Privacy policy

COMPAGNIE DAHER, a French public limited company (« Société Anonyme ») registered under number 054 807 284 with the Marseille Trade and Companies Register, having its registered office at 59 boulevard Perier, 13002 Marseille (France), and its subsidiaries in France and abroad (hereinafter referred to as “DAHER”), may process personal data (“Personal Data”) in the course of its business activities.

This Privacy Policy (the “Policy”) describes how DAHER collects, uses, and processes your Personal Data in accordance with applicable regulations. DAHER values your privacy and is committed to protecting and upholding your data privacy rights.

This Policy applies to Personal Data that we collect from our clients, suppliers, service providers in the context of executing all types of commercial contracts. It also applies to Personal Data of employees within the Group for human resources management, users of our various websites, individuals applying for job offers, and any other persons with whom we legitimately interact as part of DAHER Group’s activities.

In accordance with applicable data protection legislation (including the General Data Protection Regulation (Regulation (EU) 2016/679, known as the “GDPR”) and the amended French Data Protection Act No. 78-17 of January 6, 1978, or any other applicable national law (collectively, the “Regulations”)), Compagnie Daher S.A., or one of its subsidiaries, acts as the Data Controller.

DAHER may update this Policy from time to time. We encourage you to visit this page regularly to review any updates.

This Policy applies in all countries where DAHER operates, although local data privacy approaches may vary slightly.

This Policy is intended to apply to all DAHER Group subsidiaries, both in France and abroad.

1. SCOPE OF THIS PERSONAL DATA PROTECTION POLICY

This Policy outlines the principles and guidelines for the protection of your Personal Data.

The term « Personal Data » refers to any information relating to an identified or identifiable natural person, either directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the individual’s physical, physiological, genetic, mental, economic, cultural, or social identity.

2. Data Collected

The types of Personal Data we may collect vary depending on the purpose of processing. The main objective is to identify individuals in connection with their relationship with DAHER.

In all cases, the Personal Data collected will be limited to what is necessary for the purposes described in Section 4 below.

Note for visitors and users of our websites
(www.daher.com; https://kodiak.aero; https://www.tbm.aero; https://login.daher.com; https://specialmissionaircraft.daher.com; https://parts.daher.aero/s):
Certain features and functionalities of our websites can only be used if specific Personal Data is provided. Users are free to choose whether or not to provide such information. However, if a user chooses not to provide the requested data, it may affect our ability to meet the objectives described in Section 4, and some services or features of our websites may not function properly and/or access to certain pages may be restricted.

Customer Data:

We collect limited data about our clients. Typically, we need contact information for representatives within the client or prospect company (such as name, job title, phone number, and email and postal addresses) to fulfill our contractual obligations or to communicate with a prospect, including for commercial proposals. During customer satisfaction surveys, we may also collect information regarding the client’s needs or constraints to ensure our marketing communications are relevant and timely. Additional information may also be collected if provided voluntarily by client contacts. In certain circumstances, when interacting with specific services or departments, phone calls may be recorded, in accordance with applicable local laws and requirements.

Supplier and Service Provider Data:

We also collect data about our suppliers and service providers. To effectively manage business relationships, we gather information about representatives within supplier or service provider companies, such as name, job title, phone number, and email and postal addresses. Additional information may be collected if voluntarily shared with us.

Employee and Candidate Data:

For individuals applying for positions at DAHER, we may collect various types of information to assess applications, including identity, contact details, professional experience, qualifications, and motivations.

DAHER also collects all necessary information for human resources management, including identity, civil status, contact details, work history, diplomas, bank details, social security number, payroll, and administrative information in accordance with legal and regulatory requirements.

Website User Data:

We collect data from users of our websites to improve the user experience and manage the services we provide. This includes how the websites are used, the frequency of access, browser type, access location, preferred language, and peak visit times.

3. Protection of Children’s Personal Data

DAHER’s products and services are intended for use by adults only and are not designed to be marketed to minors. Accordingly, DAHER does not knowingly collect or retain Personal Data from children under the age of majority, except in cases where such information is collected as part of the company’s internal personnel management processes.

4. Purposes of Collecting Personal Data

Personal Data is collected to support DAHER’s business activities, such as the execution of contracts with clients, suppliers, and other third parties; to serve DAHER’s legitimate interests; to comply with legal obligations; and for recruitment and employee management purposes.

DAHER collects and uses Personal Data specifically for the following purposes:

  • Allow individuals to request and obtain information about DAHER, its products, and services;

  • Prepare and submit commercial proposals; participate in tenders;

  • Manage the commercial and contractual relationship (e.g., orders, quotes, invoicing, delivery of equipment, technical support, handling of technical disputes);

  • Conduct customer satisfaction surveys;

  • Promote our services to existing clients and prospects;

  • Invite clients or prospects to events organized by DAHER at trade shows, seminars, or professional gatherings;

  • Issue calls for tenders and manage supplier, subcontractor, and service provider relationships;

  • Conduct quality audits;

  • Fulfill contractual obligations;

  • Enforce our legal rights;

  • Process spontaneous or application-based job candidacies;

  • Manage DAHER’s human resources;

  • Handle data subject requests;

  • Comply with legal obligations;

  • Serve any other purpose related to DAHER’s business activities.

Subject to local applicable law, by providing your email address, you expressly authorize DAHER and its subsidiaries to use it—along with other relevant Personal Data—to send you promotional or institutional messages.

Where appropriate and in accordance with local laws and requirements, we may obtain additional information through third-party market research or media analysis (online and offline), whether conducted internally or by third-party providers.

5. Cookie Policy

What is a cookie?

A “cookie” is a small data file stored on your device’s hard drive that records your browsing activity on a website. When you return to that website, it may present customized options based on the information stored from your last visit. Cookies can also be used to analyze website traffic and for advertising or marketing purposes.

Almost all websites use cookies, and they do not harm your system. You can check or modify which cookies you accept by changing your browser settings.

How do we use cookies?

We use cookies for the following purposes:

  • To track statistical data about how our site is used. This helps us understand how you interact with the site and identify usage trends across individuals or larger groups. This information allows us to develop and improve our site and the services we offer in response to our visitors’ preferences and needs.

Types of cookies used:

There are two main types of cookies:

  • Session cookies: These are temporary cookies stored on your computer only during your web session and are deleted automatically when you close your browser. They usually store a session ID allowing you to navigate the site without having to log in again on each page. They do not collect any information from your computer.

  • Persistent cookies: These cookies are saved as a file on your computer and remain there after you close your browser. They are readable by the site that created them when you return to that site. We use persistent cookies for Google Analytics and personalization purposes.

Cookies can also be categorized as follows:

  • Strictly necessary cookies: These cookies are essential for the proper functioning of our website and cannot be disabled. Without them, the services you request (e.g., navigation, secure access) cannot be provided. These cookies do not gather information that could be used for marketing purposes or to track your internet browsing.

  • Performance cookies: These cookies help us monitor and improve the performance of our website. For example, they allow us to count visits, identify traffic sources, and see which parts of the website are most visited.

  • Functionality cookies: These cookies allow the site to remember the choices you make (e.g., username, language, country) and provide enhanced features. They may also be used to remember changes you’ve made to text size, fonts, or other parts of web pages you can customize, as well as to provide services such as video playback or blog commenting. The information these cookies collect is usually anonymized.

  • Personalization cookies: These cookies allow us to offer information on leasing solutions or content that may be of interest to you. These are persistent cookies (as long as you remain registered with us), which means that when you return to the site, you may see offers similar to those you previously viewed.

6. Data Recipients, Processing Conditions, and Retention Period of Personal Data

6.1 Recipients of Your Personal Data

The recipients of your Personal Data are the relevant departments of the data controller, i.e., Compagnie DAHER or, where applicable, one of its subsidiaries.

Our partners may also be recipients of your Personal Data.

DAHER may also engage trusted third parties, such as IT service providers, who may process your Personal Data on our behalf.

Finally, DAHER may share Personal Data with other DAHER Group subsidiaries.

Some of these trusted third parties may be located outside the European Union. Where necessary, appropriate safeguards have been implemented, including the use of standard contractual clauses approved by the European Commission.

6.2 Definition of “Processing”

« Processing » of Personal Data includes, but is not limited to, the use, storage, recording, transfer, adaptation, analysis, modification, declaration, sharing, and destruction of Personal Data as necessary in accordance with the circumstances or legal requirements.

6.3 Data Retention Period

We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected and processed.

7. Transfer of Personal Data

Your Personal Data may be transferred and processed in countries other than the country where you initially provided the data. These countries may not have the same level of data protection as your country.

However, whenever your Personal Data is transferred outside the European Union or to countries that do not ensure an adequate level of protection, DAHER ensures appropriate safeguards are in place to protect your data in accordance with applicable laws.

These safeguards may include:

  • Standard Contractual Clauses approved by the European Commission,

  • Binding Corporate Rules within the DAHER Group,

  • Specific agreements with third-party processors.

If you wish to obtain more information about the specific transfer mechanisms used or a copy of these safeguards, please contact DAHER using the contact details provided in this notice.

8. YOUR DATA RIGHTS

8.1 Below is a list of your rights regarding the Personal Data that we process as the data controller:

Right to Object:
You may object at any time to the processing of your Personal Data.
Your objection request will be handled promptly, and we will cease the activity to which you object. However, we reserve the right not to cease the relevant activity if:

  • we can demonstrate compelling legitimate grounds for processing that override your interests; or

  • we are processing your data for the establishment, exercise, or defense of legal claims.

If your objection relates to direct marketing, we must comply with your request and cease this activity concerning you.

Right to Withdraw Consent:
If we have obtained your consent for the processing of your Personal Data for activities requiring such consent, you may withdraw it at any time. We will cease the relevant activity unless we consider there to be another legal basis for continuing the processing, in which case we will inform you.

Right of Access:
You may at any time request confirmation of the information we hold about you and request modification, updating, or deletion of such data. We may ask you to verify your identity and provide further information regarding your request.
We will not charge you for accessing your data unless your request is « manifestly unfounded or excessive. » Reasonable administrative fees may apply for additional copies where legally permissible.
We may also deny your request where permitted by law and will always justify such a denial.

Please note that in certain countries where we operate, local legal requirements regarding data subject access requests may apply, and we may lawfully refuse your request in accordance with such laws.

Right to Erasure (Right to be Forgotten):
You may request the deletion of your Personal Data under certain circumstances.
Generally, your request must meet one of the following criteria:

  • the data is no longer needed for the purposes for which it was collected and/or processed;

  • you withdraw your consent, and there is no other lawful basis to continue processing;

  • the data has been processed unlawfully;

  • the data must be deleted to comply with legal obligations;

  • you object to processing based on legitimate interests, and we cannot demonstrate overriding legitimate grounds.

Please note that legal obligations in some jurisdictions where we operate may restrict the right to erasure.

We may refuse to comply with your erasure request if necessary:

  • to exercise the right to freedom of expression and information;

  • to comply with a legal obligation;

  • for reasons of public health in the public interest;

  • for archival, research, or statistical purposes;

  • to establish, exercise, or defend legal claims.

If we respond to a valid erasure request, we will take all practical steps to delete the data.

Right to Restrict Processing:
You have the right to request that we restrict the processing of your Personal Data under certain circumstances. This means we may only store your data and process it further in limited situations such as:
(i) resolving one of the scenarios below,
(ii) with your consent, or
(iii) for legal claims or for reasons of important public interest.

You may request restriction in the following cases:

  • You contest the accuracy of the data – processing is restricted while we verify accuracy;

  • You object to processing based on our legitimate interests – restriction applies while we assess our justification;

  • The processing is unlawful, but you prefer restriction to deletion;

  • We no longer need the data, but you require it for legal claims.

If we have shared your data with third parties, we will inform them of the restriction unless this proves impossible or involves disproportionate effort. We will notify you before lifting any restriction.

Right to Rectification:
You may ask us to correct inaccurate or incomplete Personal Data we hold about you. If we have shared such data with third parties, we will inform them of the correction unless it is impossible or involves disproportionate effort.
Where applicable, we will also inform you of the third parties involved. If we believe it is reasonable to deny your request, we will explain our reasoning.

Right to Data Portability:
You have the right to transfer your Personal Data from one data controller to another. In practice, this means you can transfer your data to another online platform.
To facilitate this, we will provide your data in a readable format. This right applies to Personal Data that:

  • is processed automatically (i.e., without human intervention),

  • was provided by you,

  • is processed based on your consent or a contract.

Right to Define Post-Mortem Instructions:
In France, you also have the right to define instructions regarding the handling of your Personal Data after your death.

Right to Lodge a Complaint with a Supervisory Authority:
You may also lodge a complaint with your local supervisory authority. In France, this is the Commission Nationale de l’Informatique et des Libertés (CNIL), which you can contact online (www.cnil.fr) or by post.

8.2 It is important that the Personal Data we hold about you is accurate and up-to-date. Please inform us of any changes during the time we hold your data.

8.3 To exercise your rights, you may contact DAHER using the contact details listed in section 11 below.

9. DATA SECURITY AND RECIPIENTS

If you suspect any misuse, loss, or unauthorized access to your Personal Data, we encourage you to inform us as soon as possible.

DAHER has implemented appropriate Personal Data protection measures to ensure that such data is used in line with the purposes outlined above and to maintain its accuracy and currency.

We are committed to taking all reasonable and necessary steps to protect the Personal Data we hold from misuse, loss, alteration, disclosure, destruction, or unauthorized access. To achieve this, we use a range of appropriate technical and organizational measures. These may include steps to respond to suspected data breaches.

As all Personal Data is confidential, access is restricted, as specified in section 6.1 above, to DAHER Group employees, service providers, and agents who require it to perform their duties. Anyone with access to your Personal Data is bound by a confidentiality obligation and may face disciplinary and/or other sanctions for failing to comply with these obligations.

10. DISPUTE RESOLUTION

Although DAHER has taken reasonable steps to protect Personal Data, no transmission or storage technology is completely infallible.

Nevertheless, DAHER is committed to ensuring the security of Personal Data. If you believe that your Personal Data has been compromised or misused, you are encouraged to contact DAHER using the details provided in section 11 below.

DAHER will investigate any complaints related to the use and disclosure of Personal Data and will seek to resolve them in accordance with the principles outlined in this Policy.

Unauthorized access to or misuse of Personal Data may constitute a violation of applicable local laws.

11. CONTACT

If you have any questions regarding this Policy, if you no longer wish to receive information from DAHER, or if you wish to exercise any of your rights as outlined in section 8 above, you may contact the DAHER Group at the following addresses:

  • By mail:
    Data Protection Officer – DAHER
    Immeuble Belaia, 7 avenue de l’Union
    94390 Orly, France

  • By email:
    DPO@daher.com

12. REVISIONS TO THE PERSONAL DATA PROTECTION POLICY

This Policy may be updated as needed by DAHER and in accordance with circumstances or legal and regulatory requirements.
We therefore encourage you to review it regularly for any updates.