GDPR SOVEREIGNTY

GDPR Compliance

EU General Data Protection Regulation (Regulation (EU) 2016/679)

AeroFind AG is fully committed to compliance with the EU General Data Protection Regulation (GDPR). In the aviation ground support industry, passenger records, flight routing itineraries, and baggage tags constitute highly sensitive, regulative Personally Identifiable Information (PII). AeroFind has been structurally designed around the concept of Data Protection by Design and by Default (GDPR Article 25).

1. Architecture of Zero-SaaS Exposure

Unlike legacy multi-tenant SaaS providers that rely on centralized cloud nodes (subject to trans-Atlantic surveillance risks and Schrems II limitations), AeroFind utilizes an on-premises physical layout. When deployed inside an airport hub network, passenger baggage files, flight manifests, and mobile courier locations are processed exclusively within the local host database boundary. AeroFind AG has no administrative backdoor or cloud gateway to view or access passenger records, ensuring total compliance with GDPR Article 32 (Security of Processing).

2. Key Technical Protections

To aid airport operators ("Data Controllers") in fulfilling their GDPR obligations, the Platform implements several automated security gates:

  • Automated Erasure Cycles: Upon delivery completion and courier confirmation of a Property Irregularity Report (PIR), the passenger's name, phone, and PNR references are overwritten with static, anonymized hash indices, fulfilling the Right to Erasure (Article 17).
  • Role-Based Access Control (RBAC): Access to baggage claims, intake photos, and dispatch coordinates is limited exclusively to authorized terminal staff and couriers based on strict local credentials.
  • Full Audit Logging: Every action taken on passenger record rows (edits, tag revisions, courier assignments) is securely stored in an unalterable local security ledger.

3. Cross-Border Transfers & Sovereign Containment

Since AeroFind executes on localized virtual machines inside European territory (such as ground networks in Germany), there are no cross-border data transfers to third-countries. Passenger records never trigger automated API lookups outside the European Union. This completely isolates the local installation from external privacy vulnerabilities.

4. Data Protection Officers & DPA Setup

AeroFind AG provides a standardized Data Processing Addendum (DPA) incorporating standard EU contractual clauses for all hub operators. For detailed software audit reports, database entity relationship diagrams, or custom firewall configuration guidelines, please contact our compliance desk at support@aerofind.online.