Last Updated: December 10, 2019
Erickson Incorporated (collectively “we,” “us,” or “our”) is committed to keeping the personal data collected from individuals confidential and secure. The proper handling of such personal data is a high priority. Please read this policy carefully to understand how we collect, use, share, and protect your personal data. In this policy, “you” and “your” refers to the individual to whom such personal data relates.
When we collect personal data from you directly, we are typically acting as a data “controller” under applicable law (which may include the European General Data Protection Regulation or “GDPR”). However, when we receive your personal data from a third party such as a corporate customer, we are typically the data “processor” under applicable law. If we are acting as the data processor, we will only process the relevant data in accordance with the applicable customer contract.
Data We Collect
We collect personal data about you (such as your name, address, email address, phone number, tax identification number, bank account information) that you voluntarily provide us in our discussions or correspondence with you (in person, online, by email, over the phone, or otherwise) and from other documents and information you may deliver to us (including forms, applications, and registrations). Your submission of personal data is voluntary, but we may be unable to provide you requested information or services if you choose not to provide the necessary personal data.
In some cases, we may also collect certain personal data from third parties such as credit reporting agencies and our other business customers.
Use of Personal Data
The legal basis for our processing of your personal data generally includes one of the following: (a) you have consented to our processing of your personal data; (b) processing is needed to fulfill a request made by you; (c) processing is required to comply with a legal or regulatory obligation; or (d) processing is necessary for reasons that are in our legitimate interest as a company, such as to protect our business. For example, we may use personal data:
- for the purposes for which you provided it to us;
- to respond to your inquiries and communications to us; and
- to provide our aviation services and otherwise fulfill our obligations under our customer contracts;
- to improve, maintain, and operate our websites and our products and services;
- to inform you about products and services in which you may be interested;
- to screen you against lists of people, organizations and vessels with which certain countries are prohibited from doing business; and
- to comply with statutory and regulatory requirements, including responding to lawful requests for information by governmental authorities.
You can opt out of receiving promotional or marketing emails sent by us at any time by clicking the unsubscribe link at the bottom of any such emails. We may continue to contact you for administrative, customer support, and other non-promotional purposes.
Sharing of Personal Data
We do not sell your personal data to any third parties. We may share your personal data as needed to fulfill the purposes described in the “Use of Personal Data” section above, including:
- with our suppliers and vendors who help us provide goods and services to you;
- with our service providers, such as credit agencies and technical or logistics providers, who facilitate our operations for you;
- with our affiliates who are involved in the provision of services to you;
as permitted or required by law, including to verify eligibility under OFAC, for governmental permits or licensing, or other regulatory and compliance requirements; or
as necessary to comply with orders from law enforcement and other governmental authorities.
Where your personal data is shared with third parties outside of the Erickson company group, we require such third parties to take reasonable security measures to protect your personal data, and we contractually prohibit such third parties from using your personal data for their own purposes, or any purposes other than pursuant to our instructions.
We may from time to time aggregate or otherwise de-identify sets of personal data such that it can no longer be used to identify you. We may use and disclose de-identified data without limitation.
In the event of a merger, consolidation, sale, or transfer of all or substantially all of our assets or business, one of the assets which would generally be transferred is the data we have collected. We will advise a successor or successors in interest of the terms of this privacy notice and our expectation that the successor(s) in interest will comply with the terms hereof.
Swiss and EU Data Subject Rights
Swiss and EU residents have certain rights under the GDPR, including the following:
- Subject Access: the right to access the personal data we have collected about you;
- Rectification: the right to have inaccurate personal data amended;
- Erasure: the right to have us erase personal data in certain circumstances, subject to applicable data retention requirements;
- Withdrawal of Consent: where our processing is based on your consent, the right to withdraw such consent us and prevent further processing if there is no other legitimate ground upon which we can process your personal data;
- Restriction: the right to have certain personal data marked as restricted for processing in certain circumstances as defined in Article 18 of the GDPR;
- Portability: the right to receive a copy of your personal data in a format that you can send it to a third party;
- Raise a Complaint: the right to raise a complaint about our processing with the data protection regulator in your jurisdiction.
To request exercise of the above rights, please contact us as set forth at the end of this policy. Note that in some cases we may be required or permitted by applicable law to deny some or all of your request. We may also require you take reasonable steps to verify your identity before processing your request.
Cross-border Transfers of Personal Data
We are based in the United States, and personal data collected by us and our affiliates worldwide (including within the EU and Switzerland) may be transferred to the United States for processing. You consent to the transmission of your data outside your own country. We may be liable in cases of onward transfers of your personal data to third parties.
Where it is applicable, we comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union and Switzerland to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. If there is any conflict between the terms in this privacy notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal data. European Union and Swiss individuals with inquiries or complaints regarding our privacy notice should first contact us as set forth at the end hereof. We have further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and/or the Swiss Federal Data Protection and Information Commissioner, as applicable[Author1] . If a complaint is not resolved by other resource and enforcement mechanisms, then individuals may request binding arbitration. If you do not receive timely acknowledgement of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the applicable DPA for more information.
The Privacy Shield Frameworks apply to transfers of personal data from within the EU or Switzerland to the United States. If you are a EU or Swiss resident and have a question or complaint about the processing of your personal data within the EU or Switzerland, you have rights separate from those arising under the Privacy Shield Frameworks.
If you have any questions or complaints about data processing activities, please contact us as set forth at the end of this policy. EU or Swiss residents have the right to raise their inquiry or complaint to the applicable data protection authority in their member country.
Data Retention and Security
We may retain your personal data so long as we can reasonably foresee the data may be required in connection with our relationship with you. In some cases, we will retain the data for a longer period as necessary to comply with our legal obligations, follow reasonable records retention policies, resolve disputes, and enforce our agreements. We employ administrative, physical, procedural, and technological measures designed to protect your data from unauthorized access or alteration and loss or misuse.