Privacy Policy
PRIVACY POLICY
This privacy policy (“Policy”) applies to the website(s) and mobile application(s) (hereinafter
referred to as, the “Sites”) provided by EAN Aviation Limited (“EAN”, “we”, “us”, “our”),
including but not limited to flight operations, aircraft management, maintenance, ground
handling, and other products/services of EAN. This Policy discloses our data protection
practices on our Sites, products and service (“Services”), inclusive of the type of personal
data that we collect, our method of collection of personal data, use of personal data and
procedures for sharing personal data with third parties.
The Sites covered by this Policy include our existing websites, mobile applications and all
other additional websites and mobile applications produced and managed by EAN.
We are committed to protecting your personal data (i.e. any information you provide to us
through which you can be identified) in accordance with the provisions of the Nigeria Data
Protection Act 2023 and other applicable data protection laws, Regulations and Directives
(“Data Protection Laws”).
By visiting the Sites (including all websites and mobile applications, which may be added or
removed from time to time) you agree to this Privacy Policy. By continuing to visit our
website and use our services, you accept and consent to the practices contained in our
privacy policy.
LAWFUL BASIS FOR COLLECTING AND
PROCESSING PERSONAL DATA
- Consent: where you have consented to our processing of your personal data for
one or more specific reasons. Such consent is given by you through your continuous
use of the Services and the Sites. Consent may be obtained through affirmative
actions such as ticking a consent box, signing a consent form, or submitting
information voluntarily for a specific service
- Performance of a contract: in order to perform a contract, we have with you or a
contract to which you are a party to and in order to take necessary steps at your
request prior to entering into such a contract.
- Legal obligation: where processing of personal data is required by law, we are
required by law to retain personal data of our customers beyond the date such
customers cease to carry on business with us.
- Vital interest: in order to process data for data subjects when they are in critical
life-threatening situations where they may not be able to provide consent for data
processing and which may be vital for the subjects’ survival.
- Public interest: such processing is necessary for the performance of a task carried
out in the interest of the public on in exercise of an official public mandate vested
on us.
INFORMATION WE MAY COLLECT FROM YOU
When you use the Sites or Services, we collect and store your personal data, which is
provided by you from time to time.
Personal data/ information in this context shall include all data such as: any means of
information relating to an identified or identifiable natural person who can be identified by:
- A Name
- An Identification Number
- location data, an online identifier;
- address, a photo, an email address;
- posts on social networking websites;
- account and login details
- financial and transactional information i.e. payment card details, billing address,
transaction history, etc. - flight details, travel itineraries, emergency contact information
- passenger manifest data
- aircraft ownership or operation details
- health or medical details
- other unique identifiers such as but not limited to MAC address, IP address, IMEI
number, IMSI number, SIM.
For the purpose of accessing our Services, the personal data we may collect include: your
full legal names, marital status, title, date of birth, gender, photo, facial recognition data,
business name, email address, mailing address, telephone number, bank account number,
payment card details, bank verification number, national identification number,
international passport number, means of identification, guarantors contact details, bank
statements, usernames, password, your preferences, interests, feedback and survey
responses, preference in receiving marketing information from us and our third parties and
your communication preferences, etc.
Our primary goal in collecting the above stated personal data is to provide you with a safe,
efficient, smooth and customised experience. This allows us to provide services and features
that most likely meet your needs
HOW WE COLLECT INFORMATION
We collect information you provide directly to us, for example, we collect information when
you register or log on to the Sites, create an account, subscribe to a Service, participate in
any interactive features on our Services, fill out a form, take part in surveys, post on our
message boards, upload any documentation, request customer support, make an enquiry,
communicate with us by email, phone or post, interact with us on social media, etc.
We will also collect your information where you partially complete and/or abandon any
information inputted in the Sites and may use this information to contact you to remind you
to complete any outstanding information. We may also collect personal data offline in the
course of providing aviation-related services, such as when passengers or clients visit our
facilities, complete check-in or access procedures, or participate in safety and compliance
checks.
Every computer connected to the internet is given a domain name and a set of numbers
that serve as that computer’s internet protocol “IP address”. When you use the Sites, our
web servers automatically recognize your domain name and IP address. The domain name
and IP address reveals nothing personal about you other than the IP address from which
you have accessed the Sites. We are able to see information relating to your browsing
patterns and technical data about the equipment you use to access the website through
the use of cookies, server logs and other similar technologies. You can select your
preference from the cookies settings on any of our websites
We may also collect technical data from third parties/ public sources such as analytics
providers, identity verification providers, advertising networks, search information providers.
We may obtain contact, financial and transaction data from providers of technical,
payment, credit referencing and delivery services based both inside and outside Nigeria.
We utilise third-party service providers to secure information related to financial crime,
fraud, sanctions and politically exposed persons.
We do not own personal data provided and will only store such data for a period
reasonably needed and we will do our best to ensure that such personal data is secured
against all foreseeable hazards and breaches such as theft, cyber-attack, viral attack,
unauthorised dissemination, manipulation of any kind, damage by rain, fire or exposure to
other natural elements.
We will not sell, share, transfer or rent out any personal information to others in ways different
from what is disclosed in this Policy, and our terms and conditions of use. We may share
generic information not linked to any personal identification information regarding visitors
and users with our business partners, trusted affiliates and advertisers.
INFORMATION WE COLLECT FROM OTHER SOURCES
we may combine information obtained from other sources (for example, a thirdparty developer
whose application you have authorised) and combine that with information we collect through the Sites.
HOW WE USE YOUR PERSONAL DATA
The purpose of collecting your personal data is to give you an efficient, enjoyable, secure
and seamless customer experience.
We may use your personal data based on your consent for the following purposes:
- To respond to your enquiries and fulfil any of your requests for information;
- To process transactions and send notices about your transactions to requisite
parties; - To verify your identity;
- To resolve disputes and troubleshoot problems;
- To improve our services by implementing aggregate customer preferences;
- To manage and protect our information technology infrastructure;
- To monitor traffic patterns and usage of the Sites to help to improve the Sites design
and layout; - To record and store communications made via phone, skype or the website chat
function; - To personalise your experience on our Sites or communications/advertising;
- To send you important information regarding the services and/or other technical
notices, updates, security alerts, support and administrative messages; - To poll your opinions through surveys or questionnaires;
- To facilitate flight operations, passenger and crew management, and travel
documentations; - To comply with aviation safety and security requirements;
- To communicate flight updates, service alerts, or operational notices; and
- As EAN believes to be necessary or appropriate:
- To comply with a legal obligation. This applies where the processing is
necessary for EAN to comply with the law; - To protect EAN’s legitimate interests, privacy, property or safety, and/or
those of a third party as long as your rights do not override those interests. - To protect your vital interests
- To comply with a legal obligation. This applies where the processing is
We may monitor and record our communications with you, including e-mails and phone
conversations for training, quality assurance purposes, and to meet our legal and regulatory
obligations in general.
Whenever we use your information for our legitimate interests, we will ensure that your
information is processed on an anonymised basis and displayed at aggregated levels,
which will not be linked back to you or to any living individual
YOUR RIGHTS AS A DATA SUBJECT
Your personal data is protected by legal rights enshrined in Data Protection Laws.
These rights include the following:
- Right to be informed i.e. confirmation as to whether the data controller or a data
processor operating on its behalf, is storing or otherwise processing personal data
relating to the data subject; - Right to request a copy of data subject’s personal data in a commonly used
electronic format, except to the extent that providing such data would impose
unreasonable costs on the data controller, in which case the data subject may be
required by the controller to bear some or all of the costs; - Right to have correction or, if correction is not feasible or suitable, deletion of the
data subject’s personal data that is inaccurate, out of date, incomplete, or
misleading; - Right for erasure of personal data concerning the data subject, without undue
delay; - Right to withdraw, at any time, consent to the processing of personal data under
the Data Protection Laws; - Right to object to the processing of personal data concerning the data subject;
- Right to object to any decisions based on the automated processing of your
personal data, including profiling; - Right to data portability;
- Right to lodge a complaint with the Nigeria Data Protection Commission (NDPC).
Please note that if you request for a copy of your personal data, you may be required to
pay a fee if the requests are considered manifestly unfounded or excessive.
If you would like to exercise any of the above stated rights, please follow the following
procedures:
- put your request in writing and send it to us through your usual registered channel
(e.g. by registered email) and specify the right you wish to exercise. - You can also access the Data Subject Access Request (DSAR) portal on our website.
We will endeavour to process all subject access requests within thirty (30) days and if any
further extension is required, we will communicate same through existing consented
channels – at no cost. However, please note that you may continue to receive existing
communications for a transitional period whilst we update your preferences.
RETENTION OF YOUR DATA
We will not retain your personal data for longer than is necessary for the purposes for which
such personal data is processed. This means that your personal data will only be retained
for as long as it is still required to provide you with the Services or is necessary for legal
reasons. When calculating the appropriate retention period of your personal data we
consider the nature and sensitivity of the personal data, the purposes for which we are
processing such personal data, and any applicable statutory/regulatory retention periods.
Using these criteria, we regularly review the personal data that we hold and the purposes
for which such is held and processed. Our Payment Card Industry Data Security Standard
(“PCIDSS”) obligation means that we are obliged to retain personal data for a minimum of
ten (10) years from the end date of our business relationship with you
When we determine that personal data can no longer be retained (or where you request
that we delete your personal data in accordance with your rights contained in Data
Protection Laws) we ensure that such personal data is securely deleted, anonymised or
destroyed.
ACCURACY OF YOUR DATA
It is important that the personal data EAN holds about you is accurate and current. Please
keep EAN informed if any aspect of your personal data changes at any time during your
relationship with us. On our customer facing products, you can easily update your personal
data yourself or alternatively contact our Data Protection Officer when you want to
exercise your right of rectification.
SECURITY OF YOUR DATA
In order to protect your personal data, we have put in place appropriate organisational
and technical security measures. These measures include storing data on a dedicated and
secure server with at least 256-bit encryption, restricting access to your personal data to
certain employees, ensuring that our internal information technology systems are suitably
secure, and implementing procedures to deal with any suspected data breach.
In the unlikely event of a data breach, EAN will take steps to mitigate any loss or destruction
of data and, if appropriate, will notify you and any applicable authority of such a breach.
We will keep your information secure by taking appropriate technical and organisational
measures against its unauthorised or unlawful processing and against its accidental loss,
destruction or damage. We will do our best to protect your personal data, but we cannot
guarantee the security of your personal data, which is transmitted to other websites via an
internet or similar connection. If we have given you (or you have chosen) a password to
access certain areas of the Sites please keep this password safe, we will not share this
password with anyone.
As a user of the Services, you understand and agree that you assume all responsibility and
risk attached to safeguarding your account with us. You shall at no time whatsoever
disclose your password to anyone, nor shall you allow anyone make use of your account.
DATA TRANSFERS AND SHARING
Due to the fact that we operate in a regulated environment, we cannot ensure that all your
private communications and other personally identifiable information will never be
disclosed in ways not otherwise described in this Policy. By way of example (without limiting
the foregoing), we may be required to disclose information to the government, regulatory
bodies, law enforcement agencies, and third parties for the performance of a task carried
out in the interest of the public interest.
We may need to pass your information to third party service providers which maintain,
administer or develop the Sites on our behalf and the information will only be provided for
such limited purposes and as detailed below. Additionally, we may provide aggregate
statistics about our customers, sales, traffic patterns and related website information to
reputable third-parties, but these statistics will include no personally identifiable information.
In cases where personal data is transferred outside Nigeria (for instance, to international
service providers, flight authorities, or cloud storage systems), we will ensure that such
transfers are carried out in compliance with the Data Protection Laws and any other
applicable data protection frameworks, treaties, or agreements.
EAN may transfer your personal data to third parties (“Third Party Providers”) of the following types:
- companies providing identity validation services
- companies providing analytics services;
- data, service and software providers;
- Regulatory and law enforcement bodies.
COOKIES
Cookies are small text files stored on your device when you visit a website. These files contain
information that helps enhance your browsing experience by remembering your
preferences, enabling functionalities, and providing personalised services. The types of
cookies we use are:
- Necessary Cookies: These are essential for the website to function properly and
cannot be disabled. - Performance and Analytics Cookies: These cookies help us analyse site
performance and improve its functionality. - Advertising and Targeting Cookies: These cookies are used to deliver relevant
advertisements to you
We use cookies for various purposes, including:
- Personalisation: To provide tailored content and advertisements based on your
preferences. - Security: To ensure safe and secure access to our website.
- Analytics: To collect data about website traffic and user behaviour for continuous
improvement. - Functionality: To remember your preferences and provide a seamless user
experience.
You have the option to manage your cookie preferences. Most web browsers allow you to
control cookies through their settings. You can:
- Enabling or disabling the cookies
- Delete cookies stored on your device.
- Adjust browser settings to notify you before accepting cookies.
UPDATES TO THE PRIVACY POLICY
We are constantly trying to improve our Sites and services, so we may need to change this
Policy from time to time as well. We will alert you of material changes by, for example,
placing a notice on our websites and/or by sending you an email (if you have registered
your e-mail details with us) when we are required to do so by applicable law. We reserve
the right to update this Policy as we deem fit, from time to time, without any intimation to
you and your continued use of the Sites will signify your acceptance of any amendment to
these terms.
Our updated terms will also be displayed on our website. It is your responsibility to check this
Privacy Policy from time to time to verify such updates.
If you believe at any time that we have not handled your personal data in accordance
with this Policy, please contact our Data Protection Officer.
We have appointed a Data Protection Officer (DPO) who is responsible for dealing with all
such concerns, in addition to overseeing questions relating to this Policy and handling
requests in relation to the exercise of your rights. If you have any concerns or questions,
please contact the Data Protection Officer using the details set out below.
CONTACT
Data Protection Officer
Address: EAN Jet Center, FAAN Transit Camp Road, Murtala Mohammed International
Airport, Ikeja, Lagos State, Nigeria.
Phone: info@ean.aero
Email: +234 (0) 1295 0960
Last updated: 15 October 2025