Privacy policy

airShopRQ is committed to transparent data practices that prioritize security, regulatory compliance, and user control. Our policies align with global privacy standards, including GDPR, CCPA, and industry-specific requirements for ecommerce platforms.

We maintain rigorous privacy protocols aligned with our role as aviation technology consultants to global enterprises. This enhanced policy reflects our advisory capacity across 150+ jurisdictions while meeting ISO 27701:2019 standards for privacy in consulting services.

Information Collection & Use

We collect data essential for service delivery, fraud prevention, and personalized experiences:

  • Order details: Client names, business addresses, payment information (encrypted via PCI-compliant processors)

  • Automated data: IP addresses, device identifiers, and browsing behavior via cookies

  • Third-party integrations: Analytics from tools like Google Analytics and advertising platforms

Data is never sold to external parties. Limited sharing occurs with business partners and fraud detection services under strict contractual obligations.

Data Retention Framework

Our retention periods balance legal requirements with operational needs:

  • Transaction records | Retention period of 7 years | Disposal method: cryptographic erasure

  • Marketing analytics | Retention period of 3 years | Disposal method: automated system purges

  • Customer service chats | Retention period of 2 years | Disposal method: secure database deletion

  • Inactive user accounts | Retention period of 18 months | Disposal method: full account anonymization

AI-driven datasets used for personalization undergo quarterly reviews to remove obsolete information.

User Rights & Controls

You may:

  • Request access to or correction of personal data

  • Request deletion of non-essential profile information by contacting our client support

  • Opt-out of marketing communications (one-click unsubscribe in all emails)

  • Appeal data decisions by contacting us within 30 days

Authorized agents must submit notarized authorization forms for requests involving sensitive data.

Security & Compliance

  • AES-256 encryption for stored data

  • Biannual penetration testing

  • Employee training aligned with ISO 27001 standards

Report concerns via the More Info section of our website. Policy updates take effect 30 days after website notification.

This policy last updated: April 2, 2025.