OUR PRIVACY NOTICE

Who are we?

The Irish Light Aviation Society (ILAS) is a membership-based, not-for-profit, amateur/sport aviation organisation. It fosters and promotes recreational flying activities, and supports its members in the construction and maintenance of amateur-built and classic/vintage aircraft types. The ILAS Committee members are elected annually by the membership of the Society at the AGM and work for the Society on a fully voluntary basis. ILAS operates a Flight Permit scheme that is jointly administered with the Irish Aviation Authority.

ILAS and GDPR

ILAS is obliged to comply with EU Regulation 2016/679 (General Data Protection Regulation – GDPR) which is given effect by the Irish Data Protection Act (2018). These laws give EU citizens more control over how their personal information is used. This means you have specific rights with regard to how your personal information is collected, stored and distributed. This is known as data processing. The following paragraphs describe how ILAS processes your data and what rights you have under this new legislation.

The regulations set out the underlying principles relating to the processing of personal data, which are lawfulness, fairness and transparency.

What is personal data and what do we collect?

ILAS is a data controller and this means it collects your personal data for specific purposes. Personal data relates to a living individual who can be identified from that data. Identification can be made by the information alone or in conjunction with any other information in the possession of a data controller.

Member data processed by ILAS is normally restricted to name and contact details (email, telephone, address) in order to verify membership status. ILAS members who own aircraft are subject to further processing of their data as they will provide specific information about their aircraft such as civil registration, build/maintenance records and insurance details. These details are retained for periods of time specified in the ILAS data retention policy. Biometric (photo) data sometimes appear on ILAS website pages (www.ilas.ie) to advertise specific society events and activities.

ILAS does not collect sensitive personal information under any circumstances. ILAS dos not process the personal data of persons under 16 years of age. 

 

How do we collect your personal data?

As a data controller, ILAS complies with its obligations under the GDPR by keeping your personal data up to date; storing and erasing it securely; not collecting or retaining excessive amounts of data; protecting personal data from loss, misuse, unauthorised access/disclosure, and by ensuring that appropriate technical measures are in place to protect personal data.

As an ILAS member, you provide ILAS with your personal information when you:

• Apply for initial membership and annual renewal of membership
• Apply for an aircraft build/restoration project
• Apply for an aircraft Flight Permit
• Participate in Society events and meetings
• Access the ILAS website members-only sections (through limited use of cookies)
• Contact Committee members for specific purposes

How do we use your personal data?

Your data is used to:

• Contact you with details of activities, events, publications and news that may be of interest to you
• Inform you of specific safety information relating to the operation or maintenance of aircraft
• Manage the member relationship between you and ILAS, which includes the processing of payments and documents related to aircraft owners (individuals or groups) and/or specific aircraft
• Fulfil any statutory obligation to notify state agencies following an aviation occurrence or accident
• Convey any other information considered to be in the legitimate interests of ILAS and its members

Membership data is stored securely using cloud storage for a specific period of time. Paper-based forms found in the National Maintenance Organisation Manual (NMOM) may be scanned electronically for convenient processing. We may also retain aircraft maintenance records as part of our archive for historical purposes. This is solely for the informational benefit of aircraft owners and Society members.

What is the legal basis for processing your personal data?

As a data controller, ILAS must have legal basis for processing your data. These are called lawful processing conditions and from the regulations, the three that most accurately describe ILAS activities are:

• Consent given for the processing of personal data for specific purposes. This is implicit on making an application for membership. Otherwise, if specific consent is required, ILAS will ask for it. You may withdraw this at any time. 

• The pursuit of the legitimate interests of the Society in areas that members have indicated, such as social events, dissemination of safety information or processing of aircraft project documents and permit applications.
• Processing necessary to fulfil a legal obligation. This means that ILAS may be required to keep certain documents on file. ILAS may also be obliged to report details of aircraft occurrences to certain organisations in accordance with statutory requirements and the IAA approval associated with the ILAS NMOM.

Sharing your personal data

On occasion, ILAS may need to share your personal data with other organisations. These are third parties (known as data processors) and they may manage financial transactions, communications, surveys or the secure storage of your data. ILAS may also share your data with individuals or organisations pursuing your interests with respect to the Flight Permit scheme that ILAS operates for its members.

This processing is kept to an absolute minimum and may occur when:

• Accessing the ILAS website (www.ilas.ie) that is managed by Wild Apricot
• Making membership payments on-line using Stripe
• Submitting an application to the Irish Aviation Authority
• Member records are stored on Google Drive

As the Flight Permit scheme is operated in cooperation with the Irish Aviation Authority (IAA), ILAS consider them to be a joint controller of your personal data. The IAA privacy policy can be viewed on their website at www.iaa.ie.

Where data processing by a third party occurs, there must be a data processing agreement (DPA) in place between the processor and the data controller. These DPAs can be bespoke arrangements, but with larger organisations it is usual for a standard published agreement to be in place. This ensures that all data subject processing complies with GDPR. 

ILAS will not knowingly share your personal information for any commercial or marketing purposes and ILAS will not transfer your data to organisations in any third country (where GDPR does not apply) without your explicit consent.

If any reason exists to use your personal data for a new purpose that is not contained in this Privacy Notice, then ILAS will provide you with a new notice. This revised notice will explain the new use of your personal data prior to any processing taking place.

How long do we keep your data?

ILAS stores data in accordance with a data processing policy log which is accessible to members and is maintained by the ILAS Committee. ILAS does not retain data for periods beyond what is necessary for the efficient administration of the Society, or where otherwise required by law.

Our cookie policy

Cookies are small pieces of information stored in simple text files and placed on your computer by a website. Cookies can be read by the website on your subsequent visits. The information stored in a cookie may relate to your browsing habits on the web page, or a unique identification number so that the website can "remember" you on your return visit. The cookies used by the ILAS website do not contain personal information from which you can be identified, unless you have furnished such information to the website. ILAS does not use cookies for any other tracking purposes.

What are your data protection rights?

ILAS would like to make sure you are fully aware of your data protection rights. Under GDPR, every ILAS member is entitled to the following with respect to their personal data:

• The right of access to your personal data (which ILAS holds about you)
• The right to request that ILAS correct any personal data if found to be inaccurate, incomplete or out-of-date
• The right to request your personal data are erased (known as the right to be forgotten), where it is no longer necessary or lawful for ILAS to retain such data
• The right to request that ILAS provide you with a copy of your personal data and, in certain circumstances, to transmit that data directly to another data controller
• The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing
• The right to object to certain processing of personal data
• Rights relating to profiling and automated decision-making

You also have the right to lodge a complaint with the Data Protection Commission (DPC), if you consider the processing of your personal data infringes the GDPR.

What happens in case of a data breach?

A data breach has occurred when personal data are shared inappropriately and usually happens through carelessness with no malicious intent. An example could be a list of member contact details left in a public area. Nevertheless, when a breach is detected, it must be reported to the DPC within 72 hours. This responsibility belongs to the ILAS Committee or a designated data champion. A data breach log is maintained in a secure location for the purpose of recording any occurrences and the relevant details. Failure to comply with this regulation can result in fines imposed by the DPC.

Regular review of compliance and security

Due to the nature of the organisation, ILAS is not required to have a full-time Data Protection Officer. Alternatively, Data Champions are appointed to monitor GDPR compliance. These individuals will receive periodic training from recognised providers in order to remain up to date with the latest procedures and regulatory changes. ILAS will conduct an annual audit to verify compliance with data privacy and security policy. This notice has been updated as of 01-03-2020.

Contact Details

To exercise all relevant rights, queries or complaints, please contact the ILAS Secretary at:

ILAS,  c/o 15 Herbert Park, Bray, Co. Wicklow A98 P3X2, Ireland

EMAIL: secretary@ilas.ie

WEBSITE: https://www.ilas.ie/

Complaints

You have the right to make a complaint to the Data Protection Commission at any time. A subject data access request (SDAR) can be made, if there are grounds to do so. ILAS will reply as soon as possible, and at the latest within one month of a request being received, in accordance with the regulations.

Contact details for the Data Protection Commission are available on their website:

 https://www.dataprotection.ie/en/contact/how-contact-us