This Data Processing Policy describes how Pronteer (“Pronteer”) processes personal data on behalf of its customers in the context of aviation operational services.

Pronteer acts as a data processor, while customers, including aircraft operators, management companies, or other aviation entities, act as data controllers. Personal data is processed solely in accordance with the documented instructions of the data controller and applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”), where applicable.

Pronteer processes personal data exclusively to provide the services offered through the platform, including operational coordination, documentation management, workflow execution, and customer-initiated activities. Personal data is not processed for any purpose outside the scope of the agreed services.

Pronteer implements appropriate technical and organizational security measures to protect personal data, including encrypted data storage, secure authentication mechanisms, role-based access controls, system logging, and audit capabilities. Access to personal data is restricted to authorized personnel who are subject to confidentiality obligations.

Pronteer may engage approved sub-processors, such as cloud infrastructure providers or monitoring and analytics service providers, to support the delivery of the platform. All sub-processors are contractually bound to comply with data protection, security, and confidentiality obligations consistent with this policy and applicable laws.

In the event of a personal data breach, Pronteer will notify affected customers without undue delay and will take appropriate remedial actions to mitigate the impact, comply with legal obligations, and prevent recurrence.

Upon termination or expiration of services, personal data will be returned to the customer or securely deleted upon request, subject to applicable legal or regulatory retention requirements.