Log in


PRIVACY POLICY OF AviaHub S.A.

Table of Contents

I. About Us
II. General Provisions
III. Purposes of Processing Your Personal Data
IV. Principles and Legal Bases for Processing Your Data
V. Your Rights
VI. How We Will Contact You
VII. Timeframe for Fulfilling Your Request
VIII. Subcontractors / Data Processors
IX. How We Protect Your Data
X. Data Retention
XI. Authorizations
XII. Cookies

I. About Us

AviaHub S.A., with its registered office in Warsaw. Personal data is collected and processed in accordance with the terms and conditions set out in this Privacy Policy.

II. General Provisions

At AviaHub S.A., we place particular emphasis on protecting the privacy of our customers, contractors, employees, and partners. One of the key aspects of this protection is safeguarding the rights and freedoms of natural persons in relation to the processing of their personal data.

We ensure that your data is processed in compliance with the provisions of the General Data Protection Regulation (EU) 2016/679 (hereinafter: “GDPR”), the Polish Data Protection Act, as well as specific legislation (e.g., labor law, accounting regulations).

AviaHub S.A. acts as the data controller within the meaning of Article 4(7) GDPR and also uses the services of processors referred to in Article 4(8) GDPR – i.e., entities that process personal data on behalf of the controller (e.g., IT or hosting companies).

AviaHub S.A. implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk of violating the rights or freedoms of individuals, taking into account the probability and severity of the potential threat. Our personal data protection practices are based on adopted policies and procedures as well as regular training to improve the knowledge and competence of our employees and partners.

We may collect and process the following user data:

  • Personal data: name and surname, email address, phone number, company name, position, and optionally a website address.
  • Business information: company address, VAT number, and alternative contact details.
  • Correspondence: records of email messages, phone calls, and messages sent to us.
  • Transaction information: details of purchases, service execution, and order history.
  • Website usage data: IP address, location data, traffic data, web logs, and other communication data.
  • Survey responses: if you voluntarily participate in surveys, we may collect your responses.

We limit the collection of data to what is necessary to provide our services on lawful grounds, including consent and/or legitimate necessity.

III. Purposes of Processing Your Personal Data

Contact details obtained from contractors (e.g., their employees) are used to conclude and efficiently perform contracts. We use our customers’ data to perform contracts and deliver our services.

We also conduct marketing activities aimed at reaching as many interested parties as possible to provide them with up-to-date information about our products and services.

We share your data with third parties either with your consent or when required to do so by law.

IV. Principles and Legal Bases for Processing Your Data

We take care to protect the interests of data subjects, ensuring in particular that their data is:

  • processed lawfully, fairly, and transparently;
  • collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes;
  • adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed;
  • accurate and, where necessary, kept up to date. We take steps to ensure that inaccurate personal data is promptly erased or rectified;
  • stored in a form that permits identification of data subjects for no longer than necessary for the purposes of processing;
  • processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and accidental loss or destruction.

We usually process your data on the basis of consent, which may be withdrawn at any time.

We may also process your data when it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into a contract.

In some cases, processing is required to comply with a legal obligation imposed on us as a data controller (e.g., under labor law or accounting law).

Processing may also be necessary for the purposes of our legitimate interests, such as asserting claims arising from our business activities.

V. Your Rights

We take appropriate measures to provide you with relevant information and to communicate with you in a concise, transparent, intelligible, and easily accessible form in connection with the exercise of your rights, including the right to:

  • information provided at the time of data collection;
  • information upon request – whether data is being processed and other matters as set out in Article 15 GDPR, including the right to a copy of your data;
  • rectification of data;
  • erasure (“right to be forgotten”);
  • restriction of processing;
  • data portability;
  • objection;
  • not being subject to a decision based solely on automated processing (including profiling);
  • information about personal data breaches.

If your personal data is processed on the basis of consent, you have the right to withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.

To exercise your rights, please contact us at:
Email: office@aviahub.com 

The security of your data is our priority. However, if you believe that we are violating GDPR by processing your personal data, you have the right to lodge a complaint with Urząd Ochrony Danych Osobowych (the Polish Data Protection Authority).

VI. How We Will Contact You

We provide information in writing or by other means, including electronically when appropriate. If requested, information may be provided orally, provided that we can verify your identity by other means. If you submit your request electronically, we will respond electronically whenever possible, unless you indicate another preferred form of communication.

VII. Timeframe for Fulfilling Your Request

We aim to provide information without undue delay and, in principle, within one month of receiving your request.
Where necessary, this period may be extended by a further two months due to the complexity of the request. In any case, we will inform you within one month of receiving the request about any extension and the reasons for the delay.

VIII. Subcontractors / Data Processors

When we cooperate with entities that process personal data on our behalf, we only use processors that provide sufficient guarantees to implement appropriate technical and organizational measures to ensure processing in compliance with GDPR and the protection of data subjects’ rights.

We thoroughly verify these entities, conclude detailed agreements with them, and carry out periodic compliance audits.

Recipients of your personal data may include:

  • entities and authorities authorized to process personal data under applicable laws; banks, if necessary for settlements;
  • institutions providing funding for the performance of contracts with the Controller;
  • entities cooperating in marketing campaigns;
  • couriers;
  • IT and hosting service providers;
  • online training platform providers (if you purchase an online course);
  • online payment providers (if you purchase an online course).

IX. How We Protect Your Data

To meet legal requirements, we have developed detailed procedures covering, among others:

  • data protection by design and by default;
  • data protection impact assessments;
  • breach notification procedures;
  • maintaining records of processing activities;
  • data retention;
  • exercising data subjects’ rights.

We regularly review and update our documentation to demonstrate compliance with GDPR’s accountability principle and to incorporate best industry practices to protect data subjects’ interests.

X. Data Retention

We store personal data in a form that permits identification of the data subject for no longer than is necessary for the purposes for which the data is processed. After this period, we anonymize or delete the data.

We determine the retention period primarily based on legal requirements (e.g., retention periods for employment or accounting records) and legitimate interests of the controller (e.g., marketing activities).

Our retention policy covers both paper and electronic data.

XI. Authorizations

We ensure that any person acting under our authority who has access to your personal data processes it only on our instructions, unless required otherwise by Union or Member State law.

XII. Cookies

Cookie Policy of the Website

a) Cookies are IT data, in particular text files, stored on the User’s device and intended for use on the Website. Cookies typically contain the name of the website they come from, the duration of their storage on the device, and a unique number.

b) The entity placing cookies on the User’s device and accessing them is the owner of the Website.

c) The cookie mechanism is not used to obtain any information about users or track their navigation. The cookies used on the Website do not store any personal data or other information collected from users and are used for statistical purposes only.

d) By default, web browsers allow cookies to be stored on the User’s device. In most cases, you can configure the software to automatically block cookies. Information about cookie management settings can be found in your browser settings. Please note that cookie restrictions may affect some functionalities of the Website.

e) Cookies are used to:

  • tailor the Website’s content to the User’s preferences and optimize site usage;
  • create statistics to understand how Users interact with the Website, helping us improve its structure and content;
  • maintain the User’s session after logging in, so that the User does not need to re-enter login details on each page.

f) The Website uses two basic types of cookies: session cookies (temporary, deleted after logging out or closing the browser) and persistent cookies (stored on the User’s device for a specified time or until deleted manually).

g) Types of cookies used:

  • “necessary” cookies enabling the use of services available on the Website, e.g., authentication cookies for services requiring login;
  • security cookies, e.g., used to detect authentication abuse;
  • “performance” cookies, enabling the collection of information about how the Website is used;
  • “functional” cookies, enabling the Website to remember User-selected settings (e.g., language, region, font size, website layout).

Links to Other Websites
The Website may contain links to other websites. We recommend reviewing their privacy policies, as we are not responsible for their content or data practices.

Website Data Security
The following security measures are applied:
a) Automatically collected server data is protected through authentication mechanisms.
b) Data collected during registration is secured using SSL protocol and authentication mechanisms.
c) Access to website administration is secured by authentication mechanisms.