Privacy, Data & Terms

This site is operated by Peter Sodermans (Luxembourg) in a personal, non-commercial capacity as the initiator of the Private Pilot Expedition Georgia 2026, under the brand PrivatePilot.lu. This is not an AOPA, government, or commercial tour operator activity.

We collect only the data necessary to coordinate a safe and legally compliant aviation expedition:

• Crew & aircraft: pilot name, email, phone, aircraft registration and type, fuel needs, insurance details, home address.
• Pilot licence and medical fitness evidence: pilot licence details and, where required, proof of current aviation medical fitness, limited to the information necessary to evidence that the pilot may exercise the relevant licence privileges for the expedition. See Section 5 for the special treatment of medical-related information.
• Persons on board: full name, date of birth, nationality, passport number and expiry — required by the Georgian Civil Aviation Authority for flight permit processing.
• Route & logistics: per-stop participation, fuel uplift, accommodation preferences, arrival date.
• Uploaded documents: airworthiness, registration, insurance, POA, licence — as required by the route authorities.
• Payment: SEPA bank transfer reference and transfer date — no card numbers are collected or stored, all contributions are received by the organiser's personal bank account.
• Technical: IP address and timestamp for registration, document uploads and consent events (for rate-limiting, audit and demonstrability of consent only).

We rely on the following lawful bases under EU GDPR. Where a category requires your explicit consent, you are asked to confirm it during registration with a separate, unticked checkbox.

Data is only used for the purposes set out above. We do not sell, trade, or profile data for any other purpose, and do not use it for marketing.

For the purposes of flight permit processing, customs and immigration coordination, and aviation authority formalities, certain personal data — including passport, crew, aircraft, insurance and permit-related information — may be transmitted to aviation authorities and authorised service providers in Türkiye and Georgia.

• For Georgia, coordination is performed with the Georgian Civil Aviation Authority through the Honorary Consulate of Georgia in Luxembourg.
• For Türkiye, coordination may be performed through AOPA Türkiye and/or the relevant Turkish aviation authorities. Personal identifying information (passport numbers, medical certificates) is omitted from the Turkish submission scope and the Turkish CAA receives only the aircraft, operator, insurance and authorisation documentation strictly required for flight permit processing.

Türkiye and Georgia are not currently covered by an EU adequacy decision. These transfers are therefore carried out only where necessary for the expedition formalities and, where required, on the basis of your explicit consent (Art. 49(1)(a) GDPR) after having been informed of the possible risks arising from the absence of an adequacy decision and equivalent EU-level safeguards. Without such transfers, participation in the expedition may not be possible.

The explicit consent for these transfers is requested in the registration form as a separate, unticked checkbox.

For pilots, a valid aviation medical certificate or equivalent medical-fitness evidence may be required to demonstrate that the pilot is entitled to exercise the relevant licence privileges for the expedition and to satisfy applicable aviation, permit, border, customs or route authority requirements.

Where required, we collect and process only the minimum information or document necessary for that purpose: the certificate itself, its class/type, validity period, issuing authority and any operational limitation relevant to the expedition or authority process.

Such information may constitute health-related data under Article 9 GDPR. It is processed only for the specific purposes of verifying pilot eligibility for the expedition, preparing aviation or authority formalities, and complying with permit, border, customs or route authority requirements. The processing is carried out on the basis of the necessity of the data for expedition participation and authority formalities, together with the pilot's explicit consent for health-related data (Article 9(2)(a) GDPR).

Medical documents are access-restricted, used only for the above purposes, and deleted as soon as they are no longer required for the relevant expedition, aviation or authority process, unless a longer retention period is legally required or objectively necessary for documented compliance, authority follow-up, security or dispute-resolution purposes.

If you, as a pilot in command, provide personal data of passengers or other persons on board, you must ensure that they have received this privacy notice before their data is submitted. You confirm that you are authorised to provide their data for the expedition formalities and that they understand that their data may be transferred to route authorities in Türkiye and Georgia.

Passengers may exercise the same GDPR rights as pilots (see Section 10) directly via peter@privatepilot.lu.

• You — via your personal crew link.
• Expedition organisers — Peter Sodermans and any explicitly authorised expedition admin (all admin access is logged).
• Honorary Consulate of Georgia in Luxembourg — receives the per-crew Georgia bundle (aircraft documents, pilot licence, medical, insurance, passport scans) and coordinates with the Georgian CAA on your behalf.
• AOPA Türkiye — receives the per-crew Turkey bundle for upload to the SHGM portal. The Turkey scope excludes passport scans and medical certificates.
• Accommodation partners — room count totals per stop (no personal data shared unless required by the venue).
• Banque Raiffeisen, Luxembourg — receives SEPA contribution transfers with standard SEPA reference fields. No card processor or third-party payment provider is involved.

We never share data outside these categories without your explicit prior consent.

Providing the data marked as mandatory in the registration form is necessary to assess and coordinate your participation and to prepare authority permit documentation. If you do not provide the required data, or if you withdraw consent for processing reasonably necessary for these purposes, we may be unable to process your registration or include your aircraft and crew in the expedition.

• Active expedition data: kept while you are registered and for the duration of the 2026 expedition.
• Medical certificates and equivalent health-related documents: deleted as soon as the relevant aviation / authority formality is concluded, unless a longer retention period is legally required or objectively necessary.
• Payment receipts and authority correspondence: retained for 7 years for legal and accounting obligations.
• Consent log entries: retained for the duration of the expedition plus 12 months to demonstrate consent under Article 7(1) GDPR.
• All other personal data: deleted within 12 months of the expedition's conclusion, unless you request deletion sooner.

As a data subject under EU GDPR you have the right to:

• Access a copy of your data.
• Correct or update inaccurate data.
• Have your data erased (“right to be forgotten”).
• Request restriction of processing in the circumstances set out in Article 18 GDPR.
• Export your data in a portable format.
• Withdraw consent at any time, with future effect.
• Object to processing.
• Lodge a complaint with the Luxembourg data protection authority (CNPD).

Some rights may be limited where continued retention is required for legal, accounting, aviation authority, dispute-resolution or security purposes.

Exercise any of these by emailing peter@privatepilot.lu. We aim to respond within 14 days.

Data is hosted on an EU-based VPS with encrypted connections (TLS 1.2+). Admin access is password-protected with bcrypt-hashed credentials and protected by two-factor authentication (email one-time code). All admin actions are logged. Daily database backups are taken and retained. Uploaded files are stored with randomised filenames under access-controlled directories. Crew dashboard pages are served with noindex directives so personal dashboards are not indexed by search engines. Server-side errors are monitored through a privacy-scrubbing reporting service (Sentry EU region, Frankfurt; pilot identifying information stripped before send).

We use a minimal set of functional cookies: a session cookie for admin login and, where the admin has opted in, a 30-day “trusted device” cookie that allows them to skip the two-factor code from a recognised device. No card processor cookies, no analytics, no marketing, no third-party tracking.

This privacy policy is versioned. The version number and effective date appear at the top of this page. When you give a consent during registration, the version of this policy in force at that moment is recorded against your registration so that we can demonstrate which version you accepted.

Current version: 2.0, effective 1 June 2026.

The Private Pilot Expedition Georgia 2026 is a community-driven, non-commercial initiative. This platform and the organiser act as a facilitation tool — not a tour operator, flight school, air carrier, or agent of any government.

Each participating crew is fully and solely responsible for:

• All flight planning and routing decisions.
• Weather assessment and go/no-go calls.
• Airworthiness, fuel management, and all safety-of-flight decisions.
• Regulatory compliance in every state of overflight, departure, and arrival (including CAA rules, customs, immigration).
• Insurance cover appropriate for every segment actually flown.
• Crew medical fitness and currency.

Information about stops, fuel availability, accommodation, authority processes, and schedules is provided as best-effort coordination and may change. Verify with primary sources before acting. The organiser makes no warranty that any arrangement will be available or proceed as described and shall not be liable for any consequential loss, delay, or cost arising from participation.

Participation in the expedition is voluntary and requires the organiser to process certain personal, crew, aircraft and permit-related information in order to coordinate the expedition, prepare aviation authority formalities, customs and immigration requirements, safety coordination, accommodation planning and other logistical arrangements.

If a participant objects to, restricts, withdraws consent for, or otherwise prevents processing that is reasonably necessary for these purposes, the organiser may be unable to process the registration, maintain participation or provide expedition-related services. In such cases, participation may be refused, suspended or cancelled.

The organiser reserves the right, at its sole discretion, to accept, decline, suspend or cancel any registration or participation request where this is considered necessary for operational, safety, administrative, legal, logistical or organisational reasons. The organiser is under no obligation to provide detailed justification for such decisions.

If a participant withdraws consent for data processing, requests deletion of information, or otherwise exercises rights in a manner that makes expedition coordination, permit processing, aviation authority coordination or safety management impossible or impractical, the organiser may conclude that participation can no longer be supported and may remove the participant from the expedition process.

The participant remains free to exercise all rights available under applicable data protection legislation. This clause is not intended to limit GDPR rights, but to make clear that participation in the expedition depends on the organiser being able to process the information reasonably required to organise and coordinate the event.

You may withdraw your registration at any time by emailing peter@privatepilot.lu. Refund of any registration fee (where applicable) will follow the refund terms communicated at the point of payment.

These terms are governed by the laws of the Grand Duchy of Luxembourg. Any dispute shall be subject to the exclusive jurisdiction of the Luxembourg courts.