PRIVACY POLICY

a) Identity and Contact Information

We collect personal identifiers such as your full name, gender, date of birth, nationality, photographs, and government-issued identification (passport, Aadhaar, PAN, voter ID, or similar). Contact details such as your home address, email, and phone number are also obtained to maintain communication with you. Emergency contact information may be collected for safety and regulatory reasons. We use this data to verify identity, meet regulatory checks, and keep you informed about applications, training, or employment. Identity data may also be used for access control to secure facilities.

b) Academic and Professional Data

For training and admissions, we collect your educational history, transcripts, qualifications, and certifications. Professional details may include your resume, references, work history, and industry licenses such as pilot ratings or endorsements. This information helps us evaluate eligibility, tailor training, and maintain accurate records for regulators or placement partners.

c) Sensitive and Regulatory Data

As an aviation training organization, we are required to collect regulatory information. This may include DGCA-mandated documentation, Class I/II medical fitness reports, background verification records, and in some cases biometric data for security or facility access. Sensitive data is collected strictly on a need-to-comply basis and is accessible only to authorized personnel subject to confidentiality and role-based access.

d) Technical and Online Activity Data

When you use our website, we may automatically collect information such as your IP address, browser type, device identifiers, session duration, and pages visited. Cookies and tracking technologies may also be used for analytics and website improvement. Technical data supports security (e.g., detecting unusual activity), diagnostics, and performance tuning of the Site.

e) Financial Data

We may collect information related to payments such as transaction confirmations, fee receipts, billing addresses, and tax identification numbers. However, we do not store full credit or debit card details. Financial data is used for fee processing, reconciliation, and statutory accounting/audit requirements.

f) Employment and HR Data

If you are an employee or job applicant, we may collect payroll records, benefits information, UAN/PF details, attendance, leave history, performance reviews, and separation/exit records as part of HR management. This data enables recruitment, payroll, benefits administration, performance management, and statutory filings.

a) Training and Certification – To process admissions, manage classes, track simulator usage, conduct assessments, and issue certifications. We use your information to schedule sessions, record performance, and maintain accurate training histories required by aviation regulators.

b) Regulatory Compliance – To comply with the requirements of the DGCA, ICAO, and other aviation authorities. Compliance may require sharing specific records, reports, and audit logs with authorities as mandated by law.

c) Employment and HR – To process recruitment, manage employee records, payroll, and statutory obligations. HR data supports hiring decisions, compensation, benefits, appraisals, and compliance with labor laws.

d) Communication – To respond to inquiries, send program updates, notifications, and important announcements. We contact you regarding applications, schedules, operational notices, policy changes, or urgent alerts.

e) Payments – To manage course fees, issue invoices, and maintain financial records. Transaction data is used for receipting, reconciliation, refunds (where applicable), and audit.

f) Safety and Security – To verify identity, ensure access control, and manage incidents. Access logs and ID checks help protect facilities, personnel, and equipment.

g) Legal Obligations – To meet audit, taxation, and dispute resolution requirements. Records may be retained or shared when required by courts, regulators, or auditors.

h) Improvement and Analytics – To analyze feedback, website usage, and improve our services. Aggregated analytics guide resource planning, curriculum refinements, and Site enhancements.

i) Marketing – To send newsletters or promotional content where you have consented. You can opt out at any time; marketing never conditions access to core services.

j) Archival and Research – To maintain historical training records required for aviation safety and audits. Legacy records support safety investigations, recurrent training, and regulatory requests.

a) Consent: Where you have explicitly provided your consent (e.g., for marketing communication). Consent is specific and revocable; withdrawing it will not affect processing already done lawfully.

b) Legal Obligation: Where required to comply with applicable laws or DGCA regulations. For example, we may need to retain and submit training or safety records to authorities.

c) Contractual Necessity: Where processing is required to fulfill an agreement, such as admission into a training program. Without certain data, we cannot deliver contracted services or benefits.

d) Legitimate Interests: Where we have a legitimate business interest (e.g., fraud prevention, service improvement) that does not override your rights. We balance our interests against your privacy and apply safeguards like minimization and access controls.

e) Public Interest: Where processing is necessary for aviation safety, regulatory oversight, or matters of public concern. This may include incident reporting or safety-related disclosures mandated by authorities.

a) To regulators and statutory authorities such as DGCA, ICAO, and law enforcement agencies, where required. Disclosures are made only to the extent necessary to comply with laws, audits, or safety mandates.

b) To affiliates and subsidiaries within the FSTC group for operational purposes. Centralized functions (e.g., HR, IT, finance) may process data to provide shared services.

c) To service providers such as IT hosting companies, consultants, auditors, and payment processors under confidentiality obligations. Vendors are engaged under contracts that restrict use to the services we request and require adequate security.

d) To employers and airlines, only with your explicit consent, for placement or recruitment purposes. We share limited, relevant information necessary for evaluation or onboarding.

e) To financial institutions and auditors, for compliance and reporting. This may include transaction confirmations, statements, and supporting documents.

f) To courts or government authorities, when required by law or legal proceedings. We respond to valid legal requests and protect our rights, safety, and users.

a) Training and certification records may be retained permanently for compliance with aviation regulations. Long-term retention supports safety inquiries, regulatory checks, and recurrent training validation.

b) HR and payroll records are retained in accordance with Indian labor laws. Retention periods vary by record type (e.g., payroll vs. benefits) and statutory requirements.

c) Data no longer needed will be securely deleted, anonymized, or archived. We use secure destruction standards and audit retention schedules periodically.

a) Encryption of data in transit and at rest. Encryption reduces the risk of interception or unauthorized access.

b) Secure servers, firewalls, and intrusion detection systems. These controls help prevent, detect, and respond to threats in our environment.

c) Access restrictions and role-based permissions. Only authorized personnel can view or handle specific categories of data.

d) Regular audits, penetration tests, and IT monitoring. Testing and monitoring help identify weaknesses early and improve resilience.

e) Confidentiality agreements and training for staff handling sensitive data. Personnel are trained on data handling obligations and sanctionable misuse.

a) Comply with Indian data protection laws, including the Digital Personal Data Protection Act, 2023. Transfers are limited to lawful, necessary purposes aligned with this Policy.

b) Be subject to appropriate contractual safeguards. We use agreements that impose confidentiality, security, and limited-use obligations.

c) Be limited to lawful and necessary purposes only. We share only the minimum data needed for the stated objective.

a) Right to Access: Request a copy of the information we hold about you. We will provide a summary of data, processing purposes, and categories, subject to lawful limits.

b) Right to Correction: Ask for updates or corrections if your information is inaccurate. You may request rectification of incomplete or outdated records with supporting documentation.

c) Right to Erasure: Request deletion of your personal data, subject to regulatory obligations. We will delete or anonymize data where retention is not legally required or overriding interests apply.

d) Right to Withdraw Consent: Revoke consent for processing activities where consent was the basis. Withdrawal will stop the related processing going forward without affecting prior lawful use.

e) Right to Portability: Request transfer of your data in a structured, machine-readable format (where feasible). Portability applies to data you provided to us and processed by automated means.

f) Right to Restrict or Object: Prevent processing in specific lawful circumstances. You can object to processing based on legitimate interests and request restrictions while we assess.

g) Right to Grievance Redressal: Raise a complaint with us or escalate to the Data Protection Board of India once operational. We aim to resolve complaints promptly and transparently.

a) IT and system security: Monitoring helps detect anomalies, prevent breaches, and ensure system availability.

b) Prevention of fraud and misuse: Logs support investigations and enforcement of acceptable use requirements.

c) Compliance with applicable laws: Records may be retained to demonstrate compliance or respond to lawful requests.