Privacy Policy

Article 1. Data controller.
The data controller responsible for the processing of personal data collected through the Platform is:
Legal name: Dimitri Memleb
Trade name: IONA JETS
Email: contact@ionajets.com
Registered address: Cours des Bastions 13, 1205 Geneva, Switzerland
 
Article 2. Personal data collected.
2.1. Data provided directly by the User.
IONA JETS may collect the following personal data when you use the Platform, submit a Flight Request, create an account or contact us:
(a) Identity data: first name, last name, title;
(b) Contact data: email address, telephone number, WhatsApp number, postal address;
(c) Professional data: company name, job title, department, industry;
(d) Flight request data: departure and arrival locations, dates, times, passenger count, cargo specifications, special requirements, aircraft preferences;
(e) Account data: email address, password (encrypted), authentication preferences;
(f) Communication data: content of messages sent via forms, email, WhatsApp or telephone (recorded by automated system);
(g) Callback request data: telephone number submitted through the callback form on the Platform;

(h) Telephone call data: voice recordings and transcripts of calls made to IONA JETS telephone numbers. All calls are handled by an automated artificial intelligence assistant and are recorded. Callers are informed at the beginning of each call that the call is managed by AI and recorded, and may disconnect if they do not consent. Call recordings may be processed for quality assurance, AI training, compliance monitoring and dispute resolution.
(i) Comment data: first name, last name and comment content posted on Help Center pages, displayed publicly on the Platform;
(j) Billing data: company name, VAT identification number, billing address and country as provided in Flight Request forms;
(k) Client Portal messaging data: content of messages exchanged between Clients, Shared Users and Broker Partners through the Client Portal messaging system, including sender identity, recipient identity, date, time and associated Request and Proposal references;
(l) Shared access data: records of Users granted or removed from shared access to a Flight Request, including the identity of the User who performed the action, the identity of the User added or removed, and the date and time of the action;
(m) Proposal interaction data: records of Broker Partner Proposals submitted, accepted or declined through the Client Portal, including the identity of the User who accepted or declined a Proposal, the Broker Partner identity, the date and time of the action and the content of the Proposal;
(n) Audit log data: a comprehensive record of all actions performed within the Client Portal, including Request creation, Proposal submissions, Proposal acceptances and refusals, message transmissions, shared access grants and removals, and ownership transfers, together with the identity of the actor, the date and time of the action and a description of the action performed.

(o) Email notification data: when transactional email notifications are sent in connection with your flight requests (such as new proposals, proposal status updates, messages and request confirmations), the following data is transmitted to our email delivery service provider: your email address, your first name and the flight request reference number. No flight details, contact telephone numbers, billing information or message content are included in these transmissions.
 
2.2. Data collected automatically.
When you access the Platform, the following data may be collected automatically through cookies, analytics tools and server logs:
(a) Technical data: IP address, browser type and version, operating system, device type, screen resolution;
(b) Usage data: pages visited, time spent on pages, click patterns, referral source, navigation paths;
(c) Location data: approximate geographic location derived from IP address;
(d) Cookie data: as described in the Cookie Policy.
 
2.3. Data from third-party sources.
IONA JETS does not purchase, acquire or collect personal data from third-party data brokers, social media platforms or any other external source. Personal data is collected exclusively through direct interaction with the Platform and through the communication channels listed in Article 2.1.
 
Article 3. Purposes and legal bases for processing.
IONA JETS processes personal data for the following purposes and on the following legal bases:
(a) Reviewing and processing Flight Requests submitted via email or WhatsApp. When a Flight Request is submitted via email or WhatsApp, the personal data contained in the communication is reviewed by an IONA JETS agent to assess the completeness and relevance of the enquiry before being entered into the Platform on the Client’s behalf. Data used: identity data, contact data, flight request data, communication data. Legal basis: performance of the service (processing is necessary to fulfil the Client’s request) and legitimate interest (assessing the relevance and completeness of the enquiry before referral to Broker Partners).
(b) Managing Client Portal accounts and authentication. Data used: account data, email address. Legal basis: performance of the service;
(c) Communicating with Users about their Requests. Data used: contact data, communication data. Legal basis: performance of the service;
(d) Sending the monthly newsletter. Data used: email address. Legal basis: consent (opt-in);
(e) Processing callback requests. Data used: telephone number. Legal basis: consent (form submission);
(f) Improving the Platform and user experience. Data used: usage data, technical data. Legal basis: legitimate interest;
(g) Website analytics (Google Analytics). Data used: technical data, usage data, cookie data. Legal basis: consent (cookie banner);
(h) Compliance with legal obligations. Data used: all relevant data as required. Legal basis: legal obligation;
(i) Establishing, exercising or defending legal claims. Data used: all relevant data as required. Legal basis: legitimate interest;
(j) Displaying user comments on Help Center pages. Data used: first name, last name, comment content. Legal basis: consent (voluntary submission by the user);
(k) Facilitating the exchange of messages between Clients, Shared Users and Broker Partners through the Client Portal messaging system. Data used: messaging data, identity data, Proposal references. Legal basis: performance of the service / legitimate interest;
(l) Managing shared access to Flight Requests, including the addition and removal of Shared Users and the transfer of Request ownership. Data used: shared access data, identity data, email address. Legal basis: performance of the service / legitimate interest;
(m) Disclosing Client contact details to the selected Broker Partner upon acceptance of a Proposal. Data used: identity data, contact data, billing data. Legal basis: performance of the service (the disclosure is a necessary step in the referral process and is triggered by the explicit action of the Client or Shared User);
(n) Maintaining audit logs of all actions performed within the Client Portal for dispute resolution, compliance and platform integrity. Data used: audit log data. Legal basis: legitimate interest.

(o) Processing telephone call recordings for quality assurance, AI training and compliance. Data used: telephone call data (voice recordings and transcripts). Legal basis: consent (by remaining on the line after the notification) and legitimate interest (quality assurance and compliance).

(p) Sending transactional email notifications related to flight requests, proposals, messages and request status updates. Data used: email address, first name, flight request reference number. Legal basis: performance of the service / legitimate interest (ensuring Users are informed of activity related to their requests).
 
Article 4. Data sharing and recipients.
4.1. Broker Partners.
When you submit a Flight Request, the information contained in your Request (including flight details, dates, times, passenger count, cargo specifications and special requirements) is shared with the Broker Partner(s) to whom your Request is referred. Your contact details (name, email address, telephone number, company name, VAT identification number, billing address and country) are not shared with any Broker Partner until and unless you or a Shared User accepts a Proposal from that Broker Partner through the Client Portal. Upon acceptance, your contact details are disclosed to the selected Broker Partner to facilitate direct communication and the contracting process. The Client acknowledges that any personal information voluntarily included in Request details or in messages exchanged through the Client Portal may be visible to Broker Partners prior to acceptance and is beyond the control of IONA JETS.
Once data is shared with a Broker Partner, the Broker Partner processes it under their own privacy policy and data protection obligations. IONA JETS is not responsible for the data processing practices of Broker Partners.
4.1bis. Shared Users.
When a Client or Shared User grants shared access to a Flight Request, the invited User gains access to all information associated with that Request, including Request details, Broker Partner Proposals, attached documents, messaging history and the list of all Users currently associated with the Request (displayed by email address). The Client acknowledges that granting shared access constitutes a voluntary disclosure of Request-related information to the invited User. IONA JETS is not responsible for any use, disclosure or onward sharing of this information by Shared Users.

4.1ter. Email delivery service provider. IONA JETS uses Twilio SendGrid, Inc. (based in the United States) as a third-party email delivery service to send transactional notifications related to your flight requests. Data transmitted to this provider is limited to your email address, first name and flight request reference number. Twilio SendGrid processes this data solely for the purpose of delivering emails on behalf of IONA JETS and does not use it for any other purpose. For transfers of data to the United States, Twilio SendGrid relies on Standard Contractual Clauses (SCCs), the EU-US Data Privacy Framework and the Swiss-US Data Privacy Framework where applicable. For more information, refer to the Twilio SendGrid privacy policy at https://www.twilio.com/en-us/legal/privacy.
4.2. Service providers (sub-processors).

IONA JETS uses the following third-party service providers who may process personal data on our behalf:
(a) Wix.com Ltd. Website hosting, forms, CMS, database, Client Portal, messaging infrastructure and technical error monitoring (Sentry). Location: Israel / USA. Safeguards: EU-US Data Privacy Framework, Swiss-US Data Privacy Framework, Standard Contractual Clauses.
(b) Google LLC (Google Analytics). Website analytics and usage tracking. Location: USA. Safeguards: EU-US Data Privacy Framework, Swiss-US Data Privacy Framework, Standard Contractual Clauses.
(c) Google LLC (reCAPTCHA Enterprise). Spam and bot protection for form submissions on the Platform. reCAPTCHA may collect technical data including IP address, browser characteristics and interaction patterns to distinguish human users from automated traffic. Location: USA. Safeguards: EU-US Data Privacy Framework, Swiss-US Data Privacy Framework, Standard Contractual Clauses.
(d) WhatsApp (Meta Platforms, Inc.). Client communication channel. Location: USA / Ireland. Safeguards: EU-US Data Privacy Framework, Swiss-US Data Privacy Framework, Standard Contractual Clauses.
(e) Twilio SendGrid, Inc. Transactional email delivery for Client Portal notifications. Data transmitted: email address, first name, flight request reference number. Location: USA. Safeguards: EU-US Data Privacy Framework, Swiss-US Data Privacy Framework, Standard Contractual Clauses.
(f) Usercentrics GmbH. Consent management platform for collecting, storing and managing cookie consent preferences. Data processed: consent choices, consent identifier, timestamp. Location: Germany (EU). Safeguards: GDPR-compliant EU processing; no transfer outside the EEA required.
4.3. No sale of personal data.
IONA JETS does not sell, rent, trade or otherwise commercially transfer personal data to any third party for marketing, advertising or any other purpose unrelated to the delivery of the referral service.
4.4. Legal and regulatory disclosure.
IONA JETS may disclose personal data where required by applicable law, regulation, legal process, court order or governmental request, or where necessary to establish, exercise or defend legal claims, protect the rights and safety of IONA JETS or third parties, or prevent fraud or other unlawful activity.
 
Article 5. International data transfers.
Personal data collected through the Platform may be transferred to and processed in countries outside Switzerland and the European Economic Area (EEA), particularly in connection with the service providers listed in Article 4.2 and Broker Partners operating globally.
Where personal data is transferred to a country that does not provide an adequate level of data protection as determined by the Swiss Federal Data Protection and Information Commissioner (FDPIC) or the European Commission, IONA JETS ensures that appropriate safeguards are in place, including:
(a) Standard Contractual Clauses (SCCs) approved by the European Commission;
(b) The EU-US Data Privacy Framework (DPF) for transfers to certified US organizations;
(c) The Swiss-US Data Privacy Framework for transfers to certified US organizations;
(d) Any other legally recognized transfer mechanism applicable under the FADP or GDPR.
 
Article 6. Data retention.
IONA JETS retains personal data only for as long as necessary to fulfill the purposes for which it was collected, subject to the following retention periods:
(a) Flight Request data: Retained for three (3) years from the date of the last interaction related to the Request, to support follow-up, dispute resolution and service improvement;
(b) Client Portal account data: Retained for as long as the account remains active. Upon account deletion, data is retained for a maximum of twelve (12) months for administrative and legal purposes, then permanently deleted;
(c) Newsletter subscription data: Retained until the subscriber unsubscribes, at which point the email address is deleted from the mailing list within thirty (30) days;
(d) Communication data: Retained for three (3) years from the date of the communication;
(e) Analytics data: Retained in accordance with Google Analytics data retention settings, currently set to fourteen (14) months;
(f) Callback request data: Retained for twelve (12) months from the date of the request;
(g) Comment data: Retained for as long as the comment remains published on the Platform. Upon user request for deletion, comments are removed within thirty (30) days. Upon account deletion, associated comments are anonymized or deleted within the same retention period applicable to account data;
(h) Client Portal messaging data: Retained for three (3) years from the date of the last message in the conversation, to support dispute resolution, compliance and audit requirements;
(i) Proposal data: Retained for three (3) years from the date of submission of the Proposal, including all attached documents, proposed dates, status changes and acceptance or refusal records;
(j) Shared access data: Retained for three (3) years from the date of the action (grant or removal of access), to support audit and dispute resolution;
(k) Audit log data: Retained for five (5) years from the date of the logged action, to support compliance, dispute resolution and legal obligations. Audit logs are immutable and cannot be modified or deleted by any User.

(l) Where personal data is referenced in an active audit log entry, such data may be retained for the duration of the audit log retention period, even if the standard retention period for that category of data has expired, to ensure the integrity and completeness of the audit trail.

(m) Telephone call recordings and transcripts: Retained for twelve (12) months from the date of the call for quality assurance and compliance purposes, then permanently deleted.
At the end of the applicable retention period, personal data is permanently deleted or anonymized beyond the possibility of re-identification.

(n) Transactional email delivery logs: retained by the email delivery service provider (Twilio SendGrid) for up to thirty (30) days for delivery monitoring and troubleshooting purposes, then automatically deleted.

Article 7. Data security.
IONA JETS implements appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, loss, destruction or other unlawful processing. These measures include:
(a) Encryption of data in transit (TLS/SSL) and at rest where supported by the hosting platform;
(b) Access controls limiting data access to authorized personnel only;
(c) Secure authentication mechanisms for Client Portal access;
(d) Regular review of security practices and service provider compliance;
(e) Reliance on the security infrastructure provided by Wix.com Ltd. as the hosting platform;
(f) Role-based access controls within the Client Portal ensuring that Broker Partners can only access data related to their own Proposals and conversations, and that Client contact details are only disclosed upon acceptance of a Proposal;
(g) Immutable audit logging of all significant actions within the Client Portal to ensure traceability and accountability.
While IONA JETS takes reasonable measures to protect personal data, no method of electronic transmission or storage is completely secure. IONA JETS cannot guarantee absolute security and shall not be liable for any breach resulting from circumstances beyond its reasonable control.
 
Article 8. Rights of data subjects.
Under the FADP and, where applicable, the GDPR, you have the following rights regarding your personal data:
(a) Right of access: You have the right to obtain confirmation of whether your personal data is being processed and, if so, to receive a copy of that data along with information about the processing;
(b) Right to rectification: You have the right to request the correction of inaccurate personal data and the completion of incomplete data;
(c) Right to erasure: You have the right to request the deletion of your personal data where there is no compelling reason for its continued processing, subject to any legal retention obligations;
(d) Right to restriction: You have the right to request the restriction of processing in certain circumstances, for example where you contest the accuracy of the data;
(e) Right to data portability: Where processing is based on consent or contract, you have the right to receive your personal data in a structured, commonly used and machine-readable format;
(f) Right to object: You have the right to object at any time to the processing of your personal data based on our legitimate interests, on grounds relating to your particular situation. You also have the absolute right to object at any time to the processing of your data for direct marketing purposes (such as our newsletter);
(g) Right to withdraw consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal;
(h) Right to lodge a complaint: You have the right to lodge a complaint with the FDPIC or, if applicable, with a supervisory authority in your country of habitual residence within the EEA.
Please note that the right to erasure is subject to limitations where data is contained in audit logs retained for compliance and dispute resolution purposes. In such cases, the data may be anonymized rather than deleted. Additionally, messages sent through the Client Portal messaging system may be retained for the benefit of other parties to the conversation even after your account is deleted, although your identity may be anonymized.
To exercise any of these rights, please contact IONA JETS at contact@ionajets.com or by post at Cours des Bastions 13, 1205 Geneva, Switzerland. IONA JETS will respond to your request within thirty (30) days. Identification verification may be required before processing your request. To easily object to direct marketing, you can simply click the 'unsubscribe' link included in every newsletter. To exercise your rights specifically regarding your cookie consent data (such as requesting access to or deletion of your consent history), you must provide your unique Consent ID. You can find this ID at any time by clicking the 'My Choices' link in the footer of the Platform to open the privacy settings, navigating to the 'Services' tab, and locating the 'ID to request consent data'.

 

Article 8bis. Automated decision-making and profiling.
IONA JETS uses an automated artificial intelligence assistant to handle telephone calls, as described in the Terms and Conditions (Article 5bis). This system processes voice data to provide general information about the Platform and its services.  The AI assistant does not make any legally binding or similarly significant decisions about callers. It does not assess creditworthiness, evaluate eligibility for services, establish pricing, accept or reject flight requests, or produce any automated decision that has legal or equivalent effects on the caller.  The processing of telephone call data by the AI assistant is limited to providing conversational responses during the call, generating recordings and transcripts for quality assurance and compliance purposes, and routing callers to the appropriate written communication channels.  IONA JETS does not engage in profiling as defined under Article 22 of the GDPR or Article 21 of the FADP. No personal data collected through the Platform is used to evaluate, score, categorise or predict personal aspects of any individual.  If you have questions about the automated processing of your data, please contact us at contact@ionajets.com.
 
Article 9. Cookies and tracking technologies.
The Platform uses cookies and similar tracking technologies to provide functionality, analyze usage and improve the user experience. The types of cookies used, their purposes and the options available to you for managing cookie preferences are described in detail in the IONA JETS Cookie Policy, which is accessible from every page of the Platform. In particular, the Platform uses Google Analytics, a web analytics service provided by Google LLC. Google Analytics uses cookies to analyze how Users interact with the Platform. Google Analytics 4 (GA4) does not log or store complete IP addresses; IP data is used for geolocation purposes during collection and is not retained in identifiable form. The information generated by these cookies is transmitted to and stored by Google on servers which may be located outside Switzerland and the EEA. Google processes this data on behalf of IONA JETS to evaluate website usage, compile reports and provide related services. For more information, please refer to Google's privacy policy and the Google Analytics opt-out browser add-on.
 
Article 10. Children's privacy.
The IONA JETS Platform is not directed at individuals under the age of eighteen (18). IONA JETS does not knowingly collect, process or store personal data from minors. If IONA JETS becomes aware that personal data has been collected from a minor without appropriate parental or guardian consent, the data will be deleted without undue delay. If you believe that personal data of a minor has been submitted to the Platform, please contact us immediately at contact@ionajets.com.
 
Article 11. Modifications to this Privacy Policy.
IONA JETS reserves the right to modify this Privacy Policy at any time. The most current version is always available on the Platform with the date of last update clearly indicated. Material changes will be communicated through a notice on the Platform and, where appropriate, by email to registered Users. Continued use of the Platform after any modification constitutes acceptance of the revised Privacy Policy.
 
Article 12. Contact and data protection enquiries.
For any question, request or complaint regarding this Privacy Policy, the processing of your personal data or the exercise of your rights as a data subject, please contact us at contact@ionajets.com or by post at IONA JETS, Cours des Bastions 13, 1205 Geneva, Switzerland.
Data controller: Dimitri Memleb, trading as IONA JETS.
Swiss supervisory authority - Federal Data Protection and Information Commissioner (FDPIC): https://www.edoeb.admin.ch/

​

Last updated: March 25, 2026.