IAA Website - Saturday, February 4, 2023 1:39 AM


IAA Privacy Notice

Learn who is responsible for your personal data

This privacy statement ("statement") describes how the Irish Aviation Authority (“IAA”) collects, stores and uses information that identifies individuals ("Personal Information") in connection with its business activities, including via the IAA website (www.iaa.ie). Please take the time to read this statement carefully.

We have published this statement to clearly outline, in a transparent way, how we will collect, use, store, protect and retain your personal information. This statement is an important document because it explains the way that we use your personal information when you interact with us including but not limited to our website. 

Data Controller

For the purposes of data protection laws, the IAA is the data controller or data processor of personal data covered by this statement.

Data Protection Officer

You may contact the IAA’s data protection officer about all issues related to this statement, your personal data and to exercise your rights under data protection laws.

You can contact us via email at dataprotection@iaa.ie or in writing to The Data Protection Officer/Company Secretary, Irish Aviation Authority, The Times Building, 11-12 D'Olier Street, Dublin 2, D02 T449, Ireland.

Learn about the personal data the IAA collect about you AND WHY WE USE IT

Overview of personal data that we collect

We may collect personal data about you whenever there is contact between you and the IAA such as:

  • Information that you provide by filling in forms on the website, customer portal (MySRS) or in paper copy. This includes, but is not limited to;
    • licence applications
    • aircraft registration
    • customer complaints
    • conference centre bookings
    • safety reporting
    • drone registration
    • joining the customer portal MySRS (my safety regulatory system) 
  • Information that we are required to collect and process for statutory or regulatory reasons e.g. statistics for the Central Statistics Office
  • If you contact us by phone, email or post we may keep a record


If you are present at IAA controlled sites

We may collect information such as CCTV images or logging information for the purposes of maintaining security in sensitive areas including, but not limited to offices and control towers.

We may collect information associated with recordings of voice conversations at ATC Operational Positions for the purposes of investigating mandatory occurrences. The IAA considers that the data captured by ambient recordings is protected or privileged.  The intention is to apply normal standards of personal data management and security to the ambient recordings.  Where, however, issues arise which touch on the protected or privileged nature of the data, each issue will be considered individually.


If you are applying for a licence, approval, authorisation, registration or submitting a declaration

We may collect details of your application for the purposes of processing your application and dealing with licensing, approval, authorisation, registration or declaration matters.  These applications or declarations may apply to legal or natural persons.

If you are a supplier (or prospective supplier) to the IAA

We may collect, store, and use your personal and/or professional contact details for the purpose of contacting and corresponding with you, as well as contact details for any organisation that you represent. We may also collect your personal information through materials you may provide to us in relation to the services you supply to us, as well as your bank account and/or other payment details for the purpose of paying your fees.

If you have a complaint

We may collect your name, address, phone number and details of the nature of your complaint so that we can investigate and respond to you in the most efficient way.

If you sign up for a newsletter, updates or Customer Portal (MySRS)

We may collect your name and email address for the purpose of providing you with a newsletter or updates about IAA services or when setting up your MySRS portal identity verified account a proof of address is required.  Two factor authentication is required to use your identity verified account, this is in place to protect your personal data.  The account will not permit transactions without two factor being enabled.

If you or your employer provide your details in connection with aviation security functions

If you hold certain security posts or roles identified under the EU Aviation Security Regulations, we hold the contact details provided on an IAA database and also upload them as required on EC databases

Where a security manager submits a report of an incident, details may be provided to other relevant bodies and / or to the EC.

If you complete a job application

As part of any recruitment process, the IAA collects and processes Personal Information relating to job applicants. We may collect your name, address, personal public service number and contact details, including email address, telephone number, details of your qualifications, skills, experience and employment history, information about your current level of remuneration (including benefit entitlements).


If you contact us via a web form

Web forms may be used to submit queries and other communications to the IAA. Details collected by web forms will be retained by the IAA for a reasonable period in accordance with legislation.

If you enquire about meeting room facilities in the IAA Conference Centre

We may collect information such as your name, organisation, telephone number and email address if you make an enquiry about renting conference centre space in our Dublin offices.

If you contact us via twitter or other social media

We may collect your name and contact details for the purposes of contacting you in the future. We are also bound by the terms and conditions of these platforms.

If you contact our AIM/AIS section

We may collect information such as your name, organisation, telephone number, email address, licence details and aircraft registration, if you contact our Aeronautical Information Management/Aeronautical Information Services section e.g. in relation to making a flight plan.

If you exercise rights under the GDPR

We may collect information such as your passport, drivers’ licence, utility bills etc. in order to verify your identity and process such requests.

The Categories of Data we Collect

  • Identification data: including, name, addresses, contact details, date of birth, signature, evidence and verification of identification
  • Optionally your signature can be stored in MySRS to use for submitting applications or you can upload your signature each time you make an application using MySRS
  • Employment details: including occupation, employer, employment status, time with employer
  • Special Categories of Data: Health Data, Criminal Record Data, Health and Safety Records 

Automated decision-making and automatic processing using the Customer Portal MySRS

  • MySRS platform integrates automated processing to assist when creating your account – the email address entered during creation automatically receives a message to complete set-up of the account (using automated decision making/auto processing)

  • Basic account set-up requires your name and email address.  This account type allows you to submit Occurrence Reports (Aviation Security) and messages.

  • Identity verified account set-up requires you to verify your identity by providing personal details (identification data) which are matched against the identity document you provided and entered, and subsequently are stored in your account profile.  These details are automatically used when you make an application for any licence type

  • Auto Address functionality (auto processing) is available to assist when entering your address by using Eircode or Post code.

Customer Portal MySRS – Minimum Age and Consent

The minimum age to set-up an account with MySRS is 16 years. You are required to acknowledge your age meets this requirement when creating your account.

After reading the Data Privacy Statement the following consent statement must be affirmed before creating a portal account, ‘I have read the IAA privacy notice and by selecting Sign up, I confirm that I am at least 16 years or older and I consent to creating an account using my personal data provided.  I understand that I will have to provide proof of my age when verifying my identity’.

Learn who we share your personal information with

For the ongoing management of our business operations we may share your data with the following recipients;

  •        Medical practitioners
  •        Security contractors
  •        Facilities Management contractors
  •        Business Management consultants
  •        Auditors
  •        Regulatory bodies
  •        Insurance companies
  •        Legal services

These recipients include third party agents or subcontractors who work on our behalf and provide us with expertise or assistance in such areas as legal, compliance, audit, debt collection, credit agencies, IT or insurance.

These recipients are limited to parties that we have relationships with, in order to operate our business. All recipients will have a Data Processing Agreement with us or GDPR specific clauses within our contract with them, which commits them to their obligations under Data Protection laws and provides the IAA with the assurance that your data is being processed to the highest of standards.

The Legal Basis for Processing your Data

The IAA comply with the EU General Data Protection Regulation and Irish Data Protection Legislation. We only collect, utilise and share your data in strict adherence with these laws and principles. Your data will only be collected, utilised or shared by the IAA if the processing is:

  • undertaken on the basis of your consent;
  • necessary for the performance of (or entering into) a contract;
  • as a result of an existing legal obligation to which we are subject;
  • in your vital interests;
  • in the public interest;
  • IAA’s legitimate interests.  

Learn how the IAA keeps your personal data secure

We are committed to applying the appropriate technical and organisational security measures to protect your personal information against unlawful or unauthorised use and against accidental loss, damage or destruction. We have strict confidentiality agreements and data processing agreements in place with our third-party providers (including data protection obligations). 

Learn how the IAA use Cookies and other tracking technologies

Except for necessary cookies, the IAA only processes cookies with your consent. Please refer to the IAA Cookie Notice in relation to our use of cookies.

MySRS platform is accessed through your web browser and uses the following necessary cookies:

  • When making electronic payments to check the browser is working properly, to detect and prevent fraudulent payments.

  • Security protection which maximizes network resources, traffic management and to protect the platform site against malicious traffic.

  • Application information involving error messages and exceptions to functionality is automatically pulled from your browser, used to maintain the application, and does not contain any personally identifiable information.

This is summarised in a banner appearing on your browser stating “MySRS uses cookies to provide features such as security, payment and customer support” along with a button to “Accept”.  There is a “Learn more” link which provides details of the cookies used

Your Data Protection Rights

Individuals have data rights which allow you to address any concerns or queries regarding the processing of your Personal Data.

-        We will respond to your request within 1 (one) month of receipt of your request.

-        All of your rights may be exercised freely and at no cost.

You can exercise your rights by contacting dataprotection@iaa.ie

You have a right to request access to the personal data that we hold about you or to have that information updated if it is incorrect.

In order to request a copy of the personal data that IAA holds about you, please email dataprotection@iaa.ie and include the following information:

  • Your full name (including previous name, if applicable);
  • A brief description of the data that you are requesting, including a date range;
  • Any email addresses (past and present) used to contact IAA; and
  • A copy of current and valid photo ID (e.g. drivers’ licence).


Alternatively, you can fill in a copy of this subject access request form here and submit it to the email address mentioned.

From the date that we receive this information, we will endeavour to process your request in line with the relevant regulations.

Where applicable you have the right to restrict the processing of your personal data, to have your data rectified and keep up to date, the right to have your data erased, the right to data portability and the right to object to processing.

If you have questions in relation to your personal data rights, please contact us via email at dataprotection@iaa.ie or in writing to The Data Protection Officer/Company Secretary, Irish Aviation Authority, The Times Building, 11-12 D'Olier Street, Dublin 2, D02 T449.


If you feel that the processing of your Personal Data is not in line with IAA’s data protection obligations, you can complain to a Data Protection Supervisory Authority.

The Supervisory Authority for the IAA is the Data Protection Commission.

Postal Address  
Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
D02 RD28

Website           https://www.dataprotection.ie/en/contact/how-contact-us

Learn about Changes to the Privacy Policy

Any changes to the Privacy Policy will be posted on our website and in MySRS so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any time we decide to use personal data in a manner significantly different from that stated in this Privacy Policy, or otherwise disclosed to you at the time it was collected, we will notify you either on this website or by email.

Data Retention

The IAA will retain your data for as long as it is necessary to fulfil the purposes for which it was collected.

However, we may be required by applicable laws and/or regulations to hold your data for longer than this period.

Unless legally obliged to the contrary, the IAA will delete your Personal Data in line with our Data Retention Policy.

Where we transmit and store your personal data

Personal Data that we collect may be transferred, stored, and/or processed between and accessed from other jurisdictions throughout the world. Laws in these other jurisdictions may differ from and may not provide an equivalent level of data privacy, security, and protection as the EU/EEA. Where your data is transferred outside the EU/EE, we ensure that there are appropriate safeguards in place, such as EU Commission approved Standard Contractual Clauses.

Changes to this Policy

The IAA may change this statement from time to time, in whole or part, at our sole discretion or to fulfil a legal obligation.

We encourage you to check our website to view the most recent version of this statement (www.iaa.ie.)

If you have an account with the customer portal (MySRS) you will be required to read and to reaffirm consent when the change to this statement is published.

Revision Date: March 2022

Previous Revision Date: January 2022