Home | Personal Data Notice

Personal Data Notice

1. Introduction

The purpose of this notice is to inform users of the CEFA Aviation website about how their personal data are collected, used, protected, and about their rights, in accordance with the EU General Data Protection Regulation (GDPR – Regulation (EU) 2016/679) and with the information protection requirements of the ISO/IEC 27001 standard.

CEFA Aviation places particular importance on the confidentiality, integrity, and availability of personal data processed in the course of its activities.

2. Data Controller

The data controller is:

CEFA Aviation SAS
Registered Office: 45 rue de la FECHT – 68000 COLMAR – FRANCE
Contact email: dpo@cefa-aviation.com
Téléphone : +33 389 294 250

3. Personal Data Collected

When using the website, CEFA Aviation may collect the following categories of personal data:

  • Identification data: first name, last name
  • Contact data: email address, phone number, company
  • Professional data: job title, organization
  • Browsing data: IP address, browser type, pages visited, dates and times of access
  • Data voluntarily provided via forms (contact, event registration, information requests)

No sensitive personal data within the meaning of the GDPR are collected through the website.

4. Purposes of Processing

Personal data are collected and processed for the following purposes:

  • Responding to requests submitted via contact forms
  • Managing commercial and pre-contractual relationships
  • Providing information about CEFA Aviation products, services, and events
  • Improving the operation and security of the website
  • Producing anonymized traffic statistics
  • Complying with legal and regulatory obligations
5. Legal Bases for Processing

Processing activities are based on the following legal grounds:

  • User consent (forms, non-essential cookies)
  • Legitimate interest of CEFA Aviation (website security, continuous improvement)
  • Performance of pre-contractual or contractual measures
  • Legal obligations
6. Data Recipients

Personal data are intended exclusively for:

  • Authorized internal staff of CEFA Aviation
  • Technical service providers acting as data processors (hosting, maintenance, analytics tools), subject to contractual obligations of confidentiality and security

Data are neither sold nor transferred to third parties for commercial purposes.

7. Transfers Outside the European Union

Where service providers located outside the European Union are used, CEFA Aviation ensures that appropriate safeguards are implemented (such as Standard Contractual Clauses of the European Commission and reinforced technical and organizational measures).

8. Data Retention Periods

Personal data are kept only for as long as necessary for the purposes pursued:

  • Contact data: up to 3 years after the last interaction
  • Contract-related data: duration of the contract plus applicable statutory retention periods
  • Browsing data: in accordance with applicable regulations (maximum 13 months for cookies)

Beyond these periods, data are deleted or anonymized.

9. Data Security

CEFA Aviation implements appropriate technical and organizational measures to ensure a level of security consistent with GDPR requirements and the ISO/IEC 27001 standard, including in particular:

  • Access controls and authorization management
  • Secure hosting environments
  • Encryption of communications where applicable
  • Logging and monitoring of access
  • Staff awareness and training on data protection
10. Rights of Data Subjects

In accordance with the GDPR, you have the following rights:

  • Right of access to your data
  • Right to rectification
  • Right to erasure (right to be forgotten)
  • Right to restriction of processing
  • Right to object to processing
  • Right to data portability
  • Right to withdraw your consent at any time

These rights may be exercised by contacting: dpo@cefa-aviation.com

You will receive a response within a maximum period of one month.

11. Complaint to the Supervisory Authority

If, after contacting us, you believe that your rights are not being respected, you may lodge a complaint with the competent supervisory authority:
CNIL – Commission Nationale de l’Informatique et des Libertés
www.cnil.fr

12. Updates to This Notice

This notice may be updated at any time to reflect legal, regulatory, or organizational changes. The applicable version is the one published on the website at the time of consultation.
Last update: Jan 15, 2026

13. Cookies Policy (Summary)

When browsing the website, cookies may be placed on the user’s device.

13.1 Types of Cookies Used
  • Strictly necessary cookies for the operation of the website (exempt from consent)
  • Audience measurement cookies (anonymized or pseudonymized statistics)
  • Functional cookies (user preferences, language)
  • No advertising or profiling cookies are used without explicit consent.
13.2 Consent Management

Users may accept, refuse, or configure non-essential cookies via the consent banner displayed during their first visit, and at any time thereafter.

13.3 Cookie Retention Period

Cookies are not retained for more than 13 months, in accordance with CNIL recommendations.

14. ISO/IEC 27001 Alignment – Personal Data Protection

Personal data management is part of CEFA Aviation’s Information Security Management System (ISMS), which notably covers:

  • Risk assessment including personal data
  • Information classification
  • Access and authorization management
  • Security incident management
  • Selection and monitoring of service providers
  • Continuous improvement
15. Form Notice

Information collected via this form is processed by CEFA Aviation in order to respond to your request. You have the right to access, rectify, and delete your data. For more information, please consult our Personal Data Notice.