PRIVACY POLICY

Privacy and data protection policy

Scope

Your privacy is very important to us. RGS Innovations therefor carefully considers the protection of your personal data during the different personal data processing activities.

This policy aims to tell you which personal data we collect from you, why we collect this data and how your data will be used. In addition, you can find information about your rights as a Data Subject.

The PDF version of the Privacy and Data Protection Policy of RGS Innovations can be found here.

What is personal data and data protection?

The applicable data protection legislation uses specific language and in order to help you to better understand the terminology and this policy, we will explain the most important elements below. If you want more information, you can always check out the website of the European Commission at https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_en.

Which data protection regulation is applicable?

The basic principles and obligations are documented in the General Data Protection Regulation (the famous GDPR or in legalese Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data).

Next, the ePrivacy Directive (Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector) is applicable in specific cases, such as the use of cookies.

In addition to the European regulations, the national data protection legislation still applies to the processing of your personal data. In Belgium, i.a. the Law of 8 December 1992 on the protection of privacy with regard to the processing of personal data and the Law of 13 June 2005 on electronic communications apply.

What is personal data?

Personal data is all the information about an identified or identifiable natural person, also known as the data subject (a.k.a. you). A person is considered ‘identifiable’ when a natural person can be directly or indirectly identified, in particular by reference to an identifier such as:

Data relating to race or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership and processing of genetic data, biometric data for the unique identification of a person, or data about health, sexual behaviour or sexual orientation, criminal offences or convictions are considered sensitive data. Unless an organisation can refer to one of the exceptions, the processing of these data is forbidden pursuant article 9 of the GDPR.

We at RGS Innovations, do not process any sensitive personal data. If we would at any time require these types of data for providing you with our services, we will always ask you for your explicit consent and provide you with additional safeguards.

What does processing of personal data mean?

This means any operation or set of operations which is performed on personal data (whether or not by automatic means), such as the:

Controller vs. processor

The controller is a natural or legal person that determines the purposes and means for the processing of personal data. The processor on the other hand, processes this data on behalf of and only on request and with instructions from the controller (art. 4, §7 and §8 GDPR).

RGS Innovations as controller

We act as a controller of data in the context of:

RGS Innovations as processor

We act as a processor of data in the context of working with U-space Service Providers to provide UAM solutions. In those instances, we act as a processor since our clients determine the purposes and means for the processing of your personal data. Check out their websites for the applicable privacy policies.

What are the basic principles of data protection?

Lawfulness

Personal data must be processed fairly and lawfully with respect to you. In order to process personal data lawfully, a legal basis must exist.

Pursuant article 6 of the GDPR, these legal bases are:

RGS Innovations ensures that it always refers to at least one of the above-mentioned legal bases when it processes personal data. More about our processing activities and their legal ground can be found below.

Fairness

The fairness of processing obliges us to only process your accurate (updated) data for specific, explicit and legitimate purposes. Processing incompatible with the initial purpose for which the data were collected, is not allowed.

Data minimisation is also a key principle and limits the processing to what is necessary for the purposes for which the data were collected. This also implies the processing must be limited in time.

Transparency

You as a data subject must be made aware of the following matters in clear and plain language:

Specific legislation may contain exceptions or set additional requirements which the organisation must comply with, with respect to the provision of information to data subjects. These mandatory legal provisions take precedence over this policy.

Confidentiality and integrity

Technical and organisational measures must be taken to ensure the processing of personal data can take place with the appropriate guarantees, so that the data are protected against accidental loss and against unlawful processing, destruction or damage.

What personal data do we process?

The data you actively and knowingly provide us

In principle we at RGS Innovations only process data we have received directly from you, for example when you use one of our products and you register or when you fill in the contact form at our website.

The data you provide to us by the use of our service

You might not be aware of it but by using our service you provide us with some data that might be personal (‘Observed data’), such as your location data, IP address, metadata (data that provides information about other data) and login codes and passwords.

Why do we process your personal data?

Proportionate processing

RGS Innovations only processes personal data if necessary to achieve a certain objective. That is why we use your personal data when necessary for:

Otherwise, we will make sure to obtain your explicit consent.

If you have given your consent for a specific processing purpose to RGS Innovations in order to process your data for that purpose, you can withdraw this consent at any time. We will then stop any further processing of your data for which you gave consent and will inform you of the possible consequences of your withdrawal of consent. If RGS Innovations processes your personal data for other purposes and in order to do so it refers to other legal bases, we will still be allowed to process your personal data.

Processing activities

RGS Innovations tries via its current privacy and data protection policy to provide you with this information in order to be as transparent as possible with respect to the processing of your personal data. This general policy must be read together with more specific information notes which give additional information concerning about the organisation’s specific processing purposes.

We process your personal data for the following:

To prepare or execute an agreement with you

To prepare, execute or terminate an agreement, we will need certain personal data which may vary depending on the type of contract. The retention period will depend on the type of agreement and the legal requirements.

Offering our UAM services via our products

We adhere to the principle of data minimisation. Therefore, we provide you with the possibility to use our applications anonymously. Keep in mind that some features may not be accessible when you choose this option (such as the creation of the ability to manage your drones).

When you choose to register, we need your contact details (name, mailing address, address and telephone number), location data, login code and password to offer you our UAM services and/or validate your flights.

If you use the logbook and drone management features, you can enter additional personal data in our application such as your birthdate, possessions (drones), licenses, photographs of drones, etc. We process these data based on legitimate interests. These data are stored as long as necessary for the processing purpose. With regard to the importance in litigations or other procedures, your data is stored for two years after the termination of our service. If you are a paying customer, legal retention periods are applicable which imply a retention period of seven years.

To send direct marketing communications

Sending out our newsletter or other direct marketing communications will only occur based on your explicit consent. Based on our legitimate interest we may also process your profession in order to send you more personal and relevant information. You may unsubscribe at any time.

To inform you about our products/ services

If you ask us for more information via the contact form on our website or by telephone, we need to process your contact information in order to provide you with this information. We will only use this data to provide you with the requested information based on our legitimate interest. For direct marketing communications afterwards, we will ask your consent.

To enhance security

We may use your personal data to enhance the security of our networks and information systems based on our legitimate interest. This means we can monitor your access to our networks and systems and collect some metadata.

In our offices several surveillance cameras are installed to guarantee the safety of our personnel or property. These images are only processed with regard to this security objective and deleted after one month. In addition, we also require visitors to register. For security reasons, this data is stored for one year.

To improve our products

In order for RGS Innovations to improve our products and to understand how people interact with them, we may process your data on the use of our products based on our legitimate interest. For example, we collect data on how many times you have accessed your account.

If we wish to use your data for statistics, we will anonymise this data first.

How do we process your personal data?

Principles

We, at RGS Innovations, ensure that your personal data shall be processed:

Example

We will not ask your personal data in order to validate your flight (purpose A) and use it afterwards to send you newsletters (purpose B). In this specific case, we would first ask your consent to do so.

Example

If we wish to use your data for statistics, we will anonymise them as much as possible.

Example

RGS Innovations has defined a retention policy.

Webform

RGS Innovations shall process your personal data in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and other applicable regulations.

In order for RGS Innovations to contact you via this webform, RGS Innovations needs your name, business email, company, IP address, date and time you land on the webpage, browser signature, operating system, device type.

By clicking submit, you ask RGS Innovations to contact you, therefore RGS Innovations processes these data based on the legitimate interest of networking and growth of its business.

RGS Innovations will retain your data for five years.

You have the right to access, rectify, erase or restrict the processing of your personal data, as well as the right to object.

Technical and organisational measures

RGS Innovations is committed to keeping your information as secure as possible. Therefor we have implemented various technical and organisational measures (art. 25, §2 GDPR) to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, etc. We have, when choosing the proper security measures, considered the nature, context, purpose and scope of the processing, the possible risks when processing the personal data, the costs for the implementation of the measures and the state of the art. It is however important to remember that the internet is an open system and we cannot guarantee that unauthorised third parties will never be able to defeat those measures or use your personal data for improper purposes.

Nevertheless, we at RGS Innovations commit ourselves to keep updating and reviewing these measures so that we can offer your personal data an appropriate safety level. You can help us with this by regularly updating the RGS Innovations software as well as other software installed on your devices.

These measures are applicable to the physical access to personal data, access to the personal data via computers, servers, networks or other IT hardware and software applications and databases. Examples of these measures include but are not limited to: the appointment of a Data Protection Officer, Data protection policy and management, retention policy, incident response plan, processor management, regular evaluations of policies, storage of data in controlled facilities with limited access (by e.g. physical access control), confidentiality obligations and awareness trainings for employees, role-based access control systems.

The organisation shall ensure that the third parties that receive personal data from the organisation will comply with the applicable data protection legislation and this policy.

Your rights as a data subject

RGS Innovations adheres great importance to your privacy rights and therefor complies with reasonable effort with these rights, considering the legal limitations in exercising them.

Right of access

Pursuant article 15 of the GDPR, you have the right to obtain confirmation from the organisation of whether or not your personal data are being processed. If your data are being processed, you may request the right to consult your personal data as used/stored by the organisation.

RGS Innovations shall inform the data subject about the following:

RGS Innovations shall also supply a copy of the personal data that are being processed. For any further copies requested by the data subject, the controller may charge a reasonable fee.

Right to rectification

When you establish that RGS Innovations has incorrect or incomplete data about you, you always have the right to inform us of this fact so that appropriate action can be taken to rectify or supplement these data. It is the data subject’s responsibility to provide correct personal data to the organisation (article 16 GDPR).

Right to be forgotten

You as a data subject can ask to have your personal data erased pursuant article 17 of the GDPR if the processing of this data is not in accordance with the data protection legislation and within the limits of the law.

Right to the restriction of processing

You may ask to have the processing restricted (article 18 GDPR) if:

Right to data portability

You have the right to obtain your personal data which you provided to the organisation in a structured, commonly-used and machine-readable format pursuant article 20 of the GDPR. You have the right to have those personal data transmitted to another controller (directly by the organisation).

This is possible if you have consented to the processing and if the processing is carried out via an automated process.

Right to object

When personal data are processed for direct marketing purposes (including profiling), you can always object to this processing.

You can also object to processing due to a specific situation regarding yourself as the data subject. RGS Innovations shall stop processing the personal data unless we demonstrate compelling legitimate grounds for the processing which overrides the interests of the data subject or for the exercise or defence of legal claims (article 21 GDPR).

Automated individual decision-making

Since RGS Innovations does not make automated individual decisions, this paragraph is only meant to inform data subjects of the full range of actions that can be taken under article 22 of the GDPR.

You as a data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you such as by evaluating personal aspects with respect to the performance of work, reliability, creditworthiness, etc.

This right not to be subjected to such automated decision-making does not exist when the decision is permitted by a mandatory legal provision.

Nor may you invoke this right when the decision is necessary for entering into, or the performance of, a contract between the data subject and the organisation or is based on the data subject's explicit consent. In these last two cases, you do have the right to obtain human intervention from someone at the organisation and you have the right to make your point of view known and to challenge the automated decision process.

The right to withdraw consent

If you have given your consent for a specific processing purpose to RGS Innovations in order to process your data, you can withdraw this consent at any time by adjusting your privacy settings or by sending an e-mail to office@urbanDrone.eu

Procedure for exercising your rights

You may exercise your rights by:

Since we want to make sure you are really you, we can ask you to identify yourself. That way we can ensure that it is indeed the data subject requesting to exercise his or her rights.

If you have any questions about the application of the principles or the organisation’s (legal) obligations, you can always contact the Data Protection Officer via office@urbanDrone.eu.

In principle RGS Innovations shall respond to the data subject’s request within one month. If not, we shall inform you why the request received no response or why it did not receive a response in good time. RGS Innovations shall take the necessary measures to inform the receivers of the data subject’s personal data about exercising the right to correction, right to erasure or the limitation of processing by the data subject.

Exercising your rights is in principle free, but in the event you exercise of multiple and/or unreasonable requests, we can ask a reasonable fee.

Do we share your personal data?

In some cases, it may be necessary to transfer your personal data to third party receivers. However, your personal data will not be sold or rented to third parties.

e can share your personal data, based on our legitimate interest, to third party providers who help us with our products and services. Examples include third parties hosting our web servers, providing marketing assistance, and providing customer service. These processors will have access to your personal data but only when strictly necessary to perform their functions on instructions from RGS Innovations and they may not use that data for any other purpose.

Our Processor Management implies that we make sure these processors also comply with the legal requirements pursuant data protection legislation and observe the necessary security measures when transferring the data and with respect to the receivers, in order to guarantee the confidentiality and integrity of the personal data. Processing agreements containing obligatory clauses are conducted with our processors.

We can also share your personal data with any third party you have asked us to share your personal data with, such as Facebook or any other social media site you have asked us to connect with your account.

We may disclose your personal data to enforce our policies, to comply with our legal obligations or in the interests of security, public interest or law enforcement in any country where we have entities or affiliates. For example, we may respond to a request by a law enforcement agency or regulatory or governmental authority. We may also disclose data in connection with actual or proposed litigation, or to protect our property, security, people and other rights or interests.

In the event that the business of RGS Innovations is sold or integrated with another business, your details will be disclosed to any prospective purchaser’s adviser and will be transferred to the new owners of the business. In this case, we will implement the appropriate safeguards to ensure the integrity and confidentiality of your personal data. However, use of your personal information will remain subject to this Policy.

Transfer to third countries

It is also possible for the organisation to transfer your personal data to parties (processors) that are based in third countries, these are countries outside the European Economic Area (i.e. The European Union, Norway, Iceland and Liechtenstein).

Such a transfer is possible if the country where the receiver offers sufficient legal guarantees to protect your personal data and which the European Commission has assessed as being adequate.

In other cases, the organisation has concluded a standard contract with the receiver so that equivalent or similar protection to that offered in Europe is offered. RGS Innovations ensures to have such safeguards in place when transferring your data to third countries.

Website and apps

We use cookies to process data such as your IP address, the type and language of your browser, the brand and type of equipment you are using, the time and duration of our website/app use, the webpage from which you reached our website, the actions you undertake such as clicking on links and so on. We use these data to improve and personalise our products, services and website, to provide services, to communicate with you and to provide you with information based on our legitimate interests.

We monitor traffic patterns on the website and gather broad demographic information for aggregate use to analyse trends and administer the website. This enables us to improve its layout and design and permits for website personalisation and streamlining to create the best experience we can for our users.

In order to perform analysis permitting such personalisation and improvement of site design and user experience, we may employ suitable third parties with whom we share the information necessary to accomplish these objectives. Where appropriate, we share aggregated statistical information with our business partners. These statistics however, include no personally identifying information.

You may also choose to provide additional/optional information when completing forms on our website or when communicating with us by telephone, e-mail or at trade fairs or events.

Cookies

What are cookies?

Cookies are text files which contain small pieces of information, sent by a web server to a web browser which allows the server to store different types of information on the web browser’s device. They will be stored on your computer, tablet or phone when you visit a website. Cookies may contain identifying information.

Some features of the website are designed to give you a better online experience on it and although you will still be able to use our website, we will be unable to provide you with the personalised experience we can offer using the cookie data if you reject cookies. We also use cookies to collect information about your online preferences and to gain information about the use of the websites. This information may be analysed by third parties on our behalf.

Categories of used cookies

We use the following categories of cookies on our website: We are not using cookies on our website.

More information and Data Protection Officer

RGS Innovations has appointed a Data Protection Officer (‘DPO’) who is independent in the performance of his or her tasks with respect to the protection of personal data. This means that he or she is not bound by instructions from managers in the performance of his or her tasks. The DPO will, in addition to advising the company, also supervise the company’s compliance with data protection legislation, this policy and any other related policies.

If you wish to obtain more information regarding the processing of your personal data or your rights, please contact our DPO.

Data Protection Officer: Slobodan Andric

E-mail: office@urbanDrone.eu

Telephone: +381 63 210055

Audit and review

The organisation reserves the right to adjust and review this policy when it deems necessary and to remain coherent with the legal obligations and/or recommendations of the competent supervisory authority for data protection.

The organisation shall inform the data subject when it is impossible for it to comply with this policy due to mandatory legal provisions which are imposed upon the organisation.

Entry into force

This policy applies as of May 25th, 2018.

Download the Privacy Policy

You can download the Privacy Policy here.