Dronerequest Privacy Policy

Updated 2023-09-30

1. Background

1.1 Naviation AB provides software for the Aviation sector, mainly to Air Navigation Services Providers. The purpose of the DRONEREQUEST Apps ("Services") is to facilitate and increase flight safety in the interaction between drone operators, air traffic control units, pilots of manned aircraft and other entities affected by drone (UAS) operations.

1.2 In order to do so, we collect certain data and information from and about You, and Your use of the Services. Naviation AB is the Data Controller for the information you provide to Us, and We will use it - and allow other users to use it as outlined below - in order to deliver the functionality offered by the Services.

1.3 Your privacy is important to us. This policy outlines what information We collect, how We use it and in what ways it is shared. We respect Your privacy and will only use personal data as outlined here.

1.4 Please ensure that You understand this policy prior to using our Services. When you use our Services, you are deemed to have accepted Our Privacy Policy. If You do not accept and agree with this Privacy Policy, You must stop using Our Services immediately.

1.5 When this Policy is updated, you will be notified in Our Services to make You aware of the change. In case you no longer accept the policy, You will have the option to cease from using our Services.

2. Definitions

2.1 We/Us/Our means Naviation AB, registered in Sweden under organization number 556918-4327

2.2 Personal data means data that you give to Us via Our Services, data that relates to a person who can be directly or indirectly identified from that data (see EU Regulation 2016/679 – the General Data Protection Regulation, “GDPR”).

2.3 Sites means websites and services (including APIs) that are accessible over the public internet.

2.4 Apps means all software published under the DRONEREQUEST brand, including several web applications and native applications for various mobile platforms.

2.5 Services means the Apps, websites and any other platforms or services that might be added to the “DRONEREQUEST” brand.

2.6 Account means an account required to use our Services

2.7 Controlled airspace means such airspace in which permission from an Air Traffic Control unit is required before flying any aircraft.

3. Your rights

3.1 According to the General Data Protection Regulation (GDPR) You as the data subject have the following rights:

To be informed about Our collection and use of personal data
To access the personal data which We hold concerning You
To have any incorrect or incomplete data about You corrected or amended
To have data concerning You deleted (when it is no longer needed for the services you have requested)
To deny Us from processing Your personal data (if this be your request, You must not use Our Services)
To obtain a copy of your personal data (i.e. for transfer to another service)
To protest Our using your personal data for certain purposes
To not be subject to a decision based solely on automated processing (including profiling)

3.2 If you have any questions or complaints regarding Our use of your personal data, please contact Us via email as outlined below. You also have the right to file a complaint with the Swedish authorities.

4. What data do we collect?

4.1 It may vary slightly depending on which of Our Apps or Sites You use to access Our Services, but we may collect some or all of the following personal and non-personal data

Name, E-mail adress and telephone (mobile) number
Debit/billing information (when applicable) including legal adress for invoicing
Organization's information (business name and possible other information as provided by You)
Your (smartphone's) position when you have a planned or ongoing drone flight in controlled airspace. The purpose of these position reports is for Air Traffic Control to ascertain that You are in the actual location for which you have requested drone flight. Such position reports are saved for a maximum of 10 minutes and then permanently deleted.
Information that You have explicitly submitted to Us regarding drone flights, and that you intend for Us to share with trusted entities (including Air Traffic Control units) as part of Our Services.
Purpose of your drone flight (recreational, emergency response, survey etc.)
Aircraft (drone) information (i.e. model, weight etc.)
Area of drone operation including geographical location as well as flight height and start- and endtime of flight operation
Information about Your use of Our Services (for technical analysis and debugging), diagnostic information etc.

5. How do we use and share the collected data

5.1 All personal data is processed and stored securely, for no longer than is necessary considering the reasons it was first collected.

5.2 We may use your data for providing and managing your Account and personalising and tailoring Our Services to you.

5.3 We may use your data for contacting you regarding the stgatus of Our services, notices regarding updates or changed terms, and other messages deemed to be of your interest in relation to our Services. If you request that your data be deleted (see below) we will no longer contact you in this manner (in deed we will have no way of doing so without your contact details).

5.4 When You submit information regarding a drone flight to Us via Our Services, we may:

For flight safety reasons share limited (anonymized) information concerning your drone flight (including location, flight height, start-/endtime, and in applicable cases purpose of flight and organization/business entity responsible for the flight) with other users of Our Services as well as external services that promote flight safety, -awareness and drone acceptance.
If flying your drone in an area where there is a cost associated with your flight, your billing information may be shared with the relevant 3rd party (such as an airport).
If you have opted to share your telephone number (via the toggle on the settings page), your number will be shared with other users of our Services as well as through third party Services during Your drone flight. The benefit of this is that others can contact you, if for instance there is an ambulance helicopter inbound to your location, your drone might present a threat that prevents the helicopter from landing safely and by extension might prevent it from saving human lives. Your telephone number will never be shared with the public, it will only be shared with trusted entities with a legitimate interest in contacting you, for instance police, airborne ambulance and search- and rescue helicopters.
At any time you can opt out of sharing your phone number with such external parties. Please note that opting out will not retract your phone number from such drone flights that have already been shared with third parties under your consent, it will only stop sharing it for future drone flights. Please also note that your phone number will always be shared with the relevant Air Traffic Control unit as outlined below, as that is within the core purpose of our Services.
If submitting a request to fly a drone in controlled airspace, Your contact details (i.e. name, phone number and possibly email address) will be shared with the relevant Air Traffic Control Unit, for the purpose of facilitating a subsequent clearance for your flight. Note that submitting the request/information alone does not grant permission to fly. Express permission from the relevant Air Traffic Control unit is always required.

5.5 You can withdraw your consent to Us using your personal data at any time, and to request that We delete it (see below for contact details). If so, you will no longer be able to use our Services. Please note that other laws may require that your billing information remain with the entity to whom Your payments have been/are due.

5.6 Data on drone flight locations including times and other associated non-personal (anonymized) data is not considered your personal data. Such anonymized data will remain with us for statistical and other purposes even if you withdraw your consent to our use of your personal data.

6. Where do we store the collected data?

6.1 Your data will be stored within the European Economic Area (“the EEA”).

6.2 We have taken suitable measures to protect the data collected through Our Services. These include world-renowned data centres, well-known encryption standards, limiting the number of individuals with access to production systems, network segregation and Virtual Private Cloud (VPC). Multi Factor Authentication (MFA) enabled wherever possible.

6.3 As stated above, if you withdraw your consent to us using your data, we will not hold it any longer than necessary to complete possible outstanding business transactions as already outlined.

7. Change of ownership

If our business changes ownership, the new owner will be permitted to use the collected data only according to this policy and according to the terms of use valid at any given time.

8. Request your data

It is your right to know what personal data we hold related to your person, without any fee according to the GDPR. We will provide you with the details in electronic format if you request it from us and if you can prove proper identification. Please see below for our contact details.

9. Cookies

9.1 If you set your system (browser, OS etc) to deny our use of cookies (as is your right), out Services may not function as intended and we will not assume responsibility for their usability or suitability.

9.2 Our services will place first party cookies (cookies placed directly by us) on your device to remember your login and to customize your use experience. We alone will use these cookies.

9.3 We strive to only use cookies that fall into the catgory "strictly necessary" for our services. Cookies used by our services comply with current Cookie Law.

9.4 As clearly stated in the cookie banner, cookies will be set when you log in, and by logging in you consent to these cookies being set. If you deny our use of cookies, please do not log in to our services.

9.5 Please be aware that you have full control over these cookies at all times. At ay point you can use your browser's functions to remove cookies. The only consequence will be that a "remember me" of the login form will be forgotten, and possible customizations that you have made to your account will be restored to defaults.

10. Contact us

If you need to contact us regarding your personal data or for any other reason in relation to this policy, please do so by writing to us in english or in swedish by email to contact@naviation.se.

11. Policy updates

11.1 We may update this Privacy Policy (for example if required by law). Changes will be available in Our Services and you will be deemed to have accepted the terms of the Privacy Policy on your first use of Our Services following the changes.

11.2 Please also check this site regularly to make sure you have the latest version of the privacy policy.