GDPR Compliance Statement
Effective February 1, 2019
For the benefit of sellers and buyers accessing the app.rotabull.com platform who are located in the European Economic Union (EEA), the United Kingdom and Switzerland, we provide the following statement regarding our compliance efforts with the General Data Protection Regulation (GDPR).
What Personal Information We Collect – The Rotabull platform is an online marketplace that facilitates the buying and selling of airplane parts. We collect only the minimum necessary of personal information in order to enable users’ transactions on the platform. Customers who register on the Rotabull platform will identify those employees or agents who are authorized to access the platform on the customer’s behalf. These employees or agents will need to provide their name, company affiliation, work email and work phone number. We also collect the names, company affiliation, work emails and work phone numbers of our customers’ counterparts, such as buyers of customers selling parts, to complete a transaction on the platform, although these individuals may not be registered on the platform. We do not obtain personal information about our users from other sources.
What We Do With Your Information – All personal information we collect is used only for the purpose of connecting buyers and sellers to facilitate transactions on the Rotabull platform. Our processing of your personal information is strictly necessary and proportionate for the purposes of enabling your use of the platform. We do not use your personal information for our own marketing purposes, nor do we disclose, sell, rent or otherwise make available your personal information to third parties for their marketing purposes. We also do not conduct any automatic processing using any personal information.
Payment transactions will be encrypted using current SSL technology and are managed by a third-party payment processor. We do not have access to any payment or other financial information that you provide to a payment processor.
Located In The United States – We are located in the United States and the platform and servers are maintained in the United States. Your personal information will be transferred to and processed in the United States, which has data protection laws that may be different than those in your country and may not be as protective. The United States has not sought or received a finding of “adequacy” from the European Union under Article 45 of the GDPR. Our legal basis for collecting and using your personal information is (i) to do so with your consent; (ii) where we need the personal information for performance of a contract or requested service, or (iii) where the collection and use is in our or another’s legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect the personal information in question. If we collect your personal information with your consent, you may withdraw your consent at any time. You understand and agree that we may collect, use, disclose, and otherwise process the personal information you provide even if you are located outside the United States.
Data Subject Rights – If you are a resident of the EEA, United Kingdom and Switzerland (a “Data Subject”), the GDPR provides you with the following data protection rights:
- Access your personal information
- Delete, or request deletion of, your personal information
- Object to or restrict processing of your personal information
- Request portability of your personal information to a third party
- Complain to your local data protection authority at any time
- Object to automated decision making
- Update your personal information
To exercise any of these rights, please contact us as provided below. We will respond to your request to change, correct, or delete your information within a reasonable timeframe and notify you of the action we have taken. You can also help us maintain the accuracy of your information by notifying us of any changes to your information.
Safeguards and Data Retention – We maintain appropriate physical, technical and administrative safeguards consistent with Article 32 of the GDPR. We routinely update and test these implemented safeguards.
In addition, we restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.
To register on the platform, you will be asked to provide an email and unique password. You are responsible for maintaining the strict confidentiality of your login information, especially your password.
We will retain your personal information only for as long as the relevant customer account is active or you remain an authorized user on behalf of a customer, as needed to provide the services that you request, and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Contact Us --
For questions regarding this GDPR Compliance Statement or to exercise any of your data protection rights, please contact us as set forth below: