Privacy policy

1. Data Controller

The controller responsible for processing your personal data in accordance with:

  • Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR)
  • Directive 2002/58/EC (ePrivacy Directive)
  • Charter of Fundamental Rights of the European Union, Articles 7–8

is:

Voigt Services, s.r.o.
Strojnícka 92, 821 05 Bratislava, Slovakia
Company ID (IČO): 55 642 071
VAT ID: 2122046388
Registered with the Commercial Register of the Bratislava II District Court
Email: info@cloudadventures.us
Tel: +421 902 615 880
Statutory representative: Kristián Voigt

2. Categories of Personal Data We Process

We process the following personal data as defined in GDPR Art. 4(1):

a) Identification & Contact Data

  • Name, surname
  • Email address
  • Phone number

b) Booking & Operational Data

  • Flight type, route, date, time
  • Passenger weight (only when required for aircraft weight & balance per EASA rules)
  • Voucher codes and order IDs
  • Communication related to the booking

c) Payment & Transaction Data

Processed via our payment partners:

  • Stripe Technology Europe, Limited (Ireland)
  • f-poho, if you choose to pay using an employer-benefit or voucher system

We do not store full card numbers or sensitive payment credentials.

d) Technical Website Data

(Under ePrivacy Directive Art. 5(3) & GDPR Art. 6(1)(a)/6(1)(f))

  • IP address
  • Browser/device type
  • Cookie data
  • Security logs

e) Complaints & Customer Service Data

  • Emails, support messages, claims, and related communication

We do not process special category data (GDPR Art. 9).

3. Purposes and Legal Bases

Processing is lawful only when one of the grounds under GDPR Art. 6(1) applies.

a) Contract Performance — GDPR Art. 6(1)(b)

Necessary to:

  • register and manage bookings
  • issue vouchers
  • process payments via Stripe or f-poho
  • coordinate flight operations
  • deliver services

b) Legal Obligations — GDPR Art. 6(1)(c)

Required for:

  • accounting & invoicing obligations (EU VAT Directive 2006/112/EC; national tax rules)
  • aviation record-keeping (EASA Basic Regulation (EU) 2018/1139; Part-NCO)
  • responding to requests from competent authorities

c) Legitimate Interests — GDPR Art. 6(1)(f)

For:

  • ensuring aviation safety (weight & balance calculations)
  • preventing fraud and abuse (Recital 47)
  • securing our website and platform
  • defending legal claims (Art. 17(3)(e))
  • improving services and user experience

d) Marketing With Consent — GDPR Art. 6(1)(a)

If you provide consent, we may send:

  • newsletters
  • promotional flight offers
  • gift-voucher opportunities

Consent can be withdrawn at any time (Art. 7(3)).

4. Recipients of Personal Data

In accordance with GDPR Art. 13(1)(e), personal data may be shared only when necessary:

a) Flight Operators & Pilots

  • Receive only essential operational data for performing the flight safely.

b) Payment Service Providers

  • Stripe Technology Europe, Limited (Ireland) — online payments & card processing
  • f-poho — employer-benefit or voucher payment processing, if chosen

Both act as processors under GDPR Art. 28.

c) IT & Hosting Providers

Used for secure website hosting, email, databases, and booking systems.

d) Public Authorities

When legally required (aviation oversight, tax audits, law enforcement ect.)

No international transfers outside the EU/EEA occur unless an adequate protection level is ensured (GDPR Chapter V).

5. Data Retention (GDPR Art. 5(1)(e))

We store your data only as long as necessary:

  • Booking & contract data: 10 years
    (mandatory under national tax/accounting law implementing EU directives)
  • Aviation data: 5 years
    (EASA safety record-keeping obligations)
  • Complaints: 3 years
  • Marketing data: until consent is withdrawn (GDPR Art. 7(3))
  • Technical logs: 6–24 months, depending on security requirements

After expiry, data is deleted or anonymised (Art. 17).

6. Data Security

We implement security measures as required by:

  • Art. 24 — controller responsibility
  • Art. 25 — data protection by design & by default
  • Art. 32 — security of processing

Measures include:

  • encryption of data and connections
  • restricted-access systems
  • secure EU hosting
  • processor contracts (Art. 28)
  • regular backups and monitoring

7. Your Rights (GDPR Chapter III)

You have the following rights:

  • Art. 15 — access
  • Art. 16 — rectification
  • Art. 17 — erasure
  • Art. 18 — restriction
  • Art. 20 — portability
  • Art. 21 — objection (including marketing)
  • Art. 7(3) — withdrawal of consent
  • Art. 22 — rights regarding automated decision-making

To exercise these rights, contact us at:
E-Mail: info@cloudadventures.us
Mobile: +421 902 615 880
Mail: Voigt Services, s.r.o., Strojnícka 92, 821 05 Bratislava

Requests may require identity verification for security purposes.

8. Supervisory Authority

Under GDPR Art. 77, you may lodge a complaint with:

Office for Personal Data Protection of the Slovak Republic
Hraničná 12, 820 07 Bratislava
Website: https://dataprotection.gov.sk

9. Updates

We may update this Privacy Notice as required by GDPR Art. 12(1) & 13(3).
The current version is always available at:
https://cloudadventures.us/policies/privacy-policy