KID-Systeme

Privacy / export control information notice

related to KID-Systeme GmbH / www.KID-Systeme.com (issued 62 183 01 on 13. December 2022).

Introduction

KID-Systeme GmbH (also known as, “KID”, or “we” or “us”) website including download portal (KENT) provides information about the company and products along with separate access to maintenance and repair documents. We appreciate your interest in our products, services and business lines and your use of our website and KENT portal. The website includes links to other websites or applications which are not necessarily covered by this Privacy Notice. In this event, we encourage you to carefully read the privacy policies of such websites. KID-Systeme GmbH is committed to protecting the privacy of individuals and to complying with applicable personal data protection laws and regulations. We want you to feel comfortable using our website and KENT portal. This Privacy Notice will inform you of the personal data we collect when using KENT portal: How we use and disclose your personal data; how you can control the use and disclosure of your personal data; and how we protect your personal data.

What is personal data?

Personal data is information that can be used to identify a person either directly or indirectly. It includes information such as name, contact details, identification numbers, financial data, location data or online identifiers.

Which sources and what personal data do we use?

The personal data we process in relation to download portal (KENT) are as follows:

  • Identification data : salutation, first name, last name
  • Professional data : title, company email address, company role, KID-Systeme contact, ICAO
  • Location data: company name/address/country/phone number

What are the purposes of the processing of your personal data?

By using KENT download portal, KID will process your personal data for the following purposes:

  • Verification of valid customer relationship
  • Verification with KID compliance rules
  • To comply with legal obligations: We use your personal data to comply with applicable legal obligations, including responding to an authority or court order or discovery request or to comply with export control and sanctions requirements when applicable.
  • To protect us and others: Where we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of policies, terms, and other policies.

We will use your personal data for the above Purposes only, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose (for preserving particular evidence or in the context of legal statutes of limitation for example). If we need to use your personal data for an unrelated purpose, we will notify you prior to this further personal data processing and provide you the relevant privacy information notice.

What is the legal basis for the processing of your personal data?

Subject to the applicable law, we process your personal data under the following legal basis:

  • To comply with contractual obligations.
    For Airbus / KID-Systeme GmbH employee(s), we process your personal data as part of the performance of your employment contract with Airbus in order to complete our respective contractual obligations.
  • As a result of your consent.
    When you have consented to the processing of your personal data by us for certain services through you can withdraw your consent at any time by contacting us at dataprotection@airbus.com. For further information on the right of withdrawal, please see below Section “How to exercise your rights and/or contact Airbus in respect of your personal data?”
  • Within the scope of a legitimate interest.
    On occasion taking into account the minimum privacy impact for you, the processing of your personal data might be necessary for the following legitimate interest:
    • For fraud detection and prevention and investigation of criminal acts.
    • For Compliance with foreign law, law enforcement, court and regulatory bodies’ requirements
    • For Information, system, network and cyber security within Airbus
    • For General Corporate Operations and Due Diligence
    • For Product development and enhancement (incl. the analysis and optimization of the Website/Process/Application/Newsletter
  • On the basis of KID-Systeme GmbH legal obligations.
    KID-Systeme GmbH, as any other company, is subject to legal obligations and regulations. In some cases the processing of your personal data will be necessary for KID-Systeme GmbH in order to fulfill these legal obligations GDPR.

Who will receive your personal data?

Subject to applicable law, we may disclose your personal data to the following recipient(s) on a need to know basis:

  • KID-Systeme GmbH & Airbus Operations GmbH
  • Authorized persons working for or on behalf of KID-Systeme GmbH, including our agents, service providers and advisers providing the variety of products and services we need such as:
    • Technical Publications
    • Export Control
    • Sales
    • Sales Administration
    • Technical Program
    • Controlling
    • Know your counterparties
    • IT (Service Provider)

Is any of your personal data transferred overseas?

Except for Airbus Affiliates operating outside the European Economic Area or the UK, your personal data will generally be processed in the European Economic Area. We share your personal data within Airbus. Any transfers within Airbus for Airbus daily business activity and internal organization are covered by an intra-group agreement (Binding Corporate Rules). The Binding Corporate Rules includes contractual protections to ensure that your personal data receives an adequate level of protection wherever it is transferred within Airbus. If you have any questions regarding transfers, please contact us (dataprotection@airbus.com) for further details.

How long will your personal data be retained?

We retain your personal data as long as reasonably necessary for the purposes for which it was collected. For KENT we retain for 06 months from the date of collection or our last interaction with you. In some circumstances, we may retain your personal data for a longer period of time than is needed for those purposes such as where we are required to do so in accordance with legal, regulatory, tax or accounting requirements.

What about the security of your personal data?

We use technical and organizational security measures in order to protect the personal data we have under our control against accidental or intentional manipulation, loss, destruction and against access by unauthorized persons. Our security procedures are continually enhanced as new technology becomes available.

What are your rights?

At any time you may exercise your personal data protection rights as listed below by contacting us at dataprotection@airbus.com:

  • Right to access/obtain a report detailing the information held about you: You have the right to obtain confirmation as to whether or not your personal data is being processed by Airbus and if so, what specific personal data is being processed.
  • Right to correct personal data: You have the right to rectify or request to have rectified any inaccurate personal data concerning you.
  • Right to be forgotten: In some cases, for instance, when the personal data is no longer necessary in relation to the Purposes for which they were collected, you have the right for your personal data to be erased.
  • Right to restrict the processing of your personal data: You have the right to restrict the processing of your personal data, for instance when the processing is unlawful and you oppose the erasure of your personal data. In such cases, your personal data will only be processed with your consent or for the exercise or defense of legal claims.
  • Right to data portability: You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and/or transmit those personal data to another data controller.
  • Right to object: In some cases required by law, you may ask us to stop processing your personal data.
  • Right to withdraw consent: Where your consent is required, you may at any time withdraw such consent by contacting us at the contact details in section “How to exercise your rights and/or contact KID-Systeme GmbH in respect of your Personal Data?”. However, please note that if you withdraw your consent, you may not be able to access and use certain information, features or services as described in section “Are you obliged to provide your personal data?”.

How to exercise your rights and/or contact Airbus in respect of your personal data?

If you want to exercise your rights or you are unhappy with the way in which your personal data has been processed or should you have any questions regarding the processing of your personal data, you may refer in the first instance to the Airbus Data Protection Officer, who is available, at the following email address: dataprotection@airbus.com. In case of doubt of your identity, we may ask you to justify it by enclosing a copy of any identity document.

Are you obliged to provide your personal data?

Under certain circumstances, when some personal data is necessary to enter into a contract or to comply with legal obligation, any failure to provide the requested personal data may result in us not being able to fulfill our contractual/legal obligations or to achieve the expected results.

Do we use automated decision-making, or conduct profiling?

As a matter of principle, we do not use fully automated decision-making processes nor conduct automated processes with the objective of evaluating certain personal aspects (profiling). In the event that we should use such processes, we will inform you in advance. We conduct profiling when we process your personal data, which means that we process your personal data in order to evaluate your KENT user and access rights.

How to ask for assistance from the competent authorities?

If you remain unsatisfied, then you have the right to apply directly to a Data Protection Supervisory Authority. Listed below are the four main countries where Airbus operates and the relevant Supervisory Authority

  • FRANCE: CNIL: Supervisory Authority France
  • GERMANY: Each German federal state has its own Data Protection Authority that can be found here, see tab "Aufsichtsbehörden für den nicht-öffentlichen Bereich", i.e. "Data Protection Authorities for the private sector")
  • SPAIN: AEPD.Supervisory Authority Spain
  • UK: ICO: Supervisory Authority UK

Additional Notice:

for California Residents
In addition to the information provided above, the following section is made specifically pursuant to the California Consumer Privacy Act of 2018 ("CCPA"). We don’t sell your personal information to third parties and we will not sell your personal information to third parties unless provided otherwise by a specific privacy notice. We do not discriminate against California residents who exercise their CCPA privacy rights.To exercise your California privacy rights please refer to the section "How to exercise your rights".

for Chinese residents
By participating in the KENT tool your personal information will be transferred to KID-Systeme GmbH located outside of China and will be processed in accordance with this privacy notice. We will comply with the applicable obligations and requirements under Chinese PIPL regulation in relation to sharing and cross-border transfers of personal information.

Cookies Policy

KID-Systeme GmbH uses Cookies and other trackers on its websites, as described in our Cookies Policy.

WHAT ARE COOKIES?

Cookies are small files or amounts of information that may be stored to, accessed and removed from your device when you access KENT. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. For instance, a “Cookie” may refer to “http cookie”, flash cookie” (used by some applications or website relying on Flash technology), local storage area of your internet browser, unique identifier calculated from your internet browser characteristics (also known as “browser fingerprinting”), or unique identifiers related to your device or your internet browser (device serial number, MAC address, Android ID, advertising ID, etc...)].

Cookies allows us to recognize your device and store information about your preferences or past actions. We may use Cookies:

  • to record the preferences of our users,
  • to enable us to optimize the design of [our Website/Application],
  • to ease navigation, and increase the user-friendliness of [our Website/Application],
  • to analyze the usage [our Website/Application], and/or to identify the most popular sections of [our Website/Application],
  • to provide content that is more accurately suited to your needs, and, in doing so, improve [our Website/Application]. Cookies can be used to determine whether there has been any contact between us and your device in the past,
  • to facilitate secure online access so that you do not need to enter your user ID and password again when you access [our Website/Application]

HOW CAN YOU DISABLE OR DELETE COOKIES?

When the Cookies we use are strictly necessary for technical reasons, they are marked as “mandatory” on the table above. Those Cookies do not require consent from you. However, if you choose not to accept Cookies that are strictly necessary for the provision of our services provided by our Website, it may result in a reduced availability of such services. For the Cookies that require a consent from you, please be informed that you can revoke this consent at any time. You can also manage and control the cookies we use, and delete them directly on KID-Systeme.com through the cookies settings interface. [please detail here the way users can manage cookies. If applicable please provide a link to the page where user can manage its preferences].

[This clause is to be included when your Website/Application does not offer the relevant settings for Cookies. Please note this situation may still raise a risk of non-compliance with current regulations and authorities guidelines. Therefore please contact Data Protection Office in such a case.]. You can prevent Cookies from being stored on your device by setting your browser to not accept cookies. The exact instructions for this can be found in the manual for your browser. You can also delete Cookies already on your device at any time through your browser’s settings. [If you use Cookies for analytics purposes (such as Google Analytics or Adobe Analytics), please contact Data Protection Office and add the following provision] For the purpose of statistical analysis, we use analytics tools relying on specific Cookies. You may object at any time to the collection and analysis of statistical data regarding your access to and use of KID-Systeme.com through the cookies settings interface mentioned above. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

Modification of the Privacy Notice

KID-Systeme GmbH will update this Privacy Notice from time to time in order to reflect the changes in our practices and services and also to remain compliant to Data Protection Laws and Regulations. We will inform you of any substantial modification in how we process your personal data.

  1. Collection and Purpose for Use of Personal Data

    In principle, we process your personal data only to the extent necessary to provide a functioning website. In addition, we only process data that you have provided to us in the context of contacting us.

    1.1 Website Visits

    Each time you visit our website, your browser automatically sends certain information to the server of our website, which it then stores in a log file (hereinafter „logfile“). These are information about

    • the type and version about your used web browser,
    • the operating system of your device (PC, notebook, smartphone, etc.) that you use
    • the website from which you came to our website,
    • the host name (hereafter „IP address“) of your end device
    • the time of your visit
    • the amount of transferred data and the access status (file transfer, file not found etc.).

    The legal basis for the collection and processing of the information stored in a log file is Article 6 (1) lit. f) GDPR.

    We use this data to ensure the functionality of the website, in particular to detect and eliminate website errors, to determine the utilization of the website and to make adjustments or improvements. This is also the purpose of our legitimate interest in data processing. The processing is expressly not for the purpose of gaining knowledge of your person as a visitor to the site.

    The information stored in a log file is deleted as soon as it is no longer necessary for the purpose of its collection. We will delete your IP address after leaving our website. Further storage of the data in log files is possible. In this case, your IP address is disassociated so that it is no longer possible to associate it with the visiting client.

    The collection of data for the provision of our website and the storage of data in log files is essential for the operation of our website. Consequently, you are not entitled to object in this matter.

    In addition, we use cookies on our website. Further details can be found in Section 2 of this Data Protection Policy.

    1.2 Email Contact

    On our website, an email address is provided, which can be used for electronic contact. If you do this, your personal data transmitted by email will be stored.

    In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing the conversation.

    The legal basis for processing data transmitted in the course of sending an email is Article 6 (1) lit. f GDPR. If the intention of email contact is to conclude a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

    The processing of personal data when contacting us by email serves only to process the contact. This also includes the required legitimate interest in processing the data.

    The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data sent by email, this is the case when the conversation with you has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified. If the data collected during contact is required to fulfil a contract, deletion of the data is only possible, so long as there are no contractual or legal obligations against deletion.

    You can object to the storage of your personal data by contacting us by email at any time. In such a case, the conversation cannot continue.

    All personal data stored in the course of contacting will be deleted in this case. Legal requirements for the storage of personal data during the execution of the contract, in particular those which we have to keep for tax reasons, remain unaffected.

  2. Use of Cookies

    Our website uses cookies. Cookies are very small text files used by websites that your browser stores on your device.

    We only use so-called session cookies (also referred to as temporary cookies), i.e. those that are cached exclusively for the duration of your use of one of our internet pages. The purpose of these cookies is to facilitate the use of our website. For example, you can use the session cookies to see whether you have already visited the individual pages on our website. After leaving the website, these session cookies are automatically deleted.

    You can set your browser to not accept cookies in general, or accept them only after explicit confirmation by you. You can easily find out how this works by using the help function of your browser. If your browser does not accept cookies, the functionality of our website may be limited or unavailable.

    The data processed by cookies for the aforementioned purposes are justified for safeguarding our legitimate interests under Art. 6 para. 1 lit. f) GDPR.

  3. Disclosure of Personal Data

    Personal data are disclosed to third parties, if

    • this has been expressly approved by the data subject pursuant to Art. 6 para. 1 lit. a) GDPR
    • disclosure pursuant to Art. 6 para. 1 lit. f) GDPR is required to assert, exercise or defend legal claims and there is no reason to believe that the data subject has an overriding legitimate interest in not disclosing their data
    • a statutory, regulatory and/or judicial obligation exists for the transfer of data pursuant to Art. 6 para. 1 lit. c) GDPR
    • this is required for the fulfilment of a contractual relationship with the data subject pursuant to Art. 6 para. 1 lit. b) GDPR.
    • Our agents, service providers and advisers (e.g. Third party service providers and advisers providing the variety of products and services we need such as Customer services, engineering services, manufacturing & supply chain services, Human Resources, IT maintenance and support, procurement services, compliance and security services, etc.);
    • this Other authorised third parties in connection with a reorganisation or sale of KID businesses and/or assets;

    In other cases, personal data will not be disclosed to third parties.

  4. Data Protection and Third Party Websites

    Our website may contain hyperlinks to and from third party websites. If you follow a hyperlink to any of these websites, please note that we cannot accept any responsibility or liability for third party content or privacy. Please carefully read their data protection policy before submitting personal information to these websites.

  5. Your Rights as the Data Subject and Contact

    As far as your personal data are processed during the visit of our website, you have the following rights as "data subject" within the meaning of the GDPR:

    5.1 Right of Access

    You may request confirmation from us as to whether personal information concerning you is processed by us. If such processing exists, you can request information from us about the following data:

    • the purposes for which the personal data are processed;
    • the categories of personal data that are processed;
    • the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
    • the planned duration of storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
    • the existence of a right to rectification or deletion of your personal data, a right of restriction of our processing or a right to object to such processing;
    • the existence of a right of appeal to a supervisory authority;
    • all available information on the source of the data if the personal data are not collected from the data subject;
    • the existence of automated decision-making including profiling according to Art. 22 (1) and (4) GDPR and - at least in these cases meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject.

    You have the right to request information about whether your personal information relates to a foreign country or an international organization. In this connection, you can request the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.

    5.2 Right of Correction

    You have a right to correction and/or completion with respect to us, if the personal data processed is incorrect or incomplete. We are obligated to perform the correction immediately.

    5.3 Right to Restriction of Processing

    You may request restriction of the processing of your personal data under the following conditions:

    • if you contest the accuracy of your personal information for a period that allows us to verify the accuracy of your personal information;
    • processing is unlawful and you refuse to delete the personal data and instead request restriction of the use of the personal data;
    • we no longer need your personal information for the purposes of processing, but you need it to assert, exercise or defend your rights;
    • if you have objected to processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether our legitimate reasons prevail over your reasons.

    If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the union or member state.

    If processing restrictions are limited according to the aforementioned conditions, you will be informed by us before the limitations are lifted.

    5.4 Right to Deletion

    You may request us to delete your personal information without delay and we are required to delete that information immediately, if any of the following applies:

    • Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
    • You revoke your consent to the processing pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. GDPR and there is no other legal basis for processing.
    • You object pursuant to Art. 21 para. 1 GDPR to the processing and there are no prior justifiable reasons for the processing, or you object to processing pursuant to Art. 21 para. 2 GDPR.
    • Your personal data has been processed unlawfully.
    • The deletion of personal data concerning you is required to fulfil a legal obligation under EU law or the law of the member states to which the controller is subject.
    • The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

    The right to deletion does not exist if processing is necessary

    • to exercise the right to freedom of expression and information;
    • to fulfil a legal obligation required by the EU law or the laws of the member states to which the controller is subject, or to perform a task of public interest or in the exercise of official authority conferred on the controller;
    • for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;
    • for archival purposes of public interest, scientific or historical research purposes or for statistical purposes acc. Article 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
    • to assert, exercise or defend legal claims.

    5.5 Right to Information

    If you have asserted your right to rectify, delete or restrict processing, we are obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

    You have the right to be informed about these recipients.

    5.6 Right of Data Transferability

    You have the right to receive personally identifiable information you provide us in a structured, common and machine-readable format. You also have the right to transfer this data to another person, who has been provided with the personal data, without hindrance from us, provided that

    • processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. GDPR or a contract pursuant to Art. 6 para. 1 lit. b GDPR and processing is performed using automated procedures.
    • in exercising this right, you also have the right to ensure that personal data relating to you are transmitted directly by us to another responsible person, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected.

    The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority that has been delegated to us.

    5.7 Right to Revoke Consent

    You have the right at any time, for reasons that arise from your particular situation, to revoke consent to the processing of your personal data, which pursuant to Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

    We will no longer process personal information relating to you unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or processing for the purposes of asserting, pursuing or defending legal claims.

    Regardless of Directive 2002/58 / EC, you have the option, in the context of making use of services of the information society, of exercising your right to object through automated procedures that use technical specifications.

    5.8 Right to Revoke the Data Protection Declaration of Consent

    You have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing performed on the basis of the consent until the revocation.

    5.9 Automated Decision on an Individual Basis Including Profiling

    You have the right not to be subjected to a decision based solely on automated processing - including profiling - that will have legal ramifications or similarly affect you in a similar manner. This does not apply if the decision

    • is required for the conclusion or performance of a contract between you and the controller,
    • is permissible on the basis of EU law or the laws of the member state to which the controller is subject, and that legislation contains adequate measures to safeguard your rights and freedoms and your legitimate interests or
    • is performed with your express consent.

    However, these decisions must not be based on special categories of personal data under Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g GDPR applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.

    With regard to the first and last mentioned cases, we shall take reasonable steps to uphold the rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person through us, to express one's own position and to contest the decision.

    5.9.1 Right to Complain to the Regulatory Authorities

    Without prejudice to any other administrative or judicial remedy, you shall be entitled to complain to a regulatory authority, in particular within the member state of your residence, place of work or place of the alleged infringement, if you believe that the processing of the personal data concerning you violates the GDPR.

    The regulatory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

    5.9.2 Contact

    To assert any of your rights and/or to receive more information about this, please contact our data protection officer under

    KID-Systeme GmbH
    Data Protection
    Lueneburger Schanze 30
    21614 Buxtehude
    GERMANY

    dataprotection@airbus.com

    Proof of your identity may be required before your request is implemented. This serves to protect your data against manipulation or deletion by third parties.

  6. Data Protection Provisions for Applicants

    The data you send to us together with your application is processed in order to clarify professional aptitude and go through the application process. The legal basis for processing your data is Art. 6 para. 1 lit. a GDPR.

    Your data will be forwarded to the relevant department for review and a possible application process. Any transfer of your data to third parties or their transmission to third countries will not take place without your separate consent.

    Your application data (contact details / application documents) will be deleted six months after completing the application process, unless we are obliged to store them due to legal requirements.

  7. Your Rights as a Data Subject

    Regarding the processing of your personal data, you have the following rights: first, you have the right to information (Art. 15 GDPR) and, if necessary, correction (Art. 16 GDPR) and/or deletion (Art. 17 GDPR) and/or blocking of your personal data. You also have the right to restrict processing (Art. 18 GDPR) as well as a right to data portability (Art. 20 GDPR).

    In addition, you have the right to object to the processing of data concerning you at any time without giving any reason (Art. 21 GDPR) and to change or revoke consent statements with effect for the future. Any data processing performed until revocation is not affected. You may submit the withdrawal by email, fax or post.

    To assert your rights, please contact the contact address specified under 5.9.2.

  8. State and Updating of this Data Protection Policy

    This data protection policy is effective as of May 25, 2018. We reserve the right to update our data protection policy in due course to improve data protection and/or amend it according to changes in regulatory practice or jurisdiction.

Export Control

IT Applications for Military/DU EC data:

Provided you have all applicable export control authorisation(s) for all those who are eligible to access the information, you may store/share export controlled data (ITAR, BAR, Military, Dual Use). If in doubt speak to your local Export Control Officer (ECO)