Privacy Policy

1. Who is the Controller of Personal Data

The controller of personal data is:

Mavisys, s.r.o.

Loosova 355/12, Lesná, 638 00 Brno, Czech Republic

Company ID: 25583778

VAT ID: CZ25583778

Contact e-mail for personal data protection matters: info@aeroprague.com

Contact telephone: +420 775 585 995

The Controller determines the purposes and means of processing personal data in connection with the operation of the website, receiving orders, booking flight dates, providing services, communicating with customers, handling complaints and fulfilling legal obligations.

2. What Personal Data We Process

We process only personal data that is necessary for the specific purposes described in this Privacy Policy.

This may include, in particular, the following data:

2.1. Identification and Contact Details

• first and last name,
• e-mail address,
• telephone number,
• billing address,
• company name, Company ID and VAT ID, if the customer orders the service as an entrepreneur or legal entity.

2.2. Order and Reservation Details

• ordered service,
• date and time of the reserved flight,
• number of participants,
• place of departure,
• price of the service,
• order and payment status,
• order or reservation number,
• content of communication related to the order,
• issued reservation confirmation, voucher or other document.

2.3. Payment Details

• information on whether the payment was made,
• payment amount and currency,
• date and time of payment,
• transaction identification,
• data necessary for issuing a tax document, where applicable.

Payment card details are processed by the payment gateway. We do not normally store the full payment card number, CVC/CVV code or other data enabling a direct card payment to be made.

2.4. Data Important for the Safe Provision of the Flight

In connection with flight safety, we may process, in particular:

• age of the flight participant,
• weight of the flight participant,
• information on whether the participant meets the age and weight limits,
• information about health restrictions, pregnancy, reduced mobility or other circumstances communicated to us by the participant or customer that may affect safety or the ability to complete the flight.

We process this data only to the extent necessary to assess whether the service can be provided safely.

2.5. Communication Data

• e-mail communication,
• telephone communication in the form of notes or records concerning the handling of a request,
• messages sent via the contact form,
• data necessary to handle an enquiry, reservation change, complaint or other request.

2.6. Technical Data from the Website

When visiting the website, we may process, in particular:

• IP address,
• device type,
• browser type,
• operating system,
• data about the website visit,
• cookies and similar technologies,
• data about behaviour on the website, if the visitor has given consent to this.

3. Why We Process Personal Data and on What Legal Basis

We process personal data only when we have a legal basis for doing so under applicable law.

3.1. Processing Orders, Reservations and Providing the Service

We process personal data so that we can:

• accept an order,
• confirm a reservation,
• accept payment,
• issue a reservation confirmation or voucher,
• communicate with the customer,
• secure the selected flight date,
• provide the ordered service,
• handle reservation changes or cancellations,
• handle complaints.

Legal basis: performance of a contract or taking steps prior to entering into a contract.

3.2. Flight Safety and Assessment of Participant Eligibility

We process age, weight and any health-related or other safety-relevant information in order to verify whether the participant meets the conditions for safely completing the flight.

Legal basis: performance of a contract, the Controller's legitimate interest in providing the service safely, and compliance with legal obligations related to the safety of aviation operations.

If a participant voluntarily provides us with health-related information, we process it only to the extent necessary to assess flight safety. This data is not used for marketing or any other unrelated purposes.

3.3. Accounting, Taxes and Legal Obligations

We also process personal data so that we can:

• issue and retain accounting and tax documents,
• comply with accounting and tax obligations,
• comply with other legal obligations.

Legal basis: compliance with a legal obligation.

3.4. Protection of Legal Claims

We may also process personal data for the purpose of:

• proving the conclusion and content of a contract,
• proving that we have fulfilled our obligations,
• handling complaints,
• resolving disputes,
• recovering receivables,
• protecting the rights of the Controller, customers, flight participants or third parties.

Legal basis: the Controller's legitimate interest.

3.5. Customer Communication

We process personal data for the purpose of responding to enquiries, providing reservation information, sending organisational instructions and handling customer requests.

Legal basis: performance of a contract, taking steps prior to entering into a contract, or the Controller's legitimate interest in communicating with customers.

3.6. Sending Commercial Communications

If the customer gives us consent, we may send them news, offers and marketing communications.

In some cases, we may also send commercial communications to our customers on the basis of legitimate interest, provided that they relate to similar services and the customer has the option to easily unsubscribe.

Legal basis: consent or legitimate interest, depending on the specific situation.

The recipient may unsubscribe from commercial communications at any time via the link in the e-mail or by contacting the Controller.

3.7. Cookies, Analytics and Marketing on the Website

We use technical cookies to ensure the proper functioning of the website and the reservation process.

We use analytical, marketing or other non-technical cookies only on the basis of the website visitor's consent, where such consent is required by law.

Legal basis: legitimate interest for necessary technical cookies; consent for analytical and marketing cookies, unless they are necessary for the functioning of the website.

4. To Whom We Disclose Personal Data

We may disclose personal data, only to the extent necessary, to persons and entities that help us ensure the operation of the website, orders, payments, communication and the provision of services.

This may include, in particular:

• web hosting and technical infrastructure providers,
• reservation system providers,
• payment gateway providers,
• e-mail and communication service providers,
• accounting, tax and legal service providers,
• persons involved in ensuring the flight, especially pilots, instructors or operational staff,
• analytics and marketing tool providers, if used,
• public authorities, where required by law.

We always disclose personal data only to the extent necessary for the relevant purpose.

5. Personal Data Processors

Some personal data may be processed on our behalf by external suppliers acting as personal data processors. We have or will have appropriate data processing agreements with these processors where required by law.

Typical processors may include, in particular:

• web hosting provider,
• reservation system provider,
• e-mail tool provider,
• analytics tool provider,
• accounting system provider,
• customer support or CRM system provider.

A specific list of the main processors may be provided upon request, unless prevented by security or contractual reasons.

6. Transfer of Personal Data Outside the European Union

We primarily process personal data within the European Union or the European Economic Area.

If personal data is transferred to a country outside the European Union or the European Economic Area, we will ensure that such transfer takes place only in compliance with the conditions laid down by law, in particular on the basis of an adequacy decision, standard contractual clauses or another appropriate mechanism under the GDPR.

Transfers outside the EU/EEA may occur in particular when using certain cloud, analytics, marketing or communication services.

7. How Long We Keep Personal Data

We retain personal data only for as long as necessary for the purposes for which it was obtained.

7.1. Order and Reservation Data

Data related to an order, reservation and provision of the service is retained for the duration of the contractual relationship and subsequently for the period necessary to protect legal claims, usually for the duration of the applicable limitation periods.

7.2. Accounting and Tax Documents

Data contained in accounting and tax documents is retained for the period required by law.

7.3. Data Important for Flight Safety

Data concerning age, weight and any safety-relevant circumstances is retained only for the period necessary to provide the service, handle a possible complaint, safety incident or legal claim.

7.4. Customer Communication

Communication is retained for the period necessary to handle an enquiry, order, complaint or other request and subsequently for the period necessary to protect legal claims.

7.5. Marketing

Data used for sending commercial communications is processed until consent is withdrawn or the recipient unsubscribes. If the legal basis is legitimate interest, the data is processed until an objection is raised or the recipient unsubscribes.

7.6. Cookies

The storage period of individual cookies varies depending on their type and settings. Details are provided in the cookie banner or in separate cookie information on the website.

8. Cookies

The website fly.aeroprague.com may use cookies and similar technologies.

Cookies are small text files stored on the website visitor's device. They help ensure the functioning of the website, remember settings, measure traffic or display relevant content and advertising.

8.1. Technical Cookies

Technical cookies are necessary for the functioning of the website, security, ordering process, payment process or saving user settings.

We may use these cookies without the visitor's consent because they are necessary for the website to function.

8.2. Analytical Cookies

Analytical cookies help us understand how visitors use the website, which pages they visit and where problems may occur.

If analytical cookies are not necessary and cannot be operated in a mode that does not require consent, we use them only on the basis of the visitor's consent.

8.3. Marketing Cookies

Marketing cookies may be used to measure advertising performance, create audiences, perform remarketing or display more relevant advertising.

We use these cookies only on the basis of the visitor's consent.

8.4. Cookie Settings

The visitor may change their cookie settings through the cookie banner or cookie settings on the website.

Consent to the use of non-technical cookies may be withdrawn or changed at any time.

9. What Rights You Have

In connection with the processing of personal data, you have, in particular, the following rights:

9.1. Right of Access

You have the right to know whether we process your personal data and, if so, you have the right to access it and obtain further information about its processing.

9.2. Right to Rectification

You have the right to request the correction of inaccurate or incomplete personal data.

9.3. Right to Erasure

You have the right to request the erasure of personal data if the conditions laid down by law are met.

9.4. Right to Restriction of Processing

You have the right to request the restriction of processing of personal data in cases provided for by law.

9.5. Right to Data Portability

You have the right to obtain the personal data you have provided to us and which we process automatically on the basis of consent or a contract, in a structured, commonly used and machine-readable format.

9.6. Right to Object

You have the right to object to the processing of personal data if the legal basis is the Controller's legitimate interest.

You also have the right to object at any time to the processing of personal data for direct marketing purposes.

9.7. Right to Withdraw Consent

If we process personal data on the basis of consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.

9.8. Right to Lodge a Complaint

If you believe that we are processing personal data in violation of the law, you have the right to lodge a complaint with the supervisory authority:

Office for Personal Data Protection

Pplk. Sochora 27

170 00 Prague 7

Czech Republic

Website: https://www.uoou.gov.cz

10. How to Exercise Your Rights

You may exercise your rights via the contact e-mail:

info@aeroprague.com

When handling a request, we may require verification of the applicant's identity if necessary to protect personal data.

We respond to requests without undue delay, usually no later than one month from receipt of the request. In justified cases, this period may be extended in accordance with legal regulations.

11. Security of Personal Data

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or destruction.

We use, in particular, access rights, secure communication, contractual obligations with suppliers, organisational rules and other measures appropriate to the nature of the processed data and the risks involved.

12. Automated Decision-Making and Profiling

When processing personal data, we do not carry out automated individual decision-making that would have legal effects concerning the data subject or similarly significantly affect them.

If we use marketing or analytical tools, basic profiling may occur for the purpose of measuring website traffic, evaluating advertising or displaying more relevant content, but only to the extent permitted by law and the cookie consent settings.

13. Changes to This Privacy Policy

We may update this Privacy Policy, especially if there are changes to legal regulations, technologies used, suppliers, the method of ordering services or the scope of personal data processing.

The current version of the Privacy Policy will always be available on the web interface.

This Privacy Policy enters into force and effect on 29 May 2026.