PRIVACY POLICY OF THE PNRGO WEBSITE

The purpose of this privacy policy (hereinafter referred to as the "Policy") is to define the principles and conditions for processing the personal data of users of our website, pnrgo.com (hereinafter referred to as the "Website"), as well as the personal data of other individuals (including our business partners and their representatives, job candidates, and individuals who contact us for other matters). This data may be provided to us by mail, electronically, by phone, in person at the Controller's office, or in any other way. The Policy also contains information regarding the rights of natural persons in relation to the processing of their personal data.

We process your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; OJ L 2016.119.1; hereinafter referred to as "GDPR").

We conduct regular reviews of this Policy and thus reserve the right to amend it. If you notice that the content of the Policy requires an update, please inform us.

Policy last updated: 2025-06-01

PERSONAL DATA CONTROLLER

The Controller of your personal data is PNR GO sp. z o.o., headquartered in Warsaw (ul. Puławska 300A, 02-819 Warsaw), listed in the Register of Entrepreneurs maintained by the District Court for the capital city of Warsaw, 13th Commercial Division of the National Court Register, under KRS number: 0001083440, NIP (Tax ID): 9512588366, REGON: 52759212, with a share capital of 5,000 PLN (hereinafter referred to as the "Controller" or "we"). You can contact the Controller via email at gdpr@pnrgo.com or by mail at the registered office address mentioned above.

DATA PROTECTION OFFICER

The Controller has appointed a Data Protection Officer (DPO). Individuals may contact the DPO regarding all matters related to the processing of their personal data and the exercise of their rights under data protection regulations (GDPR).

DPO contact information:
Małgorzata Topyła-Komosa
Data Protection Officer
PNR GO sp. z o.o.
ul. Puławska 300A
02-819 Warsaw
E-mail: gdpr@pnrgo.com

PNR GO AS A DATA PROCESSOR

We are not the controller of the data processed by our Clients via the PnrGo service we offer. In this regard, we process personal data at the request of the Client, acting as a data processor, based on a data processing agreement. Our Clients independently determine the purposes and methods of processing these data and are responsible for fulfilling the related obligations.

PURPOSES AND LEGAL BASES FOR PROCESSING PERSONAL DATA, AND DATA RETENTION PERIOD

I. Provision of the PnrGo service

We process data provided by the Client using our services, as well as by individuals representing or acting on behalf of the Client in relation to us, in connection with the conclusion of a service agreement and the data provided during the use of our services. For representatives or contact persons, we process contact data and information related to their function or relationship with the Client (e.g. authorization to represent the Client). Data concerning Clients or their representatives or authorised persons acting on behalf of the Client may also be obtained from publicly available sources, such as the Internet.

Providing data is a condition for entering into the agreement and a statutory requirement for fulfilling legal obligations. Failure to provide personal data will prevent us from providing services or fulfilling our legal obligations.

We process the Client's personal data for the following purposes and based on the following legal grounds:

  1. Conclusion and fulfilment of the agreement to provide our services electronically, including enabling the Client to use the service functionalities, maintaining business contacts, and sending informational content related to our services (Article 6(1)(b) GDPR).
  2. Compliance with our legal obligation (Article 6(1)(c) GDPR), particularly in the areas of accounting and bookkeeping, in accordance with the obligations arising from the Tax Ordinance Act of 29 August 1997, the Accounting Act of 29 September 1994, and the Goods and Services Tax Act of 11 March 2004.
  3. Pursuing our legitimate interests (Article 6(1)(f) GDPR), including:
    • Supporting and improving our services;
    • Ensuring service security;
    • Conducting activities to streamline and coordinate our work, including maintaining internal records and registers;
    • Establishing, investigating, and defending against claims.

We process personal data of individuals acting on behalf of the Client for the following purposes and based on the following legal grounds:

  1. Pursuing our legitimate interests (Article 6(1)(f) GDPR), including:
    • Establishing and maintaining business contacts for the purpose of initiating and realizing cooperation under the agreement with the Client;
    • Supporting and improving our services;
    • Ensuring service security;
    • Conducting activities to streamline and coordinate our work, including maintaining internal records and registers;
    • Establishing, investigating, and defending against claims.
  2. Compliance with our legal obligation (Article 6(1)(c) GDPR), particularly in the areas of accounting and bookkeeping, in accordance with the obligations arising from the Tax Ordinance Act of 29 August 1997, the Accounting Act of 29 September 1994, and the Goods and Services Tax Act of 11 March 2004.

Personal data is stored for the period necessary to perform obligations and settle all dues resulting from our service agreement, as well as until the expiration of the statutory periods defined by relevant legal provisions (that is, until the limitation period for tax obligations related to financial and accounting documentation expires). Where applicable, this period may be extended to cover the statute of limitations for claims.

II. Participation in our webinars

We process the personal data provided by webinar participants in the registration form to pursue the legitimate interest of the Controller (Article 6(1)(f) GDPR), which includes:

Providing personal data is voluntary but necessary to participate in the webinar. If you refuse to provide personal data, you will not be able to join the webinar.

Please be informed that the webinar will be recorded and used to pursue our legitimate interest in conducting marketing activities (Article 6(1)(f) GDPR) – in particular, we can share the recording with our newsletter subscribers and existing clients, and publish it on our social media channels and Website. If you choose to disclose your personal data during the webinar, they will be visible to other participants and to future viewers of the recording. By default, participants’ cameras and microphones will be turned off. If you request your camera and microphone to be turned on, and we enable them, your image and voice will be recorded and used for our marketing purposes as described above.

Your data will be processed for the duration necessary to organize the webinar, and afterwards, for the period required to fulfil our legitimate interests as described above, or until you effectively object to the processing of your data.

III. Distribution of the newsletter

If you have given your consent to receive commercial information from us via email, we process the personal data you provided during newsletter sign-up to pursue the legitimate interest of the Controller (Article 6(1)(f) GDPR), which includes:

Providing your data is voluntary but necessary to receive the newsletter. If you choose not to provide your personal data, you will not be able to subscribe.

To prevent errors and unauthorized use of data, we use a double opt-in procedure for those signing up for the newsletter via our website. After expressing interest in receiving the newsletter, you will receive an email request to confirm your subscription. Only after clicking the confirmation link in the email, you will be added to the newsletter database.

Giving consent to receive commercial information is voluntary. You have the right to withdraw your consent at any time by emailing gdpr@pnrgo.com or using the unsubscribe option available in the newsletter. Withdrawal of consent does not affect the lawfulness of sending commercial information based on consent before its withdrawal.

Your personal data will be stored until you withdraw your consent to receive commercial information, effectively object to our marketing activities, or until our legitimate interest in conducting such activities ceases.

IV. Cooperation with contractors

We process the personal data provided by Contractors using our services, as well as by individuals representing or acting on behalf of the Contractor in relation to us, in connection with the conclusion and execution of cooperation. In the case of representatives or contact persons, we process contact data and data related to their role or relationship with the Contractor (e.g. indicating authorization for representation). We obtain this data directly from the individual or from the Contractor. Data concerning the Contractor or individuals representing or acting on behalf of the Contractor may also be obtained from publicly available sources, such as the Internet.

We process the personal data of the Contractor for the following purposes and based on the following legal grounds:

  1. Conclusion and fulfilment of the contract and establishing business contacts (Article 6(1)(b) GDPR).
  2. Compliance with our legal obligation (Article 6(1)(c) GDPR), particularly in the areas of accounting and bookkeeping, in accordance with the obligations arising from the Tax Ordinance Act of 29 August 1997, the Accounting Act of 29 September 1994, and the Goods and Services Tax Act of 11 March 2004.
  3. Pursuing our legitimate interest (Article 6(1)(f) GDPR), which involves:
    • Conducting activities to streamline and coordinate our work, including maintaining internal records and registers;
    • Establishing, investigating, and defending against claims.

We process the personal data of the individual representing or acting on behalf of the Contractor for the following purposes and based on the following legal grounds:

  1. Pursuing our legitimate interest (Article 6(1)(f) GDPR), which involves:
    • Establishing and maintaining business contacts for the purpose of initiating and realizing cooperation based on the contract with the Contractor, as well as servicing and executing the activities undertaken by you;
    • Conducting activities to streamline and coordinate our work, including maintaining internal records and registers;
    • Establishing, investigating, and defending against claims.
  2. Compliance with our legal obligation (Article 6(1)(c) GDPR), particularly in the areas of accounting and bookkeeping, in accordance with the obligations arising from the Tax Ordinance Act of 29 August 1997, the Accounting Act of 29 September 1994, and the Goods and Services Tax Act of 11 March 2004.

Providing data is a condition for establishing and executing the cooperation. If the data is not provided, the cooperation cannot be established or executed.

Personal data is stored for the period necessary to perform obligations and settle all dues resulting from the cooperation, as well as until the expiration of the statutory periods defined by relevant legal provisions (that is, until the limitation period for tax obligations related to financial and accounting documentation expires). Where applicable, this period may be extended to cover the statute of limitations for claims.

V. Exercising rights under the GDPR

We process your data provided in order to exercise the rights granted to you under the GDPR, as well as the data we possess that is necessary to review and handle your request.

We process the data for the following purposes and based on the following legal grounds:

  1. Exercising the rights granted under Articles 12-22 of the GDPR, in accordance with our legal obligation under the GDPR (Article 6(1)(c) GDPR), including the identification of the person exercising their right.
  2. Pursuing our legitimate interest (Article 6(1)(f) GDPR), which involves establishing, investigating, and defending against claims, as well as handling any proceedings related to the exercise of rights of the data subjects.

Providing data is necessary to exercise your rights, and failure to provide it will result in our inability to process your request.

Data is retained until the expiration of the limitation period for claims of the data subjects arising from the exercise of their rights, as well as for the period necessary to handle any proceedings related to the exercise of rights of the data subjects.

VI. Contacting us

We process the data provided by you when contacting us, e.g. through the contact form available on the Website. Personal data is processed in order to pursue our legitimate interest (Article 6(1)(f) GDPR), which involves handling your inquiry.

Providing personal data is voluntary but necessary to process your inquiry. Refusing to provide personal data will result in our inability to handle the message you sent.

Personal data is retained for the time necessary to fulfil the legitimate interest of the Controller, in particular for the duration of handling your message. This period may be extended, if applicable, by the limitation period for civil law claims.

VII. Using our social media accounts

By using our LinkedIn account, you can, among other things, follow our fan page, leave a reaction on a post (like, comment), or message us. Your actions may result in the processing of your personal data, as outlined below.

Categories of individuals whose data is processed, and the scope of processed data

We process the data of individuals who have visited our account, interacted with us, or posted or sent data through LinkedIn services (e.g. filled out forms, answered surveys).

We process the following types of personal data:

Personal data is obtained directly from you in connection with your use of our LinkedIn account. Providing data is voluntary.

Purposes and legal bases for processing

We process personal data for the purpose of pursuing the legitimate interest of the Controller (Article 6(1)(f) GDPR), which involves:

  1. Managing our LinkedIn account, under the terms and conditions set out in the LinkedIn service terms. This may include informing users about our activity, promoting events, brand, products, and services, building and maintaining a community with us (including monitoring user-generated content), and communicating via available LinkedIn features (e.g. comments, messages);
  2. Conducting statistics (through analysing data on user activity on our account),
  3. Establishing, investigating, and defending against claims.

Personal data will not be used for automated decision-making, including profiling.

Joint data controllers

For the purpose of processing personal data for statistics, we act as joint controllers in accordance with Article 26(1) GDPR with LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland; hereinafter “LinkedIn Ireland”), which provides us with the statistics feature. We undertake these actions as part of our legitimate interest (Article 6(1)(f) GDPR) described above.

For more information on data processing for statistics, visit LinkedIn Joint Controller Addendum.

Data recipients

Your personal data will be accessible to:

We do not transfer your personal data to third countries or international organizations.

Data retention period

Data is processed until the effective submission of an objection to its processing for the purpose of pursuing our legitimate interest or until the cessation of this interest, i.e.:

RECIPIENTS OF PERSONAL DATA

Data may be shared with recipients, including in particular:

Personal data may be transferred by us to entities based outside the European Economic Area (EEA), including the USA, when necessary to achieve the specified purposes of personal data processing. The transfer of personal data outside the EEA takes place with the assurance of an adequate level of data protection as required by GDPR, primarily through:

You may obtain a copy of the aforementioned standard contractual clauses (or other appropriate safeguards for transferring data outside the EEA) through us.

YOUR RIGHTS

You have the right to:

If you have given consent for the processing of your personal data or for receiving information from us (e.g. commercial information), you also have the right to withdraw your consent. This withdrawal does not affect the lawfulness of data processing or sending information before the consent was withdrawn. If we intend to process your data based on consent, we will inform you beforehand and ensure you have the opportunity to provide consent. Providing consent is always voluntary, and there are no negative consequences for not giving it.

To exercise your rights, please contact us at gdpr@pnrgo.com.

You also have the right to file a complaint with the supervisory authority – the President of the Personal Data Protection Office at ul. Stawki 2, 00-193 Warsaw.

AUTOMATED DECISION-MAKING, INCLUDING PROFILING

Your personal data is not used for automated decision-making, including profiling.

COOKIES AND SIMILAR TECHNOLOGIES

I. Key Information

The Website uses cookies and similar technologies (hereinafter collectively referred to as “Cookies”). Cookies are IT data, particularly text files, that are stored on your end device (e.g. phone, tablet, computer, console) to facilitate your use of the Website. Cookies do not modify the configuration of your device or the software installed on it.

Cookies do not grant us access to the device you use to visit our Website, or to your personal information, except for information on how you use our Website and any personal data you choose to share with us (including personal data automatically shared due to your browser settings).

Some Cookies are essential for the proper and secure functioning of the Website, and therefore, you cannot opt out of them. We use these Cookies based on our legitimate interest (Article 6(1)(f) of the GDPR) which is to provide information about our activities through the Website.

Other Cookies are used to enhance your experience on the Website, collect statistics, and track your activity for marketing purposes—such as selecting and delivering advertisements tailored to you, keeping statistics, and analysing the delivery and effectiveness of these ads. We use non-essential Cookies only if you provide consent. Your consent is voluntary and can be withdrawn at any time by adjusting your browser settings. Withdrawal of consent does not affect the lawfulness of Cookies usage based on consent given before withdrawal.

II. Types of cookies and similar technologies we use

Strictly Necessary Cookies (technical and session cookies that ensure the security of using the Website) – This group of cookies is essential for the Website to operate correctly and securely. According to regulations, the use of these cookies does not require your consent.

Functional Cookies – These cookies help optimize the performance of our Website and enhance user experience. They allow us to remember your individual choices and provide content better tailored to your preferences.

Statistical Cookies – These cookies help us understand how different users interact with our Website, enabling us to improve its structure and content.

Marketing Cookies – These cookies track your activity for marketing purposes, such as selecting and delivering personalized ads and assessing their effectiveness. Information about your Website usage is shared with our advertising partners, who may combine this data with other information you have provided or that has been collected when you used their services.

Below, you will find detailed information about the specific cookies we use:

COOKIE/TECHNOLOGY NAME STORAGE PERIOD DESCRIPTION PROVIDER
AnalyticsSyncHistory 30 days This cookie stores information about the time a sync took place with the lms_analytics cookie. linkedin.com
bcookie 1 year This browser identifier cookie is used to uniquely identify devices accessing LinkedIn to detect abuse on the platform. linkedin.com
bscookie 1 year This cookie is used for remembering that a logged-in user is verified by two factor authentication and has previously logged in. linkedin.com
CookieConsent 1 year This cookie stores the user's cookie consent state for the current domain. pnrgo.com
_GRECAPTCHA 180 days This technical cookie is used by Google reCAPTCHA for risk analysis in spam protection. It may store browsing device information. google.com
_ga 2 years This cookie is used to distinguish users and send data to Google Analytics about the visitor's device and behaviour. It tracks the visitor across devices and marketing channels. google.com
_ga_# 2 years This cookie calculates visitor, session, campaign data, and also keeps track of site usage for the site's analytics report. It stores information anonymously and assigns a randomly generated number to recognize unique visitors. google.com
_gcl_au 3 months This cookie is used by Google AdSense for experimenting with advertisement efficiency across websites using their services. google.com
hjActiveViewportIds Persistent This cookie contains an ID string on the current session, with non-personal information on what subpages the visitor enters. hotjar.com
_hjSession_# 1 day This cookie holds current session data and ensures subsequent requests in the session window are attributed to the same session. hotjar.com
_hjSessionUser_# 1 year This cookie is set when a user first lands on a page. It persists the Hotjar User ID unique to that site, and ensures data from subsequent visits to the same site is attributed to the same user ID. hotjar.com
hjViewportId Session This cookie stores user viewport details such as size and dimensions. hotjar.com
li_adsId Persistent The LinkedIn Ads ID supports conversion tracking as an additional signal on top of cookies. It is only applicable to website traffic from outside the EU, EEA, Quebec, and UK territories. linkedin.com
li_gc 180 days This cookie stores consent of guests regarding the use of cookies for non-essential purposes. linkedin.com
li_sugr 90 days This cookie is used to make a probabilistic match of a user's identity outside the Designated Countries. linkedin.com
lidc 1 day This cookie facilitates data centre selection. linkedin.com
PHPSESSID Session This cookie preserves user session state across page requests. pnrgo.com
rc::a Persistent This cookie is used to distinguish between humans and bots and protect the website against malicious spam attacks. google.com
rc::b Session This cookie is used to distinguish between humans and bots and protect the website against malicious spam attacks. google.com
rc::c Session This cookie is used to distinguish between humans and bots and protect the website against malicious spam attacks. google.com
rc::f Persistent This cookie is used to distinguish between humans and bots and protect the website against malicious spam attacks. google.com
UserMatchHistory 30 days This cookie is used for LinkedIn Ads ID syncing to provide ad delivery or retargeting. linkedin.com

III. Managing cookie and similar technology settings

Below you can find the links to information from the most popular web browsers on how to manage cookies and similar technologies while browsing the Website:

You can check the current privacy settings of your web browser at any time, for example, by using http://www.aboutads.info/choices or http://www.youronlinechoices.eu/.

ANALYTICAL AND MARKETING TOOLS

We use tools to collect information about users of our Website for the marketing and analytical purposes described above. In particular, we use the following tools:

This tool allows us to display our advertisements and measure the effectiveness of advertising campaigns, including data analysis. Information on how Google processes data in relation to Google Ads is available here.

Google Analytics is an online tool supplied by Google for website statistics and web analytics, providing insights into data traffic. You can prevent the installation of cookies by adjusting your browser settings. You can also prevent Google from collecting data via Cookies related to your use of our Website by installing a browser add-on that blocks Google Analytics scripts. This add-on is available here. Information on how Google uses data collected from users of partner websites and apps can be found here.

Hotjar is an analytical tool that helps us understand user behaviour on our Website. You can opt out of Hotjar data collection at any time by enabling the "Do Not Track" header. More information can be found here.

This is a JavaScript code snippet provided by LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland; hereinafter “LinkedIn Ireland”), which enables detailed reporting on advertising campaigns and provides insights into website visitors. The LinkedIn Insight Tag is used for conversion tracking, retargeting website visitors, and obtaining aggregated information about the categories of people interacting with our ads. LinkedIn Ireland acts as our data processor and may transfer personal data outside the European Economic Area (EEA). You can disable the LinkedIn Insight Tag by adjusting your user settings here.

Partners:

Airplane Manager logo.
Collins Aerospace logo.
European Business Aviation Association logo.
FL3XX logo.
JESTER logo.
Jetex logo.
Leon Software logo.
Nuvolops logo.
REDiFly logo.
SITA logo.
Skylegs logo.
Airplane Manager logo.
Collins Aerospace logo.
European Business Aviation Association logo.
FL3XX logo.
JESTER logo.
Jetex logo.
Leon Software logo.
Nuvolops logo.
REDiFly logo.
SITA logo.
Skylegs logo.