JSC “Smartavia Airlines”
Smart Up
WOW

Privacy Policy

Personal Data Processing Policy of Joint Stock Company “Smartavia Airlines”

1. Purpose of the Policy

The Policy defines the objectives and general principles of personal data processing, as well as the implemented measures for protecting personal data of Joint Stock Company “Smartavia Airlines” (hereinafter referred to as the Airline). The Airline is the operator of personal data.

The Policy is developed to ensure the protection of the rights and freedoms of individuals when processing their personal data.

2. General Provisions

The Airline is an aviation enterprise whose primary activity is the paid transportation of passengers, baggage, cargo, and mail by air.

The Policy is published on the official website of the Airline and is publicly available for review.

3. Legal Basis for Personal Data Processing

Personal data processing in the Airline is carried out on the following grounds:

  1. Civil Code of the Russian Federation;
  2. execution of a contract where the data subject is a party, beneficiary, or guarantor, or conclusion of a contract at the initiative of the data subject or a contract where the data subject will be a beneficiary or guarantor;
  3. performance of functions, powers, and duties imposed on the operator by the legislation of the Russian Federation, as well as those provided for by international treaties;
  4. consent of the personal data subject;
  5. Articles 86-90 of the Labor Code of the Russian Federation;
  6. Federal Law No. 16-FZ dated February 9, 2007, "On Transport Security";

4. Scope and Categories of Processed Personal Data, Categories of Personal Data Subjects

The Airline processes personal data of the following categories of personal data subjects:

  • clients of the Airline;
  • employees in an employment relationship with the Airline;
  • former employees of the Airline;
  • family members of the Airline's employees;
  • candidates for employment with the Airline;
  • individuals in contractual and other civil-law relationships with the Airline;
  • individuals who have agreed to participate in marketing research;
  • other individuals who have provided their personal data to the Company or whose personal data have been transferred to the Airline by a third party for processing.

Processing of personal data of individuals who have provided their personal data to the Airline or whose personal data have been transferred to the Airline by a third party for processing on its behalf is carried out on the basis of federal laws and relevant contracts or agreements between the Airline and third parties.

The categories of processed personal data are determined separately for each processing purpose, and their list and scope must not exceed what is necessary to achieve the relevant processing purposes:

  • for the performance of air transportation contracts, where one of the parties is the personal data subject — the passenger (client), and for the provision of additional services during air transportation;
  • for managing employment relationships between the Airline and its employees in accordance with the legislation of the Russian Federation;
  • for recruitment and employment purposes for filling vacant positions;
  • for controlling physical access of the Company's employees to office premises;
  • for issuing, canceling, and recording powers of attorney for representing interests and performing certain actions by individuals;
  • for maintaining publicly available directories of employees' official contact details;
  • for managing relationships with the Airline's counterparties;
  • for accounting, tax accounting, and individual (personalized) accounting of individuals in the Airline in accordance with the legislation of the Russian Federation;
  • for providing employees with voluntary insurance programs, including medical insurance and accident insurance, as well as other types of insurance;
  • for maintaining the Airline's corporate information portal;
  • for ensuring the correct operation of the website and publicly available resources.

The Airline does not process special categories of personal data related to racial or ethnic origin, political views, religious or philosophical beliefs, intimate life, or biometric personal data, unless otherwise provided by the legislation of the Russian Federation.

5. Procedure and Conditions for Personal Data Processing

5.1 The personal data subject has the right to:

  • freely, voluntarily, and in their own interest provide their personal data and consent to their processing;
  • submit requests to the Airline, including repeated requests, and receive information on the processing of their personal data in the manner, form, scope, and within the timeframes established by the legislation of the Russian Federation;
  • require the Airline to clarify, block, or destroy their personal data if the data is incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the stated processing purpose;
  • request the Airline to stop processing their personal data and withdraw their consent to the processing of personal data;
  • exercise other rights provided by the legislation of the Russian Federation.

5.2 The Airline undertakes to:

  • provide the personal data subject with information regarding the processing of their personal data upon request, or legally refuse to provide such information;
  • clarify, block, or delete processed personal data upon the request of the data subject if the data is incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the stated processing purpose;
  • keep records of requests from personal data subjects;
  • not disclose or distribute personal data without the consent of the data subject, unless otherwise provided by the legislation of the Russian Federation;
  • if personal data is obtained not from the data subject, provide the data subject with the information required by Law No. 152-FZ before processing begins, taking into account exceptions established by the legislation of the Russian Federation;
  • explain to the data subject the legal consequences of refusing to provide personal data and/or consent to processing, if such provision or consent is mandatory under the legislation of the Russian Federation;
  • stop processing and destroy personal data in the following cases:
    • achievement of the processing purposes or loss of necessity to achieve them, unless otherwise provided by Law No. 152-FZ or other applicable regulatory legal acts of the Russian Federation;
    • withdrawal of consent to processing by the data subject;
    • submission of a request by the data subject to stop processing, unless otherwise provided by Law No. 152-FZ;
    • identification of unlawful processing by the Airline (if ensuring lawful processing is impossible);
  • take necessary legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, alteration, blocking, copying, distribution, or other unlawful actions;
  • notify the authorized body for the protection of personal data subjects' rights (hereinafter referred to as Roskomnadzor) in case of unlawful or accidental transfer of personal data leading to violations of data subjects' rights, in the manner and within the timeframes established by personal data legislation;
  • interact with the state system for detecting, preventing, and eliminating the consequences of computer attacks on Russian information resources (GosSOPKA) in the manner determined by the federal executive authority responsible for security;
  • provide Roskomnadzor with the necessary information upon request in accordance with the "Regulation on Personal Data Processing" approved by the Airline;
  • fulfill other obligations provided by the legislation of the Russian Federation.

5.3 The Airline has the right to:

  • process personal data without the data subject's consent in cases provided by Law No. 152-FZ;
  • transfer personal data to third parties, state bodies, municipal authorities, state institutions, state extra-budgetary funds, and other entities (if applicable), if required by applicable legislation (tax, law enforcement agencies, etc.) or with the data subject's consent;
  • entrust the processing of personal data to third parties if there are legal grounds and compliance with the requirements of Law No. 152-FZ;
  • entrust the processing of personal data to third parties to improve the quality of services provided, based on federal laws and relevant contracts or agreements between the Airline and third parties;
  • refuse to provide the data subject with information about the processing of their personal data in cases provided by Law No. 152-FZ;
  • independently determine the composition and list of measures necessary and sufficient to fulfill the obligations under Law No. 152-FZ and related regulatory legal acts, unless otherwise provided by the legislation of the Russian Federation;
  • independently, taking into account the requirements of Law No. 152-FZ, determine the list of necessary legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, alteration, blocking, copying, distribution, or other unlawful actions, based on an assessment of current threats to personal data security, and determine the procedure for implementing such measures and evaluate their effectiveness;
  • exercise other rights provided by the legislation of the Russian Federation.

6. Personal Data Security

6.1 To protect against leaks or misuse of clients' personal data, the Airline continuously develops and upgrades information protection mechanisms, analyzes data processing processes, and uses specialized protection tools and technologies.

6.2 In accordance with the legislation of the Russian Federation on information security, the Airline takes all necessary measures to protect personal data subjects from unlawful or accidental access, alteration, copying, blocking, distribution, destruction, and other unlawful actions by third parties.

7. Additional Information

7.1 The Airline may amend this Policy without prior notice. Changes take effect from the date of publication of the updated Policy.

1. Purpose of the Policy

This document (hereinafter referred to as the Policy) outlines the policy of Joint Stock Company “Smartavia Airlines” (hereinafter referred to as the Airline) regarding the use of cookies, their collection, and usage through the Company's website:

https://flysmartavia.com/en/

The Airline is the operator of personal data. The Policy is a publicly available document of the Airline and provides an opportunity for any person to review it.

This Policy supplements the Personal Data Processing Policy available on the webpage at:

https://flysmartavia.com/en/policy/

2. Cookies and Personal Information

A cookie is a file containing data related to the Company's information systems and stored on your device.

Cookies typically do not contain information that personally identifies the user, but the personal information you provide may be linked to the information stored in and obtained from cookies. A cookie is unique to your browser and can only be read by the server that provided it to you.

The Airline uses data from these cookies solely to ensure a comfortable user experience on the website: during authentication (entering login and password) and for marketing purposes.

If the Airline can associate cookie data with a specific individual, the cookies are treated as personal data. The legal basis for such processing of cookie data is the Personal Data Processing Policy available on the webpage:

https://flysmartavia.com/en/policy/

In all other cases, cookie data is not considered personal data.

3. Managing Cookies

Each website or third-party service provider used by the website may send its own cookies to your browser, depending on your browser settings.

You can choose how your device handles cookies through your browser settings. The most popular browsers allow you to select the following settings:

  • accept all cookies;
  • notify when a cookie is issued;
  • block all cookies at any time.

Please note that blocking all cookies may prevent you from using all features of the Company's website.

If you decide to change your browser settings, check the "Help" section of your browser to learn how to adjust cookie settings.

4. Use of Cookies

We use cookies to improve the quality and functionality of the Company's websites and to provide services.

We use both session and persistent cookies on the website:

  • Session cookies are temporary cookies used during your visit to the website.
  • Persistent cookies are used to remember your preferences on the website and remain on your device after you close your browser or restart your device. These cookies are used until you clear your browser's cookies.

Cookies are collected and used on the Airline's website, and the data may be transferred to affiliates, partners, and other trusted parties, provided they guarantee compliance with the requirements of Russian legislation.

5. Additional Information

The Airline may amend this Cookie Policy without prior notice. Changes take effect from the date of publication of the updated Policy.