Privacy Policy

Last Updated: February 20, 2025

1. Introduction
Royal Flight Center (“the Academy,” “we,” or “us”) takes data protection seriously. The use of the Academy’s internet pages and online services may require the provision of some personal data. If a Data Subject wishes to use certain services via our website, the processing of further personal data might become necessary. Whenever the processing of personal data is required and no statutory basis exists for such processing, the Academy will seek the Data Subject’s consent.

Our processing of personal data is always in line with the General Data Protection Regulation (“GDPR”) and the national legislation applicable in the Republic of Cyprus. By means of this Privacy Notice, we inform the general public about why we collect and process personal data, and about the rights of Data Subjects regarding their personal data.

Founded in 2024, Royal Flight Center was established to provide aspiring pilots with top-notch training in a supportive environment. Our mission is to cultivate skilled aviators who prioritize safety, professionalism, and excellence in aviation. With EASA-approved training and a commitment to quality, we aim to be a leading flight school in Cyprus, leveraging its ideal flying conditions and strategic location.

Royal Flight Center is a flight school. We only use usage data to better understand our customers and to respond to online requests. We never sell customer data.

2. Definitions
This data protection notice is based on the terms used by the European legislator for the adoption of the GDPR. For ease of understanding, the following definitions apply:

Controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Personal data: Any information relating to an identified or identifiable natural person (“Data Subject”).
Data subject: Any identified or identifiable natural person whose personal data is processed by the Controller.
Processor: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the Controller.
Recipient: A natural or legal person, public authority, agency, or another body to which personal data are disclosed, whether a third party or not.
Third Party: A natural or legal person, public authority, agency, or body other than the data subject, Controller, Processor, and persons who, under the direct authority of the Controller or Processor, are authorized to process personal data.
Restriction of processing: The marking of stored personal data with the aim of limiting their processing in the future.
Processing: Any operation or set of operations performed on personal data (e.g., collection, recording, organization, storage, etc.).
Profiling: Any form of automated processing of personal data to evaluate certain personal aspects relating to a natural person.
Consent: Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, signifying agreement to the processing of personal data relating to him or her.

3. Name and Address of the Controller
The Controller is:

Royal Flight Center
Akropoleos Ave 44-46
1st Floor, Office 102
Strovolos, 2012
Cyprus

Email: info@royalfly.eu
Phone: +357 22 365 905

4. Data Protection Officer
If you have any questions about this Privacy Notice or our data protection practices, you may contact:

Data Protection Officer
Royal Flight Center
Email: info@royalfly.eu

A Data Subject may contact our Data Protection Officer directly with any enquiries relating to data protection.

5. Lead Supervisory Authority
The Lead Supervisory Authority overseeing Royal Flight Center is the Cyprus Office of the Commissioner for Personal Data Protection:

Information Commissioner’s Office
Email: commissioner@dataprotection.gov.cy
Website: www.dataprotection.gov.cy

6. Cookies
The Academy’s website uses cookies. Cookies are text files stored on a computer system via an internet browser. By means of a cookie, the Academy can provide more user-friendly services, for example recognizing returning visitors so they do not have to re-enter data on each visit.

You may prevent or delete cookies at any time by configuring your internet browser. If you deactivate cookies, some functions of our website may not operate fully.

7. Reasons/Purposes for Processing Information
Below is a broad description of how we process personal information. For more specifics, please refer to any personal communications you have received from us.

We process personal information to:

Provide information about our goods and services (flight training programs and related aviation services).
Respond to enquiries and maintain our records.
Support and manage our employees.
We collect information from:

The Data Subject directly (e.g. information entered into forms).
Indirect sources (e.g. IP addresses, operating systems).
Publicly available registers, social media (e.g. Twitter, LinkedIn, Facebook).
Research provided by third parties, including search engines.
We process the following information:

Personal details (name, contact information).
Business activities (if relevant to training or service provision).
Financial details (if relevant for payments or contracts).
Education and employment details.
Offences and alleged offences (only as lawfully required).
We process data about:

Prospective and current customers/students.
Employees, complainants, and enquirers.
Suppliers, advisers, and other professional experts.
We may share personal information with:

Business associates and professional advisers.
Financial organizations (e.g., banks for payment processing).
Current, past, or prospective employers (if it relates to flight training or references).
Educators and examining bodies (as required for certifications and exams).
Suppliers and service providers.
Where sharing is necessary, it is done in full compliance with GDPR, the Data Protection Act, and other relevant legislation.

8. Rights of the Data Subject
Under the GDPR, Data Subjects in the EU have specific rights. To exercise any of these rights, please contact our Data Protection Officer at any time.

Right of Confirmation – to confirm whether or not personal data is being processed.
Right of Access – to obtain a copy of personal data undergoing processing.
Right to Rectification – to request the correction of inaccurate personal data.
Right to Erasure (“Right to be forgotten”) – to request deletion of personal data where legally applicable.
Right to Restriction of Processing – to request limitation of personal data processing under specific circumstances.
Right to Data Portability – to receive personal data in a structured, commonly used, and machine-readable format.
Right to Object – to object, on grounds relating to your particular situation, to the processing of personal data.
Automated Decision-Making, Including Profiling – the right not to be subject to decisions

based solely on automated processing.
Right to Withdraw Consent – where processing is based on consent, you may withdraw it at any time.
Right to Complain to the Supervisory Authority – if you believe your rights under GDPR are being infringed, you have the right to lodge a complaint with the supervisory authority indicated in Section 5 of this Privacy Notice.

9. Legal Basis for the Processing
Processing of personal data by the Academy is based on one or more of the following:

The Data Subject’s consent for specific purposes.
Necessity for the performance of a contract or to take steps at the Data Subject’s request prior to entering into a contract.
Compliance with a legal obligation.
Protection of the vital interests of the Data Subject or another person.
Necessity for the performance of a task in the public interest or in the exercise of official authority.
Necessity for the purposes of legitimate interests pursued by the Controller or a third party, provided such interests are not overridden by the Data Subject’s fundamental rights and freedoms.

10. The Legitimate Interests Pursued by the Controller or by a Third Party
Where the processing of personal data is based on our legitimate interest, it is carried out to conduct and grow our flight training and aviation services for the well-being of students, employees, and shareholders.

11. Security of Processing
The Academy implements appropriate technical and organizational measures to secure personal data. Absolute security, however, cannot be guaranteed. If you have special concerns regarding particular methods of data transmission, we will endeavor to offer a suitable alternative.

12. Transfers
From time to time, it may be necessary to transfer personal data internationally. Any such transfers will be conducted in compliance with the GDPR and any applicable national data protection legislation, ensuring adequate safeguards are in place.

13. Personal Data Retention Periods
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, and in accordance with statutory retention periods in Cyprus. Once those periods expire, or the data is no longer needed, we securely delete or anonymize the data.

14. Obligation to Provide Personal Data and Possible Consequences of Failure
Sometimes, provision of personal data may be required by law (e.g., tax regulations) or necessary for the performance of a contract (e.g., training agreements). If you choose not to provide personal data that is necessary for a contract, we may be unable to conclude that contract or provide certain services.

15. Automated Decision-Making & Profiling
We do not use personal data for any form of automated decision-making or profiling.

16. Data Protection for Employment & Recruitment Procedures
We collect and process personal data of job applicants for the purpose of the recruitment process. This may include electronic submissions (email or web forms). If an applicant is hired, personal data will be stored and processed for the employment relationship. If no employment contract is concluded, the application data is deleted unless there is a legitimate interest in retaining it for a legally defined period.

17. Data Protection Notifications for Third-Party Services
On our website, we may integrate components of third-party services or applications (e.g., payment gateways, analytics tools). Please refer to the specific service’s Privacy Notice for details on how they handle personal data.

18. General
You may not transfer any of your rights under this privacy notice to another person.
If any part of this privacy notice is found invalid by a competent authority, the remaining sections remain in force.
No delay, act, or omission by a party in exercising any right or remedy will be deemed a waiver of that or any other right or remedy.
This Privacy Notice will be governed by and interpreted according to the laws of the Republic of Cyprus. All disputes arising under it will be subject to the exclusive jurisdiction of the Cyprus Courts.

19. Changes to This Notice
This notice was last updated in February 2025. We may amend this policy to reflect changes in the law or our privacy practices. We will not use your personal data in new ways without your consent.

Quick Links:

Email Us
Phone: +357 22 365 905
Royal Flight Center
Akropoleos Ave 44-46, 1st Floor, Office 102
Strovolos, 2012, Cyprus
info@royalfly.eu | +357 22 365 905

We only use usage data to better understand our customers and respond to online requests. We never sell customer data.