Who we are?
Please visit our website at: https://programapapi.org
Who is responsible for the processing of your data?
It is the Spanish Association of Pilots (hereinafter also, the “Association”), domiciled at Calle del General Díaz Polier, 49, Int. 4º 28001, Madrid, with Tax ID: G-28199834. The Pilot Support Program (hereinafter also “PAPi Program”) is part of this legal entity. The email address to contact us to clear up doubts about the protection of your data is lopd@sepla.es.
For which purposes do we process your personal data?
We only process your personal data for the purpose of developing the Pilot Support Program (PAPi), which consists in providing commercial pilots with private and confidential assistance in matters related to their emotional well-being.
How long do we keep your data?
We keep your data for one year. After this time, personal data is deleted from the registry and only anonymized data is retained. To set this period we have used the principle of keeping the minimum time necessary to fulfill the purpose (data minimization principle), as stated in the General Data Protection Regulation, in particular. The criteria indicated by the Practical Guide to Data Protection in Psychology, published by the Official College of Psychologists of Madrid.
What are your rights over your personal data and how can you exercise them?
Your rights are those of access, rectification, deletion, portability and limitation. You can exercise them by sending an email to lopd@sepla.es, indicating your name, surname and contact telephone number. We will reply within one month.
What legal basis do we use to process your data?
Article 9.2 b) of the General Data Protection Regulation allows the processing of special categories of personal data for the fulfillment of specific obligations of the Data Controller, provided that it is authorized by EU law.
The PAPi program is one of the support programs for commercial civil pilots provided for in point “CAT.GEN.MPA.215 Support program” of Commission Regulation (EU) No 965/2012 of 5 October 2012 laying down technical requirements and administrative procedures in relation to air operations pursuant to Regulation (EC) No 216/2008 of the European Parliament and of the Council. This item was introduced by means of Commission Regulation (EU) 2018/1042 of 23 July 2018 amending Regulation (EU) no. °965/2012 as regards technical requirements and administrative procedures concerning the introduction of support programs, the psychological assessment of flight crews and systematic and random checks for psychoactive substances to ensure the medical fitness of flight and cabin crew members, and as regards equipping new turbine aircraft with a maximum certificated take-off mass of 5700 kg or less and approved to carry between 6 and 9 passengers with an impact warning and alarm system.
Do we transfer your personal data to third parties?
No, we do not, except for the strictly necessary transfer to the IT support provider. In the case of statistical data provided to the operator concerned, it is of vital importance to point out that this is not personal data at all, but anonymized data. These include, among others, the following: employment data, case typology, case resolution, among others.
Within this section, although these are rare cases, we believe it is important to remember that the only case in which there is a legal and ethical obligation to communicate your personal data to third parties (this is also stated in our confidentiality policy) is when there is an alert for the safety of the pilot or any other person. In any case, the intervention will be proportionate to the level of risk.
How do we keep your data protected?
Your personal data will be protected by anonymization and encryption in accordance with the technical and organizational measures set out in Article 32 of the General Data Protection Regulation.
The information contained in our databases is encrypted, and access to these databases is protected by user, strong password (password creation directives that include complexity, periodic renewal and blocking against unauthorized access) and access to the databases will be done through VPN.
The information we provide for the elaboration of statistical information is always aggregated and anonymized.
