Privacy Policy

Introduction

This Privacy Policy sets out the rules for collecting, processing, storing and protecting personal data of users of the jet-supply.com website (the "Website") operated by Roksana Jujka, operating under the business name Jet Supply (the "Administrator"). It also explains the rules for accessing and saving cookie files on users' devices.

This Privacy Policy forms an integral part of the Website's terms of use.

Definitions

  1. Website — the website operating at jet-supply.com.
  2. External website — websites of partners, service providers or recipients cooperating with the Administrator.
  3. Administrator (Data Controller) — Roksana Jujka, operating under the business name Jet Supply, with registered address at Henryka Sienkiewicza 85/87, 90-057 Łódź, Poland; NIP 7322208939; REGON 522519991; registered in CEIDG.
  4. User — a natural person who uses the Website.
  5. Device — an electronic device with software through which the User accesses the Website.
  6. Cookies — text data collected in the form of files placed on the User's Device.
  7. GDPR / RODO — Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).
  8. Personal data — information relating to an identified or identifiable natural person.
  9. Processing — any operation performed on personal data, whether automated or not, such as collecting, recording, organising, storing, modifying, retrieving, using, disclosing, restricting, erasing or destroying.
  10. Restriction of processing — the marking of stored personal data with the aim of limiting their processing in the future.
  11. Profiling — any form of automated processing of personal data used to evaluate certain personal aspects relating to a natural person. The Administrator does not engage in profiling.
  12. Consent — a voluntary, specific, informed and unambiguous indication of the data subject's wishes, expressed by a statement or a clear affirmative action.
  13. Personal data breach — a breach of security leading to accidental or unlawful destruction, loss, modification, unauthorised disclosure or unauthorised access to personal data.
  14. Pseudonymisation — processing personal data in such a way that they can no longer be attributed to a specific data subject without additional information held separately.
  15. Anonymisation — an irreversible process that prevents the data from being associated with an identified or identifiable person.

Data Protection Officer

Pursuant to Article 37 RODO, the Administrator has not appointed a Data Protection Officer. In matters relating to the processing of personal data, please contact the Administrator directly using the details below.

Contact

What data we collect

Provided directly by the User (via the quote form, contact form, or by email/phone):

  • First name and surname
  • Email address
  • Phone number
  • Company name (optional)
  • Travel details — origin, destination, dates, number of passengers, service requested (private jet, air ambulance, helicopter), aircraft preference, additional notes
  • Any other information voluntarily provided in correspondence

For passengers travelling on flights we arrange, additional data may be required by the operator for the purpose of issuing the flight contract and complying with international travel regulations:

  • Date of birth
  • Nationality
  • Passport or ID document number, with date of issue and expiry

Collected automatically (anonymous or pseudonymous):

  • IP address
  • Browser type and version
  • Device type and operating system
  • Screen resolution
  • Approximate geographic location (country/region level)
  • Pages visited and time spent
  • Referrer URL
  • Browser language
  • Connection speed

Purposes and legal bases of processing

The Administrator processes personal data for the following purposes, on the legal bases stated:

Purpose Legal basis (RODO Art. 6 (1))
Responding to a quote request or contact-form enquiry and preparing a charter offer (b) — steps prior to entering into a contract at the data subject's request
Arranging a flight contract between the User and an EASA AOC-certified operator (b) — performance of a contract
Communication with Users regarding their enquiry or booking (b) and (f) — legitimate interest of the Administrator
Maintaining website security and protecting against fraud and abuse (f) — legitimate interest
Keeping anonymous statistics on website usage to improve the Website (f) — legitimate interest
Marketing communications, where the User has subscribed to a newsletter (a) — consent
Compliance with legal obligations (accounting, tax, regulatory) (c) — legal obligation

Recipients of personal data

The Administrator does not sell or rent personal data. Data may be disclosed to the following categories of recipients, strictly to the extent necessary:

  1. The Airline Operator with whom the contract for the charter of the aircraft will be concluded — to enable the operator to provide the flight, comply with international travel regulations, and meet safety and identification requirements.
  2. Hosting and infrastructure providers that maintain the Website and the systems on which data is stored. The Website is hosted on infrastructure located in the European Union.
  3. Transactional email providers used to deliver email correspondence relating to enquiries and bookings.
  4. Privacy-preserving analytics providers that do not place identifying cookies (currently Plausible/Fathom or equivalent).
  5. Anti-spam and bot-protection providers (currently Cloudflare Turnstile) — to protect the form-submission process from automated abuse.
  6. Public authorities where required by law (e.g. tax authorities, courts, law enforcement).

All third-party processors are bound by Data Processing Agreements consistent with RODO Article 28.

Transfers outside the European Economic Area

The Administrator endeavours to use service providers whose data processing takes place within the European Economic Area. Where a service involves transfer outside the EEA, such transfer takes place only on the basis of one of the safeguards permitted under Chapter V of RODO (Standard Contractual Clauses, adequacy decisions, or other legally recognised mechanisms). The Administrator will inform Users of such transfers on request.

Retention periods

  • Quote enquiries that do not result in a booking: retained for 12 months from the date of the last communication, then deleted or anonymised.
  • Enquiries that result in a booking: retained for the duration of the business relationship plus the periods required by Polish tax, accounting and aviation law (generally 5–6 years from the end of the relevant tax year).
  • Marketing communications: retained until consent is withdrawn.
  • Server logs and anonymous analytics: retained for up to 12 months.
  • Documents required for legal claims: retained for the duration of the applicable statute of limitations.

Users' rights

Under RODO, Users have the following rights regarding their personal data:

  1. Right of access (Article 15) — to obtain confirmation of whether personal data concerning them is processed, and to access that data.
  2. Right to rectification (Article 16) — to have inaccurate data corrected and incomplete data completed.
  3. Right to erasure (Article 17) — to have personal data deleted, subject to lawful exceptions.
  4. Right to restriction of processing (Article 18).
  5. Right to data portability (Article 20) — to receive personal data in a structured, commonly used, machine-readable format.
  6. Right to object (Article 21) — to object to processing based on legitimate interest.
  7. Right to withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
  8. Right to lodge a complaint with the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warszawa, uodo.gov.pl).

Requests can be made by email to sales@jet-supply.com or by post to the address above.

Method of processing

  • Personal data provided voluntarily by Users will not be used for automated decision-making, including profiling.
  • Personal data provided voluntarily by Users will not be sold or rented to third parties for their own marketing purposes.
  • Anonymous data collected automatically will not be used for automated decision-making.

Security

The Administrator applies appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access, in accordance with RODO Article 32. These include encrypted connections (HTTPS), access controls, regular software updates, and bot-protection on form submissions.

Cookies

The Website uses cookies. The rules for their use are set out in detail in the Cookies Policy.

External links

The Website may contain links to external websites with which the Administrator does not cooperate. The Administrator is not responsible for the content of such external websites or their data-protection practices.

Changes to this Privacy Policy

The Administrator reserves the right to update this Privacy Policy. Changes affecting the processing of personal data will be communicated through the Website at least 7 days before they take effect. The current version, with the date of last update, is always available on this page.

Last updated: [DATE TO BE INSERTED ON PUBLICATION]