EU General Data Protection Regulation

1. Data Controller

For the purposes of the GDPR, the data controller responsible for your personal data is:

As the data controller, we determine the purposes and means of processing your personal data. We have appointed a Data Protection Officer (DPO) who can be reached at privacy@airjour.com for any questions or concerns regarding our data processing practices.

2. Legal Basis for Processing

We process your personal data only when we have a lawful basis to do so under Article 6 of the GDPR. The legal bases we rely on include:

• Consent (Article 6(1)(a)): When you have given us explicit consent to process your personal data for specific purposes, such as subscribing to our newsletter or receiving marketing communications. You may withdraw your consent at any time.
• Contractual necessity (Article 6(1)(b)): When processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract, such as processing your inquiry form to provide a quotation.
• Legal obligation (Article 6(1)(c)): When processing is necessary for compliance with a legal obligation to which we are subject, such as record-keeping requirements for tax and accounting purposes.
• Legitimate interests (Article 6(1)(f)): When processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. We rely on legitimate interests for website analytics, fraud prevention, and business improvement.

For special categories of personal data (Article 9), we will only process such data with your explicit consent or where another exception under Article 9(2) applies.

3. Data Subject Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Article 15): You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data along with information about the processing activities.
• Right to rectification (Article 16): You have the right to request the correction of inaccurate personal data concerning you, and the right to have incomplete personal data completed.
• Right to erasure / "Right to be Forgotten" (Article 17): You have the right to request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when the processing is unlawful. We will comply with such requests subject to any legal obligations requiring us to retain certain data.
• Right to restriction of processing (Article 18): You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing pending verification of our legitimate grounds.
• Right to data portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and the right to transmit that data to another controller without hindrance.
• Right to object (Article 21): You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes. If you object to processing for direct marketing, we will cease such processing immediately.
• Rights regarding automated decision-making and profiling (Article 22): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. We do not currently engage in automated decision-making or profiling that has such effects.

To exercise any of these rights, please contact us at privacy@airjour.com. We will respond to your request within one month. If your request is complex or you have made multiple requests, we may extend the response period by a further two months, in which case we will inform you of the extension and the reasons for the delay.

4. Cookie Usage

Our website uses cookies and similar tracking technologies. Under the GDPR and the ePrivacy Directive, we are required to obtain your consent before placing non-essential cookies on your device. We categorize our cookies as follows:

• Strictly necessary cookies: These cookies are essential for the website to function properly and cannot be disabled. They do not require consent under the ePrivacy Directive.
• Analytics cookies: These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. We use these cookies only with your consent.
• Marketing cookies: These cookies are used to track visitors across websites and display relevant advertisements. These cookies require your explicit consent before they can be placed on your device.

When you first visit our website, you will be presented with a cookie consent banner that allows you to accept or reject non-essential cookies. You may change your cookie preferences at any time by contacting us at privacy@airjour.com. For more details, please refer to our Cookie Policy.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. Our retention periods are as follows:

• Inquiry data: Personal data collected through inquiry forms is retained for up to 2 years from the date of the last interaction, after which it is securely deleted unless required for ongoing contractual obligations.
• Marketing consent records: Records of your consent to receive marketing communications are retained for as long as the consent remains active, plus 3 years after withdrawal for evidentiary purposes.
• Website analytics data: Aggregated analytics data is retained for up to 26 months. Any personal data within analytics is anonymized as soon as technically feasible.
• Legal and compliance records: Data required for legal, tax, or regulatory compliance is retained in accordance with applicable laws, typically up to 7 years.

When the retention period expires, your personal data will be securely deleted or anonymized in accordance with our data retention policy.

6. International Data Transfers

As our company is based in China, your personal data may be transferred to and processed in countries outside the EU/EEA. We ensure that such transfers comply with the GDPR's requirements for international data transfers by implementing appropriate safeguards:

• Standard Contractual Clauses (SCCs): We use the European Commission's approved Standard Contractual Clauses with our service providers and partners outside the EU/EEA to ensure an adequate level of data protection.
• Adequacy decisions: Where available, we rely on the European Commission's adequacy decisions that recognize certain countries as providing an adequate level of data protection.
• Additional safeguards: We may implement additional technical and organizational measures such as encryption, pseudonymization, and access controls to protect your personal data during international transfers.

If you wish to learn more about the specific safeguards we use for international data transfers, please contact us at privacy@airjour.com.

7. Contact for Data Protection Inquiries

If you have any questions, concerns, or requests regarding this GDPR Notice or our data processing practices, please contact our Data Protection Officer:

You also have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or where an alleged infringement of the GDPR has taken place. The supervisory authority will handle your complaint and investigate the matter.

We take your privacy seriously and are committed to resolving any concerns you may have about our processing of your personal data. We encourage you to contact us first before approaching a supervisory authority, so that we have the opportunity to address your concerns directly.