IAA Privacy Notice
Learn who is responsible for your personal data
This privacy statement ("statement") describes how the Irish Aviation Authority (“IAA”) collects, stores and uses information that identifies individuals ("Personal Information") in connection with its business activities, including via the IAA website (www.iaa.ie). Please take the time to read this statement carefully.
We have published this statement to clearly outline, in a transparent way, how we will collect, use, store, protect and retain your personal information. This statement is an important document because it explains the way that we use your personal information when you interact with us including but not limited to our website.
For the purposes of data protection laws, the IAA is the data controller or data processor of personal data covered by this statement.
Data Protection Officer
You may contact the IAA’s data protection officer about all issues related to this statement, your personal data and to exercise your rights under data protection laws.
You can contact us via email at email@example.com or in writing to The Data Protection Officer/Company Secretary, Irish Aviation Authority, The Times Building, 11-12 D'Olier Street, Dublin 2, D02 T449, Ireland.
Learn about the personal data the IAA collect about you AND WHY WE USE IT
Overview of personal data that we collect
We may collect personal data about you whenever there is contact between you and the IAA such as:
- Information that you provide by filling in forms on the website, customer portal (MySRS) or in paper copy. This includes, but is not limited to;
- licence applications
- aircraft registration
- customer complaints
- conference centre bookings
- safety reporting
- drone registration
- joining the customer portal MySRS (my safety regulatory system)
- Information that we are required to collect and process for statutory or regulatory reasons e.g. statistics for the Central Statistics Office
- If you contact us by phone, email or post we may keep a record
If you are present at IAA controlled sites
We may collect information such as CCTV images or logging information for the purposes of maintaining security in sensitive areas including, but not limited to offices and control towers.
If you are applying for a licence, approval, authorisation, registration or submitting a declaration
We may collect details of your application for the purposes of processing your application and dealing with licensing, approval, authorisation, registration or declaration matters. These applications or declarations may apply to legal or natural persons.
If you are a supplier (or prospective supplier) to the IAA
We may collect, store, and use your personal and/or professional contact details for the purpose of contacting and corresponding with you, as well as contact details for any organisation that you represent. We may also collect your personal information through materials you may provide to us in relation to the services you supply to us, as well as your bank account and/or other payment details for the purpose of paying your fees.
If you have a complaint
We may collect your name, address, phone number and details of the nature of your complaint so that we can investigate and respond to you in the most efficient way.
If you sign up for a newsletter, updates or Customer Portal (MySRS)
We may collect your name and email address for the purpose of providing you with a newsletter or updates about IAA services or when setting up your MySRS portal identity verified account a proof of address is required. Two factor authentication is required to use your identity verified account, this is in place to protect your personal data. The account will not permit transactions without two factor being enabled.
If you or your employer provide your details in connection with aviation security functions
If you hold certain security posts or roles identified under the EU Aviation Security Regulations, we hold the contact details provided on an IAA database and also upload them as required on EC databases
Where a security manager submits a report of an incident, details may be provided to other relevant bodies and / or to the EC.
If you complete a job application
As part of any recruitment process, the IAA collects and processes Personal Information relating to job applicants. We may collect your name, address, personal public service number and contact details, including email address, telephone number, details of your qualifications, skills, experience and employment history, information about your current level of remuneration (including benefit entitlements).
If you contact us via a web form
Web forms may be used to submit queries and other communications to the IAA. Details collected by web forms will be retained by the IAA for a reasonable period in accordance with legislation.
If you enquire about meeting room facilities in the IAA Conference Centre
We may collect information such as your name, organisation, telephone number and email address if you make an enquiry about renting conference centre space in our Dublin offices.
If you contact us via twitter or other social media
We may collect your name and contact details for the purposes of contacting you in the future. We are also bound by the terms and conditions of these platforms.
If you contact our AIM/AIS section
We may collect information such as your name, organisation, telephone number, email address, licence details and aircraft registration, if you contact our Aeronautical Information Management/Aeronautical Information Services section e.g. in relation to making a flight plan.
If you exercise rights under the GDPR
We may collect information such as your passport, drivers’ licence, utility bills etc. in order to verify your identity and process such requests.
The Categories of Data we Collect
- Identification data: including, name, addresses, contact details, date of birth, signature, evidence and verification of identification
- Optionally your signature can be stored in MySRS to use for submitting applications or you can upload your signature each time you make an application using MySRS
- Employment details: including occupation, employer, employment status, time with employer
- Special Categories of Data: Health Data, Criminal Record Data, Health and Safety Records
Automated decision-making and automatic processing using the Customer Portal MySRS
MySRS platform integrates automated processing to assist when creating your account – the email address entered during creation automatically receives a message to complete set-up of the account (using automated decision making/auto processing)
Basic account set-up requires your name and email address. This account type allows you to submit Occurrence Reports (Aviation Security) and messages.
Identity verified account set-up requires you to verify your identity by providing personal details (identification data) which are matched against the identity document you provided and entered, and subsequently are stored in your account profile. These details are automatically used when you make an application for any licence type
Auto Address functionality (auto processing) is available to assist when entering your address by using Eircode or Post code.
Customer Portal MySRS – Minimum Age and Consent
The minimum age to set-up an account with MySRS is 16 years. You are required to acknowledge your age meets this requirement when creating your account.
After reading the Data Privacy Statement the following consent statement must be affirmed before creating a portal account, ‘I have read the IAA privacy notice and by selecting Sign up, I confirm that I am at least 16 years or older and I consent to creating an account using my personal data provided. I understand that I will have to provide proof of my age when verifying my identity’.
Learn who we share your personal information with
For the ongoing management of our business operations we may share your data with the following recipients;
- Medical practitioners
- Security contractors
- Facilities Management contractors
- Business Management consultants
- Regulatory bodies
- Insurance companies
- Legal services
These recipients include third party agents or subcontractors who work on our behalf and provide us with expertise or assistance in such areas as legal, compliance, audit, debt collection, credit agencies, IT or insurance.
These recipients are limited to parties that we have relationships with, in order to operate our business. All recipients will have a Data Processing Agreement with us or GDPR specific clauses within our contract with them, which commits them to their obligations under Data Protection laws and provides the IAA with the assurance that your data is being processed to the highest of standards.
The Legal Basis for Processing your Data
The IAA comply with the EU General Data Protection Regulation and Irish Data Protection Legislation. We only collect, utilise and share your data in strict adherence with these laws and principles. Your data will only be collected, utilised or shared by the IAA if the processing is:
- undertaken on the basis of your consent;
- necessary for the performance of (or entering into) a contract;
- as a result of an existing legal obligation to which we are subject;
- in your vital interests;
- in the public interest;
- IAA’s legitimate interests.
Learn how the IAA keeps your personal data secure
We are committed to applying the appropriate technical and organisational security measures to protect your personal information against unlawful or unauthorised use and against accidental loss, damage or destruction. We have strict confidentiality agreements and data processing agreements in place with our third-party providers (including data protection obligations).
MySRS platform is accessed through your web browser and uses the following necessary cookies:
When making electronic payments to check the browser is working properly, to detect and prevent fraudulent payments.
Security protection which maximizes network resources, traffic management and to protect the platform site against malicious traffic.
Application information involving error messages and exceptions to functionality is automatically pulled from your browser, used to maintain the application, and does not contain any personally identifiable information.
Your Data Protection Rights
Individuals have data rights which allow you to address any concerns or queries regarding the processing of your Personal Data.
- We will respond to your request within 1 (one) month of receipt of your request.
- All of your rights may be exercised freely and at no cost.
You can exercise your rights by contacting firstname.lastname@example.org
You have a right to request access to the personal data that we hold about you or to have that information updated if it is incorrect.
In order to request a copy of the personal data that IAA holds about you, please email email@example.com and include the following information:
- Your full name (including previous name, if applicable);
- A brief description of the data that you are requesting, including a date range;
- Any email addresses (past and present) used to contact IAA; and
- A copy of current and valid photo ID (e.g. drivers’ licence).
Alternatively, you can fill in a copy of this subject access request form here and submit it to the email address mentioned.
From the date that we receive this information, we will endeavour to process your request in line with the relevant regulations.
Where applicable you have the right to restrict the processing of your personal data, to have your data rectified and keep up to date, the right to have your data erased, the right to data portability and the right to object to processing.
If you have questions in relation to your personal data rights, please contact us via email at firstname.lastname@example.org or in writing to The Data Protection Officer/Company Secretary, Irish Aviation Authority, The Times Building, 11-12 D'Olier Street, Dublin 2, D02 T449.
ENFORCING YOUR DATA PROTECTION RIGHTS
If you feel that the processing of your Personal Data is not in line with IAA’s data protection obligations, you can complain to a Data Protection Supervisory Authority.
The Supervisory Authority for the IAA is the Data Protection Commission.
|Postal Address|| |
Data Protection Commission
21 Fitzwilliam Square South
The IAA will retain your data for as long as it is necessary to fulfil the purposes for which it was collected.
However, we may be required by applicable laws and/or regulations to hold your data for longer than this period.
Unless legally obliged to the contrary, the IAA will delete your Personal Data in line with our Data Retention Policy.
Where we transmit and store your personal data
Personal Data that we collect may be transferred, stored, and/or processed between and accessed from other jurisdictions throughout the world. Laws in these other jurisdictions may differ from and may not provide an equivalent level of data privacy, security, and protection as the EU/EEA. Where your data is transferred outside the EU/EE, we ensure that there are appropriate safeguards in place, such as EU Commission approved Standard Contractual Clauses.
Changes to this Policy
The IAA may change this statement from time to time, in whole or part, at our sole discretion or to fulfil a legal obligation.
We encourage you to check our website to view the most recent version of this statement (www.iaa.ie.)
If you have an account with the customer portal (MySRS) you will be required to read and to reaffirm consent when the change to this statement is published.
Revision Date: March 2022
Previous Revision Date: January 2022