Privacy Policy


This Privacy Policy (the Privacy Policy) covers the processing of personal data performed by UAB “BAA Training”, legal entity code 300618099, address Dariaus ir Girėno g. 21, 02189 Vilnius, Lithuania, phone No. +370 5 252 55 36, [email protected], as a data controller (“Us” or “We”) in running of Peer Support Programme.

This Privacy Policy sets out the basic rules for the collection, processing and storage of your personal data and other information related to you, including the scope, purposes, sources, recipients of your personal data and your rights as a personal data subject and other important aspects of your use of PSP (as defined below), provided by us, and the usage and browsing of the website This information is important, so please read it carefully.

The term “personal data” (the “Personal Data”) in this Privacy Policy means any information about you relating to you as a natural person, a data subject whose identity is known or can be directly or indirectly identified through the use of certain data (e.g. name, surname, address, telephone number, etc.).

A Peer Support Programme (the “PSP”) is defined as a system whereby a pilot needing help can get support with mental wellbeing or life stress issues from a dedicated and trained colleague (peer) in a confidential manner; the system is also accessible to family, colleagues or friends of a pilot who have serious concerns about his/her mental wellbeing and fitness to fly.

Peer (the “Peer”) is a pilot who is a part of PSP, supports his fellow pilots, does not hold managerial position in the airline, and is trained in basic listening and counselling skills.

In processing the personal data, we responsibly comply with the regulation No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR”), the Law on the Legal Protection of Personal Data of the Republic of Lithuania, and other directly applicable legal acts regulating the protection of personal data, as well as instructions from competent authorities.

In the event that you provide us with personal information other than your own (for example, you are reporting to us about the colleague/ family member/ friend you are concerned about), please inform them of this Privacy Policy and its content.

If you have any questions regarding this Privacy Policy or requests regarding the processing of your personal data, please contact our Data Protection Officer by email: [email protected]

By visiting our website and/or using the information contained therein and/or our services, you acknowledge and confirm that you have read and understood this Privacy Policy.


This Privacy Policy is designated to persons who use or intend to use PSP or visit the website (the „Data subjects“ or „You“).

The terms and conditions of the Privacy Policy apply to you every time you access the content and/or the service we provide, regardless of which device (computer, cell phone, tablet, etc.) you are using.


When processing your personal data, we:

  • comply with current and applicable legislation, including the GDPR;
  • process your Personal Data in a lawful and transparent manner;
  • collect your Personal Data for specified, clearly defined and legitimate purposes and will not continue to process it in a way incompatible with those purposes, except to the extent permitted by law;
  • take all reasonable steps to ensure that Personal Data which are inaccurate or incomplete, having regard to the purposes for which they are processed, will be rectified, supplemented, suspended or destroyed without delay;
  • keep it in such a form that your identity can be established for no longer than is necessary for the purposes for which the Personal Data are processed;
  • will not disclose Personal Data to third parties except as provided in the Privacy Policy or applicable laws;
  • ensure that your Personal Data is processed in such a way as to ensure the appropriate security of Personal Data through appropriate technical and organizational measures, including protection against unauthorized or unlawful processing of Personal Data and against unintentional loss, destruction or damage. Contact details of our Data Protection Officer: [email protected].


The categories of processed Personal Data. What kind of categories of Personal Data we process?  The purpose of the processing of Personal Data. Why we process personal data?
Your Name (may be real or pseudonym, depending on your preference and the source from where it is received). For your identification and communication with you.
Your phone number and e-mail address. For getting in touch with you
Name of your organisation (airlines, aviation academy). For meeting your preference concerning the Peer‘s organization.

For provision of feedback to your organization.

Summary of communication with you (the essence of the problem, what was agreed during the consultation, number of consultations carried out, the status of the case (open or closed)). For tracking statistics about effectiveness of the PSP, for the provision of feedback to your organization.
Information on your mental health and/ or information about your issues of substance abuse. For provision of appropriate advice and assistance to you, for assessing potential threats to air safety and taking actions to ensure it.

If you do not provide Personal Data, the provision of which to us is necessary for the performance of the PSP, we will not be able to provide you with services.


Our use of your Personal Data will always have a lawful basis. Most commonly, we use your Personal Data where:

  • we have your consent (for example, in cases where you approach to us and wish to use PSP services, we will ask for your consent before starting to process your Personal Data);
  • it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (for example, in certain cases when we would receive your name and contact data from airlines or someone who is concerned about you in order for us to offer you a PSP service);
  • it is necessary for reasons of substantial public interest (for example, in certain cases when we would receive data about you from airlines (in case of your positive psychoactive test result after psychoactive substance testing carried out by the airline) or mental health related data about you from someone who is concerned about you; or would provide your mental health related data to airlines (only in cases when threat to public or air safety would be presumed)).


We will usually process your Personal Data submitted by you to us by filling in the application form in our website

In some other cases we might receive information about you from:

  • psychiatrist (to whom your Personal Data we can provide in order for him to consult you only having your consent);
  • your organisation (airlines) (in case of your positive psychoactive test result after psychoactive substance testing carried out by the airline);
  • people close to you (your family or friends in case of their concern for your mental wellbeing).


We assume the obligation of confidentiality with the highest respect to you. Usually, your Personal Data will only be provided to the Peer, assigned to contact and talk to you, and also, in situations where this is necessary and only having your consent – to a psychiatrist. However, we assure you that we have selected these individuals carefully, making sure that they will handle your Personal Data responsibly and in compliance with the relevant confidentiality obligations.

We will provide only statistical anonymized data about the PSP services to your organisation (airlines) – we guarantee that, there will be no possibility to identify specifically you from the data provided, except the following. Only in very rare cases, when the threat to public safety is presumed, your Personal Data might be shared with your organisation (airlines). In this case, the Personal Data is transferred and exchanged on the basis of a Joint Controllers Agreement signed between us and your organisation (airlines). You may, at your request, have access to the main provisions of this agreement by informing us of such a request by email [email protected].

We may also share your Personal Data under the following circumstances:

  • in response to court orders, or as otherwise required by legal process, or to establish or exercise our legal rights or defend against legal claims;
  • to companies, which process Personal Data so as to ensure the development, improvement/ update and support of information systems;
  • our other service providers (data processors) or our subcontractors.


Personal Data held by us is processed no longer than needed to achieve and fulfil the purposes set out in this Privacy Policy, as well as for the purposes of having evidence to justify the lawfulness of our Personal Data processing operations. Personal Data will be usually processed for the aforementioned purposes no longer than 1,5 (one and a half) years after provision of PSP service to you. In exceptional cases when a threat to public or air safety is identified, the Personal Data might be kept for 3 (three) years from the time when the case was closed.

We ensure and take all necessary measures to avoid storing outdated or unnecessary Personal Data about you. At the end of the Personal Data retention period, the Personal Data is destroyed or anonymized in such a way that the person cannot be identified.


When you visit our website, we are collecting cookies. The list of used cookies is provided in our Cookie Policy, which is published at our website


We responsibly implement appropriate organisational and technical Personal Data security measures intended for the protection of Personal Data against accidental or unlawful destruction, alteration and disclosure as well as against any other unlawful processing. The security measures we implement include the protection of personnel, information, IT infrastructure, internal and public networks as well as office buildings and technical equipment.

In the event of Personal Data breach of security that could seriously jeopardise your rights or freedoms and determine the circumstances with which unauthorised access to Personal Data has been obtained, we will immediately inform you about it.


As a general rule, your Personal Data will be processed in the countries of the European Economic Area (the “EEA”). However, in certain cases, your Personal Data may be transferred to non-EEA countries. Please note that in non-EEA states, Personal Data may be subject to less protection than within the EEA, but we carefully evaluate the conditions under which such Personal Data will be processed and stored after being transferred to the above-mentioned entities.

Please note that if the European Commission has determined that the third country, territory or one or more specified sectors in that third country or international organization concerned provides an adequate level of Personal Data protection, the transfer must take place in the same manner as in the EEA. Please be informed that you can have access to the information as to the states in respect of which the decision of the European Commission has been taken, here:

In other cases, we take all necessary measures to ensure that your Personal Data is transferred to the recipient safely processing the Personal Data. The tools we use: a contract with a non-EEA recipient of Personal Data includes specific clauses for the secure processing of the Personal Data. In certain cases, we ask for your consent to transfer your Personal Data outside the Republic of Lithuania or the EEA.


We guarantee the implementation of these rights and the provision of any related information at your request or in case of your query:

  • know (be informed) about the processing of your Personal Data;
  • to get access to your Personal Data which are processed by the  us;
  • request correction or addition, adjustment of your inaccurate, incomplete Personal Data;
  • require destruction of your Personal Data when they are no longer necessary for the purposes for which they were collected;
  • request destruction of your Personal Data if it is processed illegally or when you withdraw your consent to the processing of Personal Data or do not give such consent, when is necessary;
  • disagree with the processing of Personal Data or withdraw the previously agreed consent;
  • request to provide, if technically possible, the provision of your Personal Data in an easily readable format according to your consent or for the purpose of performing the contract, or request transfer of your Personal Data to another data controller.

In order to exercise your rights, please send us the request by e-mail [email protected].

Upon receipt of your request, we may ask you to provide proof of your identity or other identifying information to ensure that we are exercising your rights as a Personal Data subject and to prevent unauthorized disclosure of Personal Data or information to others who are not entitled to it. If we are unable to identify you, we will not be able to exercise your rights as a Personal Data subject.

We provide information about the processing of your Personal Data free of charge. If your request is unfounded, repetitive or disproportionate, we may charge a fee commensurate with our administrative costs.

Upon receipt of your request, we will respond to you within 30 (thirty) calendar days of receipt of your claim and the due date for submission of all documents necessary to prepare the answer.

In exceptional circumstances, which may require us to have additional time, the deadline for replying may be extended for a further two months, depending on the complexity of the situation. In this case, we will inform you in writing about such extension within 1 (one) month from the receipt of the request and indicate the reasons for the delay. If we think we need to, we will cease the processing of your Personal Data, except for storage, until your application is resolved. If you have legally waived your consent, we will immediately terminate the processing of your Personal Data and within no more than 30 (thirty) calendar days, except in the cases provided for in this Privacy Policy and in the cases provided for by law when further processing of your Personal Data is binding on us by the legislation in force, the legal obligations we are facing, court judgements or binding instructions from the authorities. The response will be provided in the same way as your request was received.

By refusing to comply with your requirement, we will clearly indicate the grounds for such refusal.

If you disagree with our actions or the response to your request, you can complain to the State Data Protection Inspectorate ( In all cases, we recommend that you contact us before making a formal complaint so that we can find the mutual solution.


We may, from time to time, expand or reduce the scope of our business operations and this may involve the sale and/or the transfer of control of all or part of our business. Any Personal Datathat you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this notice, be permitted to use that Personal Data only for the same purposes for which it was originally collected by us.


Our websitemay contain links to other websites or services, which are not operated by us. We have no control over how your Personal Data is collected, stored, or used by such other websites and we advise you to check the privacy policies of any such websites before providing any Personal Data to them.


We reserve a right to change this Privacy Policy unilaterally from time to time (for example, if the law changes). Any changes will be immediately posted on the website.

This Privacy Policy applies from the date it is posted on the Websites. Last review of the Privacy Policy: 16 March 2021. If you continue to use our services after changing the terms of the Privacy Policy, you will be deemed to have read and understood the changed terms of the Privacy Policy.