Privacy Notice

The Civil Aviation Authority of the Cayman Islands (CAA)  is committed to protecting your privacy and developing technology that gives you the most powerful and safe online experience. This Statement of Privacy applies to the VP-C Online at vp-conline.com and governs data collection and usage. By using the VP-C Online website, you consent to the data practices described in this statement.

CONTACT INFORMATION

Please contact us if you have any questions about our privacy notice or about how the CAA processes Personal Data. Please contact our Data Protection Officer (“DPO”) via the details below:

DATA PROTECTION OFFICER
Address: 205 Owen Roberts Drive, Grand Cayman, CAYMAN ISLANDS
Email Address: dataprotection@caacayman.com
P.O. Box: P. O. Box 10277, Grand Cayman, KY1-1003, CAYMAN ISLANDS

DEFINITIONS

Data Controller: A Data Controller is the person who, alone or jointly with others determines the purposes, conditions and manner in which any Personal Data are, or are to be, processed and includes a local representative. A Data Controller can be any legal person, i.e. an individual, corporation, either aggregate or sole, or any club, society, association, public authority or other body, of one or more persons

Data Processor: A Data Processor processes Personal Data on behalf of a Data Controller and does not itself determine why Personal Data should be processed. A Data Processor may, to a certain extent, decide on how the Personal Data should be processed.

Data Subject: A Data Subject is (a) an identified living individual; or (b) a living individual who can be identified directly or indirectly by means reasonably likely to be used by the Data Controller or by any other person.

Personal Data: Part 1 of the Cayman Islands Data Protection Law (“DPL”) defines Personal Data as any information about a living, natural person (including but not limited to information about staff or members of the public) who can be identified. However, information about sole traders, employees, partners, and company directors who are individually identifiable will still constitute Personal Data.

Examples of Personal Data include, but are not limited to, the following:

  1. First name, last name;
  2. Home contact information (including street address, personal telephone number and personal email address);
  3. Age;
  4. Gender;
  5. Citizenship;
  6. Marital status;
  7. Full credit or debit card number;
  8. Health insurance Identification (“ID”) or account number; and
  9. Bank account number and routing number.

Sensitive Personal Data: Part 1 of the DPL defines Sensitive Personal Data as any information that with unauthorised disclosure could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. The DPL defines “Sensitive Personal Data” as Personal Data consisting of:

  1. The racial or ethnic origin of the Data Subject;
  2. The political opinions of the Data Subject;
  3. The Data Subject’s religious beliefs or other beliefs of a similar nature;
  4. Whether the Data Subject is a member of a trade union;
  5. Genetic data of the Data Subject;
  6. The Data Subject’s physical or mental health or condition;
  7. Medical data;
  8. The Data Subject’s sex life;
  9. The Data Subject’s commission, or alleged commission, of an offence; and
  10. Any proceedings for any offence committed or alleged, to have been committed, by the Data Subject, the disposal of any such proceedings or any sentence of a court in the Cayman Islands or elsewhere.

Third Parties: Third Parties mean any person other than:

  1. The Data Subject;
  2. The Data Controller; or
  3. Any Data Processor or other person authorised to process data for the Data Controller or Data Processor.

CHANGES TO OUR PRIVACY NOTICE

This Privacy Notice was last updated on March 14, 2021. We have the right to update the contents of this Privacy Notice from time to time to reflect any changes in the way in which we process your Personal Data or to reflect legal requirements as these may change. In case of updates, we will post the revised Privacy Notice on our website. Changes will take effect as soon as the revised version is made available on our website.

WHAT PERSONAL DATA WE COLLECT AND WHY WE COLLECT IT

We collect several different types of information for various purposes to provide and improve our service to you. We collect the following types of data:

  1. Contact Forms, Surveys, and Applications
    The CAA may collect the following information when you fill out a contact form, survey, application or subscribe to our newsletter:

     

    • Your name;
    • Contact information such as email address, phone number(s), etc.;
    • Payment data which is necessary for us to process payments and implement fraud prevention measures, including credit/debit card numbers, security codes, etc.;
    • Business details such as company name, occupation, etc.; and
    • Demographic Information such as address and postal code.
  2. Media
    If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included as visitors to the website can download and extract any location data from images on the website.
  3. Cookies
    If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no Personal Data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
  4. Embedded Content from Other Websites
    Pages on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
  5. Google Analytics Cookies
    We use Google Analytics to collect information about how you use this site. We do this to help make sure the site is meeting the needs of its users and to help us make improvements. We use Google Analytics cookies. Cookies are small text files that are downloaded to your device by websites you visit. These cookies help us improve our site by providing us with information about how users interact with our website such as the number of visitors to the site, the pages they visit and the length of time spent on the site. These cookies do not collect information that identifies a visitor. All of the information that the cookies collect is aggregated and anonymous. You may change your browser settings to delete and block cookies. To find out how, please visit www.allaboutcookies.org.By continuing to use this site without changing your settings you consent to our use of cookies as described above.

WHAT ARE YOUR DATA PROTECTION RIGHTS?

The Cayman Islands Data Protection Law 2017 (“DPL”) grants individuals a number of rights in relation to their Personal Data. We must respond to requests in relation to your rights within 30 days of receipt; however, there are some exceptions to this.

The availability of some of these rights depends on the legal basis that applies in relation to the processing of your Personal Data, and there are some other circumstances in which we may not uphold a request to exercise a right. Your rights and how they apply are described below:

  1. The right to be informed
    Your right to be informed is met by the provision of this privacy notice, and similar information when we communicate with you directly – at the point of contact.
  2. The right of access
    You have the right to obtain a copy of Personal Data that we hold about you and other information specified in the DPL, although there are exceptions to what we are obliged to disclose.
  3. The right to rectification
    You have the right to ask us to rectify any inaccurate data that we hold about you. You also have the right to ask us to complete information you think is incomplete.
  4. The right to stop/restrict processing
    You have the right to request that we stop processing, not begin processing, or cease processing for a specified purpose or in a specified way. This is not an absolute right, and, depending on the legal basis that applies, we may have an overriding legal basis to continue processing the data.
  5. The right to stop direct marketing
    You have the right to stop direct marketing from the CAA. See above the contact information for CAA’s Data Protection Officer. We will not use your personal information for marketing purposes if you have indicated that you do not wish to be contacted and will only retain your details on a suppression list to help ensure that we do not continue to contact you.
  6. The right in relation to automated decision making
    You have the right to object to being subject to a decision based solely on automated processing, including profiling. Should we perform any automated decision-making, we will record this in our privacy notice, and ensure that you have an opportunity to request that the decision involves personal consideration.
  7. The right to complain to the Office of the Ombudsman
    You have the right to complain to the Office of the Ombudsman if you are not happy with any aspect of the CAA’s processing of Personal Data or believe that your rights are not being respected. The contact details for the Office of the Ombudsman are:

The Office of the Ombudsman
5th Floor, Anderson Square
64 Shedden Road
George Town
Grand Cayman
info@ombudsman.ky
+1 345 946 6283
https://ombudsman.ky/make-a-complaint

HOW LONG WE RETAIN YOUR DATA

We will only keep your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal (including the Cayman Islands Government retention requirements), accounting, or reporting requirements.

To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

WHO HAS ACCESS TO YOUR INFORMATION

We do not sell or disclose your information to Third Parties. However, we may disclose your information to Third Parties in order to achieve the other purposes set out in this notice. These Third Parties may include those working on our behalf. Examples of such Third Parties include:

  1. Contractors; and
  2. Social media managers.

We may disclose your information to our service providers (Third Parties) including agencies working on behalf of us for the purposes of completing tasks and providing services to you on our behalf. We only disclose the necessary personal information. We do not release your information to Third Parties for them to use for their own direct marketing purposes.

TRANSFERS OUTSIDE THE CAYMAN ISLANDS

Unless certain exemptions apply or protective measures are taken, the CAA will ensure that Personal Data and Sensitive Personal Data, even if it would constitute fair processing, will not be disclosed or transferred outside the Cayman Islands to a country or territory which does not ensure an adequate level of protection for the rights and freedoms of Data Subjects.

HOW DO WE KEEP YOUR PERSONAL DATA SAFE

We take appropriate technical and organisational measures to keep your Personal Data confidential and secure, in accordance with our internal policies and procedures regarding storage of, access to and disclosure of Personal Data. We may keep your Personal Data in our electronic systems, in the systems of our contractors, or in paper files.

REFERENCES

The Cayman Islands Data Protection Law, 2017