Privacy & Cookies Policy

1) Controller and contact

PAFAERO is the controller for the processing described here unless stated otherwise. For questions or to exercise your rights, contact info@pafaero.com.

Residents in the EEA and UK also have the right to complain to a data protection authority. In Portugal this is the Comissão Nacional de Proteção de Dados (CNPD) at www.cnpd.pt.

2) What we collect

Information you provide

• Identification and contact - name, email, company or school, job role, nationality, billing details.
• Account and licensing - install keys, training codes, enrollment IDs, support requests.
• Course and certification data - course selections, session start and stop times, time-on-task, module completion, quiz and exam results, certificate requests, identity confirmation details where required by the issuing organization.
• Communications - emails, form submissions, support chats, feedback.

Information collected automatically

• Device and technical - IP address, device type and OS, browser or SDK info, language, time zone, app version, crash logs, VR headset and controller telemetry needed to run the app, non-precise location from IP.
• Licensing and security - device identifiers and hardware fingerprints used to prevent fraud, manage licenses, and enforce usage terms.
• Cookies and similar technologies on the website. In our apps we may use SDK identifiers that serve a similar purpose.

Information from others

• From your school or training organization when they enroll you or validate completion.
• From service providers such as analytics or payment processors where allowed.

3) Why we use your data and legal bases

We use personal data only where we have a legal basis under the GDPR.

• Provide the Services and fulfill our contract with you or your organization - account setup, app functionality, license checks, time tracking, progress saving, certificate workflows. Legal basis: Article 6(1)(b).
• Issue and verify certificates with approved training organizations, including identity checks where required. Legal basis: contract, our legitimate interests in enabling certification, and where required, legal obligations of the issuing organization.
• Customer support and safety - troubleshooting, crash diagnostics, fraud and abuse prevention, platform and license security. Legal basis: legitimate interests and sometimes legal obligation.
• Improve our products - analytics, quality metrics, feature usage at an aggregated or pseudonymous level. Legal basis: legitimate interests. For non-essential cookies on the website, we rely on consent.
• Legal compliance - tax, accounting, audit logs, and regulatory requests. Legal basis: legal obligation.
• Marketing - send product updates or newsletters. Legal basis: consent where required. For B2B direct marketing we rely on legitimate interests with an easy opt-out.

Where we rely on consent, you can withdraw it at any time in the same way you gave it or by emailing us.

4) Sharing your data

We do not sell personal data. We share it only as described below.

• Approved training organizations that issue certificates and their auditors or regulators, so they can verify your training hours, results, and identity where required to issue and maintain certificates. Shared items typically include: your name and contact, course taken, time tracked, results, certificate ID and dates, and any identity verification data requested by the issuer.
• Service providers acting on our instructions, under contracts that protect your data. Typical categories: hosting, email delivery, analytics, crash reporting, payment processing, customer support tools, license and security tooling.
• Authorities or third parties where required by law, to protect rights and safety, or with your direction.

Depending on the engagement, PAFAERO and an issuing school may act as independent or joint controllers for certification workflows. We will provide the school contact details and role at enrollment or on request.

5) International transfers

We are based in the EU but some providers may process data outside the EEA or UK. When we transfer data internationally, we use lawful safeguards like the EU Standard Contractual Clauses and apply additional measures where appropriate. You can request a copy of the relevant safeguards.

6) Retention

• Account, license and support records: while the account or license is active and for a reasonable period after closure to handle queries, disputes and legal obligations.
• Training and certification records: for the period required by the issuing organization and applicable law or standards, which can be several years to allow audits and re-issuance.
• Crash logs and diagnostics: typically a rolling period up to 12 months unless needed longer for investigations.
• Marketing data: until you unsubscribe or we prune inactive lists.

If you need exact retention periods for a specific course or issuing organization, contact us.

7) Your rights

Subject to conditions in the GDPR, you have the right to access, correct, delete, restrict or object to processing, and to data portability. You also have the right to withdraw consent where we rely on consent and to opt out of marketing at any time.

To exercise your rights, email info@pafaero.com. You also have the right to complain to your local authority. In Portugal this is the CNPD at www.cnpd.pt.

8) Cookies and similar technologies (Cookies Policy)

On our website, we use:

• Strictly necessary cookies to run the site and manage sessions and checkout. These do not require consent.
• Analytics and performance cookies to understand usage and improve the site. These require your consent in the EEA and UK.

You can refuse non-essential cookies via the Cookie settings link and change your choices at any time. In our apps we may use SDK-based analytics and crash reporting that are functionally similar to cookies. Where required, we will ask for consent or provide in-app opt-outs.

9) Security

We use technical and organizational measures to protect personal data and work to prevent unauthorized access, disclosure, alteration, or loss. No method is perfectly secure. If a data breach creates a risk to your rights, we will notify you and, where required, the regulator.

10) Children

Our Services are aimed at adult learners and professionals. If the law in your country requires parental consent for online services, do not use our Services without it. In Portugal, children under 13 generally need parental consent for online services when consent is the legal basis. If you believe a child used our Services without proper consent, contact info@pafaero.com so we can take appropriate action.

11) Automated decision-making

We do not make decisions based solely on automated processing that produce legal or similarly significant effects. Automated checks such as license validation or time-on-task thresholds are used to operate the Services and staff can review edge cases on request.

12) Changes

We will update this policy when needed. Material changes will be highlighted on this page and, where appropriate, notified by email or in-app. Your continued use of the Services after the effective date means you acknowledge the updated policy.

Contact

PAFAERO - info@pafaero.com