1. Pocessing of personal data

Personal data of natural persons

Personal data is deemed to be specific information on personal or factual characteristics which relate to a particular or identifiable natural person. For example: data such as a person´s name, address, e-mail address, phone number and date of birth. Data which cannot be directly linked with your identity, such as preferred websites or the number of users of a page, is not deemed to be personal data.

The Provider shall process any personal data which is necessary to guarantee or provide its services and the related performances. The Provider shall also process personal data which users of the service enter themselves; for example, to register for the customer portal. The Provider may process such personal data with the assistance of services provided by third parties, have it processed by third parties as well as pass it on to Global Airlift Solutions AG companies which are allowed to process such data for similar purpose as the Provider.

Data connected with the use of the website
Further data shall be collected when accessing the offer, such as the date and time stamp, Internet Protocol (IP) addresses used, addresses and names of the pages accessed, information about the operating systems used and browsers as well as any location data release. The Provider shall use such data for statistical evaluation of the use of the offer and to detect technical problems so that the offer can be improved on an ongoing basis. The Provider shall not identify any users with such data. The Provider can process such data with help of services provided by third parties or have said data processed by third parties, as well as pass it on to Global Airlift Solutions AG companies which are allowed to process such data for similar purposes as the Provider.

Passing on data
The Provider shall not pass on personal data to third parties without permissions from the data subjects. This shall exclude statutory obligations to pass on data, passing on data to be able to guarantee the offer and provide and improve services related to the offer, passing on data with the consent of the data subjects, passing on data to Global Airlift Solutions AG companies which are permitted to process such data for the same purpose as the Provider, and passing on data to assert legal claims as well as guarantee legitimate interests insofar as the basic rights or interests of the affected users who require data protection outweigh these.

Protecting processed data
The Provider shall take appropriate organizational and technical measures to guarantee data protection and data security.

2. Cookies and tracking pixels

The Provider as well as third parties can place and tracking pixels (web beacons). Cookies and tracking pixels as well as those from third parties (third-party cookies) provide a statistical evaluation of the use of the offer and help to detect technical problems so that the offer can be improved on an ongoing basis. Cookies are small text files which are stored on end devices such as the users´PCs. Tracking pixels are accessed when using the offer. The Provider stores cookies and data related to cookies and tracking pixels for the period necessary to be able to guarantee the offer and provide services connected with the offer. Cookies can be deactivated in the browser settings in full or in part, as well as delated, at all times. Tracking pixels can be blocked in the browser settings or with the corresponding browser extensions at all time. Tracking pixels can be blocked in the browser settings or with the corresponding browser extensions at all times. If cookies are fully or partially deactivated and tracking pixels are blocked, to offer can no longer be used to its full extent.

3. Third-party services

The Provider uses Google Analytics, a web service of Google Inc. (“Google”). Google Analytics uses “cookies”, i.e. text files, which are stored on your computer and enable an analysis of your use of the website. The information about your use of the website generated by the cookie is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, Google will truncate your IP address beforehand within Member States of the European Union or in other states which are party of the Agreement on the European Economic Area.

The full IP address will only be transmitted to a Google server in the USA and truncated there in exceptional cases. Google will use this information to evaluate your use of the website, to compile reports on the website activities for the website operator and to provide further services connected with the website use and Internet use. Google may also transmit this information to third parties where it is required to do so by law, or if these third parties process this data on Google´s behalf. The IP addresses transmitted from your browser within the scope of Google Analytics will not be associate with any other data of Google.

You can prevent the installation of cookies by settings your browser software accordingly; however, we would like to inform you that you will not be able to make full use of all the functions of this website. By using this website, you hereby consent to the processing of the data which Google has collected about you in the above manner and for the aforementioned purpose.

4. Notifications

The Provider can inform and contact users about the offer by e-mail and other communication channels. Notifications can contain graphic or Web links which record whether an individual notification has been read and which Web links were clicked on during the course of this. Such graphs and Web links record the use of notifications for statistical evaluations and to detect technical problems so that notifications can be improved on an ongoing basis.

Users who receive notifications can unsubscribe at any time and object to the mentioned graphics and Web links at the same time. Notifications deemed by Provider to be mandatory for the use of the offer shall be exclude from this.

5. Rights of users

Users and other persons whose personal data is processed by the Provider can demand written information about the processing of there personal date, have their data corrected, deleted or blocked and object to the processing of their personal data. Under data protection law, such claims and information must be reported by letter post to the following address:

Global Airlift Solutions AG

Lerzenstrasse 14

CH-8953 Dietikon

Switzerland

6. Amendment of the Privacy Policy

The content of this Privacy Policy shall be regularly checked. The Provider reserves the right to amend the Privacy Policy at any time. Please keep up to date on any amendments made.

ANNEX:

Technical and organizational measures

1. Confidentiality

The measures listed below are of general nature and shall apply unless measures to the contrary were agreed in a contract.

If the data processing is undertaken by third parties, a relevant contract ion order processing shall ensure that the third party takes comparable measures and adheres to them.

Physical access control

The data centers used by the Provider meet the most stringent security requirements. Access shall only be granted and requested for a select, well-known group of people, along with prior registration and two separate security features. Access shall also be logged.

System access control

Access to the Provider’s system shall take place with personalized user accounts. A Password policy shall be instituted which meets modern standards through the use of technical as well as organizational measures. If authentication fails, the account shall be temporarily disabled; after further unsuccessful attempts, the account shall be permanently disabled. All log-in attempts shall be logged.

Firewall systems shall protect against external access. VPN technology shall protect against external data connections.

Data access control

The rights to the systems are structured into groups. One or more groups that are required to perform the function of the respective employee are assigned to the individual employee accounts. The groups are structured so that they can only access the data that is required to fulfil the task. Mutations of the group assignments are documented and logged.

Pseudonymization

The primary identification features of the personal data shall be removed from the respective data use and stored separately if the respective data processing allows this.

2. Integrity

Transmission control

Personal data shall only be transmitted with the consent of the data subject or on the basis of lgal obligation.

Entry control

The systems of the Provider in general and the systems which process personal data in particular shall log access & events (log-ins, log-outs, amendments, etc.).

3. Availability control

• High-availability architecture (storage, server, network, data center & connection)
• Local emergency power (UPS)
• Back up system with offsite backup
• Firewall
• Anti-virus protection
• Regular patching of operating systems and applications

4.Procedure for regular review, assessment and evaluation

Data protection-friendly defaults

The principles of “Privacy by design” and “Privacy by default” shall be taken considered during IT operations and IT development.

Order control

No order processing shall be undertaken without the requisite instructions from the Client, e.g.: clear contractual design, formalized order management, strict selection of service provider, duty of impartiality, follow-up inspections.