Privacy Policy

Introduction

This privacy policy describes how ASOCIATIA AERONAUTICA ROMANA (“AAR”, “we”, “us”, “our site”, “association”) collects, uses, and protects your personal information when you visit and use our online course platform. We are committed to protecting the privacy and security of your personal data.

Data Operator:

• Name: ASOCIATIA AERONAUTICA ROMANA
• Website: europeaninstitute.eu
• Headquarters: TIMISOARA
• Registration Number: –
• Tax ID: 29573081
• Court of Registration: JUDECATORIA TIMISOARA
• Postal Address: Tebea 25, Timisoara
• Email Address: office@aeroas.ro
• Phone Number: 0764400300

Information on Data Processing

Concerning the processing of personal data stored in the system, the operator pays special attention to the processing, storage, and use of personal data by REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND THE COUNCIL (“Regulation”) on the protection of natural persons regarding the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Personal data refers to information through which a client or visitor can be directly or indirectly identified. ASOCIATIA AERONAUTICA ROMANA obtains this data as follows:

1. • Directly from the client or visitor:
     • Completing the profile on the site
     • Providing data via email or any other method
     • Completing and signing the contract
     • Filling out various order forms
     • Participating in surveys
     • Participating in events
   • Automatically:
     • Collecting data through cookies or when visiting websites of entities that are part of ASOCIATIA AERONAUTICA ROMANA or the association’s social media pages.

AAR may combine various personal data from different sources to serve the client’s or visitor’s interests in a personalized and legitimate manner.

Categories of data that AAR may collect:

1. • Name, home address, email address, phone number, city.
   • Detailed information about participants, including name, date of birth, gender, and ID card number.
   • Medical conditions for participants with special medical needs and/or dietary requirements.
   • Participation history, including information on your courses and services booked in connection with your courses.
   • Information you provide about your participation preferences and those of your companions in programs and courses offered by AAR.
   • Information about your use of our sites and/or applications.
   • Communications you make with us or direct to us via letters, emails, chat services, calls, and social networks.
   • Details of transactions made (services purchased, prices, payment methods);
   • Usage data: Information on how you use our site, including pages visited, time spent on pages, and clicks made.
   • Technical data: IP address, browser type, operating system, device type;
   • Social media platforms: Information collected if you connect via a social media account (Facebook, Google, etc.).

To improve the quality of services and products offered, ASOCIATIA AERONAUTICA ROMANA may sometimes request information about the customer’s or visitor’s experience while using purchased products and services. This information may include comments, suggestions, and recommendations.

1. Use of Information We use your personal information for the following purposes:
   • Providing services: To create and manage your account, process payments, and provide access to courses.
   • Improving services: To understand how you use the site and improve user experience.
   • Communications: To send you notifications, updates, and marketing materials (with your consent).
   • Security: To protect our site and users from fraud and unauthorized activities.
2. Disclosure of Information We will not sell, rent, or otherwise transfer your personal information to third parties without your consent, except in the following cases:
   • Service providers: We work with third parties to provide services on our behalf (e.g., payment processing).
   • Legal obligations: We may disclose your personal information to comply with applicable laws or requests from authorities.
3. Data Security We adopt appropriate technical and organizational measures to protect your data against unauthorized access, loss, or destruction. The operator takes all necessary measures to keep data secure, especially in cases of unauthorized access, alteration, transmission, disclosure, deletion or destruction, accidental loss, or damage.
4. Legal Basis for Data Processing Concerning the services available on the Site, the legal basis for processing personal data is the voluntary contribution of the User under Article 6(1)(a) of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND THE COUNCIL (“Regulation”). The user can withdraw their contribution to data processing at any time. If the User withdraws their contribution, the operator will delete the user’s data from the system. If the User has not withdrawn their contribution, the processing duration is the period specified in these information cases related to data processing. The operator starts processing personal data when the User provides it voluntarily at the first communication, and the processing continues until the data is deleted at the User’s request.
5. Data Processing for Other Purposes 7.1. Newsletter, DM Activity

• Scope of data processed: Name, email address.
• At the time of registration, the operator – unless there is another declaration or objection – uses the personal data, email address, and name provided by the User to send informational materials, special offers, and other information about its services/products.
• These data are processed by the operator until the User unsubscribes from the Newsletter by clicking on the “unsubscribe” link found in the Newsletter or requests to unsubscribe via email or post. In case of unsubscription, the operator will not send newsletters or offers to the User. The User can unsubscribe from the newsletter at any time, free of charge, without limitations and justifications.
• Legal basis for data processing: Voluntary contribution of the User.

Data collected concerning website usage (data processing for other purposes)

• Technical data, site visit data: The operator does not match data with other information found during log file analysis and does not attempt to identify the User.
• IP Address: This is a series of numbers, with which the user’s computer accessing the internet can be distinctly identified. The visitor using the computer can even be geographically located with the help of the IP address. The address, date, and time are not sufficient to identify the User, but if matched with other data (registration data), conclusions about the User can be drawn.
• Scope of data processed: Date, time, IP address of the user’s computer, address of the visited site, and data regarding the visitor’s age or majority.
• Purpose of data processing: The operator’s system automatically records the IP address of the user’s computer, the time of the visit, or, in other cases – depending on the computer settings – the browser type and operating system. Data recorded in this way cannot be correlated with other personal data. Data processing is carried out only for statistical purposes. The purposes of data processing are to check the operation of the service, provide personalized service, and prevent abusive use.
• Data processing duration: Until written request from the user/visitor.
• Legal basis for data processing: Voluntary contribution of the user.

1. Processing cookies: The operator places small files, so-called cookies, on the User’s computer to provide personalized services and reads them later during a visit. If the browser sends back a previously saved cookie, the cookie provider can link the User’s actual visit to previous ones, but only in the case of their content. Cookies typical for online stores are session-protected password cookies.

i. Session cookies:

• Purpose of data processing: These cookies are used to operate the Site more efficiently and securely, and they are indispensable for the proper functioning of some site functions or applications.
• Scope of data processed: Does not record personal data.
• Data processing duration: Data is processed only while the User visits the website and is automatically deleted afterward.

ii. Persistent cookies:

• Purpose of data processing: Persistent cookies are used for a better user experience, for example, by providing optimized navigation. These cookies are stored for a longer period in the browser’s cookie file. This period depends on the browser’s settings.
• Scope of data processed: Does not record personal data.
• Data processing duration: These cookies are stored for a longer period in the browser’s cookie file. This period depends on the browser’s settings, mainly 30-60-90-120-180-365 days.

iii. Cookies used for the shopping cart:

• Scope of data processed: Does not record personal data.
• Data processing duration: Until the user requests the cessation of data processing.
• Purpose of data processing: Identifying customers, recording the “shopping cart,” managing the cart, and ensuring proper navigation.

iv. Security cookies:

• Scope of data processed: Does not record personal data.
• Purpose of data processing: Identifying the actual session of the User, preventing unauthorized access.
• Data processing duration: During the session.

v. Cookies necessary for password-protected sessions:

• Scope of data processed: Does not record personal data.
• Purpose of data processing: This cookie identifies the User after accessing a service related to the information society; user identification is necessary to maintain uninterrupted communication with the network server.

1. Deleting cookies: The user has the right to delete cookies from their computer, and the user can prohibit cookies from their browser. Cookies can be managed in the Tools/Settings menu under the Privacy Policy/History/Settings section by the cookie name or monitoring. The website may contain information, mainly advertisements, from third parties or advertising services that are not in contact with the Operator. These third parties may transfer cookies to the User’s computer or use similar methods to collect data to send direct advertisements related to their services to the User. In these cases, data processing is governed by a private policy established by a third party, so the Operator is not responsible for data processing.

Purpose of data processing: The Google Analytics server, as an external provider, helps measure and independently audit site visits.

Hostinger

1. • Address:
   • Phone Number:
   • Email: support@hostinger.com
   • Website: www.hostinger.com
   • Services: Hosting service provider

Netopia Payments

1. • Headquarters: Bucharest
   • Phone Number:
   • Email: contact@netopia.ro
   • Website: www.netopia-payments.com
   • Services: Online payment

User Rights

Information and access to personal data

The user has the right to know the personal data stored by the Operator and information about data processing; to verify data recorded by the Operator and access personal data. The user must send a written request to the operator to access the data (via email or post). The operator provides information to the user in a commonly used electronic form, unless the user requests it in writing in paper format. The operator does not provide verbal information over the phone in case of access.

In case of exercising access rights, information can be provided about:

• Definition of the scope of processed data, purpose, time, legal basis of data processing concerning processed data,
• Data transmission: to whom data has been or will be transferred,
• Data source name.

The operator provides (personally at customer service) a copy of the personal data for the user for the first time free of charge. For additional copies, the operator may charge a reasonable cost based on administrative expenses. If the user requests a copy via electronic means, the information will be provided via email in a commonly used electronic format.

The user can request, in writing, the rectification or deletion of personal data or restriction of processing or can object to personal data processing after the information has been provided and the user disagrees with its accuracy.

Rights to correct or rectify processed personal data

Upon the user’s written request, the operator corrects incorrect personal data indicated by the user, either in writing or personally, at one of the operator’s stores, without undue delay, and rectifies incomplete data with content specified by the user. The operator informs each recipient with whom personal data has been shared about the correction or rectification, except when it proves impossible or requires a disproportionate effort. The user provides information about these recipients upon written request.

Rights to restrict data processing

The user can request the operator to restrict data processing through a written request if the accuracy of personal data is contested by the user for a period allowing the operator to verify the accuracy of personal data, data processing is unlawful, and the user opposes the deletion of personal data and requests instead the restriction of its use, the operator no longer needs the personal data for data processing purposes, but it is required by the user for the establishment, exercise, or defense of legal claims, the user objects to data processing: pending the verification whether the operator’s legitimate grounds override those of the user.

If processing has been restricted, such personal data shall, except for storage, only be processed with the user’s consent or for the establishment, exercise, or defense of legal claims or the protection of the rights of another natural or legal person or reasons of important public interest of the Union or a Member State. If processing is restricted, the operator will inform the user (whose request resulted in the data processing restriction) before lifting the data processing restriction.

Right to deletion (right to be forgotten)

The operator deletes, at the user’s request, personal data concerning them without undue delay if one of the following reasons applies: i) the personal data is no longer necessary concerning the purposes for which it was collected or otherwise processed by the operator; ii) the user withdraws their consent on which the processing is based and there is no other legal ground for the processing; iii) the user objects to processing concerning their situation and there are no overriding legitimate grounds for processing; iv) the user objects to processing of personal data concerning them for direct marketing purposes, including profiling, to the extent it is related to such direct marketing; v) the personal data has been unlawfully processed by the operator; vi) the personal data has to be erased to comply with a legal obligation in Union or Member State law to which the operator is subject; vii) the personal data has been collected concerning the offer of information society services directly to a child.

The user cannot claim the right to deletion or the right to be forgotten if the data processing is necessary: i) for exercising the right of freedom of expression and information; ii) for compliance with a legal obligation that requires processing by Union or Member State law to which the operator is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the operator; iii) for reasons of public interest in the area of public health; iv) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, insofar as the right to be forgotten is likely to render impossible or seriously impair the achievement of the objectives of that processing; or v) for the establishment, exercise, or defense of legal claims.

Right to data portability

Data portability enables the user to obtain and reuse their data via a different provider defined by the user stored in the operator’s system for their own purposes. The right applies only to data provided by the user. Portability of other data (such as statistics) is not possible.

The following activities can be performed by the user with personal data (when subscribing to the newsletter) stored in the operator’s system:

• The user receives the data in a structured, commonly used, and machine-readable format.
• The user has the right to transfer the data to another operator.
• The user can request data transmission to another operator – if technically feasible in the operator’s system.

The operator respects only data portability requests sent via email or post. For request execution, the operator must ensure that the authorized user is exercising their rights. Therefore, the user must visit the operator’s headquarters to be identified by the operator according to the data stored in the system. The user can request the portability of data transmitted to the operator by themselves. Exercising this right does not mean data will be automatically deleted from the operator’s system; thus, the user can use the operator’s services after exercising this right.

Objection to personal data processing

The user can object to the processing of personal data concerning their situation at any time, including profiling and the user has the right to object to processing for direct marketing purposes, including profiling. If the user objects to processing personal data, the operator will delete the personal data from the system.

The user can object to personal data processing in writing (via email or post) or, in the case of a newsletter, by clicking the “unsubscribe” link found in the newsletter.

Request fulfillment term

The operator informs the user about the arrangements without undue delay, but in any case, within one month of the arrival of any request.

1. • This period may be extended by another two months if necessary, considering the complexity and number of requests, but in this case, the user must be informed by the operator about the reasons for the delay within one month of the arrival of the request. If the request was submitted electronically by the user, the operator provides the information electronically, unless the user requests it otherwise.

Legal enforcement possibilities

• The user can exercise their rights through a written request sent via email or post.
• The user cannot exercise their rights if the operator proves they are unable to identify the user. If a user’s request is manifestly unfounded or excessive (especially due to its repetitive nature), the operator may charge a reasonable fee or refuse to comply with the request. This must be proven by the operator. If the operator has reasonable doubts concerning the identity of the individual making a request, they may request additional information necessary to confirm the requester’s identity.

Management of Personal Data Breach

A personal data breach means a security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed. The operator keeps a record to control measures regarding personal data breaches, inform supervisory authorities, and notify the user. This record includes the scope and number of personal data, the date of the personal data breach, the scope and number of those involved, the time, circumstances, and effects of the incident, and measures taken to avoid it. In case of an incident, the operator – unless the breach is unlikely to result in a risk to the rights and freedoms of individuals – must inform the user and supervisory authorities about the breach without undue delay, but at least within 72 hours.