PRIVACY POLICY - NorthFLY Uçuş Akademisi

1. Purpose and Scope

İçindekiler

This Privacy Policy has been prepared to explain how NorthFLY Flight Academy / 19 Mayıs Havacılık A.Ş. (“NorthFLY”) collects, processes, stores, and protects personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable national legislation.

This Policy applies to all individuals whose personal data are processed by NorthFLY, including but not limited to:

website visitors,
pilot training applicants,
students and graduates,
business partners, and
suppliers.

2. Personal Data Collected

NorthFLY may process the following categories of personal data, limited to what is necessary and proportionate:

Identification data (name, surname, date of birth, nationality)
Contact data (phone number, email address, country of residence)
Education and licensing data (pilot licenses, flight hours, certificates)
Passport and visa data (for international students)
Financial data (contract amounts, payment information)
Digital data (IP address, cookies, form submission data)
Legal and administrative records

3. Purposes of Processing

Personal data are processed for the following purposes:

Conducting flight and theoretical training activities
Evaluating training applications
Establishing and performing training contracts
Fulfilling legal obligations towards aviation authorities
Managing financial, accounting, and payment processes
Operational planning and flight scheduling
Compliance with legal and regulatory requirements
Institutional communication and notifications

4. Legal Basis for Processing

Personal data are processed based on one or more of the following legal grounds under Article 6 of the GDPR:

explicit consent of the data subject,
necessity for the performance of a contract,
compliance with a legal obligation,
legitimate interests of NorthFLY, provided such interests do not override fundamental rights and freedoms.

5. Data Transfers

Personal data may be transferred, in compliance with Articles 44–49 of the GDPR, to:

civil aviation authorities and regulatory bodies,
domestic and international training, simulator, and examination centers,
legal, financial, and audit service providers,
IT service providers and hosting companies.

Such transfers are limited to what is strictly necessary and carried out with appropriate safeguards.

6. Data Retention

Personal data are retained only for:

the duration required by applicable legislation,
the period necessary to fulfill contractual obligations,
limitation periods relevant for potential legal claims.

Upon expiration of the retention period, personal data are securely deleted, destroyed, or anonymized.

7. Data Security

NorthFLY implements appropriate technical and organizational measures to ensure the security of personal data, including but not limited to:

restricted access controls,
secure digital and physical storage systems,
protection against unauthorized access, loss, or disclosure,
access limited strictly to authorized personnel.

In aviation, discipline is non-negotiable; the same principle applies to data protection.

8. Rights of Data Subjects

Under Articles 15–22 of the GDPR, data subjects have the right to:

access their personal data,
request rectification of inaccurate or incomplete data,
request erasure (“right to be forgotten”),
request restriction of processing,
object to processing,
request data portability,
withdraw consent at any time, where processing is based on consent.

Requests may be submitted in writing through NorthFLY’s official communication channels.

9. Cookies

NorthFLY’s website may use cookies to improve user experience and analyze website performance. Cookies do not collect information that directly identifies individuals unless explicitly stated.

Users may control or disable cookies through their browser settings.

10. Policy Updates

NorthFLY reserves the right to update this Privacy Policy in line with legal or operational requirements. Updated versions become effective upon publication on the official website.