Dated: November 2023
This page should give you an overview about the data privacy, about our understanding of it and describe what happens with any data you enter within apron:pilot.
Table of contents
Specific questions around data privacy
What data is stored?
After registration with a new group the following entered data is saved:
- Name of flight school, flight club, aircraft owner, aircraft owner community (mandatory)
- Short name / abbreviation of it (mandatory)
- Office E-Mail address (mandatory)
For the administrator the following data is stored with the registration:
- First and last name of the administrator (mandatory)
- Administrator user name (mandatory)
- Administrator e-mail address (mandatory)
- Password for the administrator account (mandatory)
After the registration process and after logging in, the administrator can create further user accounts and enter the following additional information:
- Home address, postal code, city, country (optional)
- Mobile and/or telephone number (optional)
- First and last name of the user, E-mail address of the user (mandatory)
Each user can enter these contact details and address information if they want. Furthermore the users can decide if personal contact details (e-mail address, telephone number, mobile phone number) is shown on the members detail page and the calendar. Reason for having the personal contact details presented there is to allow users to get in touch with each other for any topic related to the organization, reservation, aircraft management, flight school or flight club management etc.
Important: Administrators have always access to the personal contact details for operational reasons! If users don't want that, they have to remove their personal details via the profile page.
What about cookies & sessions?
Due to technical reasons we need to store cookies on your computer. The following cookie types are stored by apron:pilot:
- Cookie for storing the login - after you've successfully logged in, an encrypted cookie will be stored on your computer to recognize you once you close the browser and navigate back to the URL again. This cookie expires automatically after 2 hours.
- Cookie for remembering you - If you select "Remember me" at the login an encrypted cookie will be also stored on your computer, to remember you and keep you logged in. If you logout from your account, this cookie will be deleted. This cookie expires automatically after 5 years otherwise.
- Cookie to prevent CSRF attacks (Cross-Site Request Forgery) - In order to prevent these attacks an encrypted CSRF token cookie is stored on your computer to make sure that each form-transactions are secured. This cookie expires automatically after 2 hours.
- Cookie to prevent fraud and ensure correct authentification from our payment service provider
It is NOT possible to use apron:pilot without setting these cookies. According to the GDPR, it is not required that you accept or refuse to this, as these strictly necessary cookies are required in order for apron:pilot to work and ensure a certain security level after login.
If the additional, payware module for invoicing is subscribed further cookies and session tokens might be created on your computer to ensure a safe checkout process. Please checkout the cookie policy of our payment service provider Stripe.
There are no marketing related cookies (use for analytic tools or Google Analytics) or third-party cookies stored by the application. Currently no session parameters are stored.
For more information please visit the following websites: GDPR.eu Cookies, Find information about cookies with Chrome, Check cookies with Firefox
What happens with my e-mail address and contact information?
The e-mail address of the group (so the office e-mail) is entered automatically in our newsletter system. This means that by registering you accept to receive newsletters form us on this e-mail address. Of course you can unsubscribe at any time by contacting us or by clicking on the unsubscribe link in the newsletters.
Your office e-mail address is also used to get in touch with you as a customer. If there are important information, requests, details etc. we will use this e-mail address to contact you.
If you create a new user and enter the e-mail address, they will NOT be automatically entered into the newsletter system. They will not receive newsletters because of that!
The other contact information of your group (e.g. name of flight school etc.) is currently only used internally. It will be used in future development for the invoicing-feature, where this data will be put on the digital invoice.
Where and how is my data stored?
All data is stored on a webserver that is operated by a company in Graz, Austria. The data center in use is a data center based in Vienna, Austria. All data that is entered in apron:pilot is stored and handled on these servers.
If the additional, payware module for invoicing is subscribed, contact data, address data and e-mail is exchanged with our payment service provider Stripe (Find out more about their data privacy and terms). All other data that is entered during the checkout process, is handled by Stripe.
Additionally to the strict standardized data privacy and security regulations in place by the provider, we have decided to also do everything possible to ensure data security. All personal data (such as names, address information, e-mail address) are stored encrypted in the database. The encryption happens in real time. To decrypt this data it is required to have our application algorithm and security settings, otherwise a technical decryption is not possible. This makes a data theft of the database not sufficient, to have personal data of your account.
Can I delete my account & data?
In order to be fully able to delete any personal data from you it is required that you get in touch with us. We will then make sure that your personal data is removed from the current database completely including all related items (e.g. calendar reservations, logbook entries etc.). Please get in touch with us via dataprivacy@apron-pilot.com
General declarations around data privacy
Privacy Policy
We have written this privacy policy (version 15.11.2023) to provide you with information in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 as well as to explain what information we collect, how we use data and what choices you have as a visitor to this website.
Privacy policies usually sound very technical. However, this version should describe the most important things as simply and clearly as possible. Moreover, technical terms are explained in a reader-friendly manner whenever possible. We would also like to convey that we only collect and use information via this website if there is a corresponding legal basis for it. This is certainly not possible if you give very brief technical explanations, as are often standard on the Internet when it comes to data protection. We hope you find the following explanations interesting and informative. Maybe you will also find some information that you did not know yet.
Should you still have questions, we kindly ask you to follow the existing links to see further information on third-party websites, or to simply write us an email. You can find our contact information in our website’s imprint.
Automatic Data Retention
Every time you visit a website nowadays, certain information is automatically created and stored, just as it happens on this website. This data should be collected as sparingly as possible, and only with good reason. By website, we mean the entirety of all websites on your domain, i.e. everything from the homepage to the very last subpage (like this one here). By domain we mean example.uk or examplepage.com.
Even while you are currently visiting our website, our web server – this is the computer this website is stored on, usually automatically retains data such as the below – for reasons such as operational security or for creating access statistics etc.
- the full address (URL) of the accessed website (e. g. https://www.examplepage.uk/examplesubpage.html/)
- browser and browser version (e.g. Chrome 87)
- the operating system used (e.g. Windows 10)
- the address (URL) of the previously visited site (referrer URL) (z. B. https://www.examplepage.uk/icamefromhere.html/)
- the host name and the IP-address of the device the website is accessed from (e.g. COMPUTERNAME and 194.23.43.121)
- date and time
- in so-called web server log files.
Generally, these files are stored for two weeks and are then automatically deleted. We do not pass these data to others, but we cannot exclude the possibility that this data may be looked at by the authorities in case of illegal conduct.
In short: your visit is logged by our provider (company that runs our website on servers), but we do not pass on your data!
Cookies
Our website uses HTTP-cookies to store user-specific data.
For your better understanding of the following Privacy Policy statement, we will explain to you below what cookies are and why they are in use.
What exactly are cookies?
Every time you surf the internet, you use a browser. Common browsers are for example Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text-files in your browser. These files are called cookies.
What should not be dismissed, is that cookies are very useful little helpers. Nearly all websites use cookies. More accurately speaking these are HTTP-cookies, since there are also different cookies for other uses. http-cookies are small files which our website stores on your computer. These cookie files are automatically put into the cookie-folder, which is like the “brain” of your browser. A cookie consists of a name and a value. Moreover, to define a cookie, one or multiple attributes must be specified.
Cookies save certain parts of your user data, such as e.g. language or personal page settings. When you re-open our website, your browser submits these “user specific” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are familiar to. In some browsers every cookie has its own file, in others such as Firefox, all cookies are stored in one single file.
There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner-websites (e.g. Google Analytics). Every cookie is individual, since every cookie stores different data. The expiration time of a cookie also varies – it can be a few minutes, or up to a few years. Cookies are no software-programs and contain no computer viruses, trojans or any other malware. Cookies also cannot access your PC’s information.
This is an example of how cookie-files can look:
name: _ga
value: GA1.2.1326744211.152111728967-9
purpose: differentiation between website visitors
expiration date: after 2 years
A browser should support these minimum sizes:
- at least 4096 bytes per cookie
- at least 50 cookies per domain
- at least 3000 cookies in total
Which types of cookies are there?
What exact cookies we use, depends on the used services. We will explain this in the following sections of the Privacy Policy statement. Firstly, we will briefly focus on the different types of HTTP-cookies.
There are 4 different types of cookies:
Essential Cookies
These cookies are necessary to ensure the basic function of a website. They are needed when a user for example puts a product into their shopping cart, then continues surfing on different websites and comes back later in order to proceed to the checkout. Even when the user closed their window priorly, these cookies ensure that the shopping cart does not get deleted.
Purposive Cookies
These cookies collect info about the user behaviour and record if the user potentially receives any error messages. Furthermore, these cookies record the website’s loading time as well as its behaviour within different browsers.
Target-orientated Cookies
These cookies care for an improved user-friendliness. Thus, information such as previously entered locations, fonts or data in forms stay saved.
Advertising Cookies
These cookies are also known as targeting-Cookies. They serve the purpose of delivering individually adapted advertisements to the user. This can be very practical, but also rather annoying.
Upon your first visit to a website you are usually asked which of these cookie-types you want to accept. Furthermore, this decision will of course also be saved in a cookie.
How can I delete cookies?
You yourself take the decision if and how you want to use cookies. Thus, no matter what service or website cookies are from, you always have the option to delete, deactivate or only partially allow them. Therefore, you can for example block cookies of third parties but allow any other cookies.
If you want change or delete cookie-settings and would like to determine which cookies have been saved to your browser, you can find this info in your browser-settings:
Chrome: Clear, enable and manage cookies in Chrome
Safari: Manage cookies and website data in Safari
Firefox: Clear cookies and site data in Firefox
Internet Explorer: Delete and manage cookies
Microsoft Edge: Delete cookies in Microsoft Edge
If you generally do not want to allow any cookies at all, you can set up your browser in a way, to notify you whenever a potential cookie is about to be set. This gives you the opportunity to manually decide to either permit or deny the placement of every single cookie. The settings for this differ from browser to browser. Therefore, it might be best for you to search for the instructions in Google. If you are using Chrome, you could for example put the search phrase “delete cookies Chrome” or “deactivate cookies Chrome” into Google.
How is my data protected?
There is a “cookie policy” that has been in place since 2009. It states that the storage of cookies requires the user’s consent. However, among the countries of the EU, these guidelines are often met with mixed reactions. In Austria the guidelines have been implemented in § 96 section 3 of the Telecommunications Act (TKG).
If you want to learn more about cookies and do not mind technical documentation, we recommend https://tools.ietf.org/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.
Storage of Personal Data
Any personal data you electronically submit to us on this website, such as your name, email address, home address or other personal information you provide via the transmission of a form or via any comments to the blog, are solely used for the specified purpose and get stored securely along with the respective submission times and IP-address. These data do not get passed on to third parties.
Therefore, we use personal data for the communication with only those users, who have explicitly requested being contacted, as well as for the execution of the services and products offered on this website. We do not pass your personal data to others without your approval, but we cannot exclude the possibility this data will be looked at in case of illegal conduct.
If you send us personal data via email – and thus not via this website – we cannot guarantee any safe transmission or protection of your data. We recommend you, to never send confidential data via email.
Rights in accordance with the General Data Protection Regulation
You are granted the following rights in accordance with the provisions of the GDPR (General Data Protection Regulation) and the Austrian Data Protection Act (DSG):
- right of access by the data subject (article 15 GDPR)
- right to rectification (article 16 GDPR)
- right to erasure (“right to be forgotten“) (article 17 GDPR)
- right to restrict processing (article 18 GDPR)
- righ to notification – notification obligation regarding rectification or erasure of personal data or restriction of processing (article 19 GDPR)
- right to data portability (article 20 GDPR)
- Right to object (article 21 GDPR)
- right not to be subject to a decision based solely on automated processing – including profiling – (article 22 GDPR)
If you think that the processing of your data violates the data protection law, or that your data protection rights have been infringed in any other way, you can lodge a complaint with your respective regulatory authority. For Austria this is the data protection authority, whose website you can access at https://www.data-protection-authority.gv.at/.
Evaluation of Visitor Behaviour
In the following Privacy Policy, we will inform you on if and how we evaluate the data of your visit to this website. The evaluation is generally made anonymously, and we cannot link to you personally based on your behaviour on this website.
You can find out more about how to disagree with the evaluation of visitor data, in the Privacy Policy below.
TLS encryption with https
The terms TLS, encryption and https sound very technical, which they are indeed. We use HTTPS (Hypertext Transfer Protocol Secure) to securely transfer data on the Internet.
This means that the entire transmission of all data from your browser to our web server is secured – nobody can “listen in”.
We have thus introduced an additional layer of security and meet privacy requirements through technology design Article 25 Section 1 GDPR). With the use of TLS (Transport Layer Security), which is an encryption protocol for safe data transfer on the internet, we can ensure the protection of confidential information.
You can recognise the use of this safeguarding tool by the little lock-symbol , which is situated in your browser’s top left corner in the left of the internet address (e.g. examplepage.uk), as well as by the display of the letters https (instead of http) as a part of our web address.
If you want to know more about encryption, we recommend you to do a Google search for “Hypertext Transfer Protocol Secure wiki” to find good links to further information.
Google Fonts Local Privacy Policy
On our website we use Google Fonts, from the company Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).
We integrated Google Fonts locally, so on our own webserver and not on Google’s servers. Hence, there is no connection to Google’s servers and consequently no data transfer or retention.
What are Google Fonts?
Google Fonts was previously called Google Web Fonts. It is an interactive list with over 800 fonts which Google LLC offer for free use. With the use of Google Fonts, it is possible to utilise fonts without uploading them to your own server. For that matter, in order to prevent any transfer of information to Google’s servers, we downloaded the fonts to our own server. This way we comply with the data privacy and do not transmit any data to Google Fonts.
Unlike other web fonts, Google offers us unrestricted access to all its fonts. Thus, we have a vast sea of font types at our disposal, which helps us to get the most out of our website. You can find out more answers and information on Google Fonts at https://developers.google.com/fonts/faq?tid=111728967.
Font Awesome Privacy Policy
On our website we use Font Awesome by the American company Fonticons (307 S. Main St., Suite 202, Bentonville, AR 72712, USA). Upon your visit to one of our websites, the Font Awesome web font, i.e. the icons, are loaded via the Font Awesome Content Delivery Network (CDN). This way texts, fonts and icons are displayed appropriately on every device. In this privacy policy we will go into more detail on data storage and data processing by this service.
What is Font Awesome?
Icons play an increasingly important role on websites. Font Awesome is a web font specifically designed for web designers and web developers. With Font Awesome icons can for example be scaled and coloured as desired using the CSS stylesheet language. Thus, they now replace old picture icons. Font Awesome CDN is the easiest way to load icons or fonts onto your website. To do this, we only had to embed a short line of code into our website.
Why do we use Font Awesome on our website?
Font Awesome enables our websites’ content to be depicted better. This eases your navigation on our website, and helps you grasp its content better. The icons can sometimes even be used to replace whole words and save space. This is particularly useful when optimising content specifically for smartphones. The icons are inserted as HMTL code instead of as an image, which allows us to edit the icons with CSS exactly as we want. Simultaneously, Font Awesome also lets us improve our loading speed, as it only contains HTML elements and no icon images. All these advantages help us to make our website even clearer, faster and more refined for you.
Which data are stored by Font Awesome?
The Font Awesome Content Delivery Network (CDN) is used to load icons and symbols. CDNs are networks of servers that are distributed around the world. They make it possible to quickly load files from locations in close proximity. When you open one of our pages, the respective icons will be provided by Font Awesome.
For the web fonts to be loaded, your browser has to connect to the servers of Fonticons, Inc. For this, your IP address will be identified. Font Awesome also collects data on which icon files are downloaded, as well as when they are downloaded. Furthermore, technical data such as your browser version, screen resolution or the time when you accessed the page are also transmitted.
These data are collected and stored for the following reasons:
- to optimise Content Delivery Networks
- to identify and fix technical errors
- to protect CDNs from misuse and attacks
- to calculate fees from Font Awesome Pro customers
- to identify the popularity of icons
- to establish which computer and software you are using
If your browser does not allow web fonts, one of your PC’s standard fonts will be used automatically. Moreover, as far as we are currently aware, no cookies will be set. We are keeping in contact with Font Awesome’s privacy department and will let you know as soon as we find out more.
How long and where are the data stored?
Font Awesome stores data about the use of the Content Delivery Network also on servers in the United States of America. However, the CDN servers are located all across the world and store user data in your proximity. The data is usually only stored for a few weeks in an identifiable form. Aggregated statistics on the use of the CDNs may also be stored for longer. However, these do not include any personal data.
How can I delete my data or prevent data retention?
As far as we are aware, Font Awesome does not store any personal data via Content Delivery Networks. If you do not want data about the used icons to be stored, you will unfortunately not be able to visit our website. If your browser does not allow web fonts, no data will be transmitted or saved. In this case your computer’s default font will be used.
If you want to find out more about Font Awesome and their data handling, we recommend you to read their privacy policy at https://fontawesome.com/privacy along with the help page at https://fontawesome.com/help.
Payment provider
We use online payment systems on our website that enable us and you to have a secure and smooth payment process. Among other things, personal data can also be sent to the respective payment provider, stored and processed there.
In the context of contractual or legal relationships, due to legal obligations and on the basis of legitimate interest, we also offer other payment service providers in addition to banks / credit institutions. The data protection declarations of the individual payment providers (such as Amazon Payments, Apple Pay or Discover) give you a precise overview of data processing and data storage. In addition, you can always contact those responsible if you have any questions about data protection issues.
What is a payment provider?
Payment providers are online payment systems that enable you to place an order via online banking. The payment processing is carried out by the payment provider you have chosen. We will then receive information about the payment made. This method can be used by any user who has an active online banking account with a PIN and TAN. There are hardly any banks that do not offer or accept such payment methods.
Why do we use payment providers on our website?
Of course, we want to offer the best possible service with our website and our integrated online shop, so that you feel comfortable on our site and take advantage of our offers. We know that your time is valuable and that payment processing in particular has to work quickly and smoothly. For these reasons, we offer you various payment providers. You can choose your preferred payment provider and pay in the usual way.
Which data are saved?
The exact data that is processed naturally depends on the respective payment provider. Basically, however, data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.) are saved. This is the necessary data to be able to carry out a transaction at all. In addition, any contract data and user data, such as when you visit our website, what content you are interested in or which sub-pages you click, can also be saved. Most payment providers also store your IP address and information about the computer you are using.
The data is usually stored and processed on the payment providers' servers. As the website operator, we do not receive this data. We are only informed whether the payment worked or not. For identity and credit checks, it can happen that payment providers forward data to the appropriate body. The business and data protection principles of the respective provider always apply to all payment transactions. Therefore, please always take a look at the payment provider's general terms and conditions and privacy policy. You also have the right to have data deleted or corrected at any time, for example. Please contact the respective service provider regarding your rights (right of withdrawal, right to information and right to be affected).
Information on the special payment providers can be found - if available - in the following sections.
PayPal privacy policy
We use the online payment service PayPal on our website. The service provider is the company PayPal Inc. For the global area, the company PayPal Europe (S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg). You can find out more about the data that is collected through the use of PayPal settings in the data protection declaration at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Stripe Privacy Policy
On our website we use a payment tool by Stripe, an American technology company and online payment service. Stripe Payments Europe (Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) is responsible for customers within the EU. Therefore, if you choose Stripe as your payment method, your payment will be processed via Stripe Payments. Hence, the data required for the payment process is forwarded to Stripe where it is then stored. In this privacy policy we will give you an overview of Stripe’s data processing and retention. Moreover, we will explain why we use Stripe on our website.
What is Stripe?
The technology company Stripe offers payment solutions for online payments. Stripe enables us to accept credit and debit card payments in our webshop while it handles the entire payment process. A major advantage of Stripe is that you never have to leave our website or shop during the payment process. Moreover, payments are processed very quickly via Stripe.
Why do we use Stripe on our website?
We of course want to offer the best possible service with both our website and our integrated online shop. After all, we would like you to feel comfortable on our site and take advantage of our offers. We know that your time is valuable and therefore, payment processing in particular must work quickly and smoothly. In addition to our other payment providers, with Stripe we have found a partner that guarantees secure and fast payment processing.
What data are stored by Stripe?
If you choose Stripe as your payment method, your personal data (transaction data) will be transmitted to Stripe where it will be stored. These data include the payment method (i.e. credit card, debit card or account number), bank sort code, currency, as well as the amount and the payment date. During a transaction, your name, email address, billing or shipping address and sometimes your transaction history may also be transmitted. These data are necessary for authentication. Furthermore, Stripe may also collect relevant data for the purpose of fraud prevention, financial reporting and for providing its services in full. These data may include your name, address, telephone number as well as your country in addition to technical data about your device (such as your IP address).
Stripe does not sell any of your data to independent third parties, such as marketing agencies or other companies that have nothing to do with Stripe. However, data may be forwarded to internal departments, a limited number of Stripe’s external partners or for legal compliance reasons. What is more, Stripe uses cookies to collect data. Here is a selection of cookies that Stripe may set during the payment process:
Name: m
Value: edd716e9-d28b-46f7-8a55-e05f1779e84e040456111728967-5
Purpose: This cookie appears when you select your payment method. It saves and recognises whether you are accessing our website via a PC, tablet or smartphone.
Expiry date: after 2 years
Name: __stripe_mid
Value: fc30f52c-b006-4722-af61-a7419a5b8819875de9111728967-1
Purpose: This cookie is required for carrying out credit card transactions. For this purpose, the cookie stores your session ID.
Expiry date: after one year
Name: __stripe_sid
Value: 6fee719a-c67c-4ed2-b583-6a9a50895b122753fe
Purpose: This cookie also stores your ID. Stripe uses it for the payment process on our website.
Expiry date: after end of the session
How long and where are the data stored?
Generally, personal data are stored for the duration of the provided service. This means that the data will be stored until we terminate our cooperation with Stripe. However, in order to meet legal and official obligations, Stripe may also store personal data for longer than the duration of the provided service. Furthermore, since Stripe is a global company, your data may be stored in any of the countries Stripe offers its services in. Therefore, your data may be stored outside your country, such as in the USA for example.
How can I delete my data or prevent data retention?
Stripe is still a participant of the EU-U.S. Privacy Shield Framework which regulated correct and secure transfer of personal data until July 16, 2020. However, since the European Court of Justice declared the agreement to be invalid, the company no longer relies on this agreement, but still acts according to the principles of Privacy Shield.
You always reserve the right to information, correction and deletion of your personal data. Should you have any questions, you can contact the Stripe team at https://support.stripe.com/contact/email.
You can delete, deactivate or manage cookies in your browser that Stripe uses for its functions. This works differently depending on which browser you are using. Please note, however, that if you do so the payment process may no longer work. The following instructions will show you how to manage cookies in your browser:
Chrome: Clear, enable and manage cookies in Chrome
Safari: Manage cookies and website data in Safari
Firefox: Clear cookies and site data in Firefox
Internet Explorer: Delete and manage cookies
Microsoft Edge: Delete cookies in Microsoft Edge
We have now given you a general overview of Stripe’s data processing and retention. If you want more information, Stripe’s detailed privacy policy at https://stripe.com/at/privacy is a good source.
All texts are copyrighted.
Source: Created with the Datenschutz Generator by AdSimple