Privacy Policy
Last Updated: October 21, 2025
Please read this Privacy Policy carefully before using the www.airna.com Website (the “Website”) operated by AIRNA Corporation, a(n) Corporation formed in Delaware, United States (“AIRNA”, “us”, “we”, “our”) having a place of business in Massachusetts, United States as this Privacy Policy contains important information regarding your privacy, including what information we will collect and how we may use the information about you. This Privacy Policy applies to everyone, including, but not limited to: visitors, users, and others, who wish to access or use the Website. For EU citizens, please also consider the special section B in this Privacy Policy.
A. General privacy information
1. Which information we collect and use
We collect information that you enter on this Website and that you send to us via email, and information we collect automatically through technology. We may collect and use the following information about you:
| Category of information | Examples |
| Applicant information | Applicant’s master and contact data, certificates, CV, salary expectations |
| Business page insight information | Demographic information such as age, gender, region and country, interaction with the business page such as likes, subscriptions, sharing and viewing content, posts, interests |
| Communication information | Email content, social media posts |
| Core information | Name, date of birth, gender, postal address |
| Connection information | IP address, HTTP header, user agent |
| Contact information | Email Address, phone number |
| Consent information | Selected services and categories of the consent banner |
| Device information | Device type, screen resolution, browser type, operation system, language |
| Identifiers | User ID, device ID, advertising ID |
| Location information | Country, region, city |
| Usage information | Pages visited, date and time of visit, duration of visit, previously visited pages, buttons clicked, links followed, files downloaded, interaction with media and forms, browsing history |
2. How we may use your information
We may use the information that you provide us for the following:
| Purpose | Examples |
| Provision of the website | Performing services and enabling the usability of our website, Ensuring the permanent functionality and security of our systems, including protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for such activities, e.g. by the help of stored log files, Undertaking activities to verify or maintain the quality of our website in general for administrative purposes Detecting security incidents, Storing the user’s language, Creating new features. |
| Establishing contact | Processing and answering your contact requests. |
| Processing job applications | If you apply for a job at AIRNA, to receive, process and evaluate your application for the selection of applicants for the possible establishment of an employment relationship and in connection with onboarding if you are employed by us, For the retention of personal data in a talent pool, if applicable. |
| Ensuring compliance | Auditing compliance, Enforcing our Terms of Service, Resolving disputes, Consent management |
| Analytics and optimisation | Providing analytical services which recognise users of our website by identifiers, Measure visited pages and analyse the usage behaviour, Debugging to identify and repair errors, Use the information to optimise our services. |
| Ensuring accessibility | Implementing technical services which ensure the accessibility of our websites for all users, e.g. by the adjustment of fonts, links, texts, pictures, colours, contrasts. |
| Provision of social network business pages | Providing and managing a social network business page, including communication with interested parties and clients, Processing of aggregated business page insight information for the optimsation of the business page’s structure and design. |
3. With whom we share your information
Your information will be shared with our service providers, e.g. hosting and IT providers who maintain our systems. Furthermore, we may share your personal information for the performance of a contract or for the implementation of pre-contractual measures. We also share your personal information with your given consent, e.g. with data analytics providers.
We may also disclose your personal information with our affiliates and advisors to perform their functions. We reserve the right to transfer your information in the event of any liquidation, dissolution, or merger or the sale or transfer of our assets and/or business or any portion of our assets and/or business.
We may disclose your information as required by law, including when requested by governmental entity or law enforcement authority, subpoena, court order, or discovery request; or when we otherwise believe in good faith that such disclosure is necessary or appropriate in connection with any activity that we reasonably suspect violates the law or our internal policies and procedures (including relating to intellectual property, fraud, contracts, and privacy) or may expose us to liability.
Your information will especially be shared with the following recipients:
- accessiBe (accessiBi Widget): accessiBe Ltd., 1140 Broadway, 14th Floor, New York, NY 10001, USA – privacy notice: https://accessibe.com/privacy-notice;
- Cloudflare (Hosting): Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA – privacy notice: https://www.cloudflare.com/privacypolicy/;
- Google (Google Tag Manager, Google Analytics): Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland – privacy notice: https://business.safety.google/privacy/ – privacy settings: https://adssettings.google.com/notarget;
- LinkedIn (Business Page): LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland – privacy notice: https://www.linkedin.com/legal/privacy-policy – privacy settings: https://www.linkedin.com/psettings/enhanced-advertising.
4. Children’s privacy
This Website is intended for use by a general audience and does not offer services to children. If you are under 18, please do not submit personal information to us. Should a child whom we know to be under 18 send personal information to us, we will use that information only to respond to that child to inform him or her that they cannot use this Website. We will endeavour to delete that information from our databases.
5. Third-party websites
This Website may contain hyperlinks to websites operated by parties other than us. We provide such hyperlinks for your reference only. We do not control such websites and are not responsible for their contents or the privacy or other practices of such websites. It is up to you to read and fully understand their Privacy Policies. Our inclusion of hyperlinks to such websites does not imply any endorsement of the material on such websites or any association with their operators.
6. Changes to Privacy Policy
We reserve the right to amend this Privacy Policy at any time. We will notify you of any changes to this Privacy Policy by posting the updated privacy policy to this website and via an email campaign.
7. Contact and questions
If you have any questions about this Privacy Policy, please contact us at privacy@airna.com or by mail at:
AIRNA Corporation
One Kendall Square
Building 300, Suite 3-301
Cambridge, MA 02142
United States of America
B. Special privacy information for EU citizens
1. Controller
The controller for the processing of your personal data when you use our website within the meaning of the GDPR is mentioned in section A.7.
We and social network providers process business page insight information on our social network business pages as joint controllers, whereby the respective social network provider is contractually responsible to fulfil the data subject rights and we will forward your requests. More information can be found in this Privacy Notice. You can find the relevant contracts with our joint controllers at: LinkedIn (LinkedIn Ireland Unlimited Company): https://legal.linkedin.com/pages-joint-controller-addendum.
2. Data protection officer
Our data protection officer is located at:
ISiCO GmbH, Am Hamburger Bahnhof 4, 10557 Berlin, Germany.
If you have any questions about data protection in connection with our website, you can also contact our data protection officer at any time. The data protection officer can be contacted at the above postal address or email address (e.g. titled: ‘Attn. data protection officer’). We would like to advise that the contents of the incoming messages might not be exclusively accessed by the data protection officer. If you wish to exchange confidential information, please request direct contact by sending a message to the above email address first.
3. Purposes of data processing, lawful basis and legitimate interests
We process your data for the purposes and legitimate interests mentioned in section A.2 on the following lawful bases:
| Purpose | Lawful basis |
| Provision of the website | Art. 6 (1)(b), (f) GDPR |
| Establishing contact | Art. 6 (1)(b), (f) GDPR |
| Processing job applications | Art. 6 (1)(b) GDPR |
| Ensuring compliance | Art. 6 (1)(c), (f) GDPR |
| Analytics and optimisation | Art. 6 (1)(a) GDPR |
| Ensuring accessibility | Art. 6 (1)(f) GDPR |
| Provision of social network business pages | Art. 6 (1)(f) GDPR |
4. Recipients of data and transfer to third countries
Your data will be shared with the recipients mentioned in section A.3. We may use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or transfer personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union.
If an adequacy decision of the European Commission (Art. 45 GDPR) exists for these countries, we base the data transfer on this decision. This applies, for example, to transfers to Argentina, Israel, Japan, Canada, the Republic of Korea, New Zealand, Switzerland, Uruguay or the United Kingdom. In the case of the USA, this only applies if the US recipient has certified itself for the EU-US Data Privacy Framework. On our website, the following recipients are certified:
- accessiBe Ltd., 1140 Broadway, 14th Floor, New York, NY 10001, USA;
- Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA;
- Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;
- LinkedIn Corporation, 2029 Stierlin Ct. Ste. 200 Mountain View, California 94043, USA.
If no adequacy decision has been issued for the country in question, we have taken appropriate safeguards to ensure an adequate level of data protection for any data transfers. These include the standard contractual clauses of the European Union or binding corporate rules (Art. 46 GDPR).
Where this is not possible, we base the transfer of data on exceptions under Art. 49 GDPR, in particular your explicit consent or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures.
If a transfer to a third country is planned and there is no adequacy decision or appropriate safeguards, it is possible and there is a risk that authorities in the respective third country (e.g. intelligence agencies) may gain access to the transferred data in order to collect and analyse it, and that the enforceability of your data subject rights cannot be guaranteed. If your explicit consent is obtained, you will also be informed of this.
5. Storage period
In principle, we only store personal data for as long as necessary to fulfil the purposes for which we collected the data. We then delete the data immediately, unless we still need the data until the statutory limitation period expires for evidence purposes for civil law claims (e.g. three years), due to statutory retention obligations (e.g. two to ten years) or there is another lawful basis under data protection law for the continued processing of your data in the specific individual case.
6. Data subject rights including right to object
Your rights have been stipulated in Art. 7 (3), Art. 15 – 22 GDPR and you can exercise them at any time if the respective legal requirements are met:
- Right to withdraw your consent at any time with effect for the future (Art. 7 (3) GDPR);
- Right to object to the processing of your personal data on grounds relating to your particular situation, or without any reasoning in case of the processing for direct marketing purposes (Art. 21 GDPR);
- Right to obtain information about your personal data processed by us (Art. 15 GDPR);
- Right to rectify your personal data stored by us that is incorrect (Art. 16 GDPR);
- Right to erase your personal data (Art. 17 GDPR);
- Right to restrict processing of your personal data (Art. 18 GDPR);
- Right to receive your personal data in a structured, commonly used and machine-readable format (Art. 20 GDPR);
- Right not to be subject to a decision based solely on automated processing which produces legal effects or similarly significantly affects you, including the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision (Art. 22 GDPR).
You can perform your right of withdrawal for the usage of optional website services easily in our consent banner.
To assert your rights described here, you can contact us at any time using the contact details above. This also applies if you wish to receive copies of guarantees to demonstrate an adequate level of data protection. If the respective legal requirements are met, we will comply with your request.
Finally, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). You can assert this right, for example, with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.
7. Requirement for the provision of data
In principle, there is no obligation to provide your data. The use of our website is usually possible without them. As far as personal data (for example, name, or email addresses) are collected on our pages, this is always done on a voluntary basis, as far as possible.
If the provision of your data is required to conclude a contract, to fulfil legal obligations, to establish contact or to use other services and functions, the corresponding input fields are marked as mandatory (usually with an asterisk (*)) and must be provided, in default of which the contract cannot be concluded, the specific service cannot be provided or the function cannot be used.
Other information not marked as mandatory fields is voluntary. The entry of such data is therefore not necessary for the conclusion of contract, for the provision of the services or for the use of the function and has no influence on the fulfilment of the contract.
8. Automated decision-making
Automated decision-making including profiling in accordance with Art. 22 GDPR which produces legal effects or similarly significantly affects you, does not take place.
9. Access and storage of information on the device
We only access or store information on your device if this is strictly necessary to provide your requested digital services, i.e. for the main functions of our services, or if you have given your prior consent, i.e. for optional services, according to implementation laws of Art. 5 (3) of the ePrivacy Directive of the EU member states, in Germany in accordance with § 25 TDDDG. You can withdraw your consent at any time with effect for the future.
We can use technologies such as cookies, local storage or session storage, which are stored on the device, or scripts and other programming code, which access information on your device, like identifiers such as device ID or advertising ID. Usually, such technologies are not blocked by your device or browser. But you can adapt your browser settings to block all or specific cookies, the display of graphics or the performance of scripts, or you can adapt your device settings on mobile devices to block the access to your advertising ID.
The following cookies will be stored on your device:
- _ga (2 years), _ga_MZ9239TCX1 (2 years): recognition and differentiation of visitors through a user ID;
- cookieyes-consent (1 year): storage of the consent decision;
- wp-wpml_current_language (session): storage of the selected language;
- __cf_bm (30 minutes), cf_clearance (1 year): detection of bots and defence against cyber attacks.