GDPR & Data Protection Notice

Effective date: 29 December 2025

1) Data Controller

The data controller responsible for your personal data is:

• Entity: AviatorPredict.com (Website operator)
• Email: [email protected]
• Website: aviatorpredict.com

If you have any questions about how we process your personal data, you may contact us at [email protected].

2) Legal Basis for Processing

We process personal data only where we have a lawful basis to do so under Article 6 of the GDPR. The legal bases we rely on include:

• Consent (Art. 6(1)(a)): Where you have given clear consent for us to process your personal data for a specific purpose, such as subscribing to communications or accepting non-essential cookies.
• Contractual necessity (Art. 6(1)(b)): Where processing is necessary to perform a contract with you or to take steps at your request before entering into a contract, such as providing access to the Service.
• Legitimate interests (Art. 6(1)(f)): Where processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. This includes website analytics, fraud prevention, and improving the Service.
• Legal obligation (Art. 6(1)(c)): Where processing is necessary to comply with a legal obligation to which we are subject.

3) Data We Collect

We may collect and process the following categories of personal data:

• Technical data: IP address, browser type and version, operating system, device type, screen resolution, and referring URL.
• Usage data: Pages visited, time spent on pages, click patterns, scroll depth, and navigation paths.
• Account data: Email address, username, and registration details (where applicable).
• Communication data: Information you provide when contacting us via email or support channels.
• Cookie data: Identifiers stored via cookies, local storage, and similar technologies. See Section 4 for details.

4) Cookies and Tracking

We use cookies and similar tracking technologies to operate and improve the Service. These include:

• Essential cookies: Required for the Service to function correctly (e.g., session management, security tokens). These do not require consent.
• Analytics cookies: Used to understand how visitors interact with the Service (e.g., Google Analytics with measurement ID G-QNY2RP6E3P). These are set only with your consent.
• Functional cookies: Used to remember your preferences, such as language selection.

You can manage your cookie preferences at any time through our cookie consent tool or your browser settings. For more details, see our Cookie Policy.

5) Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15): You have the right to request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): You have the right to request correction of inaccurate or incomplete personal data.
• Right to erasure (Art. 17): You have the right to request deletion of your personal data ("right to be forgotten"), subject to certain exceptions.
• Right to restriction of processing (Art. 18): You have the right to request that we restrict processing of your personal data in certain circumstances.
• Right to data portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format.
• Right to object (Art. 21): You have the right to object to processing based on legitimate interests or direct marketing.
• Right to withdraw consent (Art. 7(3)): Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
• Right not to be subject to automated decision-making (Art. 22): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days as required by the GDPR.

6) Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specifically:

• Account data: Retained for the duration of your account and up to 12 months after account deletion, unless retention is required for legal or compliance purposes.
• Analytics data: Aggregated and anonymised analytics data may be retained indefinitely. Identifiable analytics data is retained for up to 14 months.
• Communication data: Retained for up to 24 months from the date of last correspondence.
• Cookie data: Retention periods vary by cookie type. See our Cookie Policy for specific durations.

When personal data is no longer required, it is securely deleted or anonymised.

7) International Data Transfers

Your personal data may be transferred to, and processed in, countries outside the European Economic Area (EEA). Where such transfers occur, we ensure that appropriate safeguards are in place in accordance with GDPR requirements, including:

• Transfers to countries with an adequacy decision from the European Commission (Art. 45).
• Use of Standard Contractual Clauses (SCCs) approved by the European Commission (Art. 46(2)(c)).
• Other appropriate safeguards as permitted under Chapter V of the GDPR.

8) Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL protocols.
• Regular security assessments and vulnerability testing.
• Access controls limiting personnel access to personal data on a need-to-know basis.
• Secure server infrastructure with monitoring and logging.

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9) Third-Party Processors

We may share your personal data with third-party service providers ("processors") who process data on our behalf. These include:

• Google Analytics: Website analytics and usage reporting. Google's privacy policy applies to data processed by Google.
• Hosting providers: Server infrastructure and content delivery.
• Email service providers: For transactional and support communications.

All third-party processors are required to process personal data in accordance with our instructions and applicable data protection laws. We enter into Data Processing Agreements (DPAs) with all processors as required by Article 28 of the GDPR.

10) Children's Privacy

The Service is not intended for individuals under the age of 18 (or the age of legal majority in their jurisdiction, if higher). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate parental consent, we will take steps to delete that data promptly.

If you believe we have inadvertently collected data from a minor, please contact us at [email protected].

11) Right to Lodge a Complaint

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority in the EU/EEA Member State of your habitual residence, place of work, or the place of the alleged infringement (Art. 77 GDPR).

We encourage you to contact us first at [email protected] so that we can address your concerns directly.

12) Changes to This Notice

We may update this GDPR & Data Protection Notice from time to time. Any changes will be posted on this page with a revised effective date. Where changes are significant, we will make reasonable efforts to notify you (for example, via a banner on the Service).

Your continued use of the Service after changes are posted constitutes your acknowledgement of the updated notice.

13) Contact Us

If you have questions, concerns, or requests regarding this GDPR & Data Protection Notice or the processing of your personal data, please contact us:

Legal: [email protected]
Support: [email protected]