WHO WE ARE
Cawa Air is the data controller responsible for processing your personal data collected through this Platform.
- Company: Cawa Air — Société à responsabilité limitée, associé unique
- Registered Office: 60 rue François 1er, 75008 Paris, France
- RCS Paris: 100 067 032
- Contact: contact@cawa-air.com
Cawa Air operates exclusively as a digital intermediation platform connecting clients with independent AOC-certified air carriers. Cawa Air is not an air carrier and does not operate aircraft.
WHAT DATA WE COLLECT
We collect the following categories of personal data:
- Identity data: first name, last name, company name (optional)
- Contact data: email address, phone number
- Flight request data: departure/arrival airports, travel dates, number of passengers, service type, selected options
- Pet travel data: pet weight (if applicable)
- Communication data: messages submitted via contact or quote forms
- Technical data: IP address, browser type, device information, pages visited, session duration
- Cookie data: preferences, analytics identifiers (see Section 9)
Important
We do not collect payment card data directly. All payment transactions are processed by Stripe, Inc., a PCI-DSS Level 1 certified payment processor. Stripe's privacy policy is available at stripe.com/privacy.
HOW WE COLLECT YOUR DATA
We collect personal data through the following means:
- Quote request forms (QuoteModal): when you submit a charter enquiry — data is stored in our secure database and may be synchronized to our CRM for follow-up and relationship management
- Contact forms: when you reach out via our contact page
- Direct communication: by email, phone, or WhatsApp
- Automatic collection: via cookies and similar technologies when you browse the Platform
WHY WE PROCESS YOUR DATA
We process your personal data for the following purposes and on the following legal bases:
| Processing your charter quote request | Performance of pre-contractual measures (Art. 6(1)(b) GDPR) |
| Managing and confirming bookings | Performance of contract (Art. 6(1)(b) GDPR) |
| Responding to your enquiries | Legitimate interest (Art. 6(1)(f) GDPR) |
| Transmitting your data to the operating carrier | Performance of contract (Art. 6(1)(b) GDPR) |
| Complying with AML & sanctions obligations | Legal obligation (Art. 6(1)(c) GDPR) |
| Improving Platform performance and UX | Legitimate interest (Art. 6(1)(f) GDPR) |
| Analytics and audience measurement | Consent (Art. 6(1)(a) GDPR) |
| Sending commercial communications (if opted in) | Consent (Art. 6(1)(a) GDPR) |
| Fraud prevention and security | Legitimate interest (Art. 6(1)(f) GDPR) |
WHO WE SHARE YOUR DATA WITH
We may share your personal data with the following categories of recipients, strictly on a need-to-know basis:
- Operating air carriers: to fulfill your charter booking. The carrier becomes an independent data controller upon receipt of your data.
- Ground handling and logistics providers: where required to coordinate your flight.
- Stripe, Inc.: our payment processor. Stripe collects and processes payment card data on our behalf under their own Privacy Policy (stripe.com/privacy). Stripe is PCI-DSS Level 1 certified.
- CRM provider: quote and client data may be synchronized to our CRM platform for follow-up, relationship management, and service improvement. Access is restricted to authorized Cawa Air personnel.
- IT infrastructure and hosting providers: for platform operation and data storage.
- Google LLC (Google Analytics): audience measurement and Platform analytics, subject to your cookie consent. Data is processed under Google's privacy terms.
- Legal and regulatory authorities: where required by applicable law, court order, or regulatory obligation.
No sale of data
Cawa Air does not sell, rent, or trade your personal data to any third party for marketing purposes.
INTERNATIONAL DATA TRANSFERS
Given the global nature of private aviation, your personal data may be transferred to operating carriers and service providers located outside the European Economic Area (EEA).
Where such transfers occur, we ensure appropriate safeguards are in place, including:
- European Commission adequacy decisions
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Other legally recognized transfer mechanisms under the GDPR
HOW LONG WE KEEP YOUR DATA
We retain your personal data only for as long as necessary for the purposes described in this Policy, and in accordance with applicable legal obligations:
| Quote requests (not converted) | 12 months from submission |
| Booking and contract data | 5 years from the date of the flight (French commercial law) |
| Accounting and invoicing records | 10 years (French statutory requirement) |
| AML & sanctions screening records | 5 years from the end of the business relationship |
| Contact and support communications | 3 years from last contact |
| Analytics data (if consented) | 13 months (CNIL standard) |
| Cookie consent records | 6 months |
YOUR RIGHTS
Under the GDPR and applicable French data protection law, you have the following rights with respect to your personal data:
- Right of access: obtain a copy of the personal data we hold about you.
- Right to rectification: request correction of inaccurate or incomplete data.
- Right to erasure ("right to be forgotten"): request deletion, subject to legal retention obligations.
- Right to restriction: request that we limit the processing of your data.
- Right to data portability: receive your data in a structured, machine-readable format.
- Right to object: object to processing based on legitimate interest or for direct marketing.
- Right to withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing.
- Right to lodge a complaint: with the Commission Nationale de l'Informatique et des Libertés (CNIL) — www.cnil.fr.
To exercise any of these rights, contact us at: contact@cawa-air.com. We will respond within 30 days of receiving your request.
COOKIES & TRACKING TECHNOLOGIES
We use cookies and similar tracking technologies on our Platform. Cookies are small text files stored on your device that help us operate and improve the Platform.
| Strictly necessary | Essential for the Platform to function (session management, security tokens). Cannot be disabled. | No consent required |
| Analytics — Google Analytics | Help us understand how visitors use the Platform (pages visited, session duration, traffic sources). Data is processed by Google LLC and may be transferred to the US under Google's Data Processing Terms. | Consent required |
| Payment — Stripe | Stripe sets cookies strictly necessary to process payments securely and prevent fraud. | No consent required (contractual necessity) |
| Preferences | Remember your settings and language preferences. | Consent required |
You may manage your cookie preferences at any time via our Cookie Consent banner or your browser settings. Withdrawing consent does not affect the lawfulness of prior processing.
CNIL compliance
Our cookie management approach complies with CNIL guidelines. Google Analytics is configured with IP anonymization enabled. You may opt out of Google Analytics tracking across all websites via tools.google.com/dlpage/gaoptout.
DATA SECURITY
We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:
- Encrypted data transmission (TLS/HTTPS)
- Access controls and authentication protocols
- Regular security assessments
- Data minimisation practices
- Confidentiality obligations for all personnel handling personal data
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the CNIL within 72 hours and, where required, affected individuals without undue delay.
CHILDREN'S DATA
Our Platform is not directed at children under the age of 16. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately at contact@cawa-air.com and we will delete it promptly.
LINKS TO THIRD-PARTY SITES
Our Platform may contain links to third-party websites (such as social media platforms or partner services). We are not responsible for the privacy practices of these sites and recommend reviewing their respective privacy policies.
UPDATES TO THIS POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or regulatory guidance. The version in force is the one published on the Platform at the date of your access.
Effective Date: 11 February 2026
GOVERNING LAW & SUPERVISORY AUTHORITY
This Privacy Policy is governed by French law and the GDPR (Regulation (EU) 2016/679).
Supervisory authority: Commission Nationale de l'Informatique et des Libertés (CNIL) — 3 Place de Fontenoy, 75007 Paris — www.cnil.fr
Contact
For any privacy-related enquiry: contact@cawa-air.com