Privacy Policy
The following Privacy Policy outlines the rules for storing and accessing data on the Users’ Devices who use the Service to provide electronic services by the Administrator, as well as the rules for collecting and processing Users’ personal data, which they have personally and voluntarily provided through tools available in the Service.
This Privacy Policy is an integral part of the Service Terms and Conditions, which define the rules, rights, and obligations of Users using the Service.
§1 Definitions
Service – the online service “airattractions.com” operating at https://airattractions.com
External Service – internet services of partners, service providers, or contractors cooperating with the Administrator
Service/Data Administrator – the Administrator of the Service and the Data (hereinafter referred to as the Administrator) is the company “AGG Systems Aleksander Godziło-Godlewski,” operating at Storczykowa 3/2a 55-040 Bielany Wrocławskie, with tax identification number (NIP): 691-196-85-60, providing electronic services through the Service
User – a natural person for whom the Administrator provides services electronically via the Service.
Device – an electronic device with software through which the User accesses the Service
Cookies – text data collected in the form of files placed on the User’s Device
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation)
Personal Data – means information about an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person
Processing – means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction
Restriction of processing – means the marking of stored personal data with the aim of limiting their processing in the future
Profiling – means any form of automated processing of personal data consisting of using personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements
Consent – the consent of the data subject means a freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them
Personal data breach – means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed
Pseudonymization – means the processing of personal data in such a way that they can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person
Anonymization – Anonymization of data is an irreversible process of data operations that destroys or overwrites “personal data,” making it impossible to identify or associate a record with a specific user or natural person.
§2 Data Protection Officer
Under Article 37 of the GDPR, the Administrator has not appointed a Data Protection Officer.
For matters related to data processing, including personal data, please contact the Administrator directly.
§3 Types of Cookies
•Internal Cookies – files placed and read from the User’s Device by the Service’s ICT system
•External Cookies – files placed and read from the User’s Device by the ICT systems of External Services. Scripts of External Services that may place cookies on the User’s Device were intentionally placed in the Service through scripts and services provided and installed in the Service
•Session Cookies – files placed and read from the User’s Device by the Service during one session of a given Device. After the session, the files are deleted from the User’s Device
•Persistent Cookies – files placed and read from the User’s Device by the Service until manually deleted. The files are not deleted automatically after the Device session ends unless the User’s Device configuration is set to delete cookies after the Device session
§4 Data Storage Security
Mechanisms for storing and reading Cookies – Mechanisms for storing, reading, and exchanging data between Cookies stored on the User’s Device and the Service are implemented through built-in browser mechanisms and do not allow access to other data from the User’s Device or data from other websites that the User has visited, including personal data or confidential information. Transmitting viruses, trojans, and other malware to the User’s Device is also practically impossible.
Internal Cookies – The cookies used by the Administrator are safe for Users’ Devices and do not contain scripts, content, or information that could endanger personal data or the security of the Device used by the User.
External Cookies – The Administrator makes every possible effort to verify and select service partners to ensure the security of Users. The Administrator selects well-known, reputable partners with global social trust. However, the Administrator does not have full control over the content of cookies from external partners. For the security of cookies, their content, and compliance with licenses used by external service providers, the Administrator assumes no liability to the extent permitted by law. The partner list is included later in the Privacy Policy.
Control of Cookies
The User can, at any time, change the settings for saving, deleting, and accessing data stored in cookies for each website.
Information on how to disable cookies in the most popular computer browsers can be found on the page: “How to disable cookies” or with one of the following providers:
•Manage cookies in Chrome
•Manage cookies in Opera
•Manage cookies in Firefox
•Manage cookies in Edge
•Manage cookies in Safari
•Manage cookies in Internet Explorer 11
The User can delete all previously saved cookies at any time using tools available on the User’s Device through which they access the Service.
User Risks – The Administrator takes every possible technical measure to ensure the security of data placed in cookies. However, ensuring the security of these data depends on both parties, including the User’s actions. The Administrator is not responsible for interception of these data, impersonation of the User’s session, or their deletion resulting from intentional or unintentional User actions, viruses, trojans, or other spyware that may have infected or previously infected the User’s Device. Users should follow internet security principles to protect themselves from these risks.
Storing Personal Data – The Administrator ensures that every effort is made to keep personal data provided voluntarily by Users safe, with restricted access in line with their intended purpose and processing objectives. The Administrator also ensures that every effort is made to secure the stored data against loss by using appropriate physical and organizational safeguards.
Password Storage – The Administrator declares that passwords are stored in an encrypted form, following the latest standards and guidelines. Decryption of passwords entered in the Service is practically impossible.
§5 Purposes of Using Cookies
•Enhancing and simplifying access to the Service
•Personalizing the Service for Users
•Enabling login to the Service
•Marketing, remarketing on external services
•Ad-serving services
•Affiliate services
•Statistics (users, visit numbers, device types, connections, etc.)
•Providing multimedia services
•Providing social networking services
§6 Purposes of Processing Personal Data
Personal data voluntarily provided by Users are processed for one of the following purposes:
•Provision of electronic services:
•Registration and maintenance of the User’s account in the Service and its related functionalities
•Newsletter service (including sending advertising content with consent)
•Commenting/liking posts in the Service without registration
•Sharing information about the content posted on the Service on social networks or other websites.
•Communication of the Administrator with Users regarding the Service and data protection
•Ensuring the Administrator’s legitimate interests
Anonymous, automatically collected data about Users are processed for one of the following purposes:
•Maintaining statistics
•Remarketing
•Serving ads tailored to Users’ preferences
•Affiliate programs
•Ensuring the Administrator’s legitimate interests
§7 Cookies from External Services
The Administrator uses JavaScript scripts and web components from partners in the Service, who may place their own cookies on the User’s Device. Please remember that in your browser settings, you can decide on permitted cookies for individual websites. Below is a list of partners or services implemented in the Service that may place cookies:
Multimedia Services:
•YouTube
Social Networking / Integrated Services:
•(Registration, Login, sharing content, communication, etc.)
•Google+
Newsletter Services:
•MailChimp
Ad-serving and Affiliate Networks:
•Google Adsense
Statistics Management:
•Google Analytics
Services provided by third parties are beyond the control of the Administrator. These entities may change their terms of service, privacy policies, processing purposes, and use of cookies at any time without the Administrator’s consent.
§8 Types of Data Collected
The Service collects data about Users. Some data are collected automatically and anonymously, while some are personal data provided voluntarily by Users when subscribing to specific services offered by the Service.
Anonymous Data Collected Automatically:
•IP address
•Browser type
•Screen resolution
•Approximate location
•Pages opened in the Service
•Time spent on each page
•Operating system type
•URL of the previous page
•Referrer URL
•Browser language
•Internet connection speed
•Internet service provider
Data Collected During Registration:
•First and last name / nickname
•Login
•Email address
•Home address
•Phone number
•IP address (collected automatically)
•Tax identification number (NIP)
•Business registry numbers (KRS, REGON)
•Other general data
Data Collected for the Newsletter Service:
•First and last name / nickname
•Email address
•IP address (collected automatically)
Data Collected for Adding Comments:
•First and last name / nickname
•Email address
•Website URL
•IP address (collected automatically)
Some data (without identifiers) may be stored in cookies. Some data (without identifiers) may be shared with a statistical service provider.
§9 Access to Personal Data by Third Parties
As a rule, the only recipient of personal data provided by Users is the Administrator. Data collected as part of the services provided are not shared or resold to third parties.
However, companies responsible for maintaining infrastructure and services necessary for the Service’s operation (under a data processing agreement) may have access to data, including:
•Hosting Providers: companies providing hosting services or related services to the Administrator
•Newsletter Providers: companies through which the Newsletter service is provided
•Online Payment Services: intermediaries for online payments for goods or services offered within the Service (for purchasing transactions in the Service)
Data Processing for Newsletter Service
To provide the Newsletter service, the Administrator uses a third-party service provider – MailChimp. The data entered in the newsletter subscription form are shared, stored, and processed on the external service provider’s platform.
Please note that this partner may modify the indicated privacy policy without the Administrator’s consent.
Data Processing for Hosting, VPS, or Dedicated Server Services
To operate the Service, the Administrator uses external hosting, VPS, or dedicated server providers – Hosteam sp. z o. o. All data collected and processed in the Service are stored and processed in the service provider’s infrastructure located within the European Union. Access to data may occur as part of maintenance services provided by the provider’s staff. The agreement between the Administrator and the Service Provider governs access to this data.
Processing Data for Online Payments
When online payments are made, all payment data are transmitted directly by the User to the payment service provider – PayPro SA. Selected data necessary for transaction completion are then provided by this provider to the Administrator. The agreement between the Administrator and the Service Provider governs the data transmission.
§10 How Personal Data is Processed
Personal Data Provided Voluntarily by Users:
•Personal data will not be transferred outside the European Union unless published as a result of a User’s individual action (e.g., adding a comment or post), making the data accessible to anyone visiting the Service.
•Personal data will not be used for automated decision-making (profiling).
•Personal data will not be resold to third parties.
Anonymous Data Collected Automatically (Without Personal Data):
•Anonymous data (without personal identifiers) may be transferred outside the European Union.
•Anonymous data (without personal identifiers) will not be used for automated decision-making (profiling).
•Anonymous data (without personal identifiers) will not be resold to third parties.
§11 Legal Grounds for Processing Personal Data
The Service collects and processes User data based on the following:
•Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of natural persons regarding personal data processing and free data movement, repealing Directive 95/46/EC (General Data Protection Regulation)
•Article 6(1)(a): the data subject has given consent to process their personal data for one or more specific purposes
•Article 6(1)(b): processing is necessary for the performance of a contract to which the data subject is party, or to take steps at the data subject’s request before entering a contract
•Article 6(1)(f): processing is necessary for the purposes of the legitimate interests pursued by the Administrator or by a third party
•Polish Personal Data Protection Act of 10 May 2018 (Journal of Laws 2018 item 1000)
•Polish Telecommunications Law of 16 July 2004 (Journal of Laws 2004 No. 171 item 1800)
•Polish Act on Copyright and Related Rights of 4 February 1994 (Journal of Laws 1994 No. 24 item 83)
§12 Period of Personal Data Processing
Personal Data Voluntarily Provided by Users:
As a rule, the indicated personal data are stored only during the provision of services within the Service by the Administrator. They are deleted or anonymized within 30 days from the end of the services (e.g., deleting a registered user account, unsubscribing from the newsletter).
An exception is a situation that requires the security of the Administrator’s legitimate legal interests in processing these data further. In such cases, the Administrator will retain these data, from the time of the User’s deletion request, for no longer than three years in cases of violations or suspected violations of the Service’s regulations by the User.
Anonymous Data (Without Personal Data) Collected Automatically:
Anonymous statistical data that do not constitute personal data are retained by the Administrator for indefinite periods to maintain Service statistics.