Privacy Policy

1. Introduction & Controller Identity

This Privacy Policy explains how ErinWave Aviation (“we”, “us”, or “our”) collects, uses, and protects personal data when you visit ErinWave.cyou (the “Site”), read our aviation learning content, or contact us about guides, articles, or workshops.

For the purposes of applicable data protection laws (including the EU General Data Protection Regulation and the Irish Data Protection Act 2018), the data controller is:

• Legal entity: ErinWave Aviation Learning Ltd
• Registered address: 2 Dublin Landings, North Wall Quay, North Wall, Dublin 1, D01 V4A3, Ireland
• Contact email: [email protected]
• Phone: +353 1 906 1638

Our content is designed for aviation appreciation and general education. We do not intentionally request or require special-category data (for example, health information or biometric data). Please do not include sensitive personal information in free-text fields unless it is strictly necessary for your enquiry.

Effective date: March 12, 2026.

2. Personal Data We Collect

The personal data we collect depends on how you use the Site. We aim to keep collection limited and proportionate. We may collect:

• Identity and contact data: name, email address, and (if provided) phone number.
• Form content: the information you submit through our contact form, including your message, topic selections, and any aircraft or learning goals you mention.
• Technical data: IP address, browser type and version, device type, operating system, language settings, approximate location derived from IP (city/region level), and diagnostic data necessary for security and performance.
• Usage data: pages viewed, time spent on pages, navigation paths, referring pages, link clicks, and similar interaction events.
• Cookies and identifiers: small data files and similar technologies described in Section 4 (including a consent record).
• Conversion events: events associated with completing a form (for example, successful contact submission), which may be used for measurement when analytics or marketing cookies are enabled with consent.

We do not request financial account details or government identification numbers through the Site. If you email us directly, we will only process the personal data included in that correspondence for the purpose of responding and maintaining an appropriate record.

3. Why We Process Personal Data & Legal Basis

We process personal data for specific purposes and rely on the legal bases available under GDPR (Article 6). The main purposes and bases are:

• Responding to contact enquiries: to reply to your message, recommend relevant guides, and coordinate workshop enquiries. Legal basis: Article 6(1)(b) (steps at your request prior to entering a contract) and Article 6(1)(a) (consent) where required.
• Analytics and site improvement: to understand which content is helpful, where readers get stuck, and how to improve structure and clarity. Legal basis: Article 6(1)(a) (consent).
• Marketing measurement and remarketing: to measure the effectiveness of our advertising and to show relevant messages to people who have interacted with the Site. Legal basis: Article 6(1)(a) (consent).
• Security and fraud prevention: to protect the Site, reduce abuse, and maintain service availability. Legal basis: Article 6(1)(f) (legitimate interests), balanced against your rights.
• Legal and compliance obligations: to comply with applicable laws, respond to lawful requests, and maintain necessary records. Legal basis: Article 6(1)(c) (legal obligation).

Automated decision-making (GDPR Article 22): We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

4. Cookies & Tracking

Cookies are small text files stored on your device. We also use similar technologies such as pixel tags or server-side event forwarding when enabled. Cookie use on this Site is organised into three categories that match our Cookie Policy at /cookie-policy/.

Essential cookies (always active)

Essential cookies are required for the Site to function. They include cookies that maintain basic session continuity and store your cookie preferences. These cookies do not require consent under EU rules.

• Examples: _site_session, cookie_consent
• Retention: session to 12 months depending on the cookie.

Analytics cookies (consent required)

If you enable analytics cookies, we may use Google Analytics 4 (GA4) to understand aggregated site usage (for example, which articles are read most, and how people move through a guide). We use IP anonymization where applicable and configure retention with a 14-month data retention setting.

• Examples: _ga, _ga_XXXXXXXXXX (GA4 property identifier)
• Retention: typically up to 2 years for cookie identifiers; analytics reporting retention 14 months.

Marketing cookies (consent required)

If you enable marketing cookies, we may use technologies from advertising partners (such as Google Ads and Meta) to measure campaign performance and to build audiences for remarketing. This helps us avoid broad, irrelevant messaging and measure whether content-led ads are effective.

• Examples: _gcl_au, _fbp, _fbc
• Retention: typically 90 days for marketing cookies, depending on partner configuration.

Beyond cookies, tracking can involve pixel tags loaded in a browser or server-to-server event forwarding. Where used, these are only activated in line with your cookie choices. If future versions of the Site introduce additional cookie names, we will update the Cookie Policy and, where required, prompt you to review your choices.

5. Consent (EEA/UK)

Users in the EEA and the UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (GDPR Article 6(1)(a)). Your consent choice is recorded in the cookie_consent browser cookie for 12 months.

You may withdraw consent at any time by selecting “Manage cookie preferences” in the footer of the Site or by clearing cookies in your browser. Withdrawing consent does not affect the lawfulness of processing based on consent before it was withdrawn.

6. Sharing With Advertising & Service Partners

We may share limited personal data with service providers and advertising partners to operate the Site and measure content performance. We do not sell personal data. When enabled by consent, some partners receive cookie identifiers and event data to provide analytics or advertising measurement.

• Google LLC (Google Analytics 4, Google Ads, Google Tag Manager, remarketing): cookie identifiers, usage data, conversion events, and aggregated reporting. Reference: https://policies.google.com/privacy
• Meta Platforms, Inc. (Meta Pixel, Custom/Lookalike Audiences, Conversion API): page views, conversions, audience membership signals, and (where configured) hashed identifiers. Reference: https://www.facebook.com/privacy/policy
• Cloudflare (CDN and security): IP-based security signals for threat detection and performance. Reference: https://www.cloudflare.com/privacypolicy/

We do not permit these providers to use Site data for their own independent commercial purposes. They act as processors or, in some cases, as separate controllers depending on the specific tool and configuration.

7. International Transfers

Some of our service providers are located outside the European Economic Area and the UK (including in the United States). Where personal data is transferred internationally, we rely on appropriate safeguards, such as:

• EU-US Data Privacy Framework (DPF) (primary, where applicable since July 2023)
• UK Extension to the EU-US DPF (where applicable)
• Swiss-US DPF (where applicable)
• Standard Contractual Clauses (EU 2021/914) as a fallback mechanism
• UK International Data Transfer Addendum (IDTA) as a fallback mechanism

If you would like more detail about safeguards for a particular transfer, contact us using the details in Section 18.

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy, unless a longer period is required by law. Typical retention periods are:

• Contact submissions: up to 2 years from the last interaction, to maintain continuity in educational correspondence.
• Email correspondence: for the duration of the relationship, plus up to 1 year for reference.
• Server and security logs: typically up to 90 days, unless needed for investigating incidents.
• Analytics data: analytics reporting retention is configured for 14 months; cookie identifier retention depends on the cookie lifetime.
• Marketing cookies: retained for the cookie lifetime (commonly 90 days), unless deleted earlier.
• Cookie consent record: up to 3 years for audit and compliance purposes.
• Legal and tax records: retained as required by applicable law (often 6 to 10 years for invoices where relevant).

9. Your Rights (GDPR & UK GDPR)

Depending on your location, you may have rights under GDPR and related laws, including:

• Right of access (Article 15)
• Right to rectification (Article 16)
• Right to erasure (Article 17)
• Right to restriction of processing (Article 18)
• Right to data portability (Article 20)
• Right to object (Article 21)
• Right to withdraw consent (Article 7(3))
• Right to lodge a complaint with a supervisory authority (Article 77)

To exercise your rights, email [email protected]. We aim to respond within 30 days, although this may be extended by up to 60 days for complex requests.

If you are in the EU, you can find your supervisory authority via the European Data Protection Board: https://edpb.europa.eu. If you are in Ireland, the Data Protection Commission is available at https://www.dataprotection.ie.

UK residents can contact the Information Commissioner’s Office (ICO): https://ico.org.uk.

10. Children

This Site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If you believe a child under 16 has provided personal data without verifiable parental consent, contact us and we will delete the data promptly where required.

11. Do Not Track

This website does not respond to Do Not Track (DNT) browser signals. Some third-party providers may offer their own settings or opt-out mechanisms.

12. Data Deletion Requests

To request deletion of personal data associated with your enquiry, email us with the subject line Data Deletion Request at [email protected]. We may ask for limited information to verify your identity before completing the request.

Some information may be retained where required by law or where it is necessary for establishing, exercising, or defending legal claims.

13. Business Transfers

In the event of a merger, acquisition, asset sale, financing, reorganisation, or insolvency, personal data may be transferred to a successor entity. If such a transfer materially changes how personal data is used, we will provide notice on the Site.

14. California (CCPA / CPRA)

If you are a California resident, you may have specific rights under the California Consumer Privacy Act (as amended by the CPRA). In the last 12 months, we may have collected the following categories of personal information:

• Identifiers: such as name, email address, IP address, and device identifiers.
• Internet or network activity information: such as browsing interactions with the Site.
• Inferences: such as inferred interests based on content interactions (used for advertising measurement if enabled).

We do not sell personal information as defined by CCPA. We do share certain information for cross-context behavioural advertising when marketing cookies are enabled. California residents may opt out by using the cookie preferences panel available via the footer link “Manage cookie preferences”.

You may submit requests to know, delete, or correct by emailing [email protected] with the subject line California Privacy Request. We will verify your request. Authorised agents may submit requests with proof of authorisation.

We will not discriminate against you for exercising your rights.

15. Virginia (VCDPA)

Virginia residents may have rights to access, correct, delete, obtain a copy of personal data, and opt out of targeted advertising. We do not sell personal data and do not engage in profiling that produces legal or similarly significant effects.

To exercise these rights, email [email protected] with the subject line Virginia Privacy Request.

If we decline to act on a request, you may appeal by emailing with the subject line Appeal of Refusal — Privacy Request. We will respond within 60 days. If an appeal is denied, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject line Nevada Do Not Sell Request. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. Material changes will be announced via a prominent notice on the Site at least 14 days before taking effect. The “Last Updated” date at the top of this page is refreshed with every revision.

18. Contact

For questions about privacy, to exercise your rights, or to request deletion, contact:

• ErinWave Aviation Learning Ltd
• 2 Dublin Landings, North Wall Quay, North Wall, Dublin 1, D01 V4A3, Ireland
• Email: [email protected]
• Phone: +353 1 906 1638