FCC PRIVACY NOTICE


Last updated June 2024

INTRODUCTION

High Ridge Aviation Holding Company Limited and its subsidiaries and affiliates, including LR AirFinance, (hereinafter collectively referred to as “High Ridge Aviation “, “we“, “our“, “us“) recognise the importance of protecting your personal data. This notice explains how we collect, store and use your personal data in compliance with applicable data protection law, including, where relevant, (as amended from time to time) the General Data Protection Regulation (EU) 2016/679 (“EU GDPR“) and any national laws enacted pursuant to the EU GDPR (including the Irish Data Protection Act 2018), US and UK data protection laws. Unless we inform you otherwise, High Ridge Aviation Holding Company Limited will be the data controller of any of your personal data which is being processed.

This notice explains how we collect, store and use your personal data and what rights and options you have in this respect. When used in this notice, unless otherwise stated, the terms “controller“, “processor“, “data subject“, “personal data“, “process“, “processes“, and “processing” have the meanings given to them in the EU GDPR.

This privacy notice is for officers, directors, employees, advisors, intermediaries and other representatives of our investors, serviced entities, and customers (including aircraft leasing and financing counterparties), and any other person in respect of whom we carry out fraud, anti-money laundering or know-your-client checks.

WHAT PERSONAL DATA DO WE COLLECT?

The personal data we collect may include:

  • Identifiers and contact information (e.g., real name, alias, postal address, email address, social security or driver’s licence number, government ID, signature, telephone number);
  • Financial information (e.g. tax-related information/codes and bank account details);
  • Other characteristic information (e.g. age/date of birth, nationality, citizenship, country of residence, gender);
  • Commercial information (e.g., assets, income, transaction and investment history, accounts at other institutions) and any other information used for monitoring and background checks to comply with laws and regulations, including know-your-client (KYC), anti-money laundering, Politically Exposed Person (PEP) and sanctions checks;
  • Sensory and surveillance data (e.g., recordings of telephone calls where permitted or required by law, and other records of your interactions with us or our service providers, including electronic communications); and
  • Personal data we collect as a result of your engagement with us (e.g. transaction history, etc).
WHERE DO WE COLLECT PERSONAL DATA FROM?
  • Personal data that you give us or our affiliates. This is information about you that you provide by (among other things) filling in forms, signing up to our newsletters or events, information provided for onboarding, or corresponding with us by telephone, post, email or otherwise;
  • Personal data that our systems collect about you. If you exchange emails or other communications with us, our information technology systems may record details of those conversations, sometimes including their content. Some of our premises have CCTV systems which may record audio and visual information about you if you visit our premises, for security and safety purposes; and
  • Personal data collected from other sources. We may collect some information from other sources, such as public websites, publicly accessible databases or registers, tax authorities, governmental agencies and supervisory authorities, credit agencies, fraud prevention and detection agencies and other public sources and information received from your advisers or from intermediaries.
HOW DO WE USE YOUR PERSONAL DATA?

We may use your personal data for the following purposes: 

  • To verify and execute instructions we receive from you, or where we otherwise need to use your personal data to operate, manage, develop and promote our business, including general business administration, accountancy and audit services, and risk monitoring;
  • To protect our business from fraud, money-laundering, breach of confidence, theft of proprietary materials and other financial or business crimes, including due diligence and on-boarding checks and identity verification;
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
  • To comply with our legal and regulatory obligations or industry standards and bring and defend civil, regulatory and criminal claims.
    WHAT LEGAL BASIS DO WE USE TO PROCESS PERSONAL DATA?

    Depending on the nature and purposes of processing being carried out, our basis for processing may include:

    • Pursuing our legitimate interests or those of a third party. Under the EU GDPR, the lawful basis of such processing is Article 6(1)(f) of the EU GDPR (i.e. the processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests, fundamental rights and freedoms which require protection of personal data);
    • Complying with legal obligations. Under the EU GDPR, the lawful basis of such processing is Article 6(1)(c) of the EU GDPR (i.e. the processing is necessary to discharge a relevant legal or regulatory obligation to which we are subject); and
    • Performance of a contract. Under the EU GDPR, the lawful basis of such processing is Article 6(1)(b) of the EU GDPR (i.e. the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract).

    Generally, we do not rely on consent as a legal basis for processing your personal data, although we will obtain your consent where your consent is otherwise required under applicable law. You have the right to withdraw your consent at any time by contacting us (see below). 

    We do not share your personal data with third parties for cross-context behavioural advertising, also known as targeted advertising.

    We do not sell your personal information.  

    We do not envisage your personal data will undergo any automated decision making. 

    WHO DO WE DISCLOSE PERSONAL DATA TO?

    We may disclose personal information about you, where reasonably necessary for the various purposes set out above, to:

    • The other members, investors and/or financiers of the High Ridge Aviation group of companies;
    • Third party advisers and contractors, including IT and communications service providers, law firms, accountants, auditors, administrators, reference providers, and background and KYC/AML check service providers;
    • Governmental, judicial, or prosecution bodies, tax authorities, regulators and courts;
    • Third parties for the purposes of establishing, exercising or defending our legal rights;
    • To third parties in connection with investments in, or the sale of, our business or assets or an acquisition of our business (or a part of our business) by a third party; and
    • Your colleagues within the organisation that you represent.

    Some recipients will process your personal data on our behalf as processor. Others will determine the purposes and means of processing of your personal data as controller and may be permitted to disclose your personal data to other parties in accordance with applicable law.

    PERSONAL DATA OF THIRD PARTIES

    To the extent that you provide us with personal data of third parties, you agree and acknowledge that you have informed them of, and they have agreed to, our use, collection and disclosure of their personal data including the purposes of such use, collection and disclosure of personal data as set out in this notice.

    DO WE TRANSFER PERSONAL DATA OVERSEAS?

    The disclosures described above may involve transferring your personal data overseas. If you are dealing with us within the European Economic Area (the “EEA”) or the United Kingdom, you should be aware that this may include transfers to countries outside the EEA. Some of these countries do not have similarly strict data privacy laws. 

    We will ensure that any such transfers are carried out in compliance with applicable law, including, where necessary, being governed by data transfer agreements (such as the European Commission approved model clauses) designed to ensure that your personal data is protected on terms approved for this purpose by the European Commission or as otherwise required under applicable law. 

    HOW LONG DO YOU RETAIN PERSONAL DATA?

    Subject to applicable law, we retain your information for (as the case may be):

    • As long as it is required for our legitimate purpose;
    • As long as it is required to perform our contractual obligations;
    • As long as we have your consent; or
    • Such period as is required or required by law or regulatory obligations which apply to us.

    We will delete or anonymise your personal data when it is no longer required.

    WHAT RIGHTS DO I HAVE IN RESPECT OF MY PERSONAL DATA?

    Applicable law may provide you with a number of legal rights in relation your personal data that we process. These rights may include:

    • A right to know what personal data we process and a right of access to such personal data;
    • The right to request any incomplete or inaccurate personal data be corrected;
    • The right to object to our processing of your personal data where we send you direct marketing;
    • The right to require us to delete your personal data and/or otherwise restrict our processing of your personal data in some circumstances;
    • The right to object to our processing of some or all of your personal data on grounds relating to your particular situation which are based on legitimate interests, at any time (and require such personal data to be deleted). If you object, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for such processing which override your interests, rights and freedoms or where it is necessary for the establishment, exercise or defence of legal rights; and
    • A “data portability” right to require us to transfer your personal data to you or to a new service provider in a structured, commonly used and machine-readable format.

    If you wish to exercise any of the rights referred to above, please contact us using the details set out in the contact section below.

    We review and verify data protection rights requests. We apply non-discriminatory principles when we action requests relating to your data, in accordance with applicable data protection laws and principles.

    We exercise particular care when receiving a request to exercise these rights on your behalf by a third party. We will ensure that the third party is correctly authorised by you to receive the requested information on your behalf.

    You also have the right, at any time, to lodge a complaint about our processing of your personal data with the relevant body regulating data protection in your country (for the European Union, details are available here). In the UK, you can lodge a complaint about our processing of your personal information with the office of the UK Information Commissioner (www.ico.gov.uk). In the US, you can lodge a complaint with your state Attorney General’s office (where applicable).

    You should be aware that when you are on the websites, you could be directed to other websites that are beyond our control. There are links to other sites from the sites that may take you outside our service. We cannot guarantee that the privacy policies of these websites meet our standards. You should read the privacy notice of any new website you go to online.

    California residents may also request certain information about our disclosure of personal data during the past 12 months, including information about the categories of information we process, the purpose of processing that data, the categories of recipients to which we disclose this information and the source of the information.  

    HOW DO I CONTACT YOU?

    If you would like further information on the collection, use, disclosure, transfer or processing of your personal data, or to exercise of any of the rights listed above, please address questions, comments and requests to our Data Compliance team at Compliance@HighRidgeAviation.com.

    CHANGES TO THIS NOTICE

    Any changes we make to this privacy notice in the future will be posted to the sites and also available if you contact us. Please check back frequently to see any changes.

    Last updated:  4th June 2024