Welcome Back  
Signature TailWins® Points: 
View Profile

Candidate Privacy Notice

Introduction

BBA Aviation plc (BBA) is committed to protecting the privacy and security of your personal information. This notice explains how and why we process your personal data when you apply to work for us (whether as an employee, worker, contractor, trainee, apprentice and/or work experience student) or make enquiries about any job vacancy we may have.

BBA is the ultimate parent company of the BBA Aviation plc group (“BBA Group”). The members of the BBA Group serve its customers and partners in different sectors of the aviation market. Signature is the world’s largest fixed based operation (FBO) network for Business & General Aviation (B&GA) travellers. Onitc is a leading provider of high-quality OEM-licensed aviation parts and maintenance, repair and overhaul (MRO) services, and our Engine Repair & Overhaul business is a leading independent engine service provider to global B&GA operators, the rotorcraft market and regional airline fleets. Click here for a list of active BBA Group entities and their contact details. 

For the purpose of this notice, the controller will be the BBA Group entity that you are applying for the role with (the controller is also referred to in this notice as “we”, “our” and “us”).

Purpose of this document

This notice makes you aware of how and why your personal data will be used, namely for the purposes of the recruitment exercise, and how long it will usually be retained for. 

We may provide you with additional privacy notices where we believe it is appropriate to do so. It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions, so that you are fully aware of how and why we are using your data.  This privacy notice supplements these other notices and is not intended to override them. 

Sources of personal information

We collect different types of personal data about you when you apply for a role with us, communicate with us or otherwise engage with us. We also obtain personal data from other sources, and create some personal data ourselves. 

We cannot identify you personally as a user of its website unless you are logged in to any account with us and save for dealing with any cyber security incident investigation, will not try to identify you from any online identifiers like your IP address. 

The relationship we have with you will dictate what, if any, personal data we collect about you and why we use it. This policy explains use of your personal data by or on behalf of us when acting as the responsible Controller as explained above. We will sometimes obtain personal data from other sources, such as from other third parties or publicly available online sources or official records.  

Detailed information about the sources of your personal information are set out below:

Type of personal information

Collected from

 Contact Information 

Names(s), address, email address, contact details including home and mobile telephone numbers

 

You 

Personal Information  
  • Date of birth
  • Gender 
  • Lifestyle and hobbies (if disclosed in CV)
  • If successful: previous and offered salary, compensation and other benefits, national insurance number and tax codes and bank account details, next of kin or other dependents
You 
Recruitment agencies and consultants
Identity and Background Information 
  • Details of education, qualifications and results
  • Career history, experience and skills
  • References
  • Passport information
  • Driving license information
  • Vehicle registration number
  • Psychometric test results
  • Right to work documents (which may include a copy of your passport, visa and immigration status or National Insurance number), residency and/or other visa information (where unrelated to your race or ethnicity)
  • Curriculum Vitae (CV) or resume and professional profile
  • Image or photographs
  • Application form
  • LinkedIn profile and other available professional background information about you online
  • Preferences relating to job location
  • Reasons for leaving previous employment
  • Conflicts of interests (including where related to family networks)
  • Background checks relating to credit history (where necessary for your role) and criminal records (see also Sensitive Personal Data below)

You

Recruitment agencies and consultants

Your previous employers and/or named referees

Publicly available information from online resources

Background checking agencies and third-party service providers engaged to undertake pre-employment checks
 Sensitive Personal Data  
  • Racial or ethnic origin (including your nationality and visa information)
  • Data concerning physical and/or mental health (including occupational health requirements, accident reports, dietary requirements, allergies, drug and alcohol test results and reasons for any short term or long term absence)
  • Information relating to unspent convictions and conditional cautions

You

Background checking agencies and third-party service providers engaged to undertake pre-employment checks
Recruitment Administration, Performance and Grievance Information  
  • Working preferences and salary expectation
  • Interview notes and associated feedback
  • Offered terms and conditions of employment
  • Complaints, grievance and employment tribunal information

You

Asset, Systems and Platform Usage and Communications Information 
 
  • User ID and password information
  • IP address and device identifiers
  • Relevant records of calls, telephone and/or video interviews, messages and/or internet or other data traffic and communications
  • Access logs and usage records from application systems and other BBA provided applications and technologies

You

Your use of BBA application systems and platforms
Security, Location and Access Information
Information captured or recorded by CCTV and other security control systems You

Uses of your personal information 

We are required by law to always have a permitted reason or justification (called a “lawful basis”) for processing your personal data.  You can read more about what we process your data for, and the lawful bases on which we rely for such processing, in the table below.

For some processing activities, we consider that more than one lawful basis may be relevant depending on the circumstances. Use on the basis of “contract” means to perform a contract with you or to take steps at your request prior to entering a contract with you. Use on the basis of “legal obligation” means to comply with a legal obligation to which we are subject. Use on the basis of our legitimate interests means we have a fair, proportionate and overriding lawful business reason to use your details. This will primarily be where by using the information, we learn about you or develop our relationship, so we can work together more closely and better, or make sound business decisions involving or affecting you.

We may convert your personal data into statistical or aggregated form, or de-identify it, to better protect your privacy, or so that you are not identified or identifiable from it.  Anonymised data cannot be linked back to you.  We may use it to conduct research and analysis, including to produce statistical research and reports.

Your personal data will not be sold or licensed outside the BBA Aviation Group for marketing purposes.

Purposes for processing personal data

 

Purposes of processing

Lawful basis

Your explicit consent

To perform a contract with you

To comply with a legal obligation

For our legitimate interests

Recruitment activities

Communicating with you and providing you with information in connection with our vacancies and/or your application or engagement with us from time to time

 

✓ 

Enabling you to create accounts and log-in to them via our website 

 

Administering your application for a job with us and considering your suitability for the relevant role

 

 

 

Considering your suitability for existing and future vacancies 

 

 

 

Organising and conducting interviews (by telephone, video and/or face-to-face) 

 

 

 

✓ 

Communicating with you or providing feedback to you and/or your recruitment agent

 

 

 

 

 ✓

Obtaining, considering and verifying your employment references and employment history 

 

 

 

 

 

Reviewing and confirming your right to work 

 

 

 

New joiner 

Making a job offer to you and entering into a contract of employment with you

 

 

Managing, administering, and carrying out the systems, processes and tasks needed to facilitate the commencement and duration of your role with us

 

 ✓  

Conducting verification and vetting, including criminal background checks and credit checks where required by law

(Note: special category personal data)

   ✓

Conducting background checks, verification and vetting which are not required by law but needed by us to assess your suitability for your role

(Note: special category personal data)

   

Determining whether any adjustments are necessary to enable you to carry out a role (Note: special category personal data)

Security and governance

Monitoring the security of our physical premises and systems, networks and applications

 

 

 ✓

Identifying, investigating and mitigating suspected misuse of our assets, systems and platforms

   ✓

Ensuring compliance with BBA Group policies and procedures 

 

 

Legal and regulatory compliance and responsibilities

Managing our health and safety compliance obligations (Note: special category personal data)

 

 

 

Managing and administering our equal opportunities reporting (Note: special category personal data)       ✓  ✓

Responding to binding requests or search warrants or orders from courts, governmental, regulatory and/or enforcement bodies and authorities (Note: special category personal data)

 

 

 

Responding to non-binding requests or search warrants or orders from courts, governmental, regulatory bodies and authorities

 

 

 

 ✓
Complying with disclosure orders arising in civil proceedings (Note: special category personal data)      ✓  
Investigating, evaluating, demonstrating, monitoring, improving, reporting on and meeting our compliance with relevant legal and regulatory requirements (Note: special category personal data)      ✓  ✓
 General Business

Decision-making in relation to the future prospects for work experience students, trainees and apprentices 

 

 

 

 ✓

Handling grievances and complaints, including investigating issues, considering appropriate resolution and mitigating actions and reviewing outcomes

 

 

 

 ✓
Supporting the sale, transfer or merging of part or all of our business in connection with the acquisition of another business      ✓  ✓
Collecting feedback in relation to our recruitment and HR activities and processes for continuous improvement purposes        ✓
Maintaining the security and integrity of our systems, platforms and communications (and detecting and preventing actual or potential threats to the same)      ✓  ✓
Visitors to our office
Maintaining security measures at our offices, including CCTV and building access controls. The images captured are securely stored and only accessed on a need to know basis (e.g. to look into an incident).  CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires investigation (such as a theft).       ✓ 

Purposes for processing special categories of personal data

Purposes of processing special categories of personal data

Special category lawful basis

We are permitted to process your personal data because…

You have given your explicit consent

It is necessary for you/our obligations and rights in the field of employment and social security and social protection law

It is necessary to protect somebody’s vital interests or they are incapable of giving consent 

It is necessary for the establishment, exercise or defence of legal claims 

It is necessary for the reasons of substantial public interest

Confirming right to work

   ✓     ✓

Conducting verification and vetting, including criminal background checks and credit checks where required by law

 

 

 

 ✓

 

 

 ✓ 

Conducting background checks, verification and vetting which are not required by law but needed by us to assess your suitability for your role

 ✓

 

 

 

 

 

 

  ✓

Determining whether any adjustments are necessary to enable you to carry out a role

 

 ✓

 

 

Managing our health and safety compliance obligations

 

 ✓

 

 

  ✓

Managing and administering our equal opportunities reporting

 

 

 

 

  ✓
Obtaining legal advice, establishing, defending and enforcing our legal rights and obligations in connection with, any legal proceedings (including prospective legal proceedings)        ✓    
Responding to binding requests or search warrants or orders from courts, governmental, regulatory and/or enforcement bodies and authorities         ✓  
Responding to non-binding requests or search warrants or orders from courts, governmental, regulatory and/or enforcement bodies and authorities   ✓        
Complying with disclosure orders arising in civil proceedings         ✓  
Investigating, evaluating, demonstrating, monitoring, improving and reporting on our compliance with relevant legal and regulatory requirements         ✓  
Supporting the sale, transfer or merging of part or all of our business or assets, or in connection with the acquisition of or by another business   ✓        

Automated decision making 

Automated decision making refers to a decision which is taken solely on the basis of automated processing of your personal data. This means processing using, for example, software code or an algorithm, which does not require human intervention.

As part of the recruitment process we occasionally use automated decision-making to confirm that you meet the minimum requirements for the role. Where automated decision-making prevents you from continuing with your application, you may request a review of the decision in accordance with your statutory rights under the relevant data protection legislation by contacting us before the published closing date using the links below:

BBA Aviation & Signature – recruitment@signatureflight.co.uk        Ontic – recruitment@ontic.com       H+S – recruitment@hsaviation.co.uk  

How we keep your personal information secure 

We take our security obligations seriously and we take specific steps (as required by applicable data protection laws) to protect your personal data from unlawful or unauthorised processing and accidental loss, destruction or damage.

All our staff and third-party service providers who have access to confidential information (including personal information) are subject to confidentiality obligations. 

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. You are responsible for keeping any passwords you use to access our platforms safe.

Disclosure of your personal information

Inside the BBA group

The BBA Group includes companies and operations around the world.  Therefore, we may share your personal data with other entities in the BBA Group for our general recruitment analysis and workforce management purposes. 

Access rights between the BBA Group companies are limited and granted only on a need to know basis, depending on job functions and roles. 

Where any BBA Group companies process your personal data on our behalf (as our processor), we will make sure that they have appropriate security standards in place to protect your personal data.  In addition, we will enter into a written contract imposing appropriate security standards on them and, if your personal data is transferred to a BBA Group company outside the EEA, we will put in place appropriate safeguards to ensure the protection of such data. 

Outside the BBA group

From time to time we may ask third parties to carry out certain business functions for us. These third parties will process your personal data on our behalf (as our processor). We will disclose your personal data to these parties so that they can perform those functions. Before we disclose your personal data to other people, we will make sure that they have appropriate security standards in place to make sure your personal data is protected and we will enter into a written contract imposing appropriate security standards on them. Examples of these third-party service providers include service providers and/or sub-contractors, such as HR and marketing service providers, background checking agencies, drug and alcohol testing providers, IT support, back up and server hosting providers.

In certain circumstances, we will also disclose your personal data to third parties who will receive it as controllers of your personal data in their own right for the purposes set out above, in particular:
 
  • if we transfer, purchase, reorganise, merge or sell any part of our business or the business of a third party, and we disclose or transfer your personal data to the prospective seller, buyer or other third party involved in a business transfer, reorganisation or merger arrangement (and their advisors); and
  • if we need to disclose your personal data in order to comply with a legal obligation, to enforce a contract or to protect the rights, property or safety of our employees, customers or others.

We have set out below a list of the categories of recipients with whom we are likely to share your personal data:

  • consultants and professional advisors including legal advisors and accountants;
  • recruitment agencies appointed by us or you;
  • courts, court-appointed persons/entities, receivers and liquidators;
  • business partners and joint ventures;
  • trade associations and professional bodies;
  • insurers; and
  • governmental departments, statutory and regulatory bodies.

Where we transfer your personal information

If you are based in the European Union or you are applying for a position with an BBA entity based in the European Union and disclosures of personal data referred to above require us to transfer your personal data from within the European Economic Area (“EEA”) to a destination outside the EEA, we will only make that transfer if: 

  • the country to which the personal data is to be transferred ensures an adequate level of protection for personal data;
  • the recipient or recipient country is subject to an approved certification mechanism or code of conduct with binding and enforceable commitments which amount to appropriate safeguards for your personal data – this includes for example, the EU-US Privacy Shield which enables the secure transfer of personal data to the United States
  • we have put in place appropriate safeguards to protect your personal data, such as an appropriate approved form of contract with the recipient which incorporates specific provisions as directed by the European Commission;
  • the transfer is necessary for one of the reasons specified in data protection legislation; or
  • you explicitly consent to the transfer.

Personal data shared between the BBA Group will be subject to the contractual obligations imposed by EU standard contract clauses. A copy of the European Commission approved standard contractual clauses are available here.

If you would like to see a copy of any of the other relevant safeguards used by us to protect the transfer of your personal data, please contact dataprivacy@bbaaviation.com.   

How long we keep your personal information

If you are our employee we will keep your personal data during the period of your employment and then, after your employment with us ends, for as long as is necessary in connection with both our and your legal rights and obligations. This may mean that we keep some types of personal data for longer than others.

We will only retain your personal data for a limited period of time. This will depend on a number of factors, including:

  • any laws or regulations that we are required to follow;
  • whether we are in a legal or other type of dispute with each other or any third party;
  • the type of information that we hold about you; and
  • whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.

Your Rights 

If BBA use your personal data as a Controller and UK or European Union law applies to that use:

You have certain legal rights, which are summarised in the table below, in relation to any personal data held by BBA about you.  Your ability to exercise these rights will naturally be limited where we incidentally use limited business-related personal data in business records and business communications which we need to retain.

Where our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal data for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know. Your withdrawal of your consent won’t impact any of our processing up to that point.

Where our processing of your personal data is necessary for our legitimate interests, you can object to this processing at any time. If you do this, we will need to show either a compelling reason why our processing should continue, which overrides your interests, rights and freedoms or that the processing is necessary for us to establish, exercise or defend a legal claim.

You can exercise these rights at any time by contacting us at dataprivacy@bbaaviation.com.

Your right

What does it mean?

Limitations and conditions of your right

Right of access

Subject to certain conditions, you are entitled to have access to your personal data (this is more commonly known as submitting a “data subject access request”).

If possible, you should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations.

We must be able to verify your identity. Your request may not impact the rights and freedoms of other people, eg privacy and confidentiality rights of other individuals. Other exemptions may apply dependent on the information and context.

Right to data portability

Subject to certain conditions, you are entitled to receive the personal data which you have provided to us and which is processed by us by automated means, in a structured, commonly-used machine readable format.

If you exercise this right, you should specify the type of information you would like to receive (and where we should send it) where possible to ensure that our disclosure is meeting your expectations.

This right only applies if the processing is based on your consent or on our contract with you and when the processing is carried out by automated means (ie not for paper records). It covers only the personal data that has been provided to us by you.

Rights in relation to inaccurate personal or incomplete data

You may challenge the accuracy or completeness of your personal data and have it corrected or completed, as applicable. You have a responsibility to help us to keep your personal information accurate and up to date.

We encourage you to notify us of any changes regarding your personal data as soon as they occur, including changes to your contact details.

This right only applies to your own personal data. When exercising this right, please be as specific as possible.

Right to object to or restrict our data processing

Subject to certain conditions, you have the right to object to or ask us to restrict the processing of your personal data.

As stated above, this right applies where our processing of your personal data is necessary for our legitimate interests. You can also object to our processing of your personal data for direct marketing purposes.

Right to erasure

Subject to certain conditions, you are entitled to have your personal data erased (also known as the “right to be forgotten”), eg where your personal data is no longer needed for the purposes it was collected for, or where the relevant processing is unlawful.

We may not be in a position to erase your personal data, if for example, we need it to (i) comply with a legal obligation, or (ii) exercise or defend legal claims.

Right to withdrawal of consent

As stated above, where our processing of your personal data is based on your consent you have the right to withdraw your consent at any time.

If you withdraw your consent, this will only take effect for future processing.

If any of the personal information you give us changes, or something is incorrect (e.g. your contact details) please inform us without delay by contacting us at dataprivacy@bbaaviation.com.

If you have any concerns about how we process your personal data, please send an email with the details of your concerns to dataprivacy@bbaaviation.com so we can try to resolve it.

If you are based in the European Union or you are applying for a position with an BBA entity based in the European Union or the UK, you are also entitled to lodge a complaint with the data protection supervisory authority in your country of residence or the country in which an alleged infringement of data protection law has occurred within the EU – for contact details see here.

If Signature uses your personal data and UK or European Union law does not apply to that use (such as where you are in the US and contract with us in the US):

You may have rights that differ from the rights set out above.

More Information

If you want more information about any of the subjects covered in this privacy policy or if you would like to discuss any issues or concerns with us, please contact us at dataprivacy@bbaaviation.com.

Updates to our Privacy Notice

We may update this notice from time to time to reflect changes to the type of personal data that we process and/or the way in which it is processed. We will publish revised versions of this notice on www.bbaaviation.com. Please check back frequently to see any updates or changes to our privacy policy.

Contact

Questions, comments and requests regarding this privacy policy should be addressed to dataprivacy@bbaaviation.com.

Date this privacy notice was last updated: 24 May 2019

CONTACT SIGNATURE SALES