Effective Date: August 12, 2025

Akteonaero (“we”, “us”, or “our”) is a private aviation broker operating worldwide. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains what personal information we collect, how we use and share it, and your rights under the EU General Data Protection Regulation (“GDPR”). We aim to use clear, plain language so you can easily understand our practices.

Akteonaero is the data controller for the personal data described in this policy. This means Akteonaero determines how and why your personal data is processed. If you have any questions or requests regarding your personal data, you can contact us using the information in the Contact section below.

We limit our collection to the data necessary to provide our brokerage services. The personal information we collect may include:

Identity and Contact Details: First name, last name, email address, and phone number.

Flight Details: Information about your requested flights, such as departure and destination locations, dates, times, and any specific preferences or requirements you provide.

Communications: If you contact us (for example, via email or phone), we may keep records of that correspondence and any information you choose to give us.

Website Usage Data: When you visit our website, we automatically collect basic technical information through cookies (see the Cookies and Analytics section below). This may include your IP address, browser type, and pages visited.

Note: We do not collect any payment card details through our website, and we do not ask for or handle any sensitive personal data or government-issued identification documents under this version of our services.

We use the personal data we collect for specific and legitimate purposes, including:

Flight Brokerage Services: To respond to your inquiries, provide quotes, and arrange private flight bookings according to your request (e.g. finding suitable aircraft, scheduling flights, and coordinating with flight operators).

Customer Communication: To communicate with you about your flight details, handle customer support requests, and send service updates (such as booking confirmations or changes to your itinerary).

Operational Purposes: To ensure the smooth operation of our services – for example, sharing necessary information with the flight operators or crew to facilitate your flight.

Website Functionality and Improvement: To analyze how our website is used and improve its design, content, and functionality (through analytics cookies, as described below).

Legal and Compliance: To comply with applicable laws and regulations or respond to lawful requests (for instance, keeping records for tax/audit purposes or responding to lawful orders from authorities).

We will not use your personal data for any purpose that is incompatible with the purposes listed above without first obtaining your consent or notifying you, as required by law.

Under the GDPR, we must have a valid legal basis to process your personal information. Depending on the specific context, our processing is supported by one or more of the following legal bases:

Performance of a Contract (GDPR Article 6(1)(b)): Most information we collect (name, contact, flight details) is processed to take steps at your request and provide our flight brokerage services, or to fulfill our contract with you. For example, we need your details to arrange your flight booking and communicate with you about it.

Legitimate Interests (GDPR Article 6(1)(f)): We may process certain data for our legitimate business interests, provided those are not overridden by your rights. For instance, using cookies for website analytics helps us understand and improve our services. We consider this a legitimate interest to improve our offerings. In all cases, we balance our interests against your privacy rights.

Legal Obligation (GDPR Article 6(1)(c)): In some cases, we may need to process and retain data to comply with our legal obligations. For example, we might keep certain transaction records to satisfy accounting, tax, or regulatory requirements.

If we ever rely on your consent (GDPR Article 6(1)(a)) as a legal basis (for example, if we introduce optional marketing communications or additional data collection in the future), we will specifically ask for it. You would have the right to withdraw such consent at any time. (In this current version of our services, we do not process any data based solely on consent, apart from placing non-essential cookies as described below, which you can manage via your browser settings or cookie banner preferences.)

Our website uses cookies and similar technologies to ensure it functions properly and to help us understand how users interact with it. In particular, we use Google Analytics, a web analytics service, which places cookies on your device to collect anonymous traffic data. This helps us analyze website usage and improve the user experience. Key points include:

What Cookies Collect: These cookies may collect information such as your IP address, browser type, operating system, referring URLs, pages viewed, and the dates/times of visits. This information does not directly identify you by name, but it is considered personal data under GDPR (for example, IP addresses).

How We Use Analytics Data: We use the information gathered by cookies to compile reports and statistics on website performance (e.g., total visitors, popular pages) and to troubleshoot issues. This helps us enhance our site and tailor our content to user interests.

Third-Party Access: The analytics data (including your truncated or full IP address) may be transmitted to and processed by Google on servers outside your country (Google may process data in the United States or other locations). We have configured Google Analytics to respect GDPR guidelines where possible (for example, by anonymizing IP addresses when feasible). Google acts as a data processor for us, and we have a data processing agreement in place with them.

Cookies Choices: You can control or delete cookies using your web browser settings. Most browsers allow you to refuse new cookies or delete existing ones. However, please note that blocking all cookies may affect the functionality of our website. To opt out of Google Analytics specifically, Google provides a browser add-on tool. We honor any consent requirements applicable (e.g., if you are in the EU, our site will present a cookie consent banner to manage non-essential cookies).

For more details, please see our Cookie Policy (if available) or contact us with any questions about our use of cookies. By continuing to use our site with cookies enabled, you agree to our use of cookies as described here.

We treat your personal information with care and do not sell your data to third parties. We only share data with others when necessary to deliver our services or as required by law, as detailed below:

Flight Operators and Partners: As a flight brokerage, we must share certain details with third parties involved in arranging and operating your flight. For example, we provide your name and flight itinerary to the selected private aircraft operator or carrier to secure the booking and ensure your flight is properly arranged. We share only the data that is required (typically your name and flight details, and your contact info if needed for coordination).

Service Providers: We use trusted third-party service providers to support our operations and website. For instance, we may use IT and cloud hosting providers, email service platforms to send communications, or analytics service providers (like Google Analytics, as noted). These providers may process personal data on our behalf only for the purposes described in this policy and under our instructions. We ensure any service provider we use is bound by confidentiality and data protection obligations (for example, via GDPR-compliant Data Processing Agreements).

Legal Requirements and Protection: We may disclose personal information if required to do so by law or valid legal process (such as a court order, subpoena, or government regulation), or if we believe in good faith that such disclosure is necessary to (i) comply with a legal obligation, (ii) protect and defend our rights or property, (iii) act in urgent circumstances to protect the personal safety of clients or the public, or (iv) protect against legal liability.

Business Transfers: In the unlikely event that our company undergoes a business transition such as a merger, acquisition, or sale of assets, personal data might be transferred to the new ownership or partners as part of that process. If that happens, we will ensure the new owners continue to respect your personal data rights in line with this Privacy Policy.

In all cases, we share the minimum information necessary and evaluate the third parties involved to ensure they handle your data securely and lawfully. We do not share your personal details with any unrelated third parties for their own marketing or advertising purposes without your consent.

Akteonaero operates worldwide, so your personal data may be transferred to or accessed by entities outside your country or outside the European Economic Area (EEA). For example, if you are in the EU and we work with a flight operator or service provider in another country (or use cloud servers/databases hosted internationally), your information might be processed in that other country.

Whenever we transfer personal data outside of the EEA (or your home jurisdiction), we take steps to ensure it remains protected in line with GDPR requirements:

Adequacy Decisions: In some cases, data may be sent to countries that the European Commission has recognized as providing an adequate level of data protection.

Standard Contractual Clauses (SCCs): If your data is transferred to a country without an adequacy decision (for example, to the United States for our analytics or to an aircraft operator abroad), we will use appropriate safeguards such as the European Commission’s approved Standard Contractual Clauses, which legally bind the recipient to protect your data to EU standards.

Other Safeguards: We also assess on a case-by-case basis that any transfer provides appropriate protection. This can include ensuring the recipient has robust security certifications or additional contractual and technical measures (like encryption in transit and at rest).

You can request more information about international data transfers and the safeguards we apply by contacting us (see Contact Information below). Our goal is to ensure your personal data is secure no matter where it is processed.

Under the GDPR, you have several important rights regarding your personal data. Akteonaero is committed to honoring these rights. Subject to certain legal conditions and exceptions, your rights include:

Right to Be Informed: The right to clear and transparent information about how we use your data (which this Privacy Policy is intended to provide).

Right of Access: The right to request a copy of the personal data we hold about you, as well as information on how we process it.

Right to Rectification: The right to ask us to correct or update any inaccurate or incomplete personal data. If you become aware that any of your details with us are incorrect (e.g., misspelled name, outdated contact info), please let us know and we will fix it.

Right to Erasure: The “right to be forgotten” – you can request that we delete your personal data when it is no longer needed for the purposes for which it was collected, or if you believe it is being processed unlawfully. We will honor deletion requests where possible, except where we are required to keep certain data (for example, we might need to retain some records for legal or contractual obligations).

Right to Restrict Processing: The right to ask us to limit or “pause” the processing of your data under certain circumstances – for instance, if you contest the accuracy of your data or object to our processing, we will restrict processing while we review your request.

Right to Data Portability: The right to receive your personal data that you provided to us in a structured, commonly used, and machine-readable format, and to have that data transmitted to another controller where technically feasible. (This typically applies to data processed based on consent or contract, and which you provided directly).

Right to Object: The right to object to certain processing of your personal data. For example, you can object to processing based on our legitimate interests if you feel it impacts your rights. You also have an absolute right to object to any processing for direct marketing purposes (though currently we do not process your data for third-party marketing without consent).

Rights Related to Automated Decision-Making: We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on you. If that ever changes, you would have rights related to not being subject to a decision based solely on automated processing.

To exercise any of these rights, please contact us at jets@akteonaero.com. We may need to verify your identity to process certain requests (to ensure we don’t disclose data to the wrong person). We will respond to your request as soon as possible, and in any case within the GDPR’s mandated timeframe (generally within one month). Exercising your rights is free of charge.

Additionally, if you believe we have not addressed your concerns adequately, you have the right to lodge a complaint with a data protection supervisory authority. As Akteonaero is based in Greece, our lead supervisory authority is the Hellenic Data Protection Authority. However, you may contact the supervisory authority in your EU country of residence or work, or where you believe an infringement may have occurred.

We take security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include:

Technical Security: We use encryption protocols (such as TLS/SSL) to secure data in transit on our website (you’ll see the padlock in your browser). Our servers are protected by firewalls and regularly updated to address security vulnerabilities.

Access Control: Personal data is accessible only to those employees, contractors, and partners who need to know it for the purposes described in this policy. They are subject to strict confidentiality obligations. We implement role-based access controls so that individuals only access the data necessary for their job function.

Organizational Measures: We educate our staff about privacy and data security best practices. We also have procedures in place to handle any suspected data security breach promptly and effectively, including informing you and authorities of breaches as required by law.

Data Minimization: We only collect the personal data that we need. By holding less data, we reduce the risks associated with storing large amounts of information.

Secure Storage: All personal data is stored on secure systems. We choose reputable cloud and IT service providers that comply with high security standards. Regular backups are performed to prevent data loss, and sensitive data (if any) is encrypted at rest.

While we strive to protect your information, no system can be 100% secure. However, we continuously review and enhance our security practices to safeguard your data. If you have reason to believe that your interaction with us or your data might no longer be secure (for example, if you suspect a security vulnerability or incident), please contact us immediately using the contact information below.

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, or as required by law.

For example, if you request a flight quote but do not proceed with a booking, we may retain your contact details and inquiry for a limited time in case you have follow-up questions or decide to book later, and to improve our services.

If you book a flight through us, we will keep your personal and flight information on record as needed to manage the booking and any post-flight services. After your flight is completed, we will retain relevant data for a period of time to handle any potential issues, inquiries, or legal requirements. This may include keeping basic booking records for a number of years to comply with accounting, taxation, or audit obligations, or for legal record-keeping (for instance, Greek or international regulations might mandate retaining certain business records for X years – we will adhere to such requirements).

Website analytics data collected via cookies is typically aggregated and anonymized over time. Raw analytics data is either deleted or anonymized within a reasonable period (Google Analytics data retention settings are configured to automatically delete user-level data after a set time, e.g., 14 months, unless we need to retain it longer).

When personal data is no longer needed for the purposes for which it was collected, or no longer required by law, we either securely delete it or anonymize it (so it can no longer be associated with you). For instance, electronic records are purged from our databases and any paper records are securely shredded. We also periodically review the data we hold and erase or anonymize data that is no longer necessary.

If you have specific questions about our data retention periods for different types of data, you can contact us for more detailed information.

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please feel free to contact us:

Email: jets@akteonaero.com

Phone (Emergency Contacts): +30 210 440 2727 (Greece) or +41 (0)76 545 8471 (International)

We will be happy to assist you. For requests to exercise your GDPR rights (access, deletion, etc.), you can email us and we will guide you through the process. We typically respond within a few business days and at most within one month as required by law.

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we make changes, we will update the “Effective Date” at the top of this policy.

If the changes are significant, we will provide a more prominent notice (such as by email notification or a notice on our website) to inform you. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our services or website after any update to this policy will constitute your acknowledgment of the changes and your agreement to the updated policy.