Privacy Policy

This Privacy Policy explains how the Jersey Aircraft Registry ('JAR') may collect, use and disclose information we obtain through the 'Service'.

Note: By accessing or using the Service, you expressly consent to JAR's collection, use and disclosure of your Personal Information in accordance with the terms and conditions of this Privacy Policy.

Categories of Personal Data Processed by the Jersey Aircraft Registry

Personal data that is processed when you create a JAR account:

When you create a JAR account, we ask you to provide an email address, your name and which sector you belong to.

Purposes & legal grounds for collection/processing

1. We process your email address because you use your email address and password to sign in to your account to use the Service. The legal grounds for processing your email address is for the purpose of security and protecting your account.
2. Email addresses are also used for the purpose of sending important information and updates about the Services or your account such as information relating to safety or changes to this Privacy Policy.
3. Your name is processed as part of the account information. This is used for account identification and for regulatory requirements against any records which are created and modified by you.
4. Your sector is processed as part of the account information. This is used for account identification and permissions as required by regulatory requirements to control access to records.
5. If you opt-in to receiving marketing information from JAR, we will also process your email for the purpose of sending you marketing information from both JAR and TrustFlight Limited. The legal grounds for processing this information is your consent. You may withdraw your consent any time by changing your preferences and using the unsubscribe link on any of the emails received.
6. JAR will also process your email address and phone number when you interact with our customer support team. The legal grounds for this is to provide you with a suitable level of customer support.

Personal data that is processed when you process an application to add an aircraft, aircraft engine or mortgage to the Service:

When you add an aircraft, aircraft engine, or mortgage to your account, we will ask for information such as the model, registration number, year and serial number of the aircraft, aircraft engine or mortgage. For each complete application created and any changes to existing details, we process a copy of your signature.

Purposes & legal grounds for collection/processing

1. The information is processed to help identify an aircraft, and link any applications created to existing records. The legal grounds for processing this information is our interest in providing a product which records accurate information against each aircraft.
2. This information is also used within the Service to enable users to correctly log any information against the correct aircraft. The legal grounds for processing this information is our interest in providing correct and complete records against each aircraft.

Personal data that is processed when you use the applications:

When you use the JAR Web App, we process information about you and your device including your Device ID, IP address, mobile software and hardware information, web browser information, country, language, name of mobile network and a record of pages or areas visited and the time those pages or areas were visited. You may also permit the Service to access photo storage on your device.

Purposes & legal grounds for collection/processing

1. We process this data to provide you with the best possible product experience. The legal grounds for processing this information is our interest in providing and continuously improving the product based on usage patterns.

Personal data that is processed when you communicate with JAR:

When you interact with JAR representatives for sales or support, we collect personal data such as your name, address, phone number, email address and information about JAR or TrustFlight Limited products you use or are looking to use.

Purposes & legal grounds for collection/processing

1. We use this information to provide you with sales and support for our products. The legal grounds for processing this information is our interests in providing a quality level of support and sales for our products.

Personal data that is processed when you apply for a role at JAR or TrustFlight (Jersey) Limited:

When you apply for a role at JAR or TrustFlight (Jersey) Limited, we collect information you provide in applying for a job, including information contained on CVs or other documentation voluntarily provided by you to us throughout the job application process.

Purposes & legal grounds for collection/processing

1. We use this information to evaluate you for a role at JAR or TrustFlight (Jersey) Ltd. The legal grounds for processing this information is our interest in hiring suitable candidates.

Categories of Recipients of Personal Data

Other users:

TrustFlight uses aircraft information provided to help other users associate their records with the correct aircraft. Information used is the model, registration, year and serial number of the aircraft.

Disclosures:

We may disclose personal data about you to others:

1. If we have your valid consent to do so
2. to comply with a valid subpoena, legal order, court order, legal process, or other legal obligation
3. to enforce any of our terms and conditions or policies
4. as necessary to pursue available legal remedies or defend legal claims If we are involved in a merger, acquisition, financing due diligence, re-organisation, bankruptcy, receivership, sale of TrustFlight assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction as permitted by law and/or court. We cannot control how such entities may use or disclose such information, and we disclaim any liability arising out of such entity's failure to comply with the terms of this Privacy Policy.

Cookies and Similar Technologies

Website and web app:

To analyse how you navigate and use JAR's Website and Web App, we record information including IP address, location, browser type, language, date and time and details of the pages you view and interact with in order to identify problems and provide you with the best experience. We may use cookies, pixel tags, web beacons and other similar tools to assist in collecting and analysing this information.

If you do not want information collected through the use of these technologies, there is a simple procedure in most browsers that allows you to automatically decline many of these technologies, or to be given the choice of declining or accepting them.

If you reside in the European Union or other jurisdiction that requires us to obtain your consent to use cookies on our sites, then you will have the opportunity to manage your cookie preferences on the sites; except in certain circumstances where cookies are required to enable core site functionality. In these cases, you cannot disable those cookies.

Analytics services:

Google Analytics is used to track site statistics and user demographics, interests and behaviour on our websites. For more information, see the Google Privacy Policy. You may opt out at https://tools.google.com/dlpage/gaoptout.

Information Security

TrustFlight (Jersey) Ltd (TFJ) is required to comply with GDPR, and have in place appropriate standard operating procedures for the secure storage and handling of data and take appropriate steps to maintain the security of the data. The company draws upon best practices established in its subsidiaries with the support of its professional advisors.

Data Handling and Security

TFJ comply with Cyber Essentials, which is an initiative backed by the UK and Channel Islands Governments, and supported by industry, to help organisations protect themselves against common internet-borne threats. The scheme enables organisations to gain one of two badges, either self-certification or external certification.

Interfaces with the platform will require robust processes and procedures to mitigate risks. The following protocols are adopted by TFJ:

Data at rest on servers: All client data sits within an database under Google Cloud/Netlify/Webflow or another trusted cloud service provider (the platform is agnostic).

Data in transit: All data is sent using HTTPS with TLS 1.2 or greater. The TLS 1.2 status can be independently verified using an independent online server test for e.g. ssllabs.com (powered by Qualys). We can provide an evidential 3rd party security report on request.

GDPR

TFJ has in place policies and procedures that comply with GDPR and is subject to external audit including our privacy impact assessment, information asset list, privacy by design, GDPR procedures, policy statements and controls. Any personal information that is collected through web and mobile apps will clearly outline in layman terms key information about what data we collect, how it is used, what is stored and a client's right to their data, including outlining their right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability and right to object, and how they can contact the company and relevant authorities if they have a query or a complaint.

We have detailed technical internal processes to ensure that any reasonable request to deliver a copy of a client's personal data in a machine readable form, change or correct elements of their data, erase their data fully or in part or restrict the data collected or object to collection of their data can be dealt with in a timely manner.

All employees at TrustFlight (Jersey) Ltd receive regular information governance training, including specific training on the GDPR, and sign an information governance declaration to signify that they understand their GDPR obligations should they encounter sensitive data.

TFJ are audited on a regular basis, both internally and through an independent external data protection specialist to ensure continued, best-practice privacy compliance under the GDPR. The GDPR is the most stringent and prescriptive data protection regulation globally and compliance with the GDPR, in general, typically ensures compliance with other data protection regulations globally, however, to verify TrustFlight (Jersey) Ltd will seek legal advice in any jurisdiction that we operate within to confirm compliance with local regulations.

We endeavour to ensure that your information is treated securely and in accordance with this Privacy Policy, although due to the nature of the internet, we cannot warrant the security of any information provided to us. Neither JAR, nor its affiliates, nor any of their respective employees, officers or agents or the provider of Internet services on behalf of JAR can give any representation or warranty as to the absolute security of the data transmitted using the Service, and cannot give any guarantee that such data will not be compromised by bad actors. If you choose to provide data or allow collection of data by JAR, then you do so understanding the aforementioned risk.

By using the Service or providing Personal Information to us, you agree that we may communicate with you electronically regarding security, privacy and administrative issues relating to your use of the Service. If we learn of a security system's breach, we may attempt to notify you electronically by posting a notice on the Service or sending an email to you.

Marketing

We do not sell, rent or share Personal Information about you with other people or non-affiliated companies for their direct marketing purposes. We may allow access to other data collected by the Service to send information we think may be relevant or useful to you. We may use your name, usage and email address without further consent for non-marketing or administrative purposes.

We also collect, use and share anonymised data about our users, such as statistical or demographic data, in order to help us and the third parties we collaborate with to improve existing technologies and develop advanced new technologies to improve the aircraft registration and other aviation processes.

Anonymised data could be derived from your de-identified personal data having been combined with a pool of data from of other users of our Services, but is not considered personal data as it has been sufficiently anonymised such that it cannot be used to directly or indirectly reveal your identity. For example, we may anonymise your data by aggregating your non-identifying data with that of other users, including:

• your usage data to calculate the percentage of users accessing a particular feature of the platform to inform how we develop and improve our products;
• any information you provide in relation to the function of the TrustFlight system in order to deliver research information to third- party organisations who we collaborate with, to help them understand how well the products are functioning and how they could be improved to inform and advance the development of more effective and safer aviation operations for users; to produce statistical data for research purposes including for use and reference in connection with studies, articles and conferences; and to develop, train and improve any aviation operations.

Legal and Similar Disclosures

We may access, preserve, and disclose collected information if we believe doing so is required or appropriate to:

1. comply with a valid subpoena, legal order, court order, legal process, or other legal obligation or law enforcement request
2. respond to your requests
3. comply with the law
4. investigate, prevent, take action, or enforce compliance with regard to a violation of this Privacy Policy
5. investigate, prevent or take action against suspected illegal activities or fraudulent behaviour
6. protect your, our, or other's rights, property or safety

Further to this, TrustFlight (Jersey) Limited is required to collect personal data to abide by the Air Navigation (Jersey) Law (2014), the Aircraft Registration (Jersey) Law (2015) & the Civil Aviation (Jersey) Law 2008 throughout the process of certification and for a minimum of 6 (six) years after.

Privacy Policy Updates

We may update this Privacy Policy from time to time as we add new products and services, as we improve our current products and services, and as technologies and laws change. You can determine when this Privacy Policy was last revised by referring to the date last updated at the top of this page. Any changes will be effective upon our posting of the revised Privacy Policy.

We will provide notice to you if these changes are material and, where required by applicable law, we will obtain your consent. This notice will be provided by email or by posting notice of the changes on the JAR website and any of our associated apps.

Storage of Personal Data

We will store your personal data using servers in different locations around the world, some of which may be outside of the European Union. If you reside in the European Union, you have the right under the General Data Protection Regulation to opt out of this. Please see 'Your Rights' below for a details of how to do this.

Retention of Personal Data

We will retain your personal data for six years after your JAR account is closed. Aircraft information including the model, registration, year and serial number may continue to be retained.

Data Controller and Data Protection Officer

The personal data collected by JAR is controlled by TrustFlight (Jersey) Limited's Data Protection Officer at:

You can also contact the Data Protection Officer by email at:
info@jar.aero.

Your Rights

If you reside in Jersey, you have the right under the Data Protection (Jersey) Law 2018 to request from JAR access to and rectification or erasure of your personal data, data portability, restriction of processing of your personal data, the right to object to processing of your personal data, and the right to lodge a complaint with a supervisory authority. If you reside outside of Jersey, you may have similar rights under your local laws.

To request access to or rectification, portability or removal of your encryption key of your personal data, or to delete your JAR or TrustFlight account, email data@trustflight.io.

If you live in the European Union and you wish to exercise your right to restriction of processing or your right to object to processing, contact TrustFlight's Data Protection Officer at TrustFlight (Jersey) Limited, 1st Floor, Forum 4, Grenville Street, St Helier, JE2 4UF or by email at data@trustflight.io.

If you do not live in the European Union, but you believe you have a right to restriction of processing or a right to object to processing under your local laws, please contact TrustFlight at data@trustflight.io.