Your Data Privacy and GDPR
L8flight takes data Privacy seriously, below find our main guidelines as well as a presentation of the Swiss legal framework.
L8Flight Data Protection Rules
L8Flight SARL is a Swiss company registered in the Canton of Geneva. As such, it is bound by the Swiss laws for the matter of Data Protection. The reader will find at the end of this document a brief explanation of the rules and a link to the (English version) of the Swiss Federal Data Protection Act (DPA).
L8Flight SARL only requests from its customers data that is relevant to pursuing the object of the contract between L8Flight and its customers. L8Flight Data servers are located in the UK and Switzerland and data is encrypted (SSL 128bits or above). Data sent to and from L8Flight for the purpose of processing its mandates may be routed via the internet where protection cannot be guaranteed by L8Flight. L8Flight does not request sensitive information as per the definition of the law.
By signing (including electronic agreement to ) the General terms and conditions of L8Flight, customers accept to wave protection for data transfers abroad for the sole purpose of L8Flight to be able to, as the case may require, perform its mandate. In addition, the agreement allows L8Flight SARL to request from the Airline concerned by the case to divulge Personal Data in its possession to L8Flight for the purpose of performing the mandate given to L8Flight.
Data Protection in Switzerland at a Glance
The essential laws and regulations governing data protection in Switzerland are the Swiss Federal Data Protection Act (DPA), the Swiss Federal Data Protection Ordinance (DPO), the Swiss Federal Ordinance on Data Protection Certification (DPCO) and Guidelines of the Federal Data Protection and Information Commissioner on the minimum requirements for a data protection management system (DPMS-Guidelines). The latest revisions of the DPA and the DPO as well as the DPCO entered into force on January 1, 2008. The DPMS-Guidelines entered into force on September 1, 2008.
Categories of data
Swiss data protection laws apply to the personal data of individuals or legal entities, such as corporations (named “data subjects”).
Stronger legal protection is provided for sensitive personal data and personality profiles, such as religious, political, health related administrative or criminal data amongst others,
Principles of data processing
The law applies equally to electronic and manual data processing. Personal data may only be processed lawfully. The processing of personal data must be made in good faith and must be proportionate. Personal data may be used only for the purpose specified at the time of its collection and both the fact that personal data are collected and the purpose for processing it must be apparent to the data subjects. The data must be accurate. A lawful justification for data processing may be required. Data security must be ensured.
Under certain circumstances, data files must be registered with the Federal Data Protection and Information Commissioner. Data subjects have the right to access their data and to have incorrect data corrected.
Data transfers abroad
The transfer of personal data out of Switzerland is restricted. Unless certain exceptions apply, personal data may not be transferred to countries which lack data protection laws which provide an adequate level of data protection. Under certain circumstances, the Federal Data Protection and Information Commissioner needs to be informed before a transfer abroad takes place.
What is GDPR?
Applicable from 25 May 2018, the new Data Protection Regulation – GDPR – has a direct impact on companies that process data of European customers. L8Flight SARL / L8fligh.com, whose European customers represent a significant part of its turnover, will incorporate this new situation as soon as it comes into force.
The General Data Protection Regulation is the most significant progress in the field of privacy protection for more than twenty years in Europe. It oversees the personal data processing activity of any company offering services to customers based in the European Union. The GDPR has a very wide coverage and comes into play when processing the data of individuals such as identity, contact details, emails, documents, photos or even IP addresses, unique identifiers, locations, among other examples.
A big step towards respecting privacy
With security and privacy at the heart of its concerns, L8Flight SARL / L8fligh.com welcomes this change with enthusiasm
The GDPR extends the control of individuals on their personal data by introducing new rights. As of May 25th, the data of European residents can only be collected and processed with their explicit consent. Everyone will not only be able to view, but also request a copy of all their data and request their deletion in some cases.
Another welcome development is the principle of “privacy by design”. Any organization dealing with personal data is required to integrate early data protection and data security early in the development of data collection and processing solutions.
L8Flight SARL / L8fligh.com integrates the GDPR
Being a Swiss company at the crossroads of Europe, L8Flight SARL / L8fligh.com evolves in a particularly rich and strict regulation. Priority of priorities, safety represents a commitment beyond the legal framework. The data protection procedures have been implemented for years by L8Flight SARL / L8fligh.com.
From a broader perspective, the GDPR joins the desire of L8Flight SARL / L8fligh.com to put customers and security at the heart of its processes. L8Flight SARL / L8fligh.com therefore will take all necessary steps to ensure full compliance with the GDPR to its customers, as soon as it comes into force.
For any information related to your data please send a request to firstname.lastname@example.org
Date and Version
Geneva, May 1st 2018