European Aviation Institute

Contact
Quick call
Quick mail
Terms
Shop
Menu
Contact
Quick call
Quick mail
Terms
Shop
Menu

GDPR Policy (Personal Data Safety)

Find out all the details about how we process your personal data.

This page contains information for those who use the platform of the Romanian Aeronautical Association / European Aviation Institute as PAYERS, according to the applicable Terms and Conditions.

Please read carefully the following information regarding how we use and protect your personal data, as well as the rights you can exercise regarding your personal data.

The processing of personal data is essential to allow us to provide online commerce services through electronic payment instruments, online commerce, and messaging in a safe manner while preventing the risk of fraud. Refusal to provide the requested personal data leads to the impossibility of using the aforementioned services.

Applicability

This information notice refers to the processing activities of personal data that can directly or indirectly identify a person who places an order, request, or payment, and who acts at that moment either on their behalf or as a representative of an entity – hereinafter referred to as the “DATA SUBJECT.”

The conditions presented on this page complement those in the Privacy Policy.

Responsible Entity

When you use the www.aviationinstitute.eu platform to take courses or access services, your personal data is processed by ASOCIATIA AERONAUTICA ROMANA, unique registration code 29573081, headquartered at Str. Tebea 25, Timisoara, which acts as the owner and administrator of this platform. Our company has appointed a Data Protection Officer (DPO) who can be contacted at office@aeroas.ro.

When we process personal data during payment processing, we act as a “data controller,” except in certain situations where we may act as a “processor” under the instructions of another data controller (e.g., a payment processor, or an invoicing application). You can find more details about our role as a data controller or processor in the “In what capacity we process personal data” section of the Privacy Policy.

What is GDPR?

You can find all the details about the meaning of GDPR and what this acronym stands for on the dedicated page “What is GDPR” in the Privacy Policy.

Why We Collect Personal Data

The circulation of data in the online environment is subject to serious risks related to data theft. Therefore, to prevent fraud (especially fraud committed through computer systems and electronic payment means, money laundering, and terrorist financing), processing online orders involves substantial effort related to ensuring secure technical channels for data circulation between all involved parties.

In particular, placing orders and making payments via card are subject to very strict regulations, which are periodically updated, both at the legislative level and through specific security standards developed by international payment organizations.

The existence and maintenance of card data security and compliance protocols are essential for conducting online services on this platform. This is why the activity of processing personal data in the context of online commerce inevitably involves collecting certain data that can easily identify both the beneficiary and the payer, as well as relevant details regarding order placement.

 

 

When We Collect Personal Data

We have access to your personal data when you place an order or request through our direct commerce services on the client’s device or when you are redirected to the secure payment processor NETOPIA Payments (e.g., www.secure.mobilpay.ro), as well as whenever we interact concerning the services we provide to our clients.

Sources of Personal Data

We process personal data obtained through various channels:

  • Personal data you provide directly when filling in the information requested by the commerce platform.
  • Data provided by our partner clients at the time of payment.
  • Data provided by our affiliated entities (in case of invoice generation, accounting processing, and product delivery).
  • Data transmitted by our partner suppliers.
  • We may also collect personal data when our website is accessed. Our website automatically collects certain information and stores it in log files. Additionally, our website uses cookies and similar technologies, which you can read about in detail in the Cookie Policy.

Types of Personal Data We Process

Depending on the chosen payment method and how our partner client has opted for technical integration with the www.aviationinstitute.eu platform, we may process the following categories of personal data:

  • Contact data of the data subject: We process the phone number and email address of the person making the payment.
  • Identification data of the data subject: We process the name and surname associated with the used payment method.
  • Payment method data: In case of payment made via a Visa/Mastercard card, the payment processor will process the card data (card number, name & surname, expiration date, and security code). These data are transmitted, according to authorized industry standards, through a secure channel directly to the partner bank accepting the payment, to the Visa/Mastercard payment schemes, and to the card-issuing bank, without being stored by ASOCIATIA AERONAUTICA ROMANA. Our platform exclusively processes billing data, account management data, and data necessary for product delivery.
  • Transaction data: Our partners process the client’s name, website, and country, the unique transaction identification code, the transaction date, the transaction value, the payment description, and the order delivery address.
  • Connection data: We process location, IP address, device, operating system, and Internet browser used.
  • Transaction history data: We process data regarding the history of using our services.
  • Fraudulent/potentially fraudulent activity data related to our payment platform: We process data related to fraud suspicions or other illegal uses of our services.
  • Additional data confirming the payer’s identity and payment method used: In exceptional cases, if there are suspicions about certain services, we may request additional information and/or documents to ensure payment security, such as a photo of the card used for payment with partial masking of the card series, a bank statement highlighting the blocked amount, or a copy of an identity document. By providing the requested documents, we will obtain your personal identification number, your photo, and other information resulting from the documents.

Purposes of Processing

We process your personal data for various purposes related to processing the services offered, anti-fraud checks, and contacting you regarding any incidents related to orders, payments, or resolving disputes.

  • Payment authorization and processing: For payment authorization by our partner suppliers, we transmit certain personal data received from our partner clients and/or collected on our own (such as payment method data and billing data). You may be contacted by one of our representatives for service authorization.
  • Informing about payment status: We may contact you via email and/or SMS to inform you about the status of the accessed services.
  • Communications: We may contact you via phone and/or email and/or SMS to inform you about our service availability or other elements related to service use (security notifications, various legal information, etc.).
  • Customer support: We use personal data to investigate, resolve, and respond to complaints or claims regarding service use.
  • Dispute resolution related to payments: In case of disputes related to a payment you made to our partner (such as a chargeback), we need to process personal data about the transaction you made. Thus, our partner must keep and transmit transaction-related supporting documents, and we will transmit these data to our suppliers to resolve payment disputes.
  • Fraud prevention and payment security: As online commerce service providers, we are obliged to ensure the prevention and identification of potential payment fraud and maintain the security of our systems. Therefore, the personal data we collect must allow the identification of the person involved in the transaction.
  • Accounting records: When collecting funds on behalf of our partner clients, we must maintain accounting records regarding the collected funds, in compliance with our legal obligations under financial-accounting and fiscal legislation.
  • Service development: We use data, including feedback received through various channels, to conduct research and development activities to improve our services and reduce fraud risk.

Legal Bases for Processing

We process personal data obtained based on the following legal grounds:

  • Execution of contractual obligations: towards partners processing the order, for which you want to place an order for goods or services.
  • Execution of our service contract: (as a result of you accepting our online commerce service Terms and Conditions).
  • Our legitimate interest: to ensure the security of our platform, prevent fraud and payment-related incidents, resolve payment disputes, monitor our service quality and technical capacity of our platform, and comply with applicable legal requirements and obligations (regarding client knowledge, tax and accounting legislation, or cooperation obligations with law enforcement authorities, etc.).

Disclosure of Data to Third Parties

You can find all the details about situations in which we disclose data to third parties in the dedicated section of the Privacy Policy.

Data Security

You can find all the details about the technical and organizational measures we take to ensure data security in the Privacy Policy.

Data Storage

Your personal data is retained for the period necessary to fulfill the purposes for which it was collected and processed. All personal data in our systems related to payment processing activities is subject to a standard retention period of 5 years from the date of placing an order, considering our regulatory and compliance obligations (such as anti-money laundering and counter-terrorist financing, fraud prevention, statute of limitations applicable to offenses resulting in cardholder or partner client fraud), accounting and tax obligations, and courier obligations.

Data Transfer

You can find all the details about the locations where we store data and how we transfer data in the Privacy Policy.

Rights of Data Subjects

You can find all the details about the rights you can exercise as a data subject regarding the processing of your data when you place an order through our platform in the Privacy Policy.

Requests

If you want to make a request regarding your personal data rights, please send an email to office@aeroas.ro. If you have a request regarding how your personal data is processed or any other questions related to the order placed, please contact us directly using the contact details provided in the Contact section.

Updates

ASOCIATIA AERONAUTICA ROMANA reserves the right to modify and update the content of this website at any time without prior notice. Therefore, please visit this page periodically to check the applicable conditions.

en_USEN
en_USEN ro_RORO