OUR PRIVACY NOTICE
Who are we?
The Irish Light Aviation Society (ILAS) is a membership-based, not-for-profit, amateur/sport aviation organisation. It fosters and promote recreational flying activities, and support its members in the construction and maintenance of amateur built and classic/vintage aircraft types. The ILAS Committee is staffed entirely by volunteers. ILAS operates a Flight Permit scheme that is jointly administered with the Irish Aviation Authority.
ILAS and GDPR
ILAS is obliged to comply with EU Regulation 2016/679 (General Data Protection Regulation – GDPR) which is given effect by the Irish Data Protection Act (2018). These laws give EU citizens more control over how their personal information is used. This means you have specific rights with regard to how your personal information is collected, stored and distributed. This is known as data processing. The following paragraphs describe how ILAS processes your data and what rights you have under this new legislation.
The regulations set out the underlying principles relating to the processing of personal data, which are lawfulness, fairness and transparency.
What is personal data and what do we collect?
ILAS is a data controller and this means it collects your personal data for specific purposes. Personal data relates to a living individual who can be identified from that data. Identification can be made by the information alone or in conjunction with any other information in the possession of a data controller.
Member data processed by ILAS is normally restricted to name and contact details (email, telephone, address) in order to verify membership status. ILAS members who own aircraft are subject to further processing of their data as they will provide specific information about their aircraft such as civil registration, build/maintenance records and insurance details. These details are retained for periods of time specified in the ILAS data retention policy. Biometric (photo) data sometimes appear on ILAS website pages (www.ilas.ie) to advertise specific society events and activities.
ILAS does not collect sensitive personal information under any circumstances. ILAS dos not process the personal data of persons under 16 years of age.
How do we collect your personal data?
As a data controller, ILAS complies with its obligations under the GDPR by keeping your personal data up to date; storing and erasing it securely; not collecting or retaining excessive amounts of data; protecting personal data from loss, misuse, unauthorised access/disclosure, and by ensuring that appropriate technical measures are in place to protect personal data.
As an ILAS member, you provide ILAS with your personal information when you:
How do we use your personal data?
Your data is used to:
What is the legal basis for processing your personal data?
As a data controller, ILAS must have legal basis for processing your data. These are called lawful processing conditions and from the regulations, the three that most accurately describe ILAS activities are:
Sharing your personal data
On occasion, ILAS may need to share your personal data with other organisations. These are third parties (known as data processors) and they may manage financial transactions, communications, surveys or the secure storage of your data. ILAS may also share your data with individuals or organisations pursuing your interests with respect to the Flight Permit scheme that ILAS operates for its members.
This processing is kept to an absolute minimum and may occur when:
Where data processing by a third party occurs, there must be a data processing agreement (DPA) in place between the processor and the data controller. These DPAs can be bespoke arrangements, but with larger organisations it is usual for a standard published agreement to be in place. This ensures that all data subject processing complies with GDPR.
ILAS will not knowingly share your personal information for any commercial or marketing purposes and ILAS will not transfer your data to organisations in any third country (where GDPR does not apply) without your explicit consent.
If any reason exists to use your personal data for a new purpose that is not contained in this Privacy Notice, then ILAS will provide you with a new notice. This revised notice will explain the new use of your personal data prior to any processing taking place.
How long do we keep your data?
ILAS stores data in accordance with a data processing policy log which is accessible to members and is maintained by the ILAS Committee. ILAS does not retain data for periods beyond what is necessary for the efficient administration of the Society, or where otherwise required by law.
What are your data protection rights?
ILAS would like to make sure you are fully aware of your data protection rights. Under GDPR, every ILAS member is entitled to the following with respect to their personal data:
You also have the right to lodge a complaint with the Data Protection Commission (DPC), if you consider the processing of your personal data infringes the GDPR.
What happens in case of a data breach?
A data breach has occurred when personal data are shared inappropriately and usually happens through carelessness with no malicious intent. An example could be a list of member contact details left in a public area. Nevertheless, when a breach is detected, it must be reported to the DPC within 72 hours. This responsibility belongs to the ILAS Committee or a designated data champion. A data breach log is maintained in a secure location for the purpose of recording any occurrences and the relevant details. Failure to comply with this regulation can result in fines imposed by the DPC.
Regular review of compliance and security
Due to the nature of the organisation, ILAS is not required to have a full-time Data Protection Officer. Alternatively, Data Champions are appointed to monitor GDPR compliance. These individuals will receive periodic training from recognised providers in order to remain up to date with the latest procedures and regulatory changes. ILAS will conduct an annual audit to verify compliance with data privacy and security policy. This notice has been updated as of 01-03-2020.
To exercise all relevant rights, queries or complaints, please contact the ILAS Secretary at:
ILAS, c/o 15 Herbert Park, Bray, Co. Wicklow A98 P3X2, Ireland
You have the right to make a complaint to the Data Protection Commission at any time. A subject data access request (SDAR) can be made, if there are grounds to do so. ILAS will reply as soon as possible, and at the latest within one month of a request being received, in accordance with the regulations.
Contact details for the Data Protection Commission are available on their website: