PRIVACY POLICY
Preamble
Thank you for your interest in our company, products and/or services. The protection and confidentiality of personal data is a very important issue for us. When you enter a relationship with us in any way, you entrust us with your information. The information included within the current document (hereinafter referred to as the “Privacy Policy” or “The Document”) is thus important. We recommend that you read it carefully. We also recommend that this document is read in conjunction with the Terms and Conditions of Use . In the event of a conflict or inconsistency between the present Privacy Policy and any other clauses of the Terms and Conditions, the terms of this Document shall prevail. For more information about the use of cookies or other similar technologies, please see our Cookies Policy.
The purpose of this Privacy Policy is to explain to you what data we process (collect, use, share), why we process it, how we process it, your rights under the GDPR and how you can exercise those rights. In collecting this information, we act as an operator and, by law, we are obliged to provide you with this information.
Being fully aware that your personal information belongs to you, we do our best to store it securely and process it carefully. We do not provide information to third parties without informing you in accordance with legal provisions. We do not make exclusively automatic decisions that have a significant impact on you.
By visiting our website (flightx.ro), purchasing our products and/or services, participating in simulator sessions, or interacting with us by any means and/or through any communication channel (e-mail, telephone, social networks, etc.), you agree to this Privacy Policy. If you do not agree with those described in this Privacy Policy, please do not use our services.
FLIGHT EXPERIENCE SRL is a data operator in the sense of GDPR. This Privacy Policy only covers data processing for which FLIGHT EXPERIENCE SRL is the operator.
Definitions
“GDPR”, “RGPD” or “The Regulation” means REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data; and repealing Directive 95/46/EC (General Data Protection Regulation).
“Operator” or “We” means FLIGHT EXPERIENCE SRL, a Romanian company with its registered office in Aleea Profesor Valeriu Bologa 3, Bloc 2, Spațiu comercial 5, Cluj-Napoca 400436, Cluj, registered in the Trade Register under no. of order J12/3644/2016, fiscal registration code RO 366611862.
“Data subject” means any identified or identifiable natural person whose data is processed by us as an operator, such as customers, potential customers, or website visitors.
“Processing” means any operation or set of operations performed on personal data or personal data sets, with or without the use of automated means, such as collection, recording, organization, structuring, storage, adaptation, or modification, extracting, consulting, using, disclosing by transmission, dissemination or otherwise making available, aligning, combining, restricting, deleting or destroying.
“Consent” means any manifestation of the free, specific, informed, and unambiguous expression of the data subject by which he or she consents, by an unequivocal statement or action, to the processing of personal data concerning him or her.
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, by reference to an identifying element, such as a name, an identification number, location data, an online identifier, or one or more many specific elements, specific to his physical, physiological, genetic, mental, economic, cultural, or social identity.
The other terms used in this document have the meaning conferred by GDPR and the other applicable legal provisions.
Other services
This Privacy Policy does not cover applications and websites of other third parties that you may access by accessing the links on our website. This is beyond our control. We encourage you to review the Privacy Policy on any website and/or application before providing personal data.
Who are we?
FLIGHT EXPERIENCE SRL, Romanian company with registered office in Aleea Profesor Valeriu Bologa 3, Bloc 2, Spațiu commercial 5, Cluj-Napoca 400436, Cluj, registered in the Trade Register under no. of order J12/3644/2016, having fiscal registration code RO 36611862, e-mail contact@flightx.ro is responsible for the processing of your personal data that we collect directly from you or from other sources.
According to the legislation, our company is a personal data controller. For your data to be processed securely, we have made every effort to implement reasonable and appropriate, technical and organizational measures to protect your personal data.
Who are you?
According to the law, you, the individual beneficiary of our products and/or services, the representative or contact person of a company who is our customer or potential customer, the website visitor, or the person in a relationship of any kind with us, you are a “Data subject”. This means an identified or identifiable natural person. To be completely transparent about data processing and to allow you to easily exercise your rights at any time, we have implemented measures to facilitate the exercise of your rights. For more information, see Sections 12 and 13 of this document.
Our commitment
The protection of your personal information is very important to us. Therefore, we are committed to complying with European and national legislation on personal data protection, in particular Regulation (EU) 679/2016, also known as the GDPR and the following principles:
✓ Legality, fairness, and transparency
We process your data legally and correctly. We are always transparent about the information we use, and ensure you are properly informed.
✓ The control is yours
Within the limits of the law, we offer you the possibility to examine, modify, delete the personal data that you have shared with us and to exercise your other rights. For more information, see Sections 12, 13 and 14 of this document.
✓ Data integrity and purpose limitation
We use the data only for the purposes described at the time of collection or for new purposes compatible with the original ones. In all cases, our purposes are compatible with the law. We take reasonable steps to ensure that our personal data is accurate, complete, and up to date.
✓ Security
We have implemented reasonable security measures for the processing of personal data, so that we can protect your personal information as well as possible. However, keep in mind that no website, no application, and no internet connection is completely secure.
Subjectivity to changes
We may change this Privacy Policy at any time. All updates and changes to this Policy are effective immediately upon notification, which we will make by posting it on the website and/or notifying you by e-mail.
Your information. Purposes. Legal grounds.
When you browse our website, participate in a simulator session, send us a request by e-mail or contact us for any other purpose and on any other communication channel, you may communicate or entrust us with the following personal data, which we collect directly from you or from other sources, as explained below.
Processed personal data: Full name, Email Address, Phone number, Billing address, Bank card details, Bank account information, Postal code, Transaction history with us, CCTV image or video recording
Purpose/purposes: To respond to your requests, For the execution or conclusion of the contract, For billing, For payment processing, To ensure the safety of staff, customers, and goods
Legal ground/grounds: Consent – Art. 6 par. (1) letter (a) GDPR, Concluding or executing a contract – Art. 6 par. (1) letter (b) GDPR, Legal obligation – Art. 6 par. (1) letter (c) GDPR, Legitimate interest – Article 6 para. (1) letter (f) GDPR.
Processed personal data: Full name, Email Address, Age, Location, Photo images, Video recordings, Knowledge, Reviews, Intentions, Interests, Shopping, Studies, Profession, Jobs, Children, Relatives, Friendships, Connections, Groups, Social Media Posts
Purpose/purposes: Ensuring publicity and visibility in the public domain, Attracting new customers, Attracting existing customers, Providing information regarding marketing campaigns, special offers, and/or other forms of advertising, via e-mail, Social Media platforms, as well as contacting you to conduct customer opinion polls, Direct marketing
Legal ground/grounds: Consent – Art. 6 par. (1) letter (a) GDPR.
Processed personal data: Pages visited, The time they were visited, Session start time, Screen resolution, Screen colors, Flash version, Set language, Time zone, Performance data, IP address, Network location, Browser version/model, Operating system, Device type, Incoming link, Outgoing link, Communication preferences, Marketing preferences
Purpose/purposes: To analyze the performance of the website, To analyze the performance of online marketing campaigns.
Legal ground/grounds: Consent – Art. 6 par. (1) letter (a) GDPR.
Although we have made every effort to identify all personal data processed and purposes, keep in mind that the data above is not exhaustive.
We collect most of the information directly from you (for example, by filling out a form on the website). Most of the information is as described above, but there may be situations where we collect data from third parties (i.e. partners, platforms).
Already included or in addition to the information indicated above, we may also collect the following information, depending on the circumstances:
- How you interact with our website(s) (for example, information about how and when you access our site or what device you use to access our site). For more information in this regard, we invite you to read our Cookies Policy.
- Information provided when filling out forms or questionnaires.
- The content of messages sent through messaging and e-mail systems.
If you make purchases, certain payment information (card data) will be collected and stored by our processing partners in a way that we cannot read and have no access to that data, but we reserve the right to request the payment of fees/surcharges with the data entered according to our Terms and Conditions if the situation requires it.
Purposes
In addition to the purposes listed in the table in the previous section, we also process personal data for the following purposes:
- To answer your questions and requests and provide you with customer support.
- For marketing purposes, but only if we have your prior consent or for when there is a legal exception to obtaining consent.
- To provide and improve the services we offer.
- To diagnose or remedy technical problems.
- To defend ourselves against cyber-attacks.
- To comply with legislation, such as compliance with tax legislation that obliges us to keep the accounting documents for a period of 10 years.
- In the unlikely event of a dispute, for finding or claiming a right in court.
Further information on purposes
Improving services. If you use our services, we inform you that we will process your browsing data for analytical and statistical purposes, i.e. to understand how users interact with our site and thus be able to make improvements.
What happens if you do not provide us the data?
When we ask you to fill in your personal data in order to give you access to certain functionalities or services of the site, we will mark some fields as mandatory, because this is the information we need to be able to provide you with the service or to offer you access to that functionality.
Please note that if you decide not to provide us with this information, you may not be able to complete your registration as a user or benefit from these services or features.
Other information on legal grounds
(a) Legitimate interest. If we use the legitimate interest, we perform a legitimate interest analysis (balancing test) through which we can balance our interest and your interests. If our interests prevail, we will use the legitimate interest. If your interests prevail, we will not use the legitimate interest, and to the extent that we fail to identify another legally correct basis, we will not perform that processing activity. We currently use the legitimate interest for the data categories listed in the table in Section 8.
(b) Consent. Please note that consent is not required, and we will proceed to obtain your consent only if we are unable to use another legal basis. We currently use consent for marketing and statistical purposes only.
(c) Vital interest. In the unlikely event of a medical emergency or other exceptional event, processing may be necessary to protect the vital interests of you or another individual.
Storage period
We store all your personal data only for the period necessary to fulfill the purposes, but not more than 10 years from the termination of the contract or the last interaction with us.
After the end of the period, personal data will be destroyed or deleted from computer systems or transformed into anonymous data for use in scientific, historical, or statistical research.
Please note that in certain expressly regulated situations, we store data for the period required by law.
Data transfers
We may disclose your data in compliance with applicable law to business partners or other third parties. We make constant efforts to ensure that these third parties have implemented appropriate protection and security measures. We have contractual terms with these third parties so that your data is protected. In these situations, we will ensure that any transfer is legitimate under the law.
For example, we may provide your data to other companies, such as IT (cloud, hosting) or telecommunications service providers, accounting, legal services and other third parties with whom we have a contractual relationship. These third parties are carefully selected so that your data is processed only for the purposes we indicate and in accordance with security standards.
There is currently a data transfer to the following companies:
- SQUARESPACE IRELAND LTD, VAT IE 3041081MH, e-mail support@acuityscheduling.com, tel.: +35319058597
- STRIPE PAYMENTS EUROPE LTD, VAT IE 3206488LH, e-mail support@stripe.com
- GOOGLE IRELAND LTD, VAT IE 6388047V, e-mail: support-deutschland@google.com, tel.: +353 1 543 1000
- GÎNGA TUDOR-ADRIAN PERSOANĂ FIZICĂ AUTORIZATĂ, registered at the National Trade Office with no. of order F27/696/2017, CRN 38461397
- GYURKA ZOLTAN PERSOANĂ FIZICĂ AUTORIZATĂ, registered at the National Trade Office with no. of order F12/764/2018, CRN 39179360
- MOLDOVAN I DANIEL CRISTIAN PERSOANĂ FIZICĂ AUTORIZATĂ, registered at the National Trade Office with no. of order F12/1166/2017, CUI 381740071
We may transmit the data to other parties with your consent or in accordance with your instructions, such as when you request a portability.
We will also be able to provide your personal information to the prosecutor’s office, police, courts, and other competent state bodies, based on and within the limits of legal provisions and as a result of express requests.
The transfer of personal data to a third country may take place only if the State to which the transfer is intended provides an adequate level of protection.
The transfer of data to a State whose legislation does not provide a level of protection at least equal to that provided by the General Data Protection Regulation is possible only if there are sufficient guarantees regarding the protection of the fundamental rights of data subjects. These guarantees will be established by us through contracts concluded with the providers/service providers to whom the transfer of your personal data will be made.
Each time we transfer your personal data outside the EEA, we will ensure that there is a similar level of protection through one of the following safeguard mechanisms:
- we will transfer your personal data to countries where the European Commission has been shown to provide an adequate level of security for personal data. For more details, visit https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
- when we call on certain service providers, we will be able to use certain model contracts provided and approved by the European Commission that offer personal data the same protection that they have in Europe. For more details, visit https://ec.europa.eu/info/strategy/justice-and-fundamental-rights/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.
Please contact us at the email address contact@flightx.ro if you want more information about the specific mechanism we use when transferring your personal data outside the EEA.
Data safety
We understand how important the security of personal data is and take the necessary measures to protect our customers and others whose data we process from unauthorized access to personal data, as well as from unauthorized modification, disclosure, or destruction of data we process in the course of business.
We have implemented the following technical and organizational measures for the security of personal data:
a) Dedicated policies. We constantly adopt and review internal practices and policies for the processing of personal data (including physical and electronic security measures), to protect our systems from unauthorized access or other possible threats to their security. These policies are subject to constant scrutiny to ensure that we comply with legal requirements and that the systems are working properly.
b) Data minimization. We ensure that your personal data that we process is limited to those that are necessary, appropriate, and relevant to the purposes stated in this Policy.
c) Restricting access to data. We try to restrict as much as possible the access to the personal data that we process to the minimum necessary: employees, collaborators and other people who need to access this data to process it and perform a service. Our partners and collaborators are subject to strict confidentiality obligations (either by contract or legal).
d) Specific technical measures. We use technologies to ensure the security of our customers, always trying to implement the best solutions for data protection. We also perform periodic data backups to recover them in the event of a possible incident and we have implemented periodic audit procedures regarding the security of the equipment used. However, no website, no application and no internet connection is completely secure and untouchable.
e) Ensuring the accuracy of your data. Sometimes we may ask you to confirm the accuracy or timeliness of your data to make sure it reflects reality.
f) Staff training. We constantly train and test our employees and collaborators on the legislation and best practices in the field of personal data processing.
g) Data anonymization. Where we can, we try as much as possible to anonymize or pseudo-anonymize the personal data we process, so that we can no longer identify the people they refer to.
However, although we make every effort to ensure the security of the data you entrust to us, we may also experience less fortunate events and security incidents / breaches. In these cases, we will strictly follow the security incident reporting and reporting procedure and take all necessary measures to restore the situation to normal as soon as possible.
Direct marketing
To the extent that we have obtained your prior consent, or you are already a customer of the company, we may use direct marketing technologies using the information collected about you. We currently send commercial messages to individuals who they have expressed their consent to this in advance.
How can you withdraw your direct marketing consent?
You can oppose direct marketing and/or you can withdraw your consent at any time by following the unsubscribe instructions in each e-mail (“unsubscribe” or by sending a request to this effect to contact@flightx.ro.
Your rights
Your rights under the GDPR are as follows:
a) The right to be informed about the processing of your data.
b) The right of access to data. You have the right to obtain from us a confirmation that personal data concerning you is processed or not and, if so, access to the respective data and to the information provided by art. 15 para. (1) of the GDPR.
c) The right to rectify inaccurate or incomplete data. You have the right to obtain, from us, without undue delay, the rectification of inaccurate personal data concerning you.
d) The right to be erased (“the right to be forgotten”). In the situations provided in art. 17 of the GDPR, you have the right to request and obtain the deletion of personal data.
e) The right to restrict processing. In the cases provided in art. 18 of the GDPR, you have the right to request and obtain the restriction of processing.
f) The right to transmit the data we have about you to another operator (“right to portability”). The right to transmit the data we have about you to another operator (“right to portability”)
g) The right to object to the processing of data. In the cases provided in art. 21 of the GDPR, you have the right to object to the processing of data.
h) The right not to be subject to a decision based solely on automatic processing, including the creation of profiles with legal or similar significant effects on you.
i) The right to go to court to defend your rights and interests.
j) The right of a complaint to a Supervisory Authority.
Name: Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal
Address: B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1, cod poștal 010336, București, România
Telephone: +40 318 059 211 or +40 318 059 212
E-mail: anspdcp@dataprotection.ro
Please note that:
(1) You may withdraw your direct marketing consent at any time by following the unsubscribe instructions in each email.
(2) If you want to exercise your rights, you can do so by sending a written request, signed, and dated to the e-mail address: contact@flightx.ro
(3) The rights listed above are not absolute. There are exceptions, so each request received will be analyzed so that we can decide whether it is justified or not. To the extent that the request is substantiated, we will facilitate your exercise of your rights. If the request is unfounded, we will reject it, but we will inform you of the reasons for the refusal and of the rights to lodge a complaint with the Supervisory Authority and to go to court.
(4) We will try to respond to the request within one month. However, the time limit may be extended depending on various aspects, such as the complexity of the application, the large number of applications received or the inability to identify you in a timely manner.
(5) If, although we make every effort, we are unable to identify you and you do not provide us with additional information to identify you, we are not required to comply with the request.
Questions. Requests. Exercise of rights.
If you have questions or concerns regarding the processing of your information or wish to exercise your legal rights or have any other concerns regarding privacy, you may contact us at contact@flightx.ro. Also, the e-mail address of our data protection officer who can be contacted is marius.petriman@flightx.ro.
Last updated: December 22, 2020