Privacy Policy | Data Protection Policy

OBJECTIVE

The objective of this policy is to establish procedures to protect the confidentiality, authenticity, and integrity of ACAT’s data, specifically personal data, in accordance with regulatory requirements and industry standards. ACAT’s Privacy Policy covers various aspects of personal data management, including collection, lawful processing, security, risk assessments, data breach procedures, international data transfers, employee training, third-party relationships, and policy updates. It places responsibility on all individuals, including employees, contractors, and third parties engaged in ACAT’s operations, to comply with the specified principles and guidelines to ensure the privacy and security of personal data at all stages of its lifecycle.

INFORMATION WE COLLECT

  1. ACAT are committed to protecting your privacy and safeguarding your personal information. This Privacy
    Policy outlines how we collect, use, disclose, and protect your personal information when you visit our
    website or use our services. 
    • By using our website or services, you consent to the practices described in this Privacy Policy. Personal Information: We may collect personal information that you voluntarily provide to us, including but not limited to your name, email address, phone number, and any other information you choose to provide when using our services.
    • Usage Information: We may collect information about how you use our website or services, including
      your IP address, browser type, device type, and operating system.

HOW WE USE YOUR COLLECTED INFORMATION

We use your personal information for various purposes, including:

  • Providing Services: This involves processing orders, offering customer support, and delivering relevant
    information.
  • Communication: We use your contact details to respond to inquiries, send transactional notifications, and
    provide important updates.
  • Personalization: Tailoring content, recommendations, and offers based on your preferences and usage
    history.
  • Account Management: Handling tasks like authentication, account recovery, and user account-related
    activities.
  • Marketing and Promotions: With your consent, we may send marketing materials, promotional offers,
    newsletters, and other communications. You can opt out at any time.
  • Analytics and Improvements: Analyzing user data to enhance our services by improving functionality,
    usability, and performance.
  • Legal and Compliance: Processing data to meet legal and regulatory obligations, including tax, accounting,
    and government requests.
  • Security: Your data is crucial for securing our services, detecting and preventing incidents, fraud, and
    unauthorized access.
  • Research and Development: Using anonymized or aggregated data for developing new features, products,
    and services.
  • Customer Feedback: Gathering valuable insights from your feedback through surveys to enhance our
    customer experience.
  • Merger or Acquisition: In case of mergers, acquisitions, or asset sales, your information may be transferred,
    adhering to data protection laws.

INFORMATION SHARING

We may share your personal information with:

  • Service Providers: We may share your information with third-party service providers who assist us in
    operating the Website and providing services.
  • Legal Requirements: We may disclose your information to comply with legal obligations, respond to requests
    from law enforcement, or protect our rights and safety.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your
    information may be transferred to the new owner.

DATA SECURITY

We prioritize the security of your personal information through comprehensive measures, including industrystandard encryption, strict access controls, firewalls, employee training, an incident response plan, third-party
vendor oversight, physical security, and regular system updates. While we are committed to data security, please
remember that no method of data transmission or storage is completely risk-free. We encourage you to enhance our
efforts by using strong passwords and protecting your login credentials. If you have security concerns or need to
report an issue, please contact our Data Protection Officer using the provided contact information in this privacy
policy.

DATA RETENTION

COOKIES AND TRACKING TECHNOLOGIES

We may use cookies and similar tracking technologies to enhance your user experience and collect usage
information. You can manage your cookie preferences through your browser settings.

YOUR RIGHTS

You have the right to access, update, or delete your personal information. You may also withdraw your consent for
certain data processing activities. To exercise these rights, please contact us using the contact information provided
below.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically to reflect changes in our data practices or legal requirements. We will
notify you of any significant updates.

TERMS AND DEFINITIONS:

ACAT – AAG Centre for Aviation Training (P) Ltd.

REVIEW:

This document shall be reviewed once a year or at the time of any major change in the existing environment
affecting policy, whichever is earlier.

ENFORCEMENT AND EXCEPTION

All workforce members, including third parties, are required to comply with this policy any workforce member violating these policies shall result in disciplinary action, up to and including termination of employment.

Any exception to the policy must be approved by the Executive Director, procedures and guidelines shall comply with legal, regulatory and statutory requirements.

TERMS AND DEFINITIONS:

NIST CSF v1.1 References:  ID.GV-3, PR.DS-1, PR.DS-2, PR.DS-3, PR.PT-2

NIST References:  AC-1, AC-17, AC-17(2), AC-20, AC-3, AC-4, AR-1, AR-2, MP-1, MP-2, MP-3, PL-4, SC-1, SC-12(1), SC13, SC-28, SC-28(1), SC-8, SI-12

PCI DSS v3.2.1 References:  2.3, 3.4, 4.1, 4.1.1, 9.5

HITRUST References:  06.d Data Protection and Privacy of Covered Information, 09.q Information Handling
Procedures, 09.s Information Exchange Policies and Procedures, 10.f Policy on the Use of Cryptographic Controls