Last Updated: June 10, 2020
Meta Aerospace Management LLC, a company incorporated under the laws of the United States, having its principal address at 1054 31st Street NW, Suite 215, Washington, DC, 20007, and its affiliates (“Meta,” “we,” “us,” “our”) are committed to protecting and respecting your privacy, and we aim to be clear about how we use personal data. When we use the term “personal data”, we mean any information about an individual from which that person can be identified.
For purposes of the EU General Data Protection Regulation (“GDPR”), we are the data controller for all personal data we collect.
Meta Aerospace Management LLC
1054 31st Street NW, Suite 215
Washington, DC 20007
Through our business dealings and other interactions with you, we may collect the following categories of personal data directly from you or from the business, you represent:
• Contact details such as your name, mailing address, telephone number, or email address.
• Correspondence and communications with you or the business you represent.
Please note that if you do not provide us with your personal data, we may not be able to comply with our legal obligations or manage our business. We will tell you when we ask for information that is required to fulfill a statutory or contractual requirement, or needed to comply with our other legal obligations.
For more information on the types of personal data we collect, please review Section 1 of our Privacy Statement.
Purpose for Processing Your Information
We will collect, hold, and process Relevant Individuals’ personal data for the following purposes:
• To interact with Relevant Individuals as part of professional dealings with the businesses and corporate entities they represent.
• To ensure proof of identity for anti-money laundering Know Your Customer requirements.
For more information on how we use personal data, please review Section 2 of our Privacy Statement.
If the processing of your personal data is subject to the GDPR, we ensure that we have identified a legal basis for doing so, including:
• Contract. Depending on the circumstances, we may need to process your personal data for the performance of a contract to which you are a party.
• Legitimate Interest. This processing of personal data is necessary for our legitimate business interest in managing and promoting our business, provided, that our interest is not overridden by your interest. In identifying this basis, we have weighed our legitimate interest as a business against your rights and freedoms and have determined that it will not unfairly impact your rights. If you would like further information on how we balanced these interests, you can contact us using the details provided in Section 1 above.
• Legal Requirements. We may need to process your personal data in order to comply with certain legal and regulatory requirements.
• Consent. We may also process your personal data with your consent, as required. You have the right to withdraw this consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdrew your consent.
Please note that you have the right to object to the processing of your personal data where that processing is carried on for our legitimate interest. For more information, please review Section 8 below.
It may be necessary for us to share your personal data with third parties, including:
• Any member within our group of related companies, including subsidiaries, our parent companies, and their subsidiaries (please see our Privacy Statement for a list of these entities).
• A third party that provides a service to us, including service providers that provide sanction checks in respect of Relevant Individuals in connection with the Office of Foreign Control (OFAC).
• A third party where we are under a duty to disclose or share your personal data in order to comply with any legal obligation.
• A third party where it is necessary to protect the vital interests of the data subject or another natural person.
• A third party where it is necessary for our legitimate business interests to protect the rights, property, or safety of Meta, our clients, customers, or others.
• Other support service providers necessary to support Meta in its services, including external legal counsel.
For more information on the types of third parties to whom we may disclose your personal data, please review Section 4 of our Privacy Statement.
Meta is a U.S.-based company, and as such, your personal data may be transferred, stored, or otherwise processed in the United States and other locations. When you or the business you represent provide personal data to us from outside of the U.S., please be aware that we will receive and process it in the U.S. and that U.S. data protection laws may be different from those of your country of residence. We may transfer the personal data we collect to other countries where we do business, which may not have the same data protection laws as the country in which you originally provided the data. To the extent required by applicable law, when we transfer your personal data to recipients in other countries, we will take measures to protect that information.
Data will be stored for as long as required to satisfy the purpose for which the data was collected and used, unless a longer period is necessary to fulfill our legal obligations or, for the exercise or defense of legal claims.
Where we process your personal data for the purpose of corresponding with you for our legitimate interests in managing our business, we will retain personal data for as long as it is necessary to enable us to conclude our business and professional dealings. The criteria we use to determine the duration of the retention will be the duration of our engagement and whether the nature of the engagement is such that it is likely that we will need to interact on a regular basis.
Where we enter into a contract, we will retain the personal data obtained pursuant to that contract for as long as necessary to:
• Perform our obligations under the contract;
• Comply with our legal obligations (e.g., the anti-money laundering regulations); and
• Exercise our legal rights and defend legal claims.
Typically, this will require that we hold such data for a period of seven years from the date on which the contract is terminated.
If you have any further queries in relation to our data retention procedures, please contact us at the address provided in Section 1 above.
We will not process your data in such a way as to make solely automated decisions about you that will have a legal or similarly significant effect.
It may be necessary for us to provide your information to third party processors who will engage in an automated process of sanctions checks with respect to Relevant Individuals in connection with OFAC. The results of this automated process will be reviewed before a decision is made. We undertake these checks to protect our business against fraud and to ensure that we do not engage in any activity that would infringe upon our legal and regulatory obligations.
Where we engage in profiling of this nature, you have a right to object and can raise such an objection by contacting us as the address provided in Section 1 above. We note that, as set out in Section 2 of this Business Contact Policy, if you refuse to allow certain types of data processing, we may not be able to comply with our legal obligations or manage our business, and accordingly may not be able to engage with the business you represent.
We take reasonable steps to keep your personal data accurate and complete. You may contact us using the information provided in Section 1 above with “Relevant Individual Rights Request” in the subject line to request access to, modification, or deletion of personal data you have provided to us. Please note that we will maintain personal data in our database whenever we are required to do so by law, for necessary operational reasons, or to maintain uniform business practices.
If you are an EU data subject, please review the below section for an explanation of your rights under the GDPR.
EU Data Subject Rights
If the processing of your personal data is subject to the GDPR, you have the right to do the following with respect to your personal data:
• Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
• Request correction of the personal data we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal data in certain circumstances, for example, where we no longer need it or you have withdrawn your consent. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below). Please note that, upon receiving a request from you to erase your personal data for any of the above reasons, we will endeavor to remove as much data as is legally allowable. If we are unable to comply with your request to erase personal data, we shall tell you in writing what personal data we have continued to retain, the reasons for retaining it, and how long we expect to retain it for.
• Object to processing of your personal data. This enables you to object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation that makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
• Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in certain circumstances, for example, if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal data to another party. This enables you to request that we transmit your personal data to another party without hindrance, or to give you a copy of it so that you can transmit it to a third party, where technically feasible.
• Withdraw consent. Where you have provided your consent to our processing, you have the right to withdraw it at any time.
You also have the right to lodge a complaint with the relevant Data Protection Authority in the country of your residence, your place of work, or place of an alleged infringement, if you believe that the processing of your personal data infringes upon the GDPR.
If you wish to exercise your rights under the GDPR, you may submit a request by emailing us at firstname.lastname@example.org with “Relevant Individual GDPR Request” in the subject line or using the other contact information provided in Section 1 above.
For a full summary of your rights under the GDPR, please review Section 6 of our Privacy Statement.