RECRUITMENT PRIVACY NOTICE

 

Effective as of 30 April 2025. 

 

I. INTRODUCTION

 

This Recruitment Privacy Notice (‘Notice’) describes the practices of OAG Aviation Group regarding the collection, storage, and processing of your personal data as part of our recruitment process.

OAG Aviation Group is responsible for your personal data. It comprises OAG Aviation Worldwide Limited and its affiliates (collectively referred to as ‘OAG Aviation Group’, ‘we’, or ‘our’). The OAG Aviation Group entities include:

  • OAG Aviation Worldwide Limited
  • OAG Aviation Worldwide LLC
  • OAG Aviation Worldwide Pte Ltd
  • OAG Aviation Worldwide, UAB
  • Infare Solutions A/S
  • Infare VNO, UAB
  • Infare BER GmbH
  • Air Cube SAS

Further information about our affiliates can be found here. This Notice applies to all OAG Aviation Group entities.

The OAG Aviation Group entity to which you have applied is the data controller of the personal data related to your job application and any employment matters concerning that specific entity (whether as an employee or contractor).

In this Notice, ‘personal data’ refers to any information that can identify, relate to, describe, or reasonably be linked – directly or indirectly – to a specific individual. This does not include aggregated or de-identified data that cannot reasonably be connected to an individual.

 

II. HOW TO CONTACT US

 

To contact us and our Data Protection Officer, please reach out to us at:

OAG Aviation Worldwide Limited
1 Capability Green, Luton, Bedfordshire, LU1 3LU, United Kingdom
Attn: Legal Department / Privacy
Email: privacy@oag.com
Phone: +44 (0)1582 695050

You can submit a privacy rights request here.

 

III. THE DATA WE COLLECT ABOUT YOU AND HOW WE COLLECT IT


OAG Aviation Group collects personal information from and about candidates in connection with employment opportunities across the group. The type of information we collect, how we use it, and when it is gathered may vary depending on the country in which you apply.

Personal data we may collect when you apply for a position with us:

Directly from you:

  • Contact information – including your full name, email address, postal address, phone number, and professional networking profile (e.g., LinkedIn).
  • Resume/CV and cover letter information – including previous work experience, academic and professional qualifications, languages and other relevant skills, awards and professional memberships, information relating to references and other employment history or qualification details as per the position requirements.
  • Right to work information – details regarding your legal entitlement to work in the country or region where the position is based.
  • Application process data – such as the results of role-specific assessments or tests. This may include personality tests, logical reasoning tests, and other evaluations conducted as part of the recruitment process. In some cases, profiling (e.g., through automated data processing) may be used to support decision-making. Please note that you have the right to object to profiling. However, if you choose to exercise this right, your application may be withdrawn, and you may no longer be considered for the position.
  • Pre-employment data – any personal information required to prepare your employment contract if you are hired by an OAG Aviation Group entity.
  • Other information – any additional data you provide during the interview or recruitment process.

Through third parties:

  • Social media platforms – public information from business and employment-focused networks (e.g., LinkedIn).
  • Recruitment agencies – data provided by agencies engaged to assist in the recruitment process.
  • Referees – information collected from individuals you have named as referees, such as their full name and employment history related to your reference.
  • Employee referrals – information provided by an OAG Aviation Group employee who may have referred you for a role.

Criminal convictions and background checks:

OAG Aviation Group may collect information about criminal convictions and conduct background checks when legally required or appropriate for the nature of the role. Such processing will be carried out in compliance with applicable laws and with appropriate safeguards in place.

Cookies:

When you interact with our website, we collect information via cookies, based on your preferences. Cookies are small text files used to enhance user experience. You can find more information and manage your settings by clicking the Cookiebot link at the bottom left-hand side of our website.

Please do not include sensitive personal information (such as your sexual orientation, race, ethnic origin, religion, beliefs, or health-related data) in your CV or cover letter, unless its inclusion is legally required or necessary to help us make reasonable adjustments during the recruitment process.

 

IV. LEGAL GROUNDS FOR PROCESSING PERSONAL DATA

 

OAG Aviation Group processes personal data based on the following lawful bases:

  • Consent – where required, we rely on your explicit consent for specific processing activities, such as to incorporate your information into our database of potential future candidates and to communicate with you regarding potential future job opportunities.
  • Legitimate interests – including attracting, identifying, and sourcing talent; processing and managing applications for roles within OAG Aviation Group; screening and selecting candidates; hiring and onboarding successful candidates; conducting pre-employment screening checks; and managing our careers webpage, including performing statistical analyses to improve our recruitment processes.
  • Performance of a contract – to take steps necessary prior to entering into an employment contract with you, once you have been selected for the role.
  • Legal compliance – to fulfil legal and regulatory obligations applicable to OAG Aviation Group.

Each lawful basis is applied as appropriate to the specific processing activities carried out by OAG Aviation Group.

 

V. DATA RETENTION PERIODS

 

If you are not selected for vacancy or have rejected a job offer, we process your profile information and erase it within 6 months after the end of the recruitment process.

At the end of this period, we will write to you to seek explicit consent to retain your personal data for a fixed period, which will be clearly indicated at the time of requesting consent, for any future opportunities that may arise in OAG Aviation Group. If you opt to withdraw consent to retain your personal data, then it will be securely destroyed.

If you are offered and accept employment with OAG Aviation Group entity, the personal data we collect during the application and recruitment process will be retained and become part of your employment record and we may use such information in connection with your employment consistent with applicable law and our internal policies.

 

VI. DISCLOSURES OF YOUR PERSONAL DATA

 

As part of the recruitment process, we may share your personal data with the following categories of third parties, located within or outside the UK and EEA (subject to appropriate contractual requirements), as necessary:

  • OAG Aviation Group entities: we may transfer your personal data to other entities within the OAG Aviation Group (e.g. individuals involved in your interviews or those making employment decisions) in the UK, Europe, and other global locations, for the purposes outlined in this Notice, including facilitating the recruitment process. These transfers are governed by an intra-group agreement that ensures compliance with applicable data protection laws.
  • Authorized OAG Aviation Group representatives – individuals involved in managing the recruitment process or responsible for fulfilling contractual obligations may access your personal data as necessary.
  • Third party service providers includes recruitment agencies, software platforms, and background screening providers engaged to support the recruitment process. If you have applied via a third-party job search engine, job board, or other recruitment platform (a ‘Service Provider’), we may share relevant personal data with them. This may include: your name and contact details, any unique identifier assigned by the Service Provider, your application status or progress in our hiring process, analytical or profile-related data concerning your candidacy. The Service Provider acts as an independent data controller for the personal data it processes and is responsible for complying with applicable data protection laws following receipt of your data.

This list is not exhaustive. There may be other situations where we need to share your personal data in order to fulfil our obligations or comply with legal or regulatory requirements.

When engaging third-parties, we take all necessary steps to ensure they implement appropriate technical and organizational measures to protect your personal data and uphold its confidentiality.

 

VII. WHICH COUNTRIES DO WE TRANSFER PERSONAL DATA TO?

 

We may transfer your personal data beyond the jurisdiction where it was provided, including transfers within and outside the UK and EEA. When transferring data outside these regions, we implement appropriate safeguards to ensure its protection and security in compliance with applicable data protection laws.

Our agreements with third-party processing data outside the UK and EEA typically include EU Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA) to maintain adequate data protection standards.

If you would like to learn more about how we transfer and share personal data, please contact us.

 

VIII. DATA SECURITY

 

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, misused, accessed without authorization, altered, or disclosed. Additionally, we have established procedures to manage suspected data breaches and will notify you and any applicable regulators where legally required.

To ensure data security, accuracy, and integrity, we employ a range of physical, electronic, and managerial safeguards, including:

  • Employees training to ensure awareness of privacy obligations.
  • Administrative and technical controls to restrict access to personal data on a need-to-know basis.
  • Technological security measures, such as firewalls and anti-virus software.
  • Physical security controls, including employees’ security passes for facility access.
  • Data security measures:
  • Encryption of personal data both in transit and at rest to prevent unauthorized access.
  • Regular security audits and vulnerability assessments to identify and mitigate potential risks.
  • Implementation of access controls and authentication mechanisms to ensure only authorized personnel can access sensitive data.

While we take appropriate security measures once we receive your data, no data transmission over the internet (including email) is entirely secure. We strive to protect personal data but cannot guarantee absolute security against all threats.

 

IX. THIRD-PARTY WEBSITES

 

Our websites may contain links to third-party websites, plug-ins, applications, information sources, and related party websites. Clicking on these links or enabling such connections may allow third parties to collect or share data about you. Please note that these third-party websites have their own privacy policies, which we do not control or take responsibility for. We recommend reviewing their privacy policies before providing any personal data.

 

X. YOUR RIGHTS AND HOW YOU MAY EXERCISE THEM?

 

You have the following rights under data protection law. To exercise any of these rights, please complete this form. We will respond within one month and may request proof of identification to verify your request. If needed, we may also contact you for additional information to expedite our response.

In most circumstances we will provide you a copy of your personal information free of charge. However, we may charge a reasonable fee to cover administrative costs if we believe your request is manifestly unfounded, excessive or if you ask for further copies of your information following a request. In circumstances where we are charging a fee, the one-month time limit does not begin until the fee is received

  • Right to access the personal data we hold about you

You have the right to confirm whether we process your personal data and, if so, to access it.

  • Right to rectification

If you believe that any personal data we hold about you is incorrect or incomplete, you have the right to request its correction or completion.

  • Right to erasure ("Right to be forgotten")

In certain circumstances, you may request the deletion of your personal data. This right is not absolute and applies only if:

  • The data is no longer necessary for the purposes for which it was collected.
  • You withdraw your consent and there is no other legal basis for processing.
  • You object to the processing, and there are no overriding legitimate grounds.
  • Your personal data has been unlawfully processed.

Some exceptions apply, such as where processing is necessary for legal obligations, freedom of expression, or the establishment, exercise, or defence of legal claims.

  • Right to restrict processing

You may ask us to temporarily suspend processing of your personal data in the following cases:

  • You contest its accuracy.
  • Processing is unlawful, but you prefer restriction over deletion.
  • You need the data for legal claims, even if we no longer require it.
  • You have objected to processing, and we are verifying whether we have overriding legitimate grounds.
  • Right to withdraw consent

Where processing is based solely on your consent, you have the right to withdraw your consent at any time. Upon withdrawal, we will stop processing your personal data for that purpose.

  • Right to data portability

You may request that we transfer your personal data to you or a third party in a structured, commonly used, machine-readable format. This right applies only to automated data processing based on your consent or a contract.

  • Right to lodge a complaint

If you are dissatisfied with how we process your personal data, please contact us first, and we will make every effort to resolve your concern promptly.

: You may file a complaint with your local data protection authority (list available here).

XI. CHANGES TO THE NOTICE


We regularly review this Notice and may update it to comply with changes in applicable laws or regulatory requirements. Amendments take effect once incorporated into this Notice, and the latest version will always be available on our websites. Where practicable, we will notify you by email of significant changes. However, we encourage you to review this Notice periodically to stay informed about how we process your personal data.