Privacy Policy

Air Aviation Academy is a trading name of TVM Breathwork ApS, a company registered in Denmark. We operate the website airaviationacademy.com and the associated pilot performance programme portal.

TVM Breathwork ApS is the data controller for all personal data collected through this website and the pilot portal.

We collect the following categories of personal data:

• Contact information: name, email address, phone number, job title, and company name — provided when you book a discovery call or contact us
• Pilot portal data: first name, last name, email address, licence type, airline, fleet type, and total flying hours — provided when you are enrolled in the programme
• Programme progress data: module completion status, personal notes, and resource access logs — generated automatically as you use the pilot portal
• Communication data: the content of enquiry messages submitted through the contact form or booking page
• Technical data: IP address, browser type, and pages visited — collected automatically via server logs for security and performance monitoring

We use your personal data for the following purposes:

• To respond to discovery call bookings and send confirmation emails
• To enrol pilots in the 6A Pilot Performance Programme and provide access to the pilot portal
• To send programme-related communications, including magic link login emails and progress reminders
• To generate and issue completion certificates upon programme graduation
• To manage our client relationships via our internal CRM system
• To send 24-hour reminder emails before scheduled discovery calls
• To comply with legal obligations and protect our legitimate business interests

Under the General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:

• Contractual necessity (Article 6(1)(b)): processing required to deliver the programme you have enrolled in
• Legitimate interests (Article 6(1)(f)): managing our CRM, sending booking confirmations, and maintaining programme records
• Consent (Article 6(1)(a)): where you have explicitly opted in to receive marketing communications
• Legal obligation (Article 6(1)(c)): where we are required to retain records for tax, accounting, or regulatory purposes

We retain personal data for as long as necessary to fulfil the purposes described in this policy:

• Booking and enquiry data: 3 years from the date of the booking or enquiry
• Pilot programme data: 7 years from programme completion (to support certificate verification and CPD records)
• Financial and contractual records: 5 years from the end of the financial year (Danish bookkeeping requirements)
• Marketing consent records: until consent is withdrawn

When data is no longer required, it is securely deleted or anonymised.

We do not sell your personal data. We may share it with the following categories of third parties:

• Google Workspace (Google LLC): email delivery, calendar, and document storage — data processed under Google's EU data processing terms
• Proton AG (Switzerland): encrypted storage of sensitive records including legal correspondence and medical certificates — zero-access encryption under Swiss law
• Payment processors: if you purchase a programme directly online (details provided at point of purchase)
• Legal or regulatory authorities: where required by law or to protect our legal rights

All third-party processors are bound by data processing agreements and are required to handle your data in accordance with GDPR.

Your data is primarily processed within the European Economic Area (EEA). Where data is transferred outside the EEA (for example, to Google's US infrastructure), such transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission.

Sensitive data — including medical certificates, legal correspondence, and student records — is stored exclusively with Proton AG in Switzerland, which provides an equivalent level of protection to the GDPR under Swiss Federal Data Protection Act (nFADP).

As a data subject, you have the following rights:

• Right of access: request a copy of the personal data we hold about you
• Right to rectification: request correction of inaccurate or incomplete data
• Right to erasure ('right to be forgotten'): request deletion of your data, subject to legal retention obligations
• Right to restriction: request that we limit how we process your data
• Right to data portability: receive your data in a structured, machine-readable format
• Right to object: object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact us using the details in Section 10. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority — in Denmark, this is Datatilsynet (datatilsynet.dk).

This website uses only essential session cookies required for authentication and security. We do not use advertising cookies, third-party tracking pixels, or analytics cookies that identify individual users.

The pilot portal uses a secure session cookie to maintain your login state. This cookie expires when you close your browser or log out.

For general enquiries about this Privacy Policy or your personal data:

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The "Last updated" date at the top of this page will be revised accordingly. We will notify enrolled pilots of material changes via email.