PRIVACY POLICY

WHO ARE WE AND HOW YOU CAN CONTACT US

Contact details of the Data Controller: AEROSPACE SOLUTIONS GROUP, 23, Rue Jean Jaures, L-1836, Luxembourg, Luxembourg (hereinafter “We”, “Ours”, “Company”).

This Privacy Policy (hereinafter referred to as the “Privacy Policy“) sets out the basic rules for the collection, processing and storage of your personal data and other information related to you, the scope, purposes, sources, recipients of your personal data and your rights as a personal data subject and other important aspects of your use of the Company’s services. This information is important, so we hope you will read it carefully.

As used in this Privacy Policy, the term “personal data” (the “Personal Data — ��) means any information about you relating to you as a natural person, a data subject whose identity is known or can be directly or indirectly identified through the use of certain data (e.g. name, surname, personal identification number, address, telephone number, etc.).

In processing the personal data, we responsibly comply to the regulation No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR — ��), and other directly applicable legal acts regulating the protection of personal data, as well as instructions from competent authorities.

If you have any questions regarding this Privacy Policy or requests regarding the processing of your personal data, please contact us by email: [email protected]

By visiting the Company’s websites and / or using the information contained therein and / or our services, you acknowledge and confirm that you have read and understood this Privacy Policy.

TO WHOM THE PRIVACY POLICY APPLIES

This Privacy Policy applies to our website https://aerosg.aero/ (regardless of which device you are using) and any service provided by the Company or other activities of the Company where personal data is being process.

This Privacy Policy does not apply to links to other entities websites provided on our websites; therefore, we recommend that you read the personal data processing rules applied on such websites.

WHAT PRINCIPLES DO WE COMPLY TO?

When processing your personal data, we:

comply with current and applicable legislation, including the GDPR;
we will process your personal data in a lawful, fair and transparent manner;
we will collect your personal data for specified, clearly defined and legitimate purposes and will not continue to process it in a way incompatible with those purposes, except to the extent permitted by law;
take all reasonable steps to ensure that personal data which are inaccurate or incomplete, having regard to the purposes for which they are processed, are rectified, supplemented, suspended or destroyed without delay;
we will keep them in such a form that your identity can be established for no longer than is necessary for the purposes for which the personal data are processed;
we will not disclose or disclose personal data to third parties except as provided in the Privacy Policy or applicable law;
ensure that your personal data is processed in such a way as to ensure the appropriate security of personal data through appropriate technical or organizational measures, including protection against unauthorized or unlawful processing of personal data and against unintentional loss, destruction or damage.

WHAT PERSONAL DATA, FOR WHAT PURPOSE AND BASIS DO WE PROCESS

The purpose of the processing of personal data. Why we process personal data?	The categories of processed personal data. What kind of categories of personal data we process?	On what legal basis do we process personal data?	The period of processing
Administration of our website	When you visit our website, data about your browsing on the Website is collected using cookies. We use necessary / technical cookies to ensure the proper functioning of the Website and / or other third-party cookies to improve your browsing experience (i.e., to consider your needs, to continuously improve the website and to make offers that suit your interests).	Data using cookies and similar technologies related to Internet browsing, etc. are collected (processed) in accordance with Article 6 Part 1. a) of the GDPR, i.e., with your consent (except for necessary cookies).	You can find more information about cookies and their storage terms on our website Cookie Settings
Responding to your general enquiries or requests of information	Our website or other public business channels provide com contacts where you can contact us to consult us on issues that concern you. We will accept, review, and respond to all your messages. If you contact us by e-mail we may process the following personal data of yours: name, surname, e-mail, postal address, and the text of the correspondence and / or attached documents. This data will be processed for the administration of your enquiry. Please note that we may need to contact you to provide with a reply to your enquiry so be sure to share accurate contact data of yours.	All personal data you provide when communicating with us is used only for the purposes of reviewing, and responding messages, administering (managing) communication flows and providing you with a response. We will process the said personal data in accordance with Article 6 Part 1. a) of the GDPR, i.e., with your consent, which you express by contacting us by e-mail, mail, or phone.	Communication with you will be handled until the enquiry is fully processed and stored for one year from the date of the last communication with you unless there is another legitimate purpose for storing it longer (e. g. business contract with you has been concluded and communication material can be considered as the proof of negotiation).

The purpose of the processing of personal data. Why we process personal data?

The categories of processed personal data. What kind of categories of personal data we process?

On what legal basis do we process personal data?

The period of processing

Administration of our website

When you visit our website, data about your browsing on the Website is collected using cookies. We use necessary / technical cookies to ensure the proper functioning of the Website and / or other third-party cookies to improve your browsing experience (i.e., to consider your needs, to continuously improve the website and to make offers that suit your interests).

Data using cookies and similar technologies related to Internet browsing, etc. are collected (processed) in accordance with Article 6 Part 1. a) of the GDPR, i.e., with your consent (except for necessary cookies).

You can find more information about cookies and their storage terms on our website

Cookie Settings

Responding to your general enquiries or requests of information

Our website or other public business channels provide com contacts where you can contact us to consult us on issues that concern you. We will accept, review, and respond to all your messages. If you contact us by e-mail we may process the following personal data of yours: name, surname, e-mail, postal address, and the text of the correspondence and / or attached documents. This data will be processed for the administration of your enquiry. Please note that we may need to contact you to provide with a reply to your enquiry so be sure to share accurate contact data of yours.

All personal data you provide when communicating with us is used only for the purposes of reviewing, and responding messages, administering (managing) communication flows and providing you with a response. We will process the said personal data in accordance with Article 6 Part 1. a) of the GDPR, i.e., with your consent, which you express by contacting us by e-mail, mail, or phone.

Communication with you will be handled until the enquiry is fully processed and stored for one year from the date of the last communication with you unless there is another legitimate purpose for storing it longer (e. g. business contract with you has been concluded and communication material can be considered as the proof of negotiation).

Please be additionally advised that if you do not provide personal data, the provision of which to the Company is necessary to ensure compliance with the requirements of legal acts and / or the conclusion and / or performance of the contract, we will not be able to provide you with services or conclude another transaction.

Be informed as well that we will retain your personal data for as long as necessary to achieve and fulfil the purposes following the terms set out in this Privacy Policy, unless longer storage of personal data and related documents is required by applicable laws and regulations or is required for the defense of the Company’s legitimate interests in judicial, other public institutions etc. We ensure and take all necessary measures to avoid storing outdated or unnecessary personal data about you.

HOW DO WE PROTECT YOUR DATA?

We responsibly implement appropriate organisational and technical personal data security measures intended for the protection of personal data against accidental or unlawful destruction, alteration and disclosure as well as against any other unlawful processing. The security measures we implement include the protection of personnel, information, IT infrastructure, internal and public networks as well as office buildings and technical equipment.

In the event of personal data breach of security that could seriously jeopardise your rights or freedoms and determine the circumstances with which unauthorised access to personal data has been obtained, we will immediately inform you about it.

TO WHOM IS YOUR DATA ARE DISCLOSED

We may share some of your personal data with the following categories of third parties:

representatives acting on our behalf with respect to the promotion of our services in particular territories;
companies providing data centers, hosting, cloud, site administration and related services, software developers, providing, maintaining and developing companies, companies providing information technology infrastructure services, companies providing communication services;
credit and debit card companies used to facilitate payment transactions related to the provision of our services, banks and other credit and/or payment companies;
our professional advisors, auditors, lawyers and/or financial advisers;
our other service providers (data processors) or our subcontractors (for example, recruiters, lectors, etc.).
notaries, if the contract concluded with you requires a notarial form;
judicial officers, entities providing legal s and/or debt recoveries services, subrogator of claim right;
companies providing advertising and marketing services;
companies providing archiving, physical and / or electronic security, asset management and/or other business services;
in accordance with the laws to state institutions, establishments, etc.;
law enforcement authorities at their request or on our own initiative if there is a suspicion that a criminal offense has been committed, as well as courts and other dispute resolution bodies; tax administrators
in the event of a company restructuring, transfer / acquisition and / or business transfer / acquisition, to a third party acquiring the business and processing personal data for the same purposes as specified in this Privacy Policy and/or doing the due diligence by our and/or their legal and/or financial advisors, etc.

DATA TRANSFER OUTSIDE THE EUROPEAN ECONOMIC AREA

As a general rule, your personal data will be processed in the countries of the European Economic Area (hereinafter – EEA). However, in certain cases, your personal data may be transferred to non-EEA countries. Please note that in non-EEA states, personal data may be subject to less protection than within the EEA, but we carefully evaluate the conditions under which such data will be processed and stored after being transferred to the above-mentioned entities.

Please note that if the European Commission has determined that the third country, territory or one or more specified sectors in that third country or international organization concerned provides an adequate level of personal data protection, the transfer must take place in the same manner as in the EEA. Please be informed that you can have access to the information as to the states in respect of which the decision of the European Commission has been taken, here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.

In other cases, we take all necessary measures to ensure that your personal data is transferred to the recipient safely processing the data. The tools we use: a contract with a non-European recipient of personal data includes specific clauses for the secure processing of the data. In certain cases, we ask for your consent to transfer your data outside the EEA.

DO WE APPLY AUTOMATED DECISION-MAKING OR PROFILING?

We do not normally use automated decision-making under Article 22 of the GDPR to initiate and execute contractual relationships. Should we apply this procedure in individual cases, we will inform you separately, if required by law.

We process your personal data in a partially automated way in order to assess certain personal aspects (hereinafter – Profiling). We use profiling, for example, when we are required by law to prevent money laundering or manage financial risk.

RIGHTS GUARANTEED TO YOU

We guarantee the implementation of these rights and the provision of any related information at your request or in case of your query:

know (be informed) about the processing of your personal data;
to get access to your personal data which are processed by the Data Controller;
request correction or addition, adjustment of your inaccurate, incomplete personal data;
require the destruction of personal data when they are no longer necessary for the purposes for which they were collected;
request the destruction of personal data if they are processed illegally or when you withdraw your consent to the processing of personal data or do not give such consent, when is necessary;
disagree with the processing of personal data or withdraw the previously agreed consent;
request to provide, if technically possible, the provision of your personal data in an easily readable format according to your consent or for the purpose of performing the contract, or request the transfer of data to another data controller.

In order to exercise your rights, please send us the request by e-mail [email protected] .

Upon receipt of your request, we may ask you to provide proof of your identity or other identifying information to ensure that we are exercising your rights as a data subject and to prevent unauthorized disclosure of personal data or information to others who are not entitled to it. If we are unable to identify you, we will not be able to exercise your rights as a data subject.

We provide information about the processing of your personal data free of charge. If your request is unfounded, repetitive or disproportionate, we may charge a fee commensurate with our administrative costs.

Upon receipt of your request, we will respond to you within 30 calendar days of receipt of your claim and the due date for submission of all documents necessary to prepare the answer.

In exceptional circumstances, which may require us to have additional time, the deadline for replying may be extended for a further two months, depending on the complexity of the situation. In this case, it is mandatory to inform the Data Subject in writing about such extension within 1 (one) month from the receipt of the request and indicate the reasons for the delay. If we think we need to, we will stop processing your personal data, except for storage, until your application is resolved. If you have legally waived your consent, we will immediately terminate the processing of your personal data and within no more than 30 calendar days, except in the cases provided for in this Privacy Policy and in the cases provided for by law when further processing of your personal data is binding on us by the legislation in force, the legal obligations we are facing, court judgements or binding instructions from the authorities. The response will be provided in the same way as your request was received.

By refusing to comply with your requirement, we will clearly indicate the grounds for such refusal.

If you disagree with our actions or the response to your request, you can complain to the competent state authority (the list of supervisory authorities by each EU countries: https://edpb.europa.eu/about-edpb/board/members_en). In all cases, we recommend that you contact us before making a formal complaint so that we can find the right solution.

WHAT HAPPENS IF OUR BUSINESS CHANGES HANDS?

We may, from time to time, expand or reduce the scope of our business operations and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this notice, be permitted to use that data only for the same purposes for which it was originally collected by us.

LINKS TO OTHER WEBSITES

Our website may contain links to other websites, which are not operated by us. We have no control over how your data is collected, stored, or used by such other websites and we advise you to check the privacy policies of any such websites before providing any data to them.

CHANGES TO OUR PRIVACY POLICY

We reserve a right to change this Privacy Policy unilaterally from time to time (for example, if the law changes). Any changes will be immediately posted on our websites. We recommend that you check this page regularly to keep up-to-date.

This Privacy Policy applies from the date it is posted on the Websites. Last review of the Privacy Policy: 01.04.2026.