which they were collected; you withdraw your consent where our data processing is based only on your consent; you object to processing and there are no overriding legitimate grounds for the processing.

We will erase such personal data without undue delay unless we have legal bases to continue processing such data, for example if there is an overriding legitimate interest of our company, if the data is necessary for the performance of a contract, or if the data is necessary for establishing, exercising or defending legal claims or complying with a legal obligation which we are subject to.

Right to restrict and right to object

You may also request us to restrict processing of your personal data for example when a request concerning rectification or removal of your data is pending; our company no longer needs the said personal data for its processing purposes but you need the data for the establishment, exercise or defence of a legal claim; or you have objected to the processing of the personal data based on the legitimate interests of our company and the verification whether the legitimate interests of our company override your rights is pending.

You have the right, at any time, to prohibit us from using your personal data for direct marketing purposes, which includes profiling related to such direct marketing. 

Right to withdraw your consent

You have the right to change your mind and withdraw any consent you previously provided to us.

Right to data portability

You have the right to receive the personal data you have given us in a structured and commonly used electronic format and to independently transmit those data to a third party.

Lodging a complaint

If you feel we have not handled your personal data correctly, you can contact the data protection supervisory authority and lodge a formal complaint.

Safeguarding your data

How we protect your data

Finnair takes appropriate technical and organisational measures to ensure the security of your personal data and protect it against loss or unlawful use. access to your personal data is restricted on a need-to-know basis and by access controls, and processing of personal data is logged. Our information technology environment is appropriately protected and monitored, with regular updates, testing and assessment to ensure ongoing security. Our personnel are trained to comply with applicable data protection legislation as well as applicable policies and instructions. 

International data transfers

Your personal data may be transferred and processed outside of your home country and outside of the European Economic Area. The laws of these countries may not afford the same level of protection to your personal data. In these cases, we have taken steps to ensure that appropriate and suitable safeguards are in place in order to comply with the requirements for international transfers of personal data under the applicable law, such as European Union Commission Standard Contractual Clauses as a safeguard for the transfer of personal data outside the European Economic Area. We may also be obligated to transfer your personal data to foreign authorities.

If something should go wrong

We do our best to keep your data safe and secure. If, however, there was a personal data breach that should endanger your privacy, we will inform you in a timely manner and in accordance with data protection legislation.

Your actions matter as well

To protect your own privacy, please avoid sharing your personal data, for example login information or travel documents with others or social media. Please avoid sending for example copies of your identification documents or sensitive personal data to us by unsecured e-mails and instead use instructed web forms or other secure transfer methods provided by Finnair.

What personal data do we collect and process?

Identification and contact information

We collect and process your basic information, such as your full name, date of birth, gender, citizenship and social security number. We also process your contact information, such as your address, telephone number, email address and, in some cases, your passport information.

Licences, certificates and training records

We process information on the trainees’ licenses and associated ratings and certificates, including expiry dates. This information is collected prior to training in order to ensure that prerequisite requirements are complied with. This also includes the expiry date of medical certificates, where required. Detailed training records of ground, flight, and simulated flight training including assessments are stored as required by aviation authorities. This includes training and checking reports, assessments and results of exams.

Communication with you

We may collect and process your communication with us. This can include, for example, email enquiries, SMS messages or phone call recordings. We may process your information when handling feedback or in connection with satisfaction surveys or claims. 

Payment information

We process personal data in connection with the invoicing of our training services. This may include information regarding chosen payment method, payment plan and information regarding the entity that is financing your training (for example your employer). 

Why do we collect your personal data and how long do we store it?

How we use your data

Based on our contract with you 

We process your data to provide you with the training offerings based on your employers training contract with us. We need to ensure that you meet the prerequisite requirements for the assigned training. We also need to process data for tracking your training progress and for ensuring that all the training objectives are met. If you have enrolled in our other services, we will process the data provided during that registration.

Based on our legal obligations

Due to aviation laws and the requirements set by aviation authorities, we are responsible for processing and storing certain records regarding our trainings and the individuals who have participated in our trainings. We process certifications and qualifications and certain background information due to legal requirements. Additionally, based on accounting legislation we are required to store our transactions and other accounting material for the period defined by law.

Based on our legitimate interests

We may process your contact information to inform you about any schedule changes or to answer any questions you may have. In order to help you with any questions, collect your feedback or handle your complaints or claims we use your personal information and details as provided to us. When processing personal data, we rely on our legitimate interest in maintaining business relationships and communicating with you about our operations and our events.  Personal data is also processed in connection with our digital services. We collect and process certain data when you visit our website or when you use our digital touch points. For more information please see our cookie policy.

Storage period

We keep your personal data for as long as necessary for us to fulfil the purpose for which it was collected or in so far as data storage is necessary for compliance with legal obligations and for solving claims or any disputes. 

Where do we get your data from and who do we share it with?

Sources of data

We get your personal data directly from you when you attend our trainings or use our other services, for example when enrolling in our online training platforms or from the organisation responsible for arranging your training and purchasing the service for you, including enrolling you in our online training platforms. Certain information containing personal information is also produced by us during the course of the training. This may include exam results or assessment results. We may also get information from authorities. 

Sharing your data

We may share your personal data with Finnair group companies and other third parties for the following purposes: 

Providing our services

We share your personal data with service providers or partners directly involved in providing our services. We may also share data with our third-party service providers, such as information technology system providers, back office services and other support functions. We may also share your data with the organisation responsible for ordering or arranging your training. This can involve informing them of your completed trainings or assessment results.

Legal obligations

We may share your personal data with relevant authorities such as aviation authorities when necessary for regulatory, legal or security reasons, for example, we may share your personal data with relevant third parties if it is necessary to detect and prevent crime or fraudulent activities.