Our website address is: https://www.pipistrel-aircraft.com.
At Pipistrel, we know that protecting your personal data is important to you. Because we take this seriously, we have implemented the procedures described in this privacy notice based on the General Data Protection Regulation (Regulation (EU) 2016/679) (herein “GDPR”) and other applicable laws, including the Slovenian Data Protection Act (Official Gazette of the Republic of Slovenia, no. 163/22). Before accessing the website, you should read this notice carefully and acknowledge the manner in which we process data.
Collection and use of your personal data by us
Personal information we collect: The information we collect, store and use includes, but is not limited to:
Information about use of the website: In general, you can visit the Pipistrel website (hereinafter referred to as the “Website”) without disclosing your identity or any information about you to us. Our web servers collect the domain names, but not email addresses, of visitors.
Registration information you provide to us: If you register on our website to receive current information from Pipistrel, we collect profile information about you (“Personal Information”). We will ask you to provide us with the following information:
- your first and last name;
- Your email address;
- the name of your company; and
- other information as mentioned on the respective registration pages.
You can optionally provide us with additional information, including your address, telephone and fax numbers and – if you are interested in working for Pipistrel – your employment history. If you decide not to submit the optional data, this may result in certain functions not being available to you.
How long we keep your personal data
The criteria for determining the retention period of personal data are based on the respective legal retention periods and other qualifying elements. After this period has expired, the relevant data will be routinely deleted unless it is no longer required for the continuation of the business relationship, the fulfillment or establishment of a contract or other lawful purposes. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us.
Why we collect the information and your personal data
We collect and use information about you to help us manage and improve our business activities or to provide you with products, services or other offers. Among other things, we use the data we collect about you to personalize your user experience on our website and make it more pleasant for you.
Website usage information: This data is aggregated to measure the number of visits, the average time spent visiting the website, the pages visited, etc. Pipistrel uses this data (“behavioral profiles”) to measure the use of our website and to improve the content offered.
Personal data: By submitting this personal data to us, you expressly consent to our collection and use of this data as described in this data protection notice. We normally only use your personal data in the following cases:
- to respond to your inquiries;
- to process orders;
- contact you regarding customer account status or for customer service purposes;
- to ask you for your feedback on our customer service;
- to inform you about products or services that may be of interest to you or
- to provide you with access to certain customer account information.
If you register on the website, you declare your consent to be contacted in the above-mentioned cases.
Email communication: We use your email address to respond to your inquiries or to inform you about products and services. To help us determine whether you have received an email from us and to make emails more useful and interesting, we may receive a confirmation that you have opened an email from us. When you fill out the various contact forms on our website, only an email is created so that we can get in touch with you. No further data is recorded or saved.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Legal basis for processing
Art. 6 Para. 1 a) GDPR serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary to fulfill a contract to which you are a party, such as is necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6 Para. 1 b) DS- GMOs. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our products or services. Failure to provide your personal data would mean that the contract with you cannot be concluded. If our company is subject to a legal obligation that requires the processing of personal data, such as to fulfill tax obligations, the processing is based on Art. 6 Para. 1 c) GDPR. In rare cases, the processing of personal data may be necessary to protect your vital interests or those of other natural persons. This would be the case, for example, if a visitor were injured in our company. Then the processing would be based on Art. 6 Para. 1 d) GDPR. Ultimately, processing operations could be based on Art. 6 Para. 1 f) GDPR. This is the basis for processing operations that are not covered by any of the aforementioned legal bases, but if the processing is necessary to protect a legitimate interest of our company or a third party, provided that your interests, fundamental rights and freedoms do not outweigh these. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. A legitimate interest can be assumed if you are a customer of the company (Recital 47 Sentence 2 GDPR).
For UK residents – data protection in relation to children and young people
Use of social media plugins
Our website uses so-called social plugins (“plugins”) from various social networks. These services are offered by the following companies (collectively, the “Providers”):
Facebook: Operating company: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA; Description of the plugins: http://developers.facebook.com/plugins; Data protection information: https://de-de.facebook.com/about/privacy
LinkedIn: Operating company: LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA; Description of the plugins: https://developer.linkedin.com/plugins; Data protection information: https://www.linkedin.com/legal/privacy-policy or https://www.linkedin.com/legal/cookie-policy
Twitter: Operating company: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Description of the plugins: https://about.twitter.com/de/resources/buttons; Data protection information: https://twitter.com/privacy?lang=de
Xing: Operating company: XING SE, Dammtorstraße 30, 20354 Hamburg; Description of the plugin: https://www.xing.com/app/share?op=data_protection; Data protection information: https://www.xing.com/privacy
YouTube: Operating company: YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA; Description of the plugin: https://www.youtube.com/yt/about/de/; Data protection information: https://www.google.de/intl/de/policies/privacy/
When you visit a page on our website that contains such a plugin, your browser establishes a direct connection with the provider’s servers. The content of the plugin is transmitted directly to your browser by the respective provider and integrated into the page by it. By integrating the plugins, the providers receive the information that your browser has accessed the corresponding page on our website, even if you do not have a profile on the relevant social network or are not currently logged in. This information (including your IP address) is transmitted from your browser directly to a server of the respective provider in the USA and stored there.
If you are logged in to one of the social networks, the providers can assign your visit to our website directly to your profile with the respective provider. As part of this technical process, the provider receives information about which specific subpage of our website you visit. This information is collected via the provider’s respective components and assigned by the provider to your respective provider account. If you interact with the plugins, for example by pressing the “Like” button or the “share” button, the corresponding information is also transmitted directly to the provider’s server and stored there. The information is also published on the social network and displayed there to your contacts.
The purpose and scope of data collection and the further processing and use of the data by the providers as well as their related rights and setting options to protect your privacy can be found in the providers’ respective data protection regulations.
If you do not want one or more of the providers to directly assign the data collected via our website to your profile in the respective social network, you must log out of the relevant network before visiting our website. With the help of add-ons you can also completely prevent the plugins from being loaded, for example with the Facebook plugins with the “Facebook Blocker”.
Creation of log files
Every time you access our website, our system automatically collects data and information from your computer system. In this case, the following data is collected:
- Information about the browser type and version used;
- The user’s IP address; and
- Date and time of access.
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
The legal basis for the temporary storage of data and log files is Art. 6 Para. 1 f) GDPR. The temporary storage of the IP address by the system is necessary to enable secure communication between the website and the user’s computer. Therefore, the user’s IP address must be retained for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. For these purposes, it is our legitimate interest to collect data in accordance with Art. 6 Para. 1 f) GDPR.
The data will be deleted as soon as it is no longer needed for the respective processing purpose. In the case of collecting data for the provision of the website, this is the case as soon as the respective session has ended. If the data is stored in log files, this is the case after 14 days at the latest. Storage beyond this is possible. In this case, your IP addresses will be deleted or altered so that it is no longer possible to assign your IP address.
Collecting data to provide the website and storing the data in log files is essential for the operation of the website. Therefore, you have no opportunity to object to such collection.
Restriction on the transfer of data to third parties
We are not in the business of selling your personal information to third parties.
- Website Usage Information : We may share experience data or other information that does not personally identify users of our Website with third parties. This could, for example, be aggregated data about product or service preferences of all website visitors.
- Personal Information : We do not share any personal information about you with unaffiliated third parties, except:
- You request this or give your consent to this;
- the information is shared to facilitate the completion of a transaction for you;
- the transfer is made to facilitate a purchase, transfer or sale of assets (e.g. in the event that a substantial portion of our business is acquired by a third party, customer information may form part of the assets transferred); or
- the information is passed on to our vicarious agents, external suppliers or service providers in order to carry out certain tasks on our behalf (e.g. evaluation of data, support in marketing, provision of customer services, etc.). We may also compile aggregated information about you and share such aggregated information (which does not identify any individual) with third parties for market research purposes.
We may also collect aggregated information about you and share such aggregated (but not personally identifiable) information with third parties for advertising or other purposes.
Regardless of the above, we may share your personal data within the Pipistrel Group. This may involve transferring your data outside the EU, including to the US.
Many of our external third parties are based outside the EU so their processing of your personal data will involve a transfer of data outside the EU.
Whenever we transfer your personal data out of the EU, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en. OR
- Where we use certain service providers, we may use specific contracts approved for use the EU which give personal data the same protection it has in the EU.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EU.
Security procedures to protect data
We employ a variety of security standards and procedures to prevent unauthorized access to your confidential information. Our website uses a combination of encryption technologies, digital certificates and authentication to protect your personal information. If the browser you use supports Secure Sockets Layer (SSL) technology, your information will be transmitted to us with a high level of security. We continually update and test our security technologies. We have procedures in place that limit employee access to personal information to those employees who have a business-related reason to view such information.
You can also make an important contribution to protecting against unauthorized access to your data by logging out of our website after each use.
Inapplicability of the data protection information of linked sites or third parties
Your rights regarding the information we collect
In summary, you have the following rights:
- Request access to your personal data: This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of your personal data: This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data: This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data: Where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing your personal data: This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- If you want us to establish the data’s accuracy.
- Where our use of the data is unlawful but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request transfer of your personal data: We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Right to withdraw consent: At any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you have any questions, please contact us at firstname.lastname@example.org.
If you would like to confirm that Pipistrel is processing your personal data, or to have access to the personal data that Pipistrel may hold about you, contact us at email@example.com.
You can also request information about: the purpose of the processing; the categories of personal data concerned; the source of the information (if you did not provide the data directly to Pipistrel); and how long they are stored. You can request that Pipistrel delete this data or stop processing it under certain exceptions. You can also request that Pipistrel no longer use your data for direct marketing purposes.
You can obtain appropriate access to your personal data free of charge upon request by email to firstname.lastname@example.org. If it is not possible to provide it within a reasonable time, Pipistrel will provide you with a date when the information will be available. If for any reason the transmission of the data is refused, Pipistrel will explain why this was refused. Persons residing in the EU also have the right to complain to a data protection supervisory authority (Article 77 GDPR).
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
How you can contact us if you have any questions about this privacy notice
The person responsible for the purposes of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other data protection provisions is:
Goriška cesta 50a,
5270 Ajdovščina, Slovenia
To contact us if you have any questions about this privacy notice or to lodge a complaint with Pipistrel, please contact us at: email@example.com. The company’s data protection officer is:
Goriška cesta 50a,
5270 Ajdovščina, Slovenia